Archive for 2019

What Business Owners Need to Know About California’s New Privacy Law

Posted by

Remember what a mad scramble it was with General Data Protection Regulation (GDPR) in 2018? Now, a new set of privacy regulations is going into effect on January 1, with major implications for U.S.-based businesses.

California’s new Privacy Protection Act imposes strong financial penalties for any company that doesn’t meet its requirements, whether or not the business operates in California. If any California resident comes to your website and you meet any one of these requirements, you need to be compliant:

1. Annual gross revenue is more than $25 million
2. Your organization receives, shares or sells the information of more than 50,000 individuals
3. Your company makes more than 50% of its revenue from selling personal information of California residents

For your website to be compliant, you will need to update your privacy policy to include details about the specific information you’ve collected, sold, or disclosed since January 1, 2019. Also, you will need to include your reasons for collecting the data and methods. If you don’t already have a privacy policy in place, there are a number of tools available to help quickly generate a policy with appropriate CCPA disclosures.

In addition to including a link to your privacy policy in the footer of your website, you must also include an opt-out-of-data-collection option on every page of your site. If your site is built in WordPress, there are plugins available that can automatically add these opt-out buttons to your site for you.

Finally, you must also provide a way for site visitors to request a copy of their information, and for them to request that it be deleted. While it is easy to add a contact form on your site, for most companies, this last step is the biggest challenge. Most big businesses don’t know the amount of data they have or all the locations they are stored since different departments typically don’t use the same data collecting systems. Updating your processes or adapting new data solutions can be time consuming and potentially expensive if you have to adopt new systems. But it will be far less expensive than the newly implemented fines of up to $7,500 per person you collect data on.

Types of information included under California Consumer Privacy Act (CCPA):
Name, alias, email address, phone number, address, driver’s license number, social security number, passport number, unique online identifier, customer ID numbers, IP address, browsing history, search history, website navigation, sales history, geolocation data, consumer profiles, psychological profiles, behaviors, or any other data inferred from any combination of these items.

If you fall into these categories and run Google Ads, you need to make some changes to your settings to turn on Google’s restricted data processing setting. Google has already enabled this for all websites in Google Analytics to be compliant.

If you want to really err on the side of caution and reduce or minimize the amount of data Google Analytics collects, you can also make adjustments to your Google Analytics settings to disable data collection all together and anonymize IP addresses.

Not convinced that you need to bring your business into compliance? More than 20 other states are advancing similar privacy legislation, with many of them based around the CCPA.

Contact us today for help updating your site to address these new and emerging privacy laws.

The Security Measures Every Small Business Should Take to Protect Their Website in 2019

Posted by

At Robot Creative, we’ve been doing small business websites, marketing and branding for 22 years. We’ve seen the evolution of security for small business (SMB) websites from the very early days of the Internet, including a rise in hacked SMB websites which we have had to help recover and lock down. Small businesses do not have access to the same staffing and financial resources that a large corporation does. There is no CTO or CISO, and they probably can’t afford security tools (and wouldn’t know what to do with them in any case). But the good news is, SMBs usually have very simple website security requirements.

Unlike large corporations, small businesses are rarely hand-picked to be attacked by hackers with creative and relentless methods. Rather, they are subjected to automated attacks, and those are relatively easy to protect against using a few straightforward guidelines and tools.

Content Management Systems Come With Security Risks

One of the most vulnerable aspects of a website is the content management system (CMS) itself. Since the vast majority of small business websites are built in WordPress, they are highly vulnerable to automated attacks. But, other content management systems have similar concerns (and recommendations).

