How to automate your online booking system for small business

I love writing Guest Blogs. Sharing tips about how to make technology work for you, and your business is something I enjoy immensely. In 2018,  I wrote up a little something for Angela Henderson , from Finlee and Me, and Angela Henderson Consulting.

The blog is syndicated below:

As a business coach working with women in business, automating my online booking system was a major step forward in automating my business. I’m super excited to have Stephanie from Rocking Rose to share her knowledge about automating online booking systems for small business.

Take it away Stephanie…

This blog is about the mechanics, and some of the things to consider when setting up an online calendar booking system for professional services businesses, and specifically looking at what happens when someone comes into the first stage of your sales funnel.

In order to get the most of the tips and steps in this article, you will need to have done the below already:

  • You are crystal clear on your business purpose
  • You know your target market inside out. You know their habits, where they hang out IRL as well as on social channels. You speak their language
  • Your main content and messaging are done and ready to be pushed out into the world
  • You have already done some work around your credibility and branding and perhaps you have dabbled in social media

Assuming all the above – let’s chat about how you would automate so that someone who is just coming into your sales funnel doesn’t fall off the radar.

Learn How to Automate Your Online Booking System for Small Business

Grab a pen and paper, and list down the first few steps of your current sales funnel.

Maybe it looks something like this :

  1. 15 Min Free Phone Call /Discovery discussion
  2. Book in for Small package / Workshop
  3. CTA at workshop for bigger package / coaching

We can automate at several points just with the first step in the 15 min call booking and subsequent processes. So let’s look at the communication flow when someone uses a booking system to pick a time to speak to you.

Remember that the idea is to facilitate an easy flow of information, not to overwhelm your prospect with a daily spammy automated email – or make them feel like just a number being herded down your funnel.

So the first rule is to absolutely not put them in your list, unless they have explicitly said yes (and saying no is an option that doesn’t prevent them from booking with you).


There are a number of excellent calendar booking systems and tools to choose from, most of which will easily interface with your Google or Microsoft 365 calendar so that you can block out times when you are not available.

Some examples are Calendly,  Acuity Scheduling, as well as

The first automation step is to implement the calendar booking tool of your choice on your website.

Things to consider when choosing your calendar booking tool:

  • Does it interface easily with your current CMS or web platform
  • Does it interface with your calendar easily
  • If you’re planning on taking payments, does it offer easy implementation from a range of payment providers?
  • Does it interface ( or integrate ) to your CRM
  • Can you insert bookings into your video software such as Zoom or
  • Does it have the ability to integrate with Zapier or a similar integration connector tool?

Booking Rules

Booking rules are how your booking system knows when you allow someone in, and when to show you as ‘Not Available’.

Tip – if you can, make sure to use the ‘random’ setting in your booking system so that it randomly blocks out time for you as unavailable.

Whilst you don’t want to be completely unavailable for weeks on end, on the other end of the spectrum you also don’t want to be fully available all day long (it’s not a good look).

If you prefer to work on sales on specific days, capture those rules into the booking set up so that you don’t get booked at a time when you are doing other work.

Confirmation Emails and Texts

Once the person has made a booking, your booking system should have a template for the booking confirmation which is sent immediately.

Make sure you enable and edit this template, do not use the default.

‘Your appointment is confirmed’ wording. It will sound robotic – and people can spot the template a mile off. You want to engage this person from the get-go.

Use your own language, and style and tone in your content. Change the subject, and if you can update the template colours to match your branding.

Appointment & Booking Reminders

Use the 24-hour reminder in your tool, to prompt the person and remind them of your booking with them. Again, don’t use the default wording.

In your own words, note that you are looking forward to speaking with them, be sure to give them a chance to make a ‘graceful exit’ with a rescheduling option.

It’s far better than being stood up (even virtually) even if it sounds counter-intuitive to offer this option.

After the Booking Has Taken Place

Use the automation template to send a follow-up email at a set point after your call. (1 day, 2 days, 3 hours – think about what makes sense for the booking type, and your business).

Dig into your process a little and decide if you’re going to use the email follow-up to do one of the below:

  1. Give them a CTA or a link to a specific resource that you always talk about in your discovery calls
  2. Ask them for some feedback, if your first point of contact was a freebie of some sort

Try not to cram too much disparate and unrelated information into this email (i.e. don’t make it a ‘covering all bases’ type of email – because those look terrible) – you want one actionable step, perhaps it’s a subscription to your newsletter list, or perhaps it’s giving you a review on Facebook.

