4 Trends that are Affecting Business Planning and Investment in Websites Trend #1: Security

Small businesses are realizing that hackers aren’t snobs about who they attack.

They just want in.

And they’ve learned that small- to medium-sized businesses are easier prey. Easier because of the dangerous delusion that no cybercriminal would try to hack, say, The Kupcake Korner when they could be hacking Pillsbury and its vast, flour-begotten fortune.

Wrong. If you are a business, you are a target. (Not THE Target, retail giant—just “a” target.) The numbers are sobering, so hang on to them for the next time you’ve overindulged:

  • 43% of site attacks are aimed at small businesses
  • 46% of hacked sites had updated WordPress versions
  • Last year, the number of data breaches jumped 44.7%
  • 90% of today’s attacks are automated, seeking the low-hanging fruit
Small Business Trends.com 2017, SecurityWeek.com March 2018,
Sucuri November 2018, Identity Theft Resource Center January 2017,

HTTPS is not really very secure.

HTTPS (Hyper Text Transfer Protocol Secure) is a must. It is also but one arrow in a quiver that should hold many, many arrows. All the “S” does is capture the user’s data from the user’s browser. It does not protect your site from hack attacks.

“The majority of high-profile hacks and data breaches come as a result of hackers gaining access to these unencrypted databases, so while HTTPS technologies mean our data gets to the databases securely, it isn’t then being stored securely.”

– Dan Taylor for SEMrush, https://www.semrush.com/blog/https-a-modern-false-sense-of-security/

Hackers have so many tricks they need extra sleeves.

Here are just two of the most common hacker tricks. They look for outdated software, for one. They know that it’s a headache to update operating systems and browsers. So they count on your laziness, my laziness, and everybody’s laziness, which is about the surest bet there is. Another trick: they try and think of the stupidest password they can—it doesn’t take long—and then just see what happens. “Hey! Look! This guy used 12345!”

Don’t worry. Wait. Okay, go ahead and worry.

But you can worry less if you take precautions (and you take them seriously).

  • Create an emergency plan that will be there when your site gets hacked. Even if you follow all the advice here, and everywhere else, there is never a way to guarantee security.
  • Your site’s back end—the software in the background that does the heavy lifting—should be monitored closely and updated regularly. Actively manage access. (For example, when an employee leaves, change access privileges accordingly.)
  • Make everybody use complex passwords—and make them change the complex passwords to new complex passwords regularly.
  • Remove form auto-fill. If a user’s access information gets stolen—say, by the theft of the smart phone—auto-fill is like an engraved invitation to enter your site.
  • Include ongoing site management and updates in your planning and budgeting.

Work with a partner that specializes in site maintenance and security. It takes the nagging task off your plate so you can focus on your own stuff. There are companies that do this kind of thing and they—okay, we—would be happy to tell you about it.

4 Trends that are Affecting Business Planning and Investment in Websites

Businesses are waking up to the costs of leaving their websites untended—and the returns they reap when they budget for regular SEO and content updates.

The days when you could put a site in place, do some SEO so you’ll show up in a search, and then let it coast, are extinct. This is the first of five articles about website management trends for 2019. In this article, we’ll paint in broad strokes, and in following articles we’ll address each of four identified trends in more detail.

Four trends are driving change in website management.

