Home – New › Forums › Marketing mastery › How do I know if the SEO company is doing a ‘Ethical’ work?
- This topic has 128 replies, 26 voices, and was last updated 5 years, 10 months ago by John Romaine.
-
AuthorPosts
-
October 14, 2015 at 1:46 am #1189103Up::0
I understand what you’re saying John I’ve got three giac certifications and have spent years securing critical infrastructure and national banks in Australia.
At the end of the day the business owns the risk.
SEO is not the issue for the insecurities of FTP access nor should we own the risk for requesting access to an already open FTP port. Hosting providers should be disabling it by default these days. It’s a defunct standard that we all need to move on from.
I don’t disagree that the industry can do more in terms of educating business owners but at the end of the day if your business is required to be PCI compliant then as business owner you need to be aware of what that might mean if you fail to comply.
SEO and web designers are specialists in their respective fields, not security. To label SEO as the issue would be unfair considering it’s likely a weak password configured by the web designer that might have made it more easily cracked.
In most cases the website is built before any SEO touches it which means the risk hasn’t changed. Sure we can educate the business owner but at the end of the day the owner has a responsibility to comply with the standards. Any legal actions that result won’t care about “generally not being technical” as an excuse.
October 14, 2015 at 1:48 am #1189104Up::0“That raises a couple of other huge problems:
a. Defining universally accurate SE information and
b. the currency of this information. (Is it up to date?)
…………..
How are we going to establish and maintain professional standards with these twin problems?”
No different from a financial advisor with a “buy” recommendation on a stock, someone buys it, then new information comes to light and the share price dives.And yet, that industry has bodies that oversee them. Doesn’t eliminate all problems, but I’d suggest it is better with them than without them.
If we are talking about professional conduct, how one operates doesn’t have to equate with the result that is achieved.
October 14, 2015 at 2:15 am #1189105Up::0John Debrincat, post: 222203, member: 2969 wrote:Search Engine Optimisation (SEO) for most people means “how to trick search engines” and that is how its sold and that is just wrong.Paying for SEO is like playing the poker machines (pokies for some).
- You look for a nice one, maybe one that you see others playing.
- You plug in your money.
- You pull the handle (press a button these days) and you take your chances.
Reality is that the poker machine generally wins and that the people who make money own and run the machine. There is really no way to trick the machines but some times they the punter win just to keep them interested.
SEO, as in the context of lets trick Google, is a gamble, its not a technology or a discipline.
John I find everything you’ve just said here to be incredibly offensive.
I don’t want this to get ugly, but mate, show some respect for those who operate in this industry.
October 14, 2015 at 2:17 am #1189106Up::0Byron Trzeciak, post: 222220, member: 56118 wrote:In most cases the website is built before any SEO touches it which means the risk hasn’t changed. Sure we can educate the business owner but at the end of the day the owner has a responsibility to comply with the standards. Any legal actions that result won’t care about “generally not being technical” as an excuse.This whole discussion is about SEO hence why I relate FTP to SEO.
If I take my car to a licenced mechanic and the repairs he does causes my car to be have an accident then the mechanic can be held responsible.
If I fall ill and need surgery and go to a hospital and surgeon and the surgery is blotched and results in more problems the surgeon and hospital can be held responsible.
We have professional and product indemnity insurance because as a service provider and a professional we can be held responsible when our service, products or advice goes wrong.
So this is the crux of the matter.
If an SEO service provider will not accept responsibility for actions that might arise from the work, if they are not insured in Australia if practicing here, if they do not consider issues outside of the “pure” SEO space such as PCI which they can impact. Then avoid them.
John
October 14, 2015 at 2:25 am #1189107Up::0John Romaine, post: 222223, member: 39536 wrote:John I find everything you’ve just said here to be incredibly offensive.I don’t want this to get ugly, but mate, show some respect for those who operate in this industry.
I am not being offensive to those providers that practice their business professionally. This thread is about ” How do I know if the SEO company is doing a ‘Ethical’ work?” that is a question asked my many website owners and operators. So telling me it is going to get “ugly” does not help or address the issue.My views are my own but they are my views and I will stand by them.
If you have a different view that is freedom of speech and a core principle that we all share.
John
October 14, 2015 at 3:24 am #1189108Up::0I think your implying the issue is with the SEO industry which I think you couldn’t be further from the truth.
It’s a bit like going to the dentist, just because the dentist tells me to floss doesn’t mean my teeth will fall out if i don’t.