If you do find yourself trying to do too many things in the follow-up email then consider setting up specific and different appointment types that trigger different templated follow-ups. Each follow-up then has the specific wording, information, and CTA, with relevant links for the type of appointment you offer.

Payment Integration

If you charge for your bookings, or you want to take a deposit before securing an appointment  – consider implementing an integrated payment platform.

Stripe and Square are two excellent options that easily integrate to a large majority of calendar booking tools and systems.

Consider the experience of your prospect if you take deposits, and insist on a bank transfer, or you have to email them your bank details to get a payment or issue an invoice manually.

The best way to automate is to consider at each step what the purpose is of the automation and to do so in such a way that you don’t lose the human touch of your brand and business.

I hope you found this article helpful and that you too will be able to automate your online booking system for small business soon, as life will be so much easier for not only yourself but for your clients.


You can find the original publication of this article at Angela Henderson Consulting :


Angela started her consulting business because she kept getting asked in different platforms/forums for her business advice. Seeing a need for advice based on first hand experience , she took the plunge and began helping entrepreneurs and small business owners. You can find out more about Angela and her services at : 

An Australian Opportunity circa 2014

This article was written by Steph and accepted for publication to Merise Magazine,  in late 2014. It was, to the best of our knowledge never published, online or in print.

Here it is - with some slight modifications for the time between 2014 and 2018.

We hope you enjoy Steph's story of Opportunity and Growth.

I’m sitting on the train at 5:30 pm, mid September 2014, coming home from the Google Analytics User conference in Melbourne, and thinking about how I am going to write this article. That should teach me for jumping in head first to the opportunity.

An opportunity is a time or set of circumstances that makes it possible to do something.  Don't take my word for it, that's the official definition.

So, by its very definition, an opportunity is neither negative nor positive. It simply is.

It is chance to do something. A turn. Your go at taking the shot.

Opportunity does not discriminate, it does not take sides.

Getting the chance to write this article, is the result of an opportunity. One that I grabbed hold of without hesitation when I met the Merise Team at the Ladies Tea in Melbourne in early 2014.

I ponder thoughtfully that the definition of an opportunity is not about the end result, but rather about the circumstances. Getting more money into your business is not an opportunity, but helping someone in your network, that’s an opportunity. It’s a chance to do something.

It's also not a guarantee, to the disappointment of a great many humans I think.

It's an option, a happy coincidence of circumstances that enables you to

  • be something more,
  • try something different,
  • learn something new about yourself or
  • test your limits and boundaries.

And for Migrants and Saffers ?

What does this mean for migrants that land on our adopted fair shores ?

I think it’s about understanding what it means to have a fair-go. A fair-go is really the chance to take a hold of your Great Australian Opportunity.

Everyone in Australia has their "Fair-go" it would seem. Does that mean we all do well and prosper?

Not at all, because having a fair-go is not the same thing as working hard.  Australia,  in my experience does extraordinarily well at providing opportunities to more people than any other country, but you still have to work, and network, and be extraordinarily better than the rest to make a success of your career, your life,  or your business. In whatever way you choose to define that success.

So I’ve been pondering my journey since settling in Melbourne and the opportunities that have come my way.

In my whole working life, the longest I have ever worked for a company is 8 years. The longest I have ever had the same job is 5 (at that same company).

In South Africa I’ve cleaned houses, worked as a receptionist, a bookkeeper, a supervisor of dance instructors (couldn’t dance a step myself when I started) , a call centre agent, a debtors clerk, and a business analyst. All with a BSc Biochemistry under my belt.

In Australia, my CV looks a lot more stable, but that calm surface belies a far more complicated, and challenging personal and career growth curve.

I run a software company owned by 2 co-founders, and I'm not one of them. Technically, and legally not  mine, but it’s my baby nonetheless, as many other General Managers, Managing Directors and employed CEO's can relate I am sure. We invest ourselves, and our working identities heavily into these "children" of ours. Staying awake consecutive nights when we take big risks, and wondering what will happen to our team members and staff if it all goes belly up. Feeling the weight of that responsibility very heavily when our staff have families, and thinking about how much your decisions affect the lives of these newly minted little Aussie tykes.

I’ve learned to say Yes. 