  1. Security threats are requiring increased surveillance and protection.
    According to Small Business Trends, the average business website is cyber-attacked 44 times a day. That’s over 16,000 attacks annually! The bad guys are a determined bunch, so site owners must be vigilant. Small to medium businesses are prime targets because their security practices are often weak or nonexistent. It’s not enough to keep your WordPress site up to date with the latest core updates. Plugins and themes must be updated as well. All businesses should have a comprehensive security program in place that includes prevention and a plan for what you’ll do when your site is breached. By the way, when was the last time you changed your site admin password? Yeah, that’s what we thought. You’re not alone, so don’t feel too bad. Just do it now. We’ll wait.
  2. Site complexity is far greater than it used to be.
    Website designers and developers have excelled at building sites with the customer in mind, which is great for building leads and sales. It also means customers are getting quite accustomed to sites that are a breeze to click through. They just think that’s the way sites are supposed to be. And of course, they’re absolutely right. (As customers are known to be.) Users expect easy access to accounts, tools to use, videos to view, etc. All of those features need ongoing maintenance, testing and updating. Just like a brick and mortar store, you’ve got to take care of it or it will start breaking down.
  3. Rapidly evolving SEO is more sophisticated and competitive.
    Ahh, the good old days when a keyword was just that—a word you could put on the page and wait for the crawlers to discover it. Presto, SEO accomplished. Now keywords can be key phrases, and search algorithms have grown way, way smarter. The spiders want to see fresh, expert content. They want to see mobile UX design that’s as appealing as the desktop design. They want tasty snippets for SERPs (search engine page results.) They crave local search features. The battle for good page rank is fierce and it is going to escalate. Many companies are investing in paid search (those ads you see at the top or the side of a search page) just to get to the head of the line.
  4. Competitive spend is increasing.
    Gartner reports that marketing technology is the “single largest area of investment when it comes to marketing resources and programs.” Companies are dedicating more investment in digital marketing and increasing website spend either through the IT budget or the marketing budget, or both. Websites are normally the core of digital marketing efforts, so it’s important to keep them up to date with fresh content and regular back-end updates. Marketing digital spend was 44% of the marketing budget in 2018 and is projected to rise to 54% within the next five years. https://cmosurvey.org/ To state the obvious: when your competitors are devoting themselves to enhancing their sites, there’s only so much time before untended sites lose ground.

How Should Your Business Respond?

If your company is allowing its website to stand still without ongoing management, your brand and your business will be sliding backwards. Customers will move on to competitor sites with easier service and fresher content. Smart businesses are dedicating a portion of their planning and budgeting to make sure their sites deliver against strategic goals.

  • Commit to a strategic digital marketing plan as part of your overall marketing efforts. Include planning for site maintenance, SEO, content marketing, PPC and social media. Keep in mind that the first three of these items are the bedrock of all digital activity.
  • Make sure your site’s back end – the functioning guts and brains – are regularly maintained and updated. This ensures the user experience is at its best and helps prevent hacks.
  • Conduct monthly and quarterly analytics – based on specific goals and KPIs – to spot potential problems and capitalize on strengths. Let the data tell you what is going on, not anecdotal opinion.

To summarize, websites are a working resource that build brands and business. They should be managed like any asset to garner maximum ROI.

Want to learn how to kick a lazy website into peak condition? Let’s talk.

What is video hosting, and why should I use it?

Video is a necessary power tool for digital marketers.

Inclusion of videos on business sites is huge and expected to grow. A good video can give users helpful information, how-to demonstrations, and other content that is proven to drive conversions.

  • Video on a landing page can increase conversions by 80% or more.
  • The average CVR (Conversion Ratio, a measurement of the effectiveness) for websites using video is 4.8%, compared to 2.9% for those that don’t use video.
  • Blog posts incorporating video attract 3x as many inbound links as blog posts without video.
  • The average user spends 88% more time on a website with video.
  • Video drives a 157% increase in organic traffic from SERPs. (Search Engine Results Pages)
  • A landing page with a video is 53% more likely to show up on page 1 of the SERP.


There are basically two ways to manage your video content—the easy, effective way and the hard, painful way. Let’s look at the hard, painful way first—uploading your video directly to your website. Content management systems such as WordPress include a tool for doing this. Sounds good, right? Except—a lot has to happen before a visitor can actually view the video.


If you have ever clicked on a video and waited…and waited…and waited to view it, only to have it stop every few seconds, you know what a bad video experience is like. Videos are large files, and even though content management systems like WordPress have tools that let you upload videos directly to your site, your hosting provider likely does not allocate enough bandwidth for it to play quickly and smoothly.

