Nick Wilsdon

Digital strategist and consultant. Founder at E3 Business Incubator, a consultancy network helping enterprises and start-ups. Extensive experience across digital channels, with specialist knowledge of SEO, content marketing and paid distribution.

Three Easy Steps To Protect Your Online Identity

Top 10 BreachesIt’s a familiar news story these days – yet another major website is compromised and thousands of user account details are leaked online.

Now there is a website to help you discover if your details have been taken in this way. HaveIBeenPwned.com has been launched by Troy Hunt, a Microsoft Most Valuable Professional awardee for Developer Security and international speaker on web security.

Insert your email address on the website to find out if your details have been leaked, in the original attack or subsequently in one of the many occasions these details are shared online.

Now if you find your account has been compromised, don’t panic. The first course of action is to change that password, not just on the hacked website but on any any other website where that password is used.

This is the problem with online passwords. Because they are hard to remember we have a tendency to use the same password more than once. Hackers know this, so once they have your email and password combination they will use this on other popular websites. If they’re really lucky, you used this combination for your email account. At which point they can simply request passwords to be resent to them, or even impersonate you directly.

Scary stuff, but there are easy steps which you can take to protect yourself and limit the damage from these website attacks.

Step 1: Set Up Email Alerts

On the haveibeenpwned.com website, click in the Notify Me option in the menu. Troy has kindly set up free email alerts to let you know if your account has been compromised. Feel free to buy him a morning latte on the donation page, he deserves it.

Step 2: Learn to use a password keeper

If we used a unique password for every website, these kind of data leaks would not be such an issue. This would be impossible for us to remember but help is at hand, in the form of password keepers.

These tools keep all your passwords in one place, and you only have to remember the access login to the tool. lastpass-logoI would recommend Keepass (hosted on your computer) or LastPass (hosted online), depending on your preferences.

If you host the password keeper tool on your own computer, then save the password database in DropBox, Google Drive or similar file back-up service. You can then access either system through any internet connected device – including your mobile.

Step 3: Protect your email at all costs

Special protection should be considered for your email account, as this is the nexus point for your online security. Once your email has been breached then other passwords can be requested.

Many online email providers, such as Gmail, are now offering two-factor authentication (2FA) protection. Once set up, the system will request a code sent by SMS to your phone, in addition to your password. You can set this system up in Gmail by following this guide.

For bonus points you might want to look at using a security key, such as those sold by Yubico. These are physical USB devices that will authenticate access to your password keeper. As of October Google has allowed these devices to be used on their accounts,

Multiple keys can be bought, so you have a backup but it is worth reading Brian Proffitt’s article on what to do if you loose your 2FA device.

Hopefully this article has set you on the path to better online security. This is one area where is pays to be proactive, so make this a weekend project to protect yourself and your clients. If you have any questions, then please let me know below.

How Free SSL Certificates Will Change the Internet

The Electronic Frontier Foundation has rocked the world of SSL vendors by announcing the release of their own free SSL certificate in 2015. This 5-minute briefing gives you the background on this news and what issues should be considered in the new, secure internet.

Who is behind this free SSL movement?

encrypt-2The Electronic Frontier Foundation (EFF) in partnership with Mozilla, Cisco, Akamai, IdenTrust and the University of Michigan have formed a new certificate authority (CA) initiative called Let’s Encrypt. Their aim is to clear the roadblocks to transition the Web from HTTP to HTTPS.

An SSL certificate is needed when changing your website from the standard HTTP to the more secure HTTPs. This is commonly represented by a closed padlock in the browser address bar.

Why is HTTPS becoming more important?

Data privacy is a lively topic at the moment, with stories of large-scale hacking attempts making the news. Our lives are moving online but security is still a major problem. This risk has grown as people increasingly login from public places, such as coffee shops, using shared WiFi. HTTPS makes it much harder for hackers to intercept data, such as passwords or emails.

