Living through Corona virus times

Times are tough, I know but having worked with companies through 3 recessions I know that some will thrive, some survive and others go to the wall.

Some will fail no matter what they do but for a lot of companies there are alternatives.

You can accept the status quo and roll with the punches OR you can fight for your survival.

My experience is that those who fight for their survival will come through the current situation fighting fit and with a great chance to thrive because they will be better than they were and they’ll be ready to leap on opportunities that have been left begging by those who simply accepted the status quo.

So FIGHT for your business and if I can help – get in touch.

Book a free 40 Minute, remote, consultancy

I have demonstrable success in the fields of SEO, Social Media, Email Marketing and much more.

All you have to do is get in touch for a free chat by LinkedIn message, email (andy@enterprise-oms.co.uk) Zoom, Webex, Skype etc

Ring Me:      01793 238020      07966 547146
Email Me:    andy@enterprise-oms.co.uk
Find Me:      Linkedin     Twitter
Visit Me:      Bowman House, Whitehill Lane, Royal Wootton Bassett, Wilts, SN4 7DB

Corona Virus & Marketing

SEO, Email Marketing, Blog, Video and Social banner

Even with Corona Virus you shouldn’t make knee jerk decisions with your marketing budget.

Remember, In the middle of the storm it can be difficult to see anything but chaos but the storm will pass. Your best defence is to do everything that you can to still be standing when the storm passes.

The purpose of this post is to give you some marketing things that you can be thinking about during these troubled times and to make an offer that will save you £50.00 on one of my services so that your website can come fighting fit on the other side of the Corona Virus pandemic.

When I was working as a business consultant during the 2008 recession I heard of many businesses who chopped their marketing budgets as a reaction to the turn-down. They then wondered why they weren’t attracting any new business and as their competitors recovered they were left behind.

Businesses that I was working with at the time recognised that there was an opportunity to step in to the gap left by companies which appeared to have disappeared. They took more considered action, reduced their marketing budget and put plans in place to ramp marketing back up once it was clear that the recession was coming to an end.

This put these clients in a prime position and they went on to prosper.

In these troubled times this is the action that you should consider. I know that times are dark, and likely to get darker, but if we don’t think positively and plan to still be here when the Covid-19 pandemic recedes then I know that some of us won’t be in business when that time comes around. 

The role technology plays in business continuation

Working from home, and in self-isolation, will be new to many people. Technology will have provided you with an opportunity to work from wherever you, and your staff, are with the only requirements being a device (desktop/laptop, phone or tablet) and an internet connection.

Cloud based audio and video conference solutions help maintain teams and enable client communications. SkypeMicrosoft TeamsZoomWebexSlackWhatsApp and more prove both free and subscription options to communicate, train, make presentations and simply remain in touch.

As more of us work form home it’s likely that online search behaviour will change as more people mix business searches with personal during their working day.

How will your business cope? 

As with any crisis, how your company responds is key, are you calm and taking action or are you panicking?

Either way, here are a number of things that you can be working on when faced with the current situation

Stay ahead of your competition

If you pause your marketing activities and your competitors don’t who do you think will be in a prime position when things begin to improve? Stay in touch with your clients using eMail, Video and Social Media, Keep an eye on search trends, are there any opportunities that you can make use of.

Remember that SEO is a long term strategy

I know that SEO is one of the services that I provide but it is worth remembering that it IS a long term strategy, taking weeks or months to have a proper impact so give your Search Engine Optimisation due consideration when reviewing your marketing budget. Google’s servers and algorithms won’t be taking a break.

Don’t buy cheap SEO

I know that it might be tempting to take up one of those “all you can eat” SEO offers at £75.00 per month but the risk to your business could be a lot greater than the small amount of money that you’d save. As the marketplace improves you could find yourself left with no rankings, no traffic to your website and possibly penalties from Google from trying to game the system.

Move offline marketing spend online

If people aren’t going out and about they are not going to be looking at advertising hoardings and billboards. They’re not going to be seeing “in-store” marketing either so think about whether you could shift some of your offline budget online to make up for this.