To make things worse, different browsers require different file types. IE and Safari play one type, Firefox another. Chrome plays all the major formats—but do you want to eliminate prospects that aren’t using Chrome? You need not one, but two or three versions of your video to meet all file type requirements. Unless you have a dedicated server, you are almost certain to run into bandwidth problems. And even a dedicated server will not ensure a good viewing experience if there is a lot of viewing traffic.


Each viewing request has to be converted to the appropriate viewing experience. For a laptop with high speed internet and HD-quality viewing, you need a file of HD quality (yep, huge), versus a smaller, lower resolution version for mobile devices and users with slower connections. If you have lost count, we’re talking about needing anywhere from 4 to 6 versions of your video.

Even with all of that work, it’s common to run into quality issues where one browser plays the video file perfectly, while another one makes it look like a home movie from the pre-smartphone days. Not entertaining. I could go on, but if you’ve made it this far, you deserve a break.


Enter the easy way. To solve these cumbersome technical challenges, video hosting services are there to save our sanity and ensure our customers can view quality videos with minimal delay. They take care of the large files and they automatically determine the best version for each viewer, based on their device, internet speed and browser. They deploy networks of servers especially designed to serve the gargantuan demands for video viewing from users around the world. With this approach, bandwidth – and waiting – are not an issue.

There are a number of good video hosting companies. We have found Wistia to be the best option for our clients; the service is excellent and the price is reasonable. Other fine options include Vimeo, Vimeo Pro, Brightcove—and oh yeah, that little host called YouTube.

Free hosting vs. paid hosting.
If your budget is tight, YouTube is a good way to go. It’s free and it provides some basic analytics. However, marketers quickly discover the advantages of paid services—including richer analytics and features, no ads, and integration into automation platforms like Marketo and Pardot. It’s best to take a look at the features of each and determine what will work best for you. Here’s a good overview to help you decide.


Video is an important medium to connect with your customers. Using a video hosting resource will help you deliver a user experience that builds your brand and accelerates conversions. Plus, you’ll have access to features such as valuable analytics, customer support, no ads, and interactive elements that can be added in, like a call to action or email signup.

If you’d like more advice on using video as part of your digital marketing, let’s talk.

Happy Birthday Google!

Google turns 20.

In two brief decades, it built the second most powerful brand in the world, behind Apple.
It transformed a misspelled math term into a verb – just google to find the correct spelling. Thankfully, founders Sergey Brin and Larry Page dropped the original name, which was BackRub. “Hey, did you BackRub that new intern?” would surely raise eyebrows in every HR department across the land.

Every second, 40,000+ searches happen on Google.
Watch the counter here to make your eyes spin. That translates to over 3.5 billion searches per day, or 1.2 trillion per year. I can’t really grasp how much a billion is, much less a trillion, but Google directed me to a guy named Herb on YouTube who provided a visual of himself standing on top of a trillion dollars in Lambeau Field, and it’s impressive. In the US, Google generates 63% of all core search queries, but over 93% of all mobile search. At the time of this writing, one share of Google is worth $1,175.18.

So, what are some of the most googled searches?
Google Trends shared the top searches since 2004 and here are a some of the categories. Try answering these without looking at the answers below* – and no googling!

  1. Number 1 “How to…” question. (Hint, it is not “How to lose weight?”, that’s number 2.)
  2. The top searched “What is…” question
  3. The number 1 “Why is…” question
  4. The most searched Best Picture film
  5. The top searched flight destination in the US (this one may surprise you)

Google upended marketing.

They didn’t do it alone of course.
The powerful Google search engine changed the marketing world from a push environment to a pull one, where customers dictate when, where and how they will engage with businesses.

