How to dominate local SEO: more challenging in an evolving local search environment

Getting a local business to rank high on Google’s search engine results pages (SERPs) used to be as easy as having a website, getting listed on some online business directories/citation sites and claiming your Google My Business page. Once you did those few simple things, you had an incredible shot at ranking high on Google for local keywords like “plumbers in Austin.”

But those days are long gone.

Local SEO is much more competitive
These days local SEO is more and more competitive. Why? Part of the reason is that many local businesses have finally realized the importance of doing the local SEO “basics” and are actually implementing those basic local search strategies. This means more local businesses are vying for a limited number of high-ranking spots.

The Google Local 3-Pack and Maps
It seems like only yesterday when Google showed seven local business listings in the Google Local Pack. Just over a year ago, the local pack was reduced from a 7-pack to a 3-pack (and soon to be a 2-Pack with one paid-for spot), making it even more competitive.

In light of this change, it is even more important for a business to expand their local SEO strategies by using a variety of techniques, like optimizing their Google My Business page, adding localized content to their site, getting listed on online business directories and citation sites and having happy customers leave reviews on Google and other third-party online review sites.

Google My Business: still important to local search
Over the past year and a half, Google has made a big push to get local businesses to claim their Google My Business page. Google has a separate team devoted exclusively to this initiative (aka Get Your Business Online or GYBO). This Google team has even partnered with local city Chamber of Commerce offices and local city government offices, as well as other business non-profits, like SCORE, to run local workshops showing businesses how to claim their Google My Business (GMB) page.

One of the things stressed during these training workshops is for local businesses to fill out as much information as they can on their Google My Business page — including uploading their logo, pictures of their business or products, their office/business hours, types of payments accepted, a keyword-rich business description and any other fields available.

By adding all of this information, the business will differentiate itself from those businesses who either haven’t verified their listing at all or have opted for the easy way out by providing only basic information about their business. Making your Google My Business page as robust as possible is a good thing, and it can increase the likelihood of your business showing up in the Local Pack.

Write local content
If you want to compete locally, you need to focus on putting local content on your website. (This is not optional if you’re a local business.) This may mean writing regular blog posts that mention news, local events and activities going on in your city and surrounding cities, promotions or specials you’re having at a particular business location, creating city-specific pages on your site and so on.

Just make sure that you write approximately 1,000 words of useful content on each page and use city-specific keywords throughout. Also, if you have multiple locations, you should set up a unique page for each of your locations.

Citations/online business directories
Local citations from online business directories — like Yelp, Foursquare, Citysearch, MerchantCircle and others — are a great way to get backlinks to a local business’s website. Additionally, since many of these citation sites have credibility with Google, a business’s listing on these sites can often show in top search results.

In some cases, these online business directory sites will dominate the top search results, as shown below in a SERP screen shot for “restaurants in Tulsa”:

When it comes to citations, you want to make sure that the NAP (Name, Address and Phone number) information about a business is correct across as many online business directories and other citation sites as possible. This can be a key factor in getting your business to show up in the Local Pack.

One way to do this efficiently is to use an aggregator service, like Infogroup, Neustar, Factual or Axciom. These aggregators have partnerships with a variety of high-quality online business directories. Once they have all of your business information, they will then “push” that information out to citation sites and other key data aggregators. This can help your local rankings tremendously.

Get 5-star reviews
Online reviews are becoming more important than ever. Not only do online reviews correlate with higher local rankings, but positive reviews also help you gain customers’ (and potential customers’) trust. In a recent study by BrightLocal, it was found that positive online reviews increased click-throughs by 22 percent.

10 reasons why SEO is just like fitness

Like getting in shape, ranking well in search engines takes time.

SEO industry workers and professional fitness trainers alike can relate to the awkward moment when a client asks for guaranteed results — only to find out that there are absolutely none. That’s disappointing, but unfortunately, it’s true.

Neither discipline is free of snake oil salesmen, some of whom nurture unrealistic (or even impossible) promises. In the process, they do a disservice to themselves, their clients and the industry’s reputation.

Search engine optimization and the recreational sports industry have, at first glance, seemingly little in common. On a second, closer look, however, both industries almost mirror each other when it comes to honest expectation management.

The best online backup service for securely encrypting your data

The best online backup service for securely encrypting your data

Find out which ones give you more (or less) control over your data.

Many people resist backing up their data to an online backup service like MozyHome, Carbonite, or Backblaze because they worry their data will be poked through by company employees, hijacked by criminals, or provided to law enforcement or government agents without due process.