  • Start with where it is hosted. A hosting company that is specific to WordPress will have automated security patches and updates. Other content management systems will have similar hosting and security options.
  • Shared hosting can pose a risk because any one site on a shared server might be exploited, providing access to all of the other sites as well. However, the expense of a dedicated server just isn’t worth it for most SMBs. The hosts are pretty good at monitoring their server traffic and addressing breaches, and with proper backup procedures, you can always restore a site.
  • Speaking of backups, this isn’t a security feature per se, but we do recommend using a host that stores nightly automated backups. This allows you to roll back to a version that isn’t exploited to recover your site, if needed. The alternative might be rebuilding a site from scratch because it’s almost impossible to “clean” a site that has been exploited. The cost can be as much or more than building a new site. Here at ROBOT, we always store a backup of the original website on our local servers as an extra precaution.
  • Keep the CMS software up to date. Yes, you do want the latest version, always. Almost all version updates include critical security releases. Don’t wait on these even if the upgrade is costly, a hacked site will be far more expensive.
  • What’s the biggest exploit we have seen? Simple password attacks. It’s amazing how few people heed the advice to use strong passwords, but it’s critical. Passwords should also be unique to each product/service instead of using the same password in several places. It’s also important to truly understand all of the places that passwords are used on a website: 1) the domain management (typically where you purchased your website URL or name), 2) the hosting account, 3) the content management system might have a system owner and several content editors.

Functionality Increases Risk

Once you get a content management system on lock down, a typical marketing website has minimal security risk, but as you add functionality, the security risk increases. To be more clear: basic words and photos on the page do not make a site vulnerable. It’s things like forms, calendars, search fields, and plugins that “do” cool things that make a site more vulnerable. Anything that includes a button or allows “input” from the users of the website is probably a functional item that should be given some security consideration. Some of the most common issues we have seen, and how to resolve them:

  • Almost all websites have some kind of content form, and a captcha on all forms, requiring the user to select photos with certain images or to type in scrambled numbers or letters, can prevent many automated attacks (and also reduce spam). Find those annoying and worried about user experience? There is something called a honeypot method that hides form fields on the page that users can’t see. If a bot fills it out, the software recognizes the attempted exploit and blocks the submission. Although the honeypot method boasts the best user experience, it may not provide the same level of protection as a captcha.
  • Plugins are a regular source of trouble. Most plugins are third-party tools that add new functionality to a basic website. These can be visible to users, like calendars or social media feeds, but they may also be invisible, running silently in the background to support video integrations or increase page speeds. When selecting plugins, look for widely used, well-supported plugins that are endorsed by the content management platform itself. Make sure the tool is developed by a company and not “some dude” in Ukraine. We also avoid plugins that call out to other sites for any type of information. This requires a code review or scan to ensure that no external URLs are baked into the plugin.

Really Small Business or Limited Resources?

If all of the security is too overwhelming for smaller businesses, click-to-create website services (Squarespace, Wix) can provide a great framework without any of these headaches. These types of services have been around forever, but as the Internet evolves and matures, more and more of these options are becoming available. They are affordable, safe, simple to use and can be packed full of features that would be expensive to assemble for a custom site, especially with security and maintenance considered. If you have strong branding, you can easily overcome the “template” look and feel.

Monthly Subscription-based Websites Can Offset Risk

Most SMBs have fairly straightforward marketing website needs, and the website carries very little risk. However, for those needing more functionality or managing more risk (like e-commerce, customer portals or collection of sensitive customer data), businesses really need to consider the level of technical and security risk they are able to handle in-house. If there isn’t a C-level position for technology, small businesses should look to SaaS solutions for their functional needs. These might be third parties to their marketing website (where visitors leave the site to visit a portal or shopping site) or they might be fully hosted solutions like an e-commerce website in Shopify or Squarespace. There are also industry-specific solutions for most common industries. You pay higher monthly costs, but the upfront cost is typically minimal and leaves security issues to the provider, not the business.

Websites vs. Web-based Applications

We should also differentiate between a website and a web-based application. What we have described up to this point are websites. Web-based applications are software applications that have web access. A business sophisticated enough to be developing web-based applications should have security in mind as they are writing their first lines of code. Companies doing significant software development should have an in-house security expert or work with an outsourced partner to ensure that their software, network and data are all secure.

Understand Your Risk

No matter the scale or scope of a small business website, any project should begin with an understanding of what is actually at risk. If the website is compromised, will you just need to reinstall an older version, or will you have business operations, sales and customer data at risk? While news of ever-increasing attacks can cause fear and doubt, it is relatively easy to assess your risk and plan accordingly. When in doubt, hire a security consultant.