SEO strategy and execution is a critical marketing function, driven by Google’s relentless push to improve the search experience.
According to Search Engine Land, 77.8% of US search ad revenue went to Google in 2017. Digital marketers pay anywhere from under a dollar to $50 or more for a click, with the average cost per click across all industries at $2.69. Smart phones, dominated by Android/Google, ushered in a new emphasis on location-based SEO. According to HubSpot, local search leads 50% of mobile users to visit stores within one day, and to repeat, Google drives 93% of all mobile search traffic (some sources say 96%, but what’s a few points when you’re that strong?)

The next developing search trend that marketers will need to prepare for is voice search.
Google regards speech recognition as core to the future of search. The “OK Google” app is much easier to use than thumb-entering a search phrase, and online retail sales via home assistants like Amazon’s Alexa and Google Home are projected to grow from $2 billion to $40 billion by 2022, according to USA Today. Though it’s just getting momentum, it’s already been observed that voice search may be used in different context than keyboard search, and the differences will be important for marketers to understand.

Today, the Google organization is way more than a search engine and an ad revenue machine.
The Google brand lives under the Alphabet umbrella, which houses a smorgasbord of technology companies ranging from life sciences to driverless cars and robotics. With 20 years of disruptive innovation behind it, there’s sure to be more that will keep marketers on their toes. To that we say, “Happy birthday Google, and keep it coming!”

*Answers to questions above:

  1. How to tie a tie?
  2. What time is it?
  3. Why is the sky blue?
  4. Titanic
  5. Japan

Wondering how to use the power of SEO and Google advertising to grow your business?
We have solutions. Let’s talk.

Why you should care about National Aglet Day.

Aglets are those plastic tips on shoelaces.

You should not care about National Aglet Day.

National Aglet Day doesn’t even exist. But wait: Why not? We have a National Day for cheeseballs, rubber erasers and lumpy rugs. (Fact!) Why are aglets just flat-out ignored? If you’re saying “Because they are not important enough to get their own day,” I would ask you to remove the aglets from one of your shoelaces. Do it right now, please. I’m waiting. Now that you have done that (I trust you), take the lace out of your shoe and try to re-lace it without the aglets. Okay now tell me they don’t deserve a day.

How National Days get designated.

I have no idea how National Days get designated. I’m assuming there is a secure location somewhere in DC—perhaps an underground bunker—where government employees gather to try to think of things that don’t already have a day. (This work gets harder and harder.) Maybe these people used to work in the Postage Stamp Division—but nobody buys stamps anymore and since a worker cannot get fired within the city limits of our nation’s capitol (by law), they get sent over to the National Day Research Bunker (NDRB).

It’s true about the cheeseballs, the rubber erasers and the lumpy rugs.

They have days. America did this. The rest of the world wants to know why.

Yet another thing dividing our country—National Licorice Day.

Why did the NDRB give a day to licorice? Were they “persuaded” by Big Licorice? The thing is, you either love licorice or you hate it. By giving licorice a slot on the calendar, all the NDRB accomplished was to assign an official day for the pro-licorice faction and the anti-licorice faction to swarm into the streets and clobber each other. Consider that National Licorice Day is April 12th, which is also the day the Civil War started. Coincidence? Ha!

You know what doesn’t have its own day? Days.

It would make total sense to have a National Day Day. Think about it: when the nation agreed to designate a National Beaver Day, it was our way of saying dammit, beavers are super-important (probably)! Well, the nation clearly thinks days are super-important, or we wouldn’t have a whole bunker devoted to naming them. So let’s honor the long-disrespected “day“ with its own day. (If you’re not following all this because you’re still thinking about National Beaver Day, it’s the last Friday in February. Now please focus.)

Beaver Day and Groundhog Day are both in February. I mean come on!

Aren’t they the same animal, except beavers build dams? Even if they’re different species, they’re hard to tell apart if you’re too lazy to Google it. The NDRB should spread these things out. It would be like giving June both Popsicle Day and Lollipop Day. You can’t honor two sweet-treats-on-a-stick in the same month!