I’ve learned to say No.

And more importantly, I’ve learned how I can tell in advance when each is appropriate.

I’ve learned to be discerning in my trust, and to go with my gut when there is no other data to work from.

Snakes are very pretty, and can be exceptionally hypnotic and charming before they bite, or strangle the life out of you without mercy or empathy. Life-giving wells of breathing space, and genuine appreciation are often hidden under plain unassuming facades. Don't judge a book by it's cover, sales is an art in Australia, and it's full of charlatans.

If you try to embrace Australian "mateship" without understanding it first, you’ll fall flat very quickly.

I wish that I’d been told this all of this when I arrived in 2010.

Eagerness is not always appreciated by your average small business Australian, they are a very reticent people, and if they don’t know you, you just look pushy.

Sometimes the opportunity is to be found in sitting back, and waiting.

And when the universe sends you a cryptic email wondering if you’d like to explore doing business in USA, you whip out that eagerness and energy and throw everything you have at it, in the face of enormous fear, because those are the times when the opportunity is in the YES, and you have to learn to stretch yourself.

An that is how I find myself all alone stranded overnight in Sydney en route to the USA in May 2013, fighting with an airline, and negotiating my way into 24 hours of plane hopping across the globe so I could get to my 2 week immersion in San Francisco on time.

I had a surreal moment in the middle of that night in 2013 in the Sydney Hotel, waiting for a call back from an airline. I made a wry mental note-to-self that I was having a chance to do some personal growth. This was rapidly followed by an angry admonishment to the Universe in general

“Personal Growth be damned, I just want things to work!”

It's so much easier to look back and see how far you've come, and apply an overlay of logic to the circumstances that challenge us. Much easier than seeing and grappling with the discomfort of that growth when it's happening in real time.

So I became the CEO of said company, because American Investors in Silicon Valley will not take a Business & General  Manager seriously. They want to talk to the CEO. It’s a bit like having a split personality really. CEO on one side of the globe and a Manager on the other.

What a moment that was, I think I celebrated by making myself another cup of coffee.

Celebrations do happen often in any business that I have a significant interest in, I believe it's important to mark the small wins and big. We had an apoplexy of happiness when we made it into the Apple App Store – and we got a couple of rounds of applause when we told our friends and business colleagues. It was a small win for us, but apparently far more impressive to our friends and clients than we realised.

The irony of that did not escape me,  that we had built this amazing software company over many years, with an incredible online platform, and no-one applauded until we had simple contact manager app in the App Store. When did the measure of business value become an App I wondered?

We cannot all be Steve Jobs

Moments like those bring my attention sharply into focus; snapping me back to the reality that we cannot all be Steve Jobs. Most times, us normal people need to see, pick and exploit opportunities by listening to what people want.

They may not have the words, but their needs and desires are there in their behaviour. And if you are not solving a problem, then you’re not doing anything useful, marketable and by extension, sellable.

Everything that happens to you every day when you live in Australia is an opportunity to grow.

It’s so damn hard to remember that,  when it’s 3 am and you can’t sleep because you miss your family with a pain so deep it knocks the breath out of you. It is true nonetheless.

One last lesson I have learned, is that you will be happy only when you decide that you’re going to be.

Unfortunately, it is the one lesson I cannot pass on as if it were a transferrable skill. Us migrants, we the brave that leave everything we know behind - we each have to come to our own peace and settlement of why we now live in Australia, and what it means to be an Australian from another birthplace. And we do it in our own time.

I notice the train has stopped here in 2014 - we’re at my station, so this is the end of the line for today. Only today mind you, because tomorrow morning will bring with it another set of opportunities.

What will you do with your opportunities, here in our adopted homeland?

How to add a user to your Google Analytics Account

One of my biggest bug-bears is sharing logins where it isn’t necessary. In that spirit – here’s a quick HOW TO add a user to your Google Analytics account (such as your marketing person, or your web developer for example).

Why would you add them as users and not simply just share your login ?

There are 2 reasons

  1. Google allows you to add users , and grant them varying degrees of access (security management) – at no cost.
  2. It’s a security risk every time you share passwords with anyone – so whenever possible, you should use the option to add a user when it is available.

Adding a user places the control back in your hands. As the account owner, you can revoke, or adjust the login settings and permissions of that user at any time.