Just because I open an ftp port or request FTP access doesn’t mean that a business will be hacked. A business would first have to prove that the hack occurred directly from the work completed by SEO which in most cases I believe they would have zero ability to do so and would likely happen months after the fact from bruteforcing or a vulnerability.
If the SEO agency was to request FTP to be opened, when it otherwise had not been, then maybe you might have a case although I still think it’s highly unlikely and like you say businesses should have insurance to deal with this. Again, it’s up to the business owner to perform a risk assessment for any third parties they work with.
Are you a certified PCI professional? Are you qualified to provide PCI advice?
Sure, a business owner could sue in this instance if they felt it was justified but at the end of the day the reputational damage to their business may be well and truly more concerning.
“Risk transference is one of the most relevant risk treatment strategies
to third parties, and an organization may manage this relationship by written agreement, via a contractual obligation that states that the third party assumes responsibility for the security of CHD they process, store, or transmit on behalf of the organization. However, the remaining reputational risk means it isunlikely that the full risk to an organization will ever be truly transferred.”I’ve seen plenty of websites hacked in my time, some because of vulnerabilities in the web server, some because of out of date plugins, some because of brute force and much more. Who takes responsbility?
The software manufacturer
The hosting provider
Third parties that helped build the system
The business ownerBusinesses that think a “checklist” security compliance like PCI actually keeps them secure are more of a concern to me. You do it because you have to comply and it provides a baseline level of security but you only have to be in the industry for a period time before you understand that it’s far from a golden standard.
I think where you’re coming from John is a good place and I respect that you’re fighting for security because it’s worth doing so but to point SEO as the cause just doesn’t sit.
October 14, 2015 at 3:56 am #1189109Up::0Byron Trzeciak, post: 222228, member: 56118 wrote:Businesses that think a “checklist” security compliance like PCI actually keeps them secure are more of a concern to me. You do it because you have to comply and it provides a baseline level of security but you only have to be in the industry for a period time before you understand that it’s far from a golden standard.I think where you’re coming from John is a good place and I respect that you’re fighting for security because it’s worth doing so but to point SEO as the cause just doesn’t sit.
The issues of FTP and PCI are about compliance; so will being compliant stop you from being hacked. No. But that is not the point really. But going through the checklist self assessment process for PCI is far far better than doing nothing.
I think I have said this a couple of times before in this thread but this thread is about determining ethical SEO. So my reference to security is about the “cause and effect” meaning that the SEO person asks for something and a seemingly unrelated consequence occurs. Breach of PCI compliance can be a consequential effect.
Ethical SEO should consider a much bigger picture because the practitioner is sometimes messing with core parts of the website / server etc. Often they want code, structure and even infrastructure changes. They don’t just change content. But maybe they should only be changing content.
John
October 14, 2015 at 4:21 am #1189110Up::0What I think I’m hearing from you is that every business owner or vendor (including web and ecommerce developers) working on a website that handles payment card transactions should be aware of the PCI standard and provide best practice advice?
Therefore SEO providers, or any other provider, that requests FTP access goes against PCI best practice but at the same time doesn’t automatically become the cause of all future website hacks?
Should everyone involved with online ecommerce be forced to be PCI certified?
“One of the easiest ways online retailers can ensure their PCI compliance is to use a PCI-certified payment processor such as Australia Post’s SecurePay. Customers’ credit cards are entered into a PCI-compliant webpage hosted by SecurePay. The merchant knows that a payment or order has been made but never sees or stores a credit card number.”
If a client is certified PCI compliant by using the SecurePay gateway does that mean that mean that It doesn’t matter if I ask for FTP access because my client is certified regardless?
October 14, 2015 at 4:37 am #1189111Up::0Hi all,
A fascinating thread this one It’s raising some really interesting points around industry reputations and independent bodies. As a copywriter I have also come up against a general mistrust from some clients who have had bad experiences in the past that they then project on the industry as a whole. There are quite a few industries that battle with reputations caused by a few rotten apples.
Also, just a gentle reminder of our guidelines around keeping the tone respectful and supportive! Passionate’ discussions can quickly go downhill into unproductive territory!
Cheers,
PeterOctober 14, 2015 at 4:38 am #1189112Up::0Byron Trzeciak, post: 222231, member: 56118 wrote:If a client is certified PCI compliant by using the SecurePay gateway does that mean that mean that It doesn’t matter if I ask for FTP access because my client is certified regardless?Thanks Byron and yes I think we are on the same page.