Understand search trends

By understanding trends in search you’ll be in an ideal position to leap on any opportunities and’or changes in direction. By keeping an eye on how people are searching you’ll be able to create content that meets the needs of those searchers. Google Trends is a really great way to stay on top of this

Produce more digital content

Consider using this as an opportunity to create those webinars you’ve been thinking of. By 2025 research is estimating that online learning will be worth about $158 Bn. Lessons learned now will be incredibly valuable going forward. Think about adding video conferencing and video calling to your communication options to reduce face-to-face meeting but stay in touch with key contacts, potential clients and your market. 

Free 40 minute Website and SEO Consultancy

I’m still offering my Free Consultancy sessions and am more than happy to conduct them over the phone or by video link

Detailed Website and SEO Review – Special Offer

Save £50.00 on an in-depth website and SEO review

And if you want something to listen too, have a listen to some of my Podcasts, you can find them on SpotifyApple Podcasts and my website.

If you want any help with your digital marketing please don’t hesitate to get in touch for an informal chat and I’ll be only too happy to talk.

Thanks for reading and I hope you stay well

Ring Me:      01793 238020      07966 547146
Email Me:    andy@enterprise-oms.co.uk
Find Me:      Linkedin     Twitter
Visit Me:      Bowman House, Whitehill Lane, Royal Wootton Bassett, Wilts, SN4 7DB

Yes, it’s “Password Madness” time

USer name and password box

Government Communications Head Quarters (GCHQ)- where the UK spooks provide signals intelligence to the UK’s government, military and Military Intelligence and the Department for Digital, Media and Sport (DCMS) carried out their first UK Cyber Survey and the results didn’t make for great reading.

Apparently

  • 42% of us Brits expect to lose money to on-line fraud
  • 23.2 million worldwide victims of cyber breaches used 123456 as their password
  • 15% say they know how to properly protect themselves from harmful on-line activity
  • 33% rely on friends and family for help with their cyber security
  • Young people are the most likely to be cyber aware, privacy concious and careful of the details they share on-line
  • 61% of internet users check Social Media daily, 21% say they never look at it
  • More than 50% use the same password for their email that they use elsewhere
Hacker Inside

Dr Ian Levy, NCSC Technical Director said “Using hard-to-guess passwords is a strong first step and we recommend combining three random but memorable words. Be creative and use words memorable to you, so people can’t guess your password.” whilst Margot James, DMCS Minister said “We shouldn’t make their (cyber criminals) lives easy so choosing a strong and separate password for your email account is a great practical step. “

Most Regularly Used Passwords

RankPasswordTimes Used PasswordTimes Used
1.123456 23.2m ashley432,276
2.1237567897.7m michael425,291
3.qwerty3.8m daniel368,227
4.password3.6m jessica324,125
5.11111113.1m charlie308,939

It’s a shame that the top password list hasn’t really changed for at least 10 years – it shows how complacent a lot of us are with our on-line security.

I used to have 3 passwords, a simple one that I used really casually for newspaper sign-ups etc – name123 (not my real passwords, merely examples) a medium security one that I used on shopping sites, n@m3123 and a more secure one, used for banking etc – c3ler0n! (and all of the ones that I used feature on the Have I Been Pwned list).

About 5 or more years ago I switched to a Password Manager. I have 801 log-ins and 801 different passwords. All of them are at least 16 random characters long and comprise upper & lower case letters, numbers and symbols (where permitted).

Logging On

My Password database is stored securely in the cloud and is replicated on my PC, Phone and Tablet and accessible from my Chromebook too. I use LastPass but others exist and here’s a review of some of the top ones.

As you can see, I do my best to stay on top of my security but if you feel adrift, or need some help, just give me a call on 01793 238020 or email andy@enterprise-oms.co.uk for a free chat.

General Data Protection Regulation (GDPR)

Keyboard with the word 'Privacy' overlaidWhat is the GDPR?

The General Data Protection Regulation (GDPR) is the name given to the new law that will come into effect on 25 May 2018 to provide added protection and security to the data that businesses hold on, and about, individuals. It will replace the UK’s Data Protection Act (DPA).

