Category: How To

What If Your Business Has a Data Breach

If your business suffers a data breach i.e. hackers access your system and steal confidential information then you have a lot to do to deal with the breach, communicate with all affected parties and put in place better security to prevent another breach.

How well you deal with the breach often affects the total cost and the level of damage to your business reputation.

These four steps can help:-

1. Investigate the Breach

  1. How did it happen?
  2. What was stolen?
  3. Can the hackers regain entry to your systems?

You’ll need to know exactly what information was lost in the data breach.

Less sensitive information includes  name, address. phone number etc. This can be used by scammers and cold callers but that information is readily available for most people through the phone directory, social media and  the Electoral register.

More sensitive information includes date of birth, name, financial details, payment card details.  Combined with the less sensitive information this can be used for identity fraud.

If the stolen data includes names with login and passwords then you need to act fast to warn people to change their passwords.

2. Determine the Possible Damage

Once you know what data has been stolen, you need to understand how this can affect people i.e how this data can be used by criminals. Will they likely sell the information to a competitor or to other scammers or ransom it back to you?

3. Communicate with All Interested Parties

You need to inform all affected parties ASAP.  This may be customers, partners, staff, suppliers etc. If the breach is serious then you should inform the Information Commissioners Office.  If relevant inform the Police.

4. Increase Your Security

Unless you have security experts, you may need to hire experts to assess your systems and see how security can be improved. Start enacting those improvements straightaway and of course close off whatever method the hackers used to get into your systems.

A data breach can be very serious and must be dealt with quickly and efficiently to minimise damage to your reputation.

 Do click on the Facebook or Twitter icons on top right to follow Fight Back Ninja.

Fightback Ninja Signature

Maintain Online Privacy

One of the wonderful things about the Internet is the capacity to share information quickly and with a lot of people.

Conversely, one of the big problems with the Internet is people with malicious internet obtaining your confidential information.  Everyone from the ‘Big Brother’ of Facebook, Google and others watching everything we do to scammers trying to steal from us.

Here are some actions you can consider to protect your online security

  1. Have up to date anti-virus and anti-malware on all of your computer devices
  2. Don’t give out information that you don’t want scammers to have, unless you are sure of the person or website you are giving it to.
  3. Be careful – if something looks too good to be true then it’s likely to be a scam
  4. Never click on a link or open an attachment unless you are sure it is safe
  5. Avoid public WI-FI if you intend to access online banking or anything else that needs to be secure.

Website Browsing

There are a number of things you can do to make your website browsing more private and safer.

  • Use the privacy/incognito mode
  • Block web activity trackers
  • Block your ads
  • Use encrypted messengers
  • Get a VPN
  • Avoid non-https:// websites for input of confidential information
  • Clear your cookies regularly
  • Use secure/encrypted email providers

The  guide at contains a lot more information on what you can do to maintain your online privacy.

Fightback Ninja Signature

Legal Steps to Recover Your Stolen Money

This is a series of steps for attempting to recover money stolen by fraudsters. It has been created by Barrister  Gideon Roseman following his skirmish with fraudsters. You can read about that at

  1. Immediately phone your bank and ask to speak with the fraud team

Explain what has happened and demand they immediately contact the fraudster’s bank, i.e.  the bank you transferred your money to.

  1. Immediately contact a solicitor or barrister who can accept instructions directly from members of the public (or alternatively you can attempt to do this yourself). Ask them to immediately make an application to freeze the fraudster’s bank account and any other bank account that the fraudster has with their bank. The application should include a request for an order that the fraudster’s bank provides the following information:
  • all contact details (mobile phone, home phone, email address, residential address etc.) for all signatories to the fraudster’s bank account and any other bank account held in the fraudster’s name or any other signatory to this bank account that is held at the bank
  • all bank statements for the fraudster’s bank account and any other bank account to which the fraudster or any other signatory has with the bank in question for a period of 6 months; and
  • the current balance of all bank accounts with the bank that is in the fraudster’s or any other signatory’s name.
  1. Once you get hold of the court order, this will need to be immediately emailed to the fraudster’s banks’ ‘court orders’ team who can process it. You can ask your bank for this email address.
  2. As soon as you receive the information from the fraudster’s bank, consider the following points:

(i) has your money been transferred or paid to any recognisable company you can contact, such as a known retailer

(ii) if you can identify a company that has received your money, you can then contact this company, explain what has happened and request they either cancel the transaction made by the fraudster or request them to hold onto the money they have received and

(iii) has the money been transferred to other bank accounts.