If you’ve shared the main account login however, the other person has the ability to “go rogue” , which happens less often than we think, but often enough that most people have a war story or two.

What is required ?

A google email address. The other person only needs a google email address. Note this is NOT a GMAIL specifically , as any email address that is associated with a google account will work, including the G-Suite tools – or a Youtube login.

Here’s how

Login to your account, find the “View” or “website” that you are tracking , and then click on the Cog titled “Admin”on the bottom left of the screen to enter the Admin Settings.






Then select Account User Management from the first column of options displayed on the screen under the Account heading (and beneath the big blue +Create Account button)









Click on the Big Blue plus button on the right of the next screen, and then select Add Users.








Enter the email address (associated with a Google Account) for the user, and tick the boxes to apply the permissions you want to give them. And finally click on the blue ADD button to save and add them. Ensure you have ticked the NOTIFY option so that they get an email informing them of their access and details of their permissions.








If there are any errors, you will see a message confirming what to fix or change, otherwise the update will be saved and you will see the new user in the list of users once the screen closes.

Happy updating!

If you need assistance with any Google Account products for your business, staff or managing outside vendors and service providers  – you know where to find us! Reach out and lets have a secure and confidential discussion

How do I know if an email is a phishing attempt?

The heading of this blog is one  of the questions I am asked quite frequently in my security and password sessions. Specifically, how I tell personally,  if an email is a phishing attempt- and what advice I give for managers to take back to their teams and any future staff around dealing with phishing attempts. Phishing and preventing people from being taken in by scammers is something of a focus for us – we’ve even previously written about phishing on this blog specifically from a small business perspective Phishing: The Small Business Lowdown. So we’ve put together our Phishing Check List for business teams.

Whilst not exhaustive by any means, this list has served me, and my team well.

Here’s my check list –  if something doesn’t look right to me, in my inbox , this is usually how I evaluate and deal with it. Admittedly, the items have become second nature – so I don’t necessarily need a physical check list – but in case you, or your staff do – there’s a downloadable printable PDF at the end of this article.

There are 7 points – the detailed explanations follow.

Check List

  1. Are you expecting this email?
  2. Does the “From” email address look legit?
  3. Is there a misplaced sense of urgency in the email ?
  4. Google Search is your friend. Use it.
  5. Are there multiple typos, and massive grammar inconsistences in the email?
  6. When you hover over the link (or links) what does the preview show you for the address?
  7. If all else fails – check with the company that appears to have sent the email.

The Detailed explanations

  1. Are you expecting this email ?

Email is used to validate identity when new accounts or profiles are created , so often you may be sent an email with a “validation” link in it to confirm your email address and thus if you have just signed up for a new profile or online shopping account – then, yes, the email may be expected. And it’s highly unlikely to be a phishing attempt. Don’t overthink this one. If you’re not expecting a validation email, or a confirmation of identity for anything, then move on.

  1. Does the From email , in all its variations look legit ?

Most email clients (the programs we use to read and work with emails , rather than the actual email exchange ) have tools where you can look at the details of the sender – it can be confusing as sometimes there is a “via” or the reply-to email looks different . Generally what you want to see here is that the email address you see in the name, has the same domain as the company or the sender, and that the reply to address isn’t necessarily completely different. Also if there is a “via” displayed that makes sense.

It’s not always a problem if the email has come via another channel – for example Bank of Melbourne emails are sent to their clients via the St George email servers, so they all arrive with “via” in the from address. Again – it’s not a problem if it makes sense, and you know that the company details are correct.


Phishing emails sometimes come via a channel that they do not belong to- it’s a warning flag if you see a “via” in the From address that doesn’t make sense and doesn’t look legit.


3. Is there a sense of urgency, related to a deadline or time limit that feels wrong.

Assuming that this is not a validation email of some kind ( see 1. ) that you are expecting , another red flag is when an email purportedly from a bank or another financial institution arrives, demanding a login, for security purposes – and there is a limit or a deadline associated with this login.

Creating a false sense of urgency by threatening to cut off access is a very big warning flag. Assuming that you have not been ignoring notices for weeks from the company in question (don’t laugh, people don’t read anything that comes from a Corporate, even the legit stuff)

  1. Google Search is your friend. Use It.

When in doubt about the sender, the reply-to or the via – use Google Search to find out info about the company and the details shown.