At the end of this post you’ll find a simple glossary of terms for reference

Why do we need the GDPR?

There has been a huge change in the amount of data, and the way we use it, since the Data Protection Act came into effect 20 years ago.

Back then, a home PC was a rarity, now it’s pretty much the norm and households typically have multiple devices (PCs/laptops, phones, tablets, smart TVs and other internet connected devices) whilst the majority of businesses are totally reliant on IT and data.

As a consequence of these changes the laws relating to data needed updating and there was a strong drive to have common data protection laws across the EU due to the increased globalisation of business. Brexit will have no impact on the new regulations

What impact will the GDPR have on my business?

There will be a need to ensure that the way you collect, store, manage, use and destroy data is in compliance with the new regulations and there may be a requirement to employ new staff, outsource services or allocate new responsibilities to existing employees.

People & Accountability

DATA PROTECTION OFFICER

To comply with the new regulations you may need to allocate data protection responsibilities to employees or employ a new member of staff, depending on the size of your business and the data protection requirements placed on it. The following businesses MUST appoint a Data Protection Officer (DPO)

  • Public Authorities
  • Businesses whose core activities involve large scale systematic monitoring and profiling activities
  • Businesses whose core activities involve large scale processing of special categories of data such as ethnic origin, political opinions or religious beliefs

DPOs can be employed or outsourced but must report to the highest level of management.

DATA PROCESSORS

Current law does not apply to pure data processors, i.e serviced providers who only deal with data as directed by their customer, only applying to data controllers. If you are a mailing house which accepts data from a client for producing mail shots (land mail or email) for example

GDPR introduces direct rules and accountabilities for data processors, including

  • Keeping records of data processed
  • Designating a Data Protection Office (where required)
  • Notifying the Data Controller where there has been a breach

Under GDPR, data controllers can only use data processors “providing sufficient guarantees to implement the appropriate technical and organisational measures so that the processing meets the requirements of GDPR and ensures the protection of the rights of data subjects

Accountability and the GDPR

Accountability is all about considering risks and demonstrating that you have considered, and managed, data protection risks. You will need to have clear policies in place to show that you meet the required standards and should establish a culture of monitoring, reviewing and assessing your data processing procedures

Privacy Impact Assessments

Businesses will be required to carry out a data protection impact assessment where carrying out any processes that use new technology that is likely to result in a high risk to data subjects, required in particular where there will be automated processing (including profiling) and on which decisions which affect the data subject and for large scale processing of personal data

Privacy By Design

Businesses must take data protection requirements into account from the inception of any new technology, product, or service, that involves the processing of personal data, with an ongoing requirement to keep those measures up to date.

Notification of Breach

The existing DPA requires an organisation to notify (register and pay a fee) the ICO that they will be processing personal data. This will no longer be a requirement under the GDPR, replaced by an obligation on the Data Controller and Data Processor to maintain detailed documentation, recording;

  • Processing records
  • Data location
  • Purpose of processing
  • Lists of data subjects
  • Categories of data
  • Security procedures

However, if you have fewer than 250 employees, the requirements are less onerous and you’ll only need to comply if your processing is “likely to result in high risk to individuals, the processing is not occasional, or includes sensitive personal data.

Because the processing of employee data is likely to involve sensitive personal data there will be an obligation on all organisations to maintain documentation, no matter what their size.

With the removal of registration and fee payment, the ICO loses their main source of income and this could make them keener to catch organisations in breach and fine them.

Under current  legislation there is no requirement to notify the ICO should you suffer a data security breach. This changes under the GDPR with the introduction of a requirement to report data security breaches to

  • Data Controllers (if a Data Processor breaches)
  • Regulators – if a Data Controller breaches and the result is a risk to the rights and freedoms of individuals – without undue delay (within 72 hours of discovery if feasible)
  • Affected Data Subjects – where the breach could leave them open to financial loss, for example. If the risk is high, this notification must be without undue delay.

When does the GDPR come in to law?