  1. If your money has been transferred out of the fraudster’s bank account and into another bank account, you have the option of returning to court and making an application for the information set out above and repeating the process set out above.
  2. When you have received the fraudster’s bank account statements, try to work out the dates and times of the transfers out of their accounts. Your bank will be under a duty to contact the fraudster’s bankers, who will then freeze the fraudster’s account.

If your bank has failed to act within a reasonable period of time after you have notified them of the fraud, which has enabled the fraudster to transfer your money without a trace, it is likely that your bank will have breached their duty and will have to compensate you.

Good luck.

If you have any experiences with scammers, spammers or time-waster do let me know, by email.

How to Make Your Website Trusted

The first steps in having your website trusted are the obvious ones – make sure there is nothing that would concern people e.g. selling items of dubious or inconsistent quality, excessive advertising, advertising of business such as gambling, over promising on products or services then being unable to meet those promises, poor customer service, excessive profit margins, inaccurate advertising, poor quality website etc.

Once you have eliminated anything that could put people off then you’re left with two basic things – building a good reputation and hoping for great online reviews by your customers.

These both need a lot of time and effort to happen. Good reputations don’t happen overnight and people will only add great reviews when your sales process, quality of products and services, customer service etc. are top notch.

There is another way to increase trust and that is to become accredited by the various relevant bodies for whatever industry you are in and also to be accredited or registered with the various bodies that review websites.

Recent research shows that most customers don’t understand security on the Internet but they do trust various organisations and hence trust their judgements on trustworthy websites.

To the question “Which badge gives you the best sense of trust when paying online” the results show

  • Norton 36%
  • MacAfee 23%
  • Truste
  • BBB

Other badges did also register but these four were the most recognised and trusted by far.

What do you have to do to get Norton accreditation for example?

You buy a Symantec SSL certificate and implement that on your website.

The other companies listed above are Trust based rather than simply SSL recognition.

As well as the trusted badges, in assessing a website, consumers report that they look for qualities including

  • up to date information
  • fresh content
  • easy ways to contact the business
  • honesty about any problems
  • negative comments as well as positive ones
  • where appropriate – pictures of the management.

Make your website trusted for genuine reasons – don’t shortcut.

Do Share this post on social media – click on the post title then scroll down to the social media share buttons.

How to Report a Bad Website

It can be very simple and quick for people to create websites – good websites and bad websites.

What can you do if you encounter a bad website?

Bad in this case doesn’t mean something you don’t like but a website that is a scam or misleading or steals your personal information or is a copy of someone else’s website etc.

You can report the bad website to the search engines, blacklists, review sites and the Authorities.

Search Engines

Google, Bing and the other search engines want to know about bad websites so they can direct traffic away from them and where relevant will report the sites to the Police or other Authority.

Report to Google

Instructions for Bing

To report a site Internet Explorer: If you are running IE and are still on the site in question, then  click on the Safety icon, which is on the toolbar go to “SmartScreen Filter” and select “Report unsafe website”.


Many organisations maintain lists of ‘bad’ websites called blacklists. This is to enable services such as Web of Trust, Trustwave, Brightcloud, numerous anti virus and anti malware companies such as McAfee, Sophos and many others to block access to those sites.

When you navigate to a blacklisted  listed website, your anti-virus or other software will warn you and stop the browser opening that site.  Which such software protection you choose is up to you but they all try to offer a good service.

PhishTank is a collaborative clearing house for data and information about phishing on the Internet. It maintains a blacklist used by software services. PhishTank allows developers to integrate anti-phishing data into their applications at no charge.

Review Sites

There are various review websites that allow you to enter information, reviews, comments on websites and businesses – to help others make informed choices.

Which one you pick to report a bad website to depends on the nature of the website

e.g. for travel reviews – Trip Advisor

Some of the largest of these review sites are Consumer Report, Four Square, Better Business Bureau, Angie’s List and there are lots more.

The Authorities

You can report websites to Action Fraud if there is evidence of criminal activity.

You can report online scams and rip-offs to Trading Standards via the Citizen’s Advice Consumer Helpline on: 03454 04 05 06

Do leave a comment on this post – click on the post title then scroll down to leave your comment.

How to Maintain Privacy on Facebook

Social media is designed for you to share but you should take care to set the privacy levels so you know who can see your information and postings.

Basic Privacy Settings

In Facebook on a PC, click on the top right menu item and select Settings then Privacy and you should see as below.

You choose who can see your postings, profile etc. The choices are Public, Friends, Specific Friends or Only Me.

Set “Who Can Contact Me”. The choices are Everyone or just Friends and Friends of Friends

Set “Who Can Lookup Me Up” and whether you want search engines outside of Facebook to find your profile.