As an example – if you did not know that Bank of Melbourne emails are sent via St George – go to google search and type in “ Connection between St George and Bank of Melbourne” – the search results should verify that

a) yes there is a connection between the banks and

b) in fact Bank of Melbourne is simply a rebranded St George …

which means that – we can safely assume the via is not a problem

  1. Is the email badly written ?

Emails and communications go through several layers of checks and several different team members and managers before being signed off, and then sent. This is particularly true in larger corporates.

Spelling errors, and incredibly bad grammar are almost guaranteed not to happen.

It’s a massive warning red flag when there are a large number of typos, spelling errors and bad grammar in an email that’s meant to be coming from a corporate.

  1. What does the link Preview tell you?

Most browsers will show you a preview of the link if you hover your mouse over the link or button – it looks like this –

Screenshot of Learn More link from an email with the URL displayed by the mouse hover

Occasionally you can’t do this as  the links are shortened by services such as or – however, if they are not shortened then, you can see where you’re going before you click.

  1. Check on the website for the vendor, or call your contact

After all of that – if you’re still not sure – either go directly to the website, login and check for any notifications , or pick up the phone and call whomever you normally speak to.

If the email is from a bank, or larger company – call up their call centre – and ask about the email. If it’s legit, they’ll be able to help you with the details.

Phishing Check List

There you have it – the list , plus explanations of the steps we follow to assess a suspicious email.

Opt in below ( to be notified about our corporate and business team training and workshops ) – and we’ll send you a printable copy of this checklist ( 4 copies per A4 Page).

What the end of Net Neutrality means for Australian Business

What is Net Neutrality ? 

Net Neutrality is the principle that Internet service providers should enable access to all content and applications regardless of the source, and without favouring or blocking particular products or websites. The first sentence on the Wikipedia entry states :  

Net neutrality is the principle that governments should mandate Internet service providers to treat all data on the Internet the same, and not discriminate or charge differently by user, content, website, platform, application, type of attached equipment, or method of communication

Europe and the US have specific laws forcing providers to comply with the principle. There is a recent case, making the news where the US laws have been overturned.

Even though the laws apply to the USA only, a number of ISP’s that are used by companies world-wide operate from the USA.

There is a group that has appealed the overturning of the Net Neutrality laws, so for the time being nothing much will change unless they lose their appeal. ( we hope they don't lose)

This currently provides a level playing field for startups and small companies against much bigger incumbents, and allows tiny e-commerce startups to function and operate in an environment that may otherwise be more challenging. 

How does this affect your company, website, app or ecommerce store?

If your website is hosted on US based servers, whether that’s via a US company or a local company with US hosting arrangements, then you will be affected by the changes to the Net Neutrality act, even though your company may not be a US entity.

How does this work ?

All US based hosting providers with servers in the US purchase their bandwidth from the major ISP’s - such as AT&T, Verizon, Google fiber , etc .

Once Net Neutrality  is fully revoked, these major providers will no longer be required by law to provide that even playing field we mentioned at he start of this article  .

This means they can tier the access to bandwidth and the speed of the connection at different price points.

In blunt terms, this means your website could get slower, or even be blocked entirely unless you pay more to have the same current access and speed that you have now, if you host with a US based company on servers located within the USA.

Whether this happens to you or not depends heavily on what your hosting provider has negotiated and is prepared to pay for, or subsidise.

What can you do about it.

Host locally wherever possible. Find a provider with servers in Australian or your local jurisdiction, or as close as you can get to the majority of your clients. 

What about AWS, Google and Microsoft - which are US companies with local servers.  Are you affected if you host on Sydney or other local servers with these companies ?

You are protected by local Australian laws, although not specific to Net Neutrality, the ACCC claims to be confident that our current laws are enough to protect consumers.  If your website is hosted on a local server - even if that server is maintained or provided by one of the big Cloud providers mentioned you should be safe. 

What if you're an Aussie company with International presence and US clients - how does this affect you ?

Your Australian clients will have the best experience of your web presence if you are hosting locally - however - you might have to replicate your website on several US based servers across different providers, in order to provide  the best experience possible to your US clients. This may come at significant extra cost, and at different price points depending on the providers and the ISP’s they work with. Several companies offer this as a service , including AWS, Google and Azure ( Microsoft).  