25 May 2018

Where will the GDPR apply?

Current data protection laws apply if you are located in the EU, or make use of equipment located in the EU, such as servers. The GDPR applies whether or not you are located in an EU country – it applies if you offer goods or services to EU residents or if you monitor their behavior.

If you want to transfer data beyond the EU (if you use a server based in the US to do your email marketing, for example) you need to ensure that the destination country has been recognised as having “adequate or equivalent” data protection regulations and you will have to ensure that suitable safeguards are in place to ensure the protection and security of the data you are transferring.

What happens if I don’t comply with the GDPR?

Currently, fines across the EU for a Data Protection Breach vary greatly with the UK having a maximum fine of £500,000 for a breach of the DPA.

One of the goals of the GDPR is to ensure that fines are consistent across national borders and to impose a significant increase in fines to emphasize the importance of good data management and security.

The new fines are to be split across two tiers

  • Up to 2% of annual, worldwide, turnover of the preceding financial year or EU10m (whichever is the greater) for violations relating to internal record keeping, data processor contracts, data security and breach notification, data protection officers and data protection by design and default
  • Up to 4% of annual, worldwide, turnover of the preceding financial year or EU20m (whichever is the greater) for violations relating to breaches of the data protection principles, conditions for consent, data subjects rights and international data transfers

The Information Commissioner’s Office (ICO) will also have increased enforcement powers and grounds for seeking judicial remedies under the GDPR, including a power to carry out audits and to require (demand)  information to be provided and obtain access to premises

Practical Steps to prepare for the GDPR

  • Ensure that you have the resources to plan and implement GDPR requirements
  • Identify all existing data systems and the personal data processed
  • Review existing compliance programs and update/expand as required to meet the requirements of GDPR
  • Ensure you have clear records of all data processing activities and that the records are available
  • When using Data Processors, ensure you include terms in your agreement relating to immediate notification of any data breach.
  • Develop and implement a data breach response plan and have templated notifications so that staff can act promptly
  • Put internal reporting procedures in place, have an internal breach register and train staff on notification and use
  • Ensure that you have sufficient resources to implement required changes
  • Consider appointing a DPO
  • Assess whether the organisation uses consent to justify processing
  • Develop, and implement, a policy on data storage and retention
  • Review contractual arrangements with Data Processors
  • Consider Data Protection when developing new technologies, services and goods and keep clear records
  • Ensure all policies and procedures are available and written in clear, concise and easily understood language
  • Consider how you will gain consent for the use of the ata you hold, and use, for advertising, marketing and/or social media
  • Examine your Privacy notices now and start updating them
  • Review privacy notices and other “fair processing” information given to employees
  • Review employment contracts, handbooks and policies. Is contractual “consent” sought?
  • Ensure that you can respond to Subject Access Requests within 1 month (no admin fee will apply under GDPR)
  • Train staff on data protection responsibilities

Summary

The GDPR will have a wide reaching impact on most businesses, both large and small, which make use of data within the organisation.

Within the GDPR there are many undefined phrases, such as what counts as “large scale” and what is “new technology” and it is likely that these will only be determined as part of case law i.e. when a company is prosecuted for a suspected breach and their defence (or prosecution) need an accurate description of such terms.

It is likely that things will change as we get closer to implementation. However, you should start your preparation as soon as possible and the ICO has published a useful leaflet called “12 Steps to Take Now” which provides more helpful advice.

Disclaimer

I’m a digital marketer and SEO professional, not a legal practice. As a consequence, this should be used as a guide to the GDPR and legal support sought to ensure that your business is in compliance.