That’s all quite straightforward. Basically you decide if you want the world to see what you put on Facebook or restrict it to friends.

The Audience Selector Tool

When creating a new post on your timeline, there is a drop down box which allows you to determine the audience for the post. You can choose Public , Friends, Friends Except (you pick which friends to exclude), Specific Friends (you pick which Friends to include) or Only Me.

You’ll find an audience selector tool most places you share status updates, photos and other things you post. Click the tool and select who you want to share something with.

The selector tool remembers the audience you shared with the last time you posted something and uses the same audience when you share again unless you change it.


To set or modify your profile information, click the ‘Update Info button on bottom right of your header photo. You can then set a new header photo, profile photo, location, family and relationships, schools, professional skills etc.

Everyone can see this public information, which includes your name, profile picture, cover photo, gender, username, user ID, and networks.

To see what your profile looks like to other people, use the View As tool.


Only you and your friends can post to your Timeline. When you make a post you can set the audience. When other people post on your Timeline, you can control who sees it by choosing the audience of the Who can see what others post on your Timeline setting.

As you edit your info, you can control who sees what by using the audience selector.

Privacy Check

Facebook lets you make a quick health check on privacy settings. Click on the question mark (or maybe a padlock symbol) on top right and select Privacy Check.

1) Posts – As explained below, this will explain how to control your privacy settings for every post.

2) Apps – Who sees your activity within APPS from outside suppliers

3) Profile – How much personal information is to be shown

Use Facebook wisely and don’t give any information to people without considering the possible consequences first.

Do enter your email address and click on the subscribe button on top right to keep up to date with new posts.

Resolve Your Complaint Expertly

Resolver is a website designed to make it easy for people to complain and it’s free to use. Resolver say their goal is to help make complaining quick and straightforward.

Resolver also works with which is the UK’s biggest consumer advice website.

For some years there have been complaint templates available on the Internet and these make life easier for making a complaint.  But Resolver has taken the next step and automated the process online.

Resolver was started by James Walker, after his energy company ignored a complaint of his. James realised that complaining was complex and hard work and that there was no service that proactively helped consumers resolve their issues.

Resolver say “For the past decade we’ve used template letters to help – over 10m have been downloaded just on our PPI and bank charges reclaiming campaigns alone. The free technology Resolver provides can take this a leap further: automating the process, including drafting the letter, sending it, monitoring replies and then escalating it to an Ombudsman or key complaint body if it’s not sorted”.

Resolver tries to guide and support you throughout the complaint process. The system makes recommendations on next steps and when to take them, helps you keep track of your complaint and enables you to store all relevant information securely in one place.

Resolver was not set up to attack businesses or give them a hard time but to streamline the whole complaints process and reputable companies prefer this approach and work with Resolver.  They now work with tens of thousands of companies.

To use Resolver, you select the company you wish to complain to. If it’s on their list then you are presented with information about the company, their rules on complaint procedure and any other relevant information. Then you start your ‘case’ which means to entre all of the relevant information and it is sent to the company concerned.

Resolver keeps tracking of your case and any progress or fresh messages.  This is a very useful service.

If you have a complaint to make – is a good place to start.

If you’ve enjoyed this post or found it useful then do share – click on the post title then scroll down to the social media share buttons.

Be a Scamsmart Investor

There are many scams that operate by cold calling or emailing people about a fantastic new investment opportunity – usually only available to a few people and you must decide NOW or it will be too late.

These can be very lucrative scams as potentially a lot of money is involved. But they can be devastating to the people caught out who may lose their nest egg, savings or pension.

How to Avoid These Scams

  1. If you are cold called about an investment opportunity – end the call straightaway. Reputable organisations do not cold call in this manner.
  2. If you are called and the person claims to have spoken with you before or to be calling about a brochure or email they sent to you – just end the call (unless of course you do have the brochure and are interested)

Investment fraud is often sophisticated, well organised  and difficult to spot. Fraudsters can be highly educated  and seem financially knowledgeable. They may have credible websites, testimonials and materials that can be hard to distinguish from the real thing.

However, if you are interested in an investment opportunity, then you need to check on the company and the offer thoroughly.

How to Check a Company

Step 1: Check if a firm is authorised or registered at

Check the Register to see whether a firm or individual is authorised by us or registered. You should access the Register from our website, rather than through links in emails or on the website of a firm offering you an investment. Also check the address of our website is correct and there are not subtle changes that mean it is a fake.