At Robot Creative, we have been building and maintaining websites for over 22 years. Please reach out to us if you have concerns about your website security or would like to discuss a new website.

5 Tips about Web Design from Together Digital Meetup with Lara August

Posted by

In additional to being founder and CEO of Robot Creative, Lara August also leads the website division of the business. Her 20+ years of experience building websites for a wide range of clients and industries has given her a knowledge base full of technical savvy and a toolbox of solutions to address a variety of business challenges.

Lara was interviewed about web design by Brielle Insler at an event for TogetherDigital (a group of women in tech and digital jobs in San Antonio). Key takeaways included: setting goals for your site, the importance of research as a first step, whether to use a website builder or design a custom website, the important of analytics, and what goes on a landing page. Watch these quick highlight videos below to learn more.

The Importance of Research

You don’t want to start anything without the first step- research. Lara explains why.

Planning for a Website- goals!

You’ve done your research, now create goals! This will help you determine the function you want your website to perform.

Template vs Custom Website

Your website goals will inform the best type of website for your organization. Lara explains the most effective use of your budget when planning for a site, from custom website design to point and click builder options.

The Importance of Analytics

How can you tell if your website is performing the way you planned? Analytics. Record, measure and analyze how to move forward, and you will be successful.

What goes into a Landing Page

Landing pages are an important component of most digital marketing campaigns, with a specific message and specific function. Watch this video for the key elements found in good landing page.

If you need help with a new website, ongoing website maintenance or online marketing, we can help. Contact us to schedule a consultation.

 

TogetherDigital, formerly Women in Digital, is dedicated to accelerating the advancement and growth of women in digital fields by giving women the most powerful tool in their arsenal: one another. To learn more about Together Digital, click here.

 

In a Digital World, Does Direct Mail Still Work?

Posted by

Gaining customers starts with awareness. Even though the Metropolitan Methodist Hospital is one of the more well-known hospital systems in San Antonio, their Emergency Room facility at the Quarry Market Shopping Center was relatively new, and residents didn’t always remember where they were located. So, the hospital reached out to Robot Creative for help with an awareness campaign.

The challenge was to get word out to the families living around the Quarry Market about the full-service ER right in their neighborhood. To do this, we presented a plan that included digital marketing blended with traditional forms of advertising like community outreach and direct mail.

According to a research by the Data and Marketing Association conducted in 2018, direct to consumer advertising has a response rate ranging between 5% for prospect lists (possible customers) and 9% for house lists (current customers). Physically handling a post card can create a different response than seeing an ad on a screen. According to stats quoted by the USPS, a majority of consumers feel mail is more personal than the internet and prefer it as the format for unsolicited information on unfamiliar companies.

Knowing that the tactile effect of a physical mailer was likely to have a good response rate, we developed several campaigns featuring hyper-local content that would appeal to our target audience.

  1. Post Cards – We designed and sent post card series to family households in the targeted region around the ER. These included information on the location of the facility as well as a brief description about services and unique qualities of that facility. There were two series, one with designs that featured local students/parents and one with prominent residents from the area. This gave readers familiar faces with which to identify and engage. We also included static and variable maps, showing each household’s unique directions from their location to the ER. This personalized and local experience made these mailers more relevant for residents in the area. Imagery from each campaign was utilized in both social and print advertising during the same time frame, increasing frequency and reach on the selected audience.
  1. Magazines – We also created a special magazine, In the Loop, to specifically reach new residents who recently moved into the same neighborhoods. These magazines gave a more in-depth overview of the Metropolitan Methodist Hospital and Quarry ER, still including information like location, but also education on preventative care and when to visit the ER versus an urgent care center or a full-service hospital.MMEC In The Loop Magazine

Compared to their peers within the system, the patient count at the Quarry ER increased 18% in the first year of this effort, while the system average declined. This proved that awareness campaigns utilizing a multi-touch point approach can and do work for B2C marketing.

Need more customers coming into your location? Contact us today to develop a winning strategy.