Glossary of Data Protection and GDPR Terms

  • Consent – Permission to collect, store and use personal data
  • Data Controller – A person, or persons, determined the purposes for which, and the manner in which any personal data are, or are to be, processed
  • Data Portability – The ability to move data from organisation to organisation, or across nation states
  • DPA – Data Protection Act, the regulations that the GDPR replaces
  • Data Processor – Any person who processes data on behalf of the data controller
  • Data Protection Officer – Person responsible for the oversight of organisational data protection strategy and implementation to ensure compliance with the GDPR
  • Data subject – The person to whom a data set relates (you and I)
  • GDPR – General Data Protection Regulations. The name given to the new regulations relating to the way we collect, store, use and destroy data
  • ICO – Information Commissioner’s Office – body responsible for upholding GDPR
  • Personal Data – anything clearly seen as personal, including name, address, phone number but also including IP addresses, cookie identifiers and UDID (Unique device Identifiers). Expressions of opinion about an individual also count as personal data so you need to be careful what you say about colleagues or clients in emails
  • Right to be Forgotten – The right to request the complete deletion of all personal data.
  • Subject Access Request – A request that an individual can make to find out the data that an organisation has relating to them.

And if you are struggling with your GDPR then give me a call on 01793 238020 or email andy@enterprise-oms.co.uk and I’ll do everything I can do to help.

How much did your last cup of coffee cost?

Cybercrime is everywhere these days, in 2016 the cost to the UK was over £1bn with more than 5.5m cyber offences taking place in the UK every year. That’s almost 50% of ALL UK crime.

Cup of coffee and coffee beansThere’s lots of advice on passwords, I regularly write about them, and other security measures that you can take but did you know that even a trip to your favourite coffee shop could end up being far more expensive than the price you pay for your Triple Grande Decaf Soy Latte Macchiato and blueberry muffin.

Imagine the scene, you’re between meetings and decide to drop into your favourite coffee shop for a cup of coffee, a cake and to tap into their Wi-Fi to read your emails, refresh your knowledge in time for your next meeting or simply to surf the web.

Spoof Wi-Fi Hotspot


Sign fro free wifi hotspot
When you sit down and try to log-on to the Wi-Fi there’s frequently a selection of hot-spots to choose from. How do you know which is the free service provided by the venue and which is a spoof.

It’s very easy to set up a Wi-Fi hot-spot using a mobile phone, Mi-Fi type of device or laptop and allow other users to connect through this free connection. This means that all of the traffic can then be intercepted by the person providing the spoof account. What sort of important information is passed from your laptop through this connection? It could be your details to access your online banking, the log-in to your company network or the necessary information required to access your corporate email account.

Time for a comfort break

Laptop and cup of coffeeThen the urge hits, you look around and see that everybody seems respectable enough so you head off to the toilet thinking that your laptop is safe on the table. After all, nobody would nick in sight of all those customers, staff and CCTV cameras would they?

You’d be wrong. Laptop tracking service provider, Prey, found that areas offering free Wi-Fi were the second most common target for  opportunistic laptop thefts, the only riskier place being left in a visible place in your car.

If stolen, it’s not only the inconvenience of replacing the laptop, reinstalling your applications and copying back your data [you do back-up your data don’t you?] it’s the additional costs that aren’t covered by your insurance.

The Ponemon Institute, a US cyber crime consultancy, put the real cost of the loss of a laptop and it’s data at nearly £31,000. This was broken down into £4,000 for the loss of Intellectual Property, forensics and legal bills adding around £1,500 with a staggering £24,500 attributable to the loss of income, customers and competitive advantage associated with a data breach

So, the next time you stop off for a cup of coffee and decide to log-on using their free Wi-Fi, just make sure you know which network that you’re connecting to and that you don’t leave your laptop unattended.

And if you want to talk about your cyber security, just give me a call on 01793 238020 or drop an email to andy@enterprise-oms.co.uk

Why worry about Accreditations?

I do a lot of work for an IT support company in Bristol – Bristol IT Company – and at the bottom of their website is a list of badges, icons and logos, there’s a couple of ISO related ones and the rest come from well known (and less well known) brands in the IT sector but why are they there and why should you be concerned?

Bristol IT Company accreditationsWell, ISO’s easy, it’s a way of demonstrating a certain credibility by being assessed every year to ensure that we remain up to scratch. A lot of businesses have ISO9001. This is a quality management certification that demonstrates commitment to consistently provide products and services that meet the needs ofclients. ISO27001 is an information security standard that demonstrates commitment to information security, both their own and that of clients.