The sanctity of your data boils down to whether the encryption key used to scramble your data can be recovered by anyone other than yourself. Below I outline the various methods and levels of encryption that can be employed by these services, and then evaluate six of the best options for home users. Several give subscribers full control of their encryption. If you’re already using a service, it’s possible you can even upgrade to take advantage of greater ownership options.

Table of Contents
Choosing the services to evaluate
Backblaze
Carbonite
CrashPlan
iDrive and MozyHome
SpiderOak ONE
Choosing the services to evaluate
These are the parameters I set up for this roundup:

Focused on services that offer a personal edition, where you can purchase an account for a single computer or a bundle for a family
Included services that are established or well-reviewed.
Excluded services that offer scant information about their security and encryption practices. Subscribers should always be privy to how their data is protected.
Excluded sync services, even those (like SugarSync) that offer continuous backup and versioning. I define a sync service as one that doesn’t encrypt data with a per-user key before being transmitted over a secure connection. That also leaves out Box, Dropbox, iCloud, Google Drive, and others.
I also bypassed services that offer bad advice about file retention or security practices, and ones whose information is years out of date.
Six companies remained after this winnowing: Backblaze, Carbonite, CrashPlan, iDrive, MozyHome, and SpiderOak ONE. Keep reading to see how they rate on encryption features and strength.

Encryption: The ins and outs
Internet-hosted backups have several points of failure where encryption can protect a user’s data. I evaluated the services on each of these points:

Key possession. Encrypted backups require someone to create and possess the underlying key that’s used to encrypt your data before being stored by the host. But there are several aspects to this:

Who creates the encryption key? In all six cases, the native desktop backup software handles key creation, but with two services, you can opt to create a key.

Does the backup host hold the key in a form it can directly access, or in “escrow,” where it’s protected by a passphrase you set and the host doesn’t know? Or does the host never hold the key at all?

Is the passphrase converted through an algorithm into the actual encryption key, or is the passphrase used to unlock the encryption key? In the former case, an attacker who recovers the passphrase also effectively has the key, and can decrypt your backups.

If a backup service lets you reset your account password without losing access to your archives, it has full access to the encryption keys that guard your backups. If it can’t access your files’ contents (and sometimes even the listing of files) unless you enter your password or a custom key, you retain control.

Diversity of keys. Each service varies in whether it uses a single key for all backups, or various keys for different tasks. For instance, CrashPlan uses the same encryption key to scramble all backed-up files across all sessions; Backblaze generates a new key for each backup session; SpiderOak ONE has unique keys for every folder, version, and individual data block within its backups, partly to enable a group encrypted sharing option.

How to Manage Small Business Productivity on a Desktop, Tablet or Smartphone
SponsoredPost Sponsored by Cox Business
How to Manage Small Business Productivity on a Desktop, Tablet or Smartphone
There’s always more for a small business owner to do and only so many hours in the day. You want to be more efficient but how?
The more unique keys are used, the less risk you face from a single leaked or cracked key, or from advances in cryptographic cracking.

Encrypted before transit. Hosted backups require native apps to scan drives for files and transmit them. Strong encryption should be used by the app before files are transferred to a hosted service.

Encrypted in transit. It’s vitally important that transferred data is strongly protected separately from the encryption that wraps data before it’s sent. That’s to guard against offline attacks, where someone can intercept encrypted data and then attempt various ways to break it, both now and in the future. Encryption that’s unbreakable in 2016 may still break in the future.

Protected at rest. Even encrypted data needs additional layers of security. Some hosts disclose additional information about how they safeguard your data, including certifications and audits from third parties.

Restoring files. When you restore a backup, there’s also a question of where the key winds up. Even for services that allow a user to create a custom full encryption key, that key has to be transmitted to the backup host in a form that can be decrypted in order to restore files.

With all that in mind, we evaluated the following services from Excellent to Poor, summarizing their best and worst points in the pros and cons that follow each rating. For services that offer multiple ways to set up security and privacy, I’ve ranked based on the best method available, as outlined in the section above.

Backblaze
Encryption rating: Very good

Pros:

Data is encrypted before and in transit
Website lets you access encrypted backups
Platforms: OS X, Windows, iOS, Android
Cons:

Password is transmitted for recovery
Lacks a client that can restore and browse with local encryption keys
Unique keys can be unlocked with passphrase for master key
Backblaze uses public-key cryptography—the same kind of encryption used widely across the internet, including web connections with SSL/TLS cryptographic protocols. The app creates a public-private key pair and transmits the private key to its servers. For each backup session, Backblaze creates a new strong session key, and uses the private key in the key pair to encrypt it and send to its servers. The key is only stored in memory on the client and never stored in the clear at the server.

online backup encryption backblaze
An optional Private Encryption Key protects your encryption key, even though it’s stored on Backblaze’s servers.
However, you can opt to set a passphrase to encrypt the private key before it’s transmitted to the server. In that way, this master private key and each session key are held in escrow. Only someone with the passphrase can access the private key, which in turn can decrypt a session key that restores data associated with a backup session.