Your checklist / conclusions

  • Try to go local ( relative to your clients) - find a local reliable hosting provider — it might cost more, but you won’t be affected by Net Neutrality.
  • If you’re a local company with International Presence - start investigating options now to replace or host mirror sites.
  • If you are hosting with a local reseller ( ie someone who resells hosting on behalf of a larger provider) - check where exactly your site is hosted geographically.


What you need to know about BadRabbit malware

Here’s what’s important to know about BadRabbit malware - if you’re a business owner

BadRabbit is ransomware

If infected,  your computer will be locked down , and you will be extorted to pay money ( currently around $300 or equivalent in bitcoin)

There are 2 ways that it spreads

Primary infection on a network is via infected websites - it then secondarily spread through that network  via a leaked NSA exploit in Windows Operating systems ( not dissimilar to  WannaCry)

What’s that in plain English ?

You, or your staff, will most likely be exposed to it by browsing the web, and coming across an infected website - where you will see a popup that looks like you’re being prompted to download and install an Adobe Flash Update

If your computer is on the company network ( example a business with an internal network of computers ) - then the malware spreads across the network in a very similar way to WannaCry (via security weaknesses or gaps in  Windows XP / Vista / 7 and Windows Server 2003 and 2008 systems. ) The exploit that does this is called EternalRomance, and if this is all sounding familiar , it should be , because WannaCry spread by using an exploit called EternalBlue . Both the Eternals are from the NSA and were leaked out into the wild with devastating consequences.

Where does BadRabbit come from

Current general consensus is most likely it comes from Russia - it appears to be targeting corporates and government installations in the Ukraine and surrounding countries.

Why should you worry ?

Yes, it’s not spreading as fast WannaCry - however because the internet is global and open if you do any kind of shopping online, or global website browsing , you could be at risk of getting infected. 

Risk Points 

Windows software that is not patched or updated regularly - any computer running Windows Vista or XP, and staff that are "too busy" to critically evaluate the messages and popups that they see when browsing the web , especially if their job involves doing any form of online research or searches.

Tips for your staff :

  • Don’t download Flash from any website except Adobe - ignore pop up messages that looks confusing
  • Don’t buy  or order goods and services on a website that does not have a green padlocked SSL
  • Don’t work in older versions of Windows Operating Systems - and specifically move away from Vista, XP and Windows 7
  • Always keep up to date with your Windows security Patches.

What can you do on your website to prevent or mitigate this ?

  • install a business grade Organisational Validation, or Extended Validation SSL certificate
  • Ask your developer to mitigate  that Javascript  injection is prevented on your website.
  • If you have a wordpress website, ensure that comments can only be loaded by verified user accounts and have to be moderated or approved so you can delete the spam and suspect ones.  


Image of Steph speaking at an event overlaid with the Rocking Rose Red filter and content depicting the most common 5 passwords of 2017

And the winner is ....

Every year we get to read all about the most common passwords of the year before. This release of info comes from several different companies who compile the information based on the known hacks of the previous year.

In this blog - I'm referencing a company called SplashData .

Their 2017 list was published late in December - and there are some doozies ( as per usual ) on the list.

We published the top 5 in an insta post.

Notable additions to the list ( since previous years) point to pop culture references - such as "starwars"

A note on using pop culture references in your passwords : Don't. Just, Please - Don't. 

Hackers run through these common pop culture references as a matter of course - in addition to trying  all the common standard ones like 12345, or Password.

And in case you're thinking your IT guy said to do letter and number substitutions :P@ssW0Rd is no more secure than pa55w0rd. Because the substitutions are easy to predict, and even easier to check all the permutations with a simple algorithm.

So here's the list of the top 25 for 2017, as released by SplashData - and again, our advice remains the same - find a Password Manager and/or  Generator, and get comfortable with using it. Because your dog's name, your children's names and Birthdays, and your previous 3 houses or the suburb you grew up in are not safe to use as passwords.

1. 123456 (Unchanged)

2. Password (Unchanged)

3. 12345678 (Up 1)

4. qwerty (Up 2)

5. 12345 (Down 2)

6. 123456789 (New)

7. letmein (New)

8. 1234567 (Unchanged)

9. football (Down 4)

10. iloveyou (New)

11. admin (Up 4)

12. welcome (Unchanged)

13. monkey (New)

14. login (Down 3)

15. abc123 (Down 1)

16. starwars (New)

17. 123123 (New)

18. dragon (Up 1)

19. passw0rd (Down 1)

20. master (Up 1)

21. hello (New)

22. freedom (New)

23. whatever (New)

24. qazwsx (New)

25. trustno1 (New)


Here's 4 suggested Password Managers and Password Generators - there are heaps - the key is to find one that you are comfortable using.