The other accreditations come from manufacturers such as Cisco, Microsoft, Dell, Aruba, Cyberoam, VMWare and Veeam and demonstrate that the Bristol IT Company has the necessary skills to not only supply their equipment but to ensure that it is properly installed, configured and supported.

Why is this important

Let’s take a look at the security of your network – Bristol IT Company have 2 vendors that are accredited with in this area, Cisco and Sophos. You can buy some Cisco & Sophos equipment on Amazon at competitive prices, have it delivered pretty much the next day and get it up and running very quickly. This might make you feel secure, after all Cisco are a market leader in networking and security – right?

Is this the right way to do things?

Probably not! Even assuming that you order the most appropriate device for your needs, installing equipment using the default settings could cause you a whole heap of pain.

Most hackers worth their salt know, and understand, these default settings making it really easy for them to penetrate your business’ network. It’s almost like advertising that you’ve installed the best locks in the world but have left a key under the doormat.

Not only that but the default settings are a one-size-fits-all option that are unlikely to be best suited to the way your business works and could actually slow your network, and internet connectivity, down if left untouched.

You could probably find hundreds of internet forums where people discuss the settings but which ones are the best for your particular needs? Which ones speed things up without compromising security and which ones increase security without compromising speed and which ones are actually posted by hackers looking to lure you into making your network even more insecure?

Accreditation

That,s where accreditation comes into play. By buying your equipment from an accredited supplier, Bristol IT Company will advise you on the correct product that most closely matches your existing and future needs, possibly saving you money – certainly saving you pain.

They then ensure that your network is made as secure as possible by changing default settings to something much more secure and applying their training, experience and skill to ensure that your network is as secure as it can be by optimising the set-up and performance of your kit.

Still think accreditation’s just an icon on a website? Well, give me a call on 01793 238020 or email andy@enterprise-oms.co.uk to find out that there’s much more to it than a pretty picture

When “Now” is too late

Last week saw an underground fire in Holborn, London, lead to the cancellation of a number of West End shows, costing theatres thousands in lost revenue.

More than 1,900 homes and businesses were left without electricity when the power had to be cut for safety reasons, directly affecting around 5,000 people who were forced out of their homes and offices whilst the underground fire was brought under control.

A small number of larger businesses were able to continue functioning because they had suitable contingency plans in place to cover precisely this type of eventuality. These were the ones that had back-up generators to ensure a continuity of electricity supply which enabled them to continue their activities whilst all around ground to a halt.

A small explosionSo what provisions have you made for business continuity in the event of an incident that leads to you having to vacate your offices?

Remember, this fire, although disruptive, was not classed as a “major” incident and similar issues could happen almost anywhere, at any time. Would your business cope, could it survive should you have to be evacuated, without warning.

What would be the impact on your business if you couldn’t access your office for hours, days or even weeks?

How do you manage the data and documents that are critical to the survival of your business?

Would your business be able to move seamlessly to a different location, would your key staff be able to work from home or elsewhere?

How do you manage and store the documents that are essential to the running of your business? Are they stored on your laptop/PC, on a server, back-up, in the cloud or a USB stick?

Are your clients and business contacts in a Customer Relationship Management application, on a spreadsheet, on your phone or in your head?

How about your financial records, are they saved in Excel or a dedicated software application?

Bits and BytesThere are many ways to store and manage your essential data, you just have to be sure that you can access the business critical information from a location away from your office.

Companies most reliant on data may have back-up locations, complete with computers and data connectivity that they can move key personnel to, ensuring that service and continuity continues with the shortest of interruptions.

Smaller businesses might have file servers storing their data attached to their network with back-up devices regularly creating copies with the back-ups being taken off-site.

Micro-businesses and sole traders could make effective use external hard-drives, whether attached by USB or shared on a network, automatically cloned to one of the numerous, and inexpensive, cloud data services.

Remember, it’s too late to do anything about business resilience once an incident has started so give me a call for a free chat – 01793 238020 or send an email to andy@enterprise-oms.co.uk.