Does Canada do this? Please say no.

I want to believe that Canada does not have a bunker and it leaves calendar days pretty much alone except for maybe National Mounty Day in spring and National Hockey Day in winter. If Canada is indeed that intelligent, the U.S. should designate a National Canada Day just to honor Canada for being smarter than us—as proven by the fact that the United States was stupid enough to designate a National Canada Day.

Greatest Hits of National Days.

Everybody’s list would be different but mine would certainly include National Caramel Day (April 5) and National Caramel Popcorn Day (April 6). Obviously, sitting in a windowless bunker makes former stamp workers a little giddy. Because after they came up with that “two-caramel-related-days-in-a-row” gag, they hit us with National All is Ours Day—which sounds kind of Zen but also, possibly, a symptom of oxygen deprivation.

I downloaded a list of National Days.

Why? I don’t know. I feel embarrassed about it now. I think I was trying to fill some kind of void—an emptiness inside that nothing can ever really fill. Certainly not a list of National Days. Let’s move on.

Got a product or service that doesn’t have a National Day?

It is unlikely your product does not already have a day. However! If you are one of the rare exceptions, call us. Our digital marketing team is ready and waiting to develop a campaign aimed at swaying the NDRB to your side. We’d start with an A/B email test, followed by a retargeting campaign. Our goal would be to attract your bunker-dwelling target to a landing page optimized to drive conversion. Success would be defined as getting your company’s product on that list of National Days, and into the hearts and minds of calendar users everywhere.

Size does not matter, at least for hackers

Why your business is not “too small to be hacked.”

When many business owners read about huge cyberattacks  like the one that hit Equifax, they’re interested, but not overly worried. They tend to believe that they, themselves aren’t at risk for a similar breach, because their business isn’t “big enough” to attract the attention of a would-be hacker. Unfortunately, the nature of today’s cybercrime means that each and every business is at risk, regardless of size—and in fact, small businesses are much more highly targeted than large ones. Here’s why.

Real hackers don’t wear hoodies

Countless movies and TV shows have popularized the image of the lone, hoodied hacker, bent over his keyboard as neon numbers flash over his head while he carries out his nefarious work. While this image works great for creating a sense of drama, it obscures the fact that most hacks aren’t performed by humans at all. Most cyberattacks are carried out by robots which attack thousands of sites at the same time, otherwise known as a “brute force” attack. These bots don’t really discern between big sites and small ones—they simply throw everything at the wall and see what sticks. As long as your business is in their firing range, you’re a target—no matter what assets you have.

Small businesses are targeted more than large ones

Of course, there are humans at the helm of every cyberattack, and they do make decisions about the general areas they’d like to target. While most people might think that hackers go after the big money—huge credit bureaus, law firms, and accounting firms bristling with super-sensitive data—they are actually far more likely to target small businesses. In 2017, for instance, over 70% of cyberattacks targeted businesses making $60,000 a year or less.

Why? It’s simple—small businesses are easy money. Small businesses are much less likely to set up security software, delete unused admin accounts, and make regular website updates that can minimize their risk of a breach. They’re also far less likely to have audit logs and other data needed to identify the culprit after the fact—meaning someone attacking a small business is far less likely to get caught and punished.

Think of it like a thief trying to decide which neighborhood to rob. Sure, the big, fancy neighborhoods contain more valuable stuff—but they also have fences, high-tech security systems, and private security patrols. The smaller neighborhoods are likely to have much less barriers to entry, and their TVs are just as nice.

The bottom line: Protect yourself from cyberattacks

The biggest reason small businesses are easier to hack than large ones? They don’t see it coming. Ironically, since small businesses tend to discount themselves as targets, they never take the security precautions that bigger companies do—and thus ensure that they will be targeted at some point.