Backblaze has engineered its system so that restores all happen via its website, not in the native computer app, so you have to enter that passphrase to decrypt the private key. The passphrase is also required for viewing information about backups through its website and mobile clients. The private key is also held only in memory on its servers and dumped when file browsing and restore operations finish.

This isn’t ideal. Backblaze falls short of other backup services by not offering a client that can handle restoring and browsing with encryption keys kept entirely locally. And while each backup session has a unique key, the fact that all can be unlocked with knowledge of the passphrase used to protect the master private key makes that less impressive. In practice, you’re more secure if you never restore files or browse lists.

Carbonite
Encryption rating: Excellent on Windows, Poor on Mac

Pros:

Data is encrypted before transit with Private Key encryption for Windows users
Website lets you access encrypted backups (only through Auto option)
Platforms: OS X (limited), Windows, iOS, Android
Cons:

Data is encrypted before transit with Private Key encryption for Windows users, but not with Auto Encryption (Mac users’ only choice)
Mac users get a server-side key that’s stored on the server
Carbonite is a mixed bag. It offers only Windows users the opportunity to passphrase-protect a private key. Mac users rely on a server-side key that’s generated and stored there. Worse, Carbonite doesn’t encrypt Mac users’ data before transmitting it with its default Automatic Encryption option; it encrypts only on the receiving end. That’s not the case with what it calls Private Key under Windows.

online backup encryption carbonite
Carbonite allows only Windows users to turn on advanced backup settings and set a private key that the company never accesses.
Because encryption happens on the far end, restored files are also decrypted before being transmitted back to a Mac user. Carbonite should step up and provide Private Key for Mac users, as the current situation doesn’t meet the bar for robust protection for backups or restores.

CrashPlan
Encryption rating: Excellent

Pros:

Data is encrypted before and in transit
Password is not transmitted for recovery
Website lets you access encrypted backups
Platforms: OS X (Java app), Windows, Linux, iOS, Android, Windows Phone
Cons:

The archive key reset via reminder question is not a secure method
CrashPlan for Home requires a Java app, with security, reliability, usability issues
Code42’s CrashPlan offers three distinct options for setting up password and key control:

Standard: At the basic level, Code42 maintains on its servers an encryption key generated by its backup app. Your password manages access to the account as well as tasks like adding computers, using mobile clients, and restoring files.

Archive key password: The CrashPlan client generates a key, but you set a separate passphrase to encrypt the key, which is then stored in escrow at CrashPlan’s servers. You can upgrade from Standard to Archive without dumping existing backups. The archive key can be changed. There’s even an option to add an archive key reset with a reminder question. This reduces security enormously, however, because it effectively means your easier-to-remember answer is now the weakest link in accessing backups. I recommend against using it.

Custom key: You generate a lengthy key in one of several methods that’s never stored in any fashion at the Code42 servers. This custom key option is unique among services surveyed—all others rely on either a key generated by the app, which a user may be able to escrow at a server, or use an algorithm to convert a passphrase into the encryption key. If you switch from standard or archive key, your previous data is dumped, and you can’t downgrade encryption of newly archived files.

online backup encryption crashplan
You can choose among three kinds of archive encryption with CrashPlan. Custom Key keeps all information firmly in your hands.
CrashPlan can decrypt files entirely via its native app. The archive key or custom key need only be entered when restoring files via the web interface, or viewing files via the web or the mobile apps.

CrashPlan for Home still requires the use of a non-native Java app, something that’s been a security, reliability, and usability sticking point for its customers for years. Even its business services have moved to native apps. Java has many known security issues, but CrashPlan relies on it for a self-contained app, rather than any web-based interaction.

iDrive and MozyHome
online backup encryption idrive encryption key copy
Even though it says you’re setting an encryption key, you’re really entering a passphrase that iDrive converts into the key used to protect your data.
Encryption rating: Fair

Pros:

Data is encrypted before and in transit
Password is not transmitted for recovery
Website lets you access encrypted backups Platforms: OS X, Windows, Linux (iDrive only), iOS, Android
Con:

Passphrase conversion carries some risk
These two separate services work in nearly an identical way. Both let a user create a passphrase—iDrive inaccurately calls it a “private encryption key”—which is transformed through a cryptographic algorithm into a 256-bit encryption key.