SplashData (Splash ID personal -- they do have a business version)

Phishing : the Small Business Lowdown

So, you got this email the other day from AGL , or perhaps one of the big banks , Westpac maybe. And the strangest thing happened when you went to login and verify your account because there was apparently an issue , and you needed to confirm some details for them.

You seemed to be creating everything from scratch - so strange - and then something just felt wrong , as you were about to click on that submit button.

So you glance up at the URL - and HOLEY MOLEY - you're not on the AGL/Westpac/Banking website anymore !

Come to think of it , the logo does look very second hand , a bit blurry maybe .

So you close the browser - and thank your lucky stars that you stopped in time.

And that, is the story you tell at the BBQ about how you came *this close* to being caught in a phishing scam. Your identity nearly compromised.

And that email was so good - you could barely tell it wasn't real.

Here are some Rocking Tips for avoiding being caught up in a Phishing scam, as best you can.

  1. Always go directly to the website in a new browser to access and check your account when you get an email about your account that looks suspicious.
  2. Never click on the links in emails from Banks , or other large companies - there are very very few instances where you will need to do this ( see 4)
  3. The only time you click on links is when you are expecting the email - for example when you first open an online account, you will sometimes be sent a verification email to confirm that own the email address - in this instance , you will click on the link , because you are expecting that email ( and its highly unlikely that you are being targeted by a phishing attack within minutes of signing up for something new.
  4. Check the email address where the email came from -- don't just look at the display , open up and inspect the details of the Sender to ascertain if the email is correct for the company represented

Definition of Phishing with steph n the background reading something on her phone at a coffee shop

DDOS : Distributed Denial of Service

Once you have a website for your business, one of your worst nightmares becomes the fear that your website is down.

Today's post is a quick snapshot of one the nasties that could potentially bring your site down - and a couple of recommendations to prevent it ( as much as you can)

So, lets talk about a Distributed Denial of Service ( or DDOS)

What is that ?

In plain english , it's when attackers send so much traffic, from multiple locations ( distributed) to your website, that your server cannot cope with the requests, and eventually it shuts down. While this is happening, your site may slow down dramatically, making it very difficult for genuine clients and prospects to view and interact with your website.

Why do they do it ?

Most DDOS attacks are aimed at government or large companies - from "hacktivists" or people trying to make a political point.

If you are attacked by a DDOS , its likely to be because your IP address is in the same range as a target of interest - because once launched, the attacks are mostly automated by malware and bots.

What can you do about it ?

Mostly - there's not much you can do to stop attacks from hitting you - but you can put measures in place to cope with an attack.

Here are my top two tips to mitigate and prepare for an attack.

  1. Take a Multi layer approach to security mitigation
    • Server level - explicitly ask your hosting company to confirm what measures they take to mitigate
    • Website Framework ( eg Wordpress or Joomla ) - you may want to add a security plugin
  2. Make sure your server host or web developer updates all security patches as soon as they are available
    1. If you do this yourself - then set an appointment weekly to check and run all patches

Password Managers are not a laughing matter.

What is a Password Manager ?

It’s a tool that you use to Store, Create and Manage Passwords across your accounts and multiple devices.

How do they Work ?

On a browser , you will install a plugin to the browser that will prefill the passwords for you , when you are logged into the Password Manager.

They are also available as apps across most smartphones and tablets, where you will be able to copy the password from your Password App and use in a mobile browser or app. There is usually a time limit on the app version , which will delete the password from your clipboard after a minute or so.

Why do you need one ?

  • It’s hard to keep track of all your passwords
  • Re-using passwords is not a good idea ( but we do it because of the aforementioned point re how hard it is to keep track)
  • They can randomise passwords ( ie you only need to remember 1 password and all the others are random anyway)
  • You will never need to reset a forgotten password again ( provided you haven’t lost the login or saved the wrong password to start with)


My top 2 recommendations :

Mac  users - 1Password , which has a much slicker UI and works better on Mac than LastPass.

Windows users : LastPass works well across windows environments, also has a decent app for the iPhone and iPad - the Mac experience is a bit clunky