But lest we sound too doom-and-gloom, there’s a bright side to all this, which is: the vast majority of cyberattacks aren’t very sophisticated. They’re sent out to locate outdated, unprotected websites, and they only succeed because that’s what they find. A few small, simple precautions, like preventative website maintenance, are usually enough to prevent the vast majority of issues.

GDPR Compliance Is Mandatory For All Websites: Are You Prepared?

The GDPR has been implemented for a month. Here’s what’s changed.

The Internet would like to apologize for all the scary-sounding warnings you received over the last month or two. You know the ones we’re talking about. There’s something saying “Our privacy policy has changed” and there’s something else about yadda yadda yadda. Also: the initials GDPR appear, and that sounds like a vast, invisible criminal organization in a 007 movie. You are asked to click a button that says something like “Got it”—but you’re worried that maybe you just agreed to something you’ll regret later.

But the GDPR is not malevolent. It stands for General Data Protection Regulation. The regulation presents a massive overhaul in the way companies process and protect user data, and is set to force sweeping changes in every industry from technology to advertising.

It forces organizations to report data breaches. And they can’t drag their feet about it.

Over the past decade, we’ve seen incidents—such as the Equifax hack—where companies either failed to report a data breach, or took months to do so. (It took Equifax over two months to report its security breach to its clients and investors.)

The GDPR requires organizations to directly notify users when user data is lost or stolen. And they can’t bury it in a press release, on their website, or in a social media post—under the new regulations, companies must directly report breaches to users. Breach notices have to be specific, too, laying out the extent of the hack, the potential consequences, and what’s being done to minimize the damage.

It gets rid of legalese in privacy policies—and requires explicit consent

Back in 2008, one notable study found that if a user were to read every privacy policy he encountered in a year, he’d need to take a month off work—about 244 hours—just to do it. And he’d need a PhD in Linguistics to understand what he was reading; most privacy policies were so cluttered with tech jargon and legalese, they were basically illegible.

The GDPR requires companies to list how they’ll use consumer data in “an intelligible and easily accessible form, using clear and plain language.” In terms of describing what constitutes clear and plan language, it doesn’t get more specific than that; presumably, this is an intentional decision that will give legal teams more flexibility in the future.

Companies must also ask users to give active, explicit consent to having their data collected, rather than what the GDPR calls “passive acceptance”—a pre-ticked box prefaced by 20 pages of jargon. That consent can be revoked at any time, for any reason.

It requires companies to hold someone accountable

All too often, when a company suffers a data breach, it will try to dodge blame by passing the buck around the organization, arguing over who was responsible. Now, the GDPR requires most large companies to appoint a specific Data Protection Officer whose job is to ensure compliance.

Only companies which perform large-scale behavior tracking, process massive amounts of data, or constitute a public authority will be required to have a Data Protection Officer. However, companies which don’t meet the aforementioned requirements aren’t off the hook; they are defined under the GDPR as “data controllers”, and the third parties they hire are “data processors.” Controllers are responsible for ensuring their data processors are compliant; processors are responsible for reporting breaches immediately; and both parties can be held accountable.

It gives law enforcement sharper teeth

So, what happens to companies who aren’t GDPR compliant? Well, for one thing, they’ll be fined—and these fines are no slap on the wrist. The worst offenders can be fined a maximum of 20 million Euros, or 4% of the company’s annual global turnover, whichever is larger. For some companies, that could mean billions.

If you’re reading this in the U.S., you might be wondering, “Can the EU really enforce a fine on a company in another country?” Put simply, yes. The EU is legally justified under international law to enforce its regulations, and it is likely that U.S. authorities will help it do so.  Since breaches usually don’t have geographical boundaries, the EU and US have a strong relationship when it comes to cybersecurity.

What does the GDPR mean for me?

On the surface, the GDPR is—let’s face it—a bunch of boring-sounding letters. But underneath all the stone-faced legalities is something truly revolutionary: a law created by a foreign government that ended up protecting the entire world.