When you use this option, neither the passphrase nor the resulting key gets transmitted to the service. Both iDrive and MozyHome also admirably handle decryption in their respective clients without sending the passphrase or key to a remote server.

online backup encryption mozy decrypt mac
MozyHome lets users set a key for encryption, but requires use of standalone software (shown here) to decrypt restored files.
Even though the key is never sent (good), this passphrase conversion approach is weaker (bad) than a passphrase that locks a separate encryption key. That’s because an attacker only needs to obtain your unencrypted passphrase or break it through brute force to have access to your key. With that, if they can obtain your backup archives from the services or capture them in transit somehow, they can decrypt.

While that scenario sounds unlikely, there have been exploits in the past that allow crackers to break encrypted data transmission. When a passphrase locks a separate encryption key, an attacker might need to obtain your account name and password and the passphrase, and then would either have to break into the backup service’s systems or log in directly and use the backup service’s interface to retrieve files, leaving a trail.

SpiderOak ONE
Encryption rating: Very Good

Pros:

Data is encrypted before and in transit
Password is not transmitted for recovery
Website lets you access encrypted backups
Highly granular shared secure data areas
Platforms: OS X, Windows, Linux, iOS, Android
Cons:

If you want to share files or use the website, you have to enter the password
SpiderOak ONE is a bit of a hybrid between the iDrive/MozyHome and Backblaze approaches, and its sole method is highly secure—there’s no account password-only default tier.

With SpiderOak, you create a password in the desktop client, and the software derives many, many encryption keys from that. The password is never stored or transmitted to SpiderOak, but the keys—generated uniquely for each data block of the backup, each folder, and each file revision—are wrapped in a layer of encryption and stored on the backup servers.

online backup encryption spideroak
By default, SpiderOak uses strong encryption for all backups; there’s no option to set.
This is because SpiderOak offers highly granular shared secure data areas, which require storing encryption keys on its servers in such a way that permission can be granted to multiple accounts to access files and folders. The same key can effectively be available to different users without storing it in such a way that SpiderOak (or a third party) can gain access.

In normal backup and restore operations, your password is never sent or used by the SpiderOak servers. However, if you want to share files, use the website for access, or use mobile clients, you have to enter the password to unlock access. As with other services, the keys generated from the password are stored in memory only while being used, and then flushed.

Related:
Cloud & ServicesStorage

Apple’s new macOS Sierra fixes over 60 security flaws

Apple’s new macOS Sierra fixes over 60 security flaws

Some of the vulnerabilities allow for arbitrary code execution and remote attack

Apple launched its newest operating system, macOS Sierra 10.12, on Tuesday and aside from new and interesting features, it has a large number of important security fixes.

The new OS patches 65 vulnerabilities in various core and third-party components. Some of these vulnerabilities are critical and can result in arbitrary code execution with kernel privileges.

Flaws that allow local applications to execute malicious code with kernel or system privileges were fixed in Apple’s HSSPI support component, AppleEFIRuntime, AppleMobileFileIntegrity, AppleUUC, the Bluetooth stack, DiskArbitration, the Intel Graphics Driver, the IOAcceleratorFamily and IOThunderboltFamily, the S2 Camera, the Security service and the kernel itself.

 

http://www.macworld.com/article/3122800/security/apples-new-macos-sierra-fixes-over-60-security-flaws.html?

 

 

 

Backing Up Your Remote Server

We usually backup our systems daily, weekly and monthly. However, most people don’t have that type of time or patience to want to do this so often. Normally your webmaster or hosting company performs backup services on your project. For those that want to backup their files just to have a copy of your web projects we’ve created some basic steps you can follow.

The tools you’ll need (don’t worry they are free)

Step 1. Go to https://cyberduck.io/?l=en and download a FTP(file transfer protocol) program, called “cyberduck”

ftp1

Step 2. Once you’ve dowloaded the software, go to your download folder, select it and and install it.

ftp2

The installer should/will be in your download folder

ftp3

Click on the INSTALL option

ftp4

You will/should see this install window

ftp5

ftp5

After you’ve installed the software, start the program by double clicking on it. It should/will open to a window that looks like this

ftp6

Click on the “open connection” tab and enter your FTP info(you get this from either your hosting company or your designer) – SERVER – USERNAME – PASSWORD

ftp7

Once you have successfully logged in, you should see inside of your server that looks similar to this screenshot below

ftp8

Copy JUST the public_ftp folder to your hard drive

note: – We use fetch and transmit on our macs and ipswich WS_FTP PRO FOR OR Windows machines. Cyberduck is recommened by a lot of hosting companies so we provided these instructions using that program.