Leading web companies have recognised the threat and are forcing users to use HTTPS to access their websites and applications. Google made HTTPS the default for all users late in 2013 and have made this a ranking factor in their search engine.

Will free SSL certificates speed up this transition?

Yes. The price of SSL has plummeted over the years but SSL is only seen as a business priority for e-commerce websites. Eliminating the cost will increase the take-up of certificates and make HTTPS the standard for websites. In addition the Let’s Encrypt initiative are releasing one-click software to help install the certificates, thereby cutting administration costs as well.

This movement may prompt SSL vendors to release their entry level SSL certificates for free. StartCom has already taken this approach, making their class 1 SSL certificates free for non-commercial use. If HTTPS becomes the standard, then ignoring this standard could become a problem both for users and devices that interact with your website.

Won’t free SSL kill off this industry?

Unlikely, SSL vendors have been working hard to enhance their product range in recent years to increase revenue. There is little difference between SSL certificates from a security perspective, so they have started offering increased verification of the registrant to increase product trust. There are now three types of certification available:

  1. Domain Validation (DV) SSL Certificates – verification of the right of the applicant to use their domain name
  2. Organisation Validation (OV) SSL Certificates – checks are run on the domain name and some light vetting of the organisation (i.e. company registration).
  3. Extended Validation (EV) SSL Certificates – the domain name is checked together with a thorough vetting of the organisation’s legal and operational status.

norton-securityVerification can be promoted by the applicant on their website and can be seen by users by clicking site-seals or looking at the certificate information itself.

Top-tier vendors, such as Norton, are bundling insurance products with these enhanced certificates; such as user identify theft protection, purchase protection and even a 30-day lowest price guarantee for shoppers.

By giving away entry-level certificates, SSL vendors would retain and build brand loyalty while promoting the benefits of their premium products.

Should I be thinking of buying a premium SSL?

Yes. SSL certificates are becoming widespread and can even be found on illegal phishing websites. Experts suggest that this kind of activity could damage the perception of SSL security. To combat this, SSL vendors must invest in their brand and how this is conveyed to the public. A study by the Baymard Institute in 2013 agreed, indicating brand awareness is key to consumer confidence. While the free Let’s Encrypt initiate could gain traction, they are unlikely to have the marketing power of the top-tier vendors.

site-seal-trust-04-chart-full-size-5f84c246a04c0e4249214588e9070daa

So brand awareness is everything?

“Performance should also be considered”, says Richard Howard, Architect on the Global Channels Optimisation Team at Vodafone. “Every time an SSL connection is made, a cryptographic handshake is required with the certificate authority (CA). This issue is compounded by the number of 3rd party tags on your page, each requiring their own SSL handshake.”

Indeed, CAs have a wide range of response times with some adding several seconds to the page load time on an enterprise website.

ca-response-time

With Google now rewarding website speed in their ranking algorithm and the rise of mobile internet, performance is an important factor.

Ok, so anything else I need to consider?

Changing a website from HTTP to HTTPS can cause issues for your development team. The most common issue results from having an image, CSS, JS, or other similar file loaded as part of a secure webpage without using an SSL connection (i.e. with a HTTP connection). This causes browser warnings, for example Internet Explorer 8 has a “Security Warning” dialog box that says:

ie-security-warningDo you want to view only the webpage content that was delivered securely? This webpage contains content that will not be delivered using a secure HTTPS connection, which could compromise the security of the entire webpage.

This kind of message can lead to a dramatic rise in your user bounce-rate. It is essential that once your website uses HTTPS, that every page is checked for errors.

The transition to HTTPS will herald a new, more secure internet but this move must be carefully considered, especially with the potential impact on performance. If sensibly done, there are opportunities to increase organic rankings and audience conversion. I’d love to hear your thoughts on this evolution.