To confirm the identity of an authorised firm on the Register, ask for their ‘firm reference number’ (FRN) and contact details, but always call them back on the switchboard number given on the Register rather than a direct line they might give you.

If you deal with an unauthorised firm you will not be covered by the Financial Ombudsman Service (link is external) or Financial Services Compensation Scheme (link is external) (FSCS) if things go wrong.

Step 2: Check the FCA Warning List at

Firms and individuals can only conduct regulated financial services activities in the UK if they are authorised by the FCA or registered to do so, or are otherwise exempt.

Step 3: Genuine Names

Beware of fraudsters pretending to be from a firm authorised by us, as it could be a ‘cloned firm’. These scammers often claim to be from overseas firms that appear on the Register as these firms do not always have their full contact and website details listed.

Step 4: Check the Company’s website, look for testimonials and reviews on independent websites, companies house records etc.

Step 5: Ideally get independent financial advice.

Do leave a comment on this post – click on the post title then scroll down to leave your comment.

How to Buy Fake Website Traffic

Website owners are always keen to know how much traffic their site gets i.e. how many people visit the site, which pages they read etc.

We all know that some of the ‘traffic’ on the Internet is fake, but most website owners hope it is a small percentage of the real traffic.  However, some companies in the field of advertising believe that up to 50% of traffic achieved through advertising  could be fake.

In this context ‘fake’ means it’s not a person looking at your website – it’s another  computer.

This is the reason why so many websites these days insist you answer a Capcha query to prove you are a human being.

Suppose you have a new website and you believe the content is worth sharing. You want to get a lot of people to view your website. How do you go about this?

The starting point is to tell everyone you know, use social media to advertise your website content, tell anyone in the industry that you know and ask everyone to spread the word about your website.

Then if you need more traffic i.e. people looking at your website – you might consider paying for traffic – from Google, Facebook, Twitter etc. This is good traffic (i.e. real people viewing your adverts) but it does cost.

If you can’t get (or afford) the traffic you want then you may look at the cheaper traffic providers.

Cheap Traffic

How do cheaper suppliers get traffic for your site – there’s lots of ways e.g. clickbait, spam messages, posting fake comments on popular blogs or forums, fake adverts, advert marketplaces, fake SEO, traffic exchanges, etc.

Clickbait is such a source that is increasingly used on popular news aggregator and entertainment  websites.  You will see mini ads with labels such as “10 things you didn’t know about Scarlett Johannsen” or “See what happened to these child stars”. When someone clicks on the ad they don’t get what they expected but are directed to a website where the owner has paid to get more people viewing their site.

Clickbait is annoying but harmless. More of a problem are “bots”. This means pieces of software that mimic people in viewing websites and clicking on links.

Using these techniques, your website may get lots of traffic but it could be largely other computers and is very unlikely to be people wanting to do business with you.

How Can You Identify Fake Traffic?

This is a complicated matter and needs expertise, but you would start by examining the statistics/analytics for the website :-

A very high Bounce Rate can indicate disinterested visitors or bots.

A very low Pages/Session figure can mean people attracted to the site are only interested in one link then they leave. If combined with a very short average length of visit can mean automated viewing not people.

If you don’t go down the route of buying cheap traffic then you shouldn’t normally have to worry about fake traffic.

Do leave a comment on this post – click on the post title then scroll down to leave your comment.

How to Find Trustworthy Local Tradesmen

Most homeowners have faced the problem of needing a tradesman – e.g. a plumber, carpenter, decorator etc.

How do you make sure the person or company you choose is going to be trustworthy and do a good job.?

That’s not easy.

In the last few years various websites have appeared that include ratings on the tradesmen and these are very useful but the ratings are typically based on customer experience rather than an expert assessment.

TrustMark is a Government endorsed scheme for trades in and around the home. They award registered firms with accreditation after vetting and on-site inspections to ensure the firm is raising industry standards and this accreditation gives customers reassurance of quality and protection from rogue traders.

TrustMark is a ‘not for profit’ social enterprise and the TrustMark Scheme was developed in 2005, in conjunction with Government, industry and consumer protection bodies.

TrustMark says it seeks to continually improve and welcomes constructive engagement on how improvements and enhancements can be achieved.

The Website

The site is free to use and designed for you to find tradesmen based on entering a postcode and selecting a trade.

Or alternatively to find information on a specific tradesman /company

There are a lot of registered tradesmen on Trustmark but not everyone of course  – it does cost time and money to be registered so not all tradesmen have done so.

So, you can use Trustmark to reduce the likelihood of problems with your chosen tradesman.

Do Share this post on social media – click on the post title then scroll down to the social media share buttons.