Google Launches New Google Partners with Free Exams

Google Partner LogoFrom September 30th Google will replace the Google Certification Program, introduced in 2010 with a new Google Partners program. Partners will include improvements that make it more meaningful for agencies to get certified in Google advertising solutions like Adwords. According to the email Google have just sent me, the key points are:

How this will affect certified professionals

  • Beginning September 30, 2013, access to your GCP account will be read-only.
  • You’ll need a Google Partners account to take exams and get certified.
  • Taking exams and getting certified will be free. (Currently $50 USD per exam).
  • Your GCP exam history and AdWords certification status will transfer to Partners when you join using the same Google account.
  • Certifications earned through GCP will remain valid through the expiration date.

How this will affect Google Certified Partner companies

  • Beginning September 30, 2013, a Google Partners account will be required to manage your company’s profile on Google Partner Search. You’ll be able to manage both your individual certifications and company profile using the same Partners account.
  • Certified Partner companies will remain listed on Google Partner Search until November 13, 2013.
  • To continue being listed on Google Partner Search after November 13, a company must qualify for the new Google Partner badge.
  • Current Certified Partners will not automatically qualify for the new Partner badge.
  • Use of the old ‘AdWords Certified Partner’ badge for promotional or other purposes won’t be permitted after November 13.

So apart from some re-branding, little seems to have changed with the eligibility criteria. Partners are still required to have a minimum spend of $10k in at least 60 of the last 90 days and one qualified individual to maintain their listing. I agreed with Brad, when he suggested that it would have been good to provide some differentiation between agency tiers. No sign of that with this change.

The update making the headlines will be Google dropping the $50 exam fee for individual qualification. There’s no reason now why clients can’t demand certification from the professionals working on their accounts, let alone at agency level. Anything that makes the online industry more professional is a good thing.

Other interest will be around Google’s new partner search section, which will provide free advertising for agencies, with an enhanced listings page. At time of writing, only are only 5 UK agencies listed there; iCrossing, Marin Software, eSearchVision The Search Agency and Forward3D. United States only lists Marin Software, Finch UK, ROI Revolution Inc. and iProspect.

google-partner-search

Planning Blog Posts with the New Google Analytics App

Top marks to the Google Analytics team on their recent update to the GA Android App. The interface has been completely reworked and they have substantially increased the data available. One of my favourite features is the Content widget showing page view frequency by day/hour.

GA-page-views-by-hourThere have been many studies on the best day/time to publish material across social networks, and common sense would suggest mid-week content releases are more likely to be read.

Looking at my data over at three month period (screenshot on the right), the smart move would be to push out blog posts on a Tuesday and Thursday before lunchtime. Admittedly you could be causing these results by publishing regularly on these times, however my posting has been anything but regular so I’m inclined to believe these represent the peak times for my traffic.

Have a look at your own data and find the patterns, it’s a good insight to share with client teams when putting together your content calendars. If you are using WordPress, I’d recommend using the Editorial Calendar plugin, so you can easily pre-plan releases and adopt an optimised publishing schedule.

Places Available For Free SEO Seminar 6th June in London

arenamedia-logoArena Media/Havas will be running a free SEO Seminar on 6th June in London, at the Soho Hotel entitled, “How SEO Can Fuel And Be Fueled By All Your Other Marketing Activities“. I’ll be speaking along with Ian Bowden (Arena Media), Kevin Thiele (SearchMetrics) and Richard Bettinson (Three).

There are a couple of places left, so if you are in London on the 6th and want to come long, RSVP Helen.Critcher@ArenaMedia.com for an invitation. Click the invitation image below for more details (or click here).

Agenda

seo-seminar-invite
8:45 Registration and coffee

9:35 Ian Bowden, SEO Director Arena Media, “Enterprise Level SEO Measurement

10:00 Kevin Thiele, Client Director SearchMetrics, “The Role of Big Data Tools in SEO

10:30 Richard Bettinson, Three Mobile, “Unlocking the Potential of SEO – How Organic Search Became A Lead Digital Channel at Three

11:00 Nick Wilsdon, Head of SEO & Content Marketing Arena Media, “How to Future Proof Your Performance with SEO Content Marketing“.

11:25 Panel Discussion

12:00 Event Over