Using a payment process where the card is not entered on the merchants website such as SecurePay SecureFrame or PayPal can make the process of PCI compliance easier. But technically the merchant still needs to complete a SAQ-A or SAQ-A EP (card not present but all card processing outsourced).
Unfortunately I cannot answer that question. However we recently completed our PCI audit using a certified security auditor. That question came up and although there seems to be no risk to card data they told us that FTP had to be disabled period but this is for us as a service provider. That is for the scenario where a merchant was not storing, processing or transmitting card data.
John
October 28, 2015 at 1:04 am #1189113Up::0Hi all,
I’ve been watching the Flying Solo through various media for a while, and decided today that it would be a good time to join If you would like to know more about my knowledge, look me up on Linkedin. https://au.linkedin.com/in/karendfrancisI love this thread and the detail in it.
I love the idea of an independent body that can audit sites and give information, the reasons I think it wouldn’t work though are many… although I really would like to see it happen.Let’s go through an analogy
A mechanic is a mechanic, they fix cars. An auto-electrician also fixes cars. yet they come to the process from different angles with a different focus and methodology. A mechanic might be an expert in Fords, but not know much about a Chrysler and it’s idiosyncrasies that are particular to the factory recalls / fault history and fixes. So it may take them longer to get results.Taking this to SEO.
It’s not a level playing field, it’s also not magic.
A lot of it really is common sense. Deliver information to people and to the robots that come to your website about your product or service in a way that makes sense, and in a way that makes people want to tell other people about it.Some people approach a site from a content and user experience point of view, some from external links and brand mentions, some regards keywords as vital, some regard overall visibility as high importance, and then there is what does the business owner want – more users on their site, more phone calls, more email addresses being left, more products being sold – is it an information site or a sales site… and is it in an niche or in a highly competitive environment.
While I could audit your site successfully and tell you what should change to help it become more visible in search engines. My focus may not suit your approach… or that of the team you pick to do the work.
I could tell you that content is important, and give you guidelines for your title, meta and on-site work… yet the next person you take my audit to could completely disagree and say links are vital.
The tricky part in SEO is that each will achieve results. Neither is “actually” wrong, one just might take longer… its the autoelectrician and the mechanic – both fix cars, but in different ways.
So how do you – the business owner – know what will work? The only real way is to try it on, give it some time and go with your gut.
PS – some things definitely are ‘actually’ wrong – a car can’t run on paint thinner for a long period – do some research about what the methods should be and take an educated step. eg: https://support.google.com/webmasters/answer/35769?hl=en
October 28, 2015 at 11:20 am #1189114Up::0Karen Francis, post: 222857, member: 72549 wrote:Hi all,
I’ve been watching the Flying Solo through various media for a while, and decided today that it would be a good time to join…
Hi Karen,
Welcome to the discussion.What seems invariably omitted from good vs bad SEO are the issues of:
- Client resources: Budget, time, skills and interests
- Cost effecient strategies/tactics
- Assessing how the SEs rank different types of searches
- What SE problems if any, may exist with the site
- The strengths weaknesses of the search market
- Providing the info saught by the target audiences
There is always something that can be done to improve relevant SE referrals to a site. I’ve seen sites where someone accidentally set them up to exclude SE indexing. I can’t bring myself to charge much for something that is so quickly identified and fixed with a button click.
At the other end of the scale can be site design, structure and implementation problems that are so major that the most cost-effective SEO recommendation is to start again from scratch. SEO activities based on tinkering with URL, titles, external links and social media will be totally compromised if there are major design and structural problems.
Until an SEO has some idea of the above issues it is impossible to quote on the service.
As FS is largely talking to micro-small businesses owners, we should be very careful that we distinguish between SEO tactics that may be employed if a client has a $5k+ per month budget. I don’t think there are many in that category reading these forums.
I suggest owners of any sized business who receives SEO proposals/quotes based on:
- targeting various numbers of keywords
- creating unspecified external links
- publishing quantities of social media
…should toss them out as they are likely to be irrelevant, inaccurate, out of date, dangerous or scams.
Regs,
JohnWOctober 28, 2015 at 7:59 pm #1189115Up::0Karen Francis, post: 222857, member: 72549 wrote:Let’s go through an analogy
A mechanic is a mechanic, they fix cars. An auto-electrician also fixes cars. yet they come to the process from different angles with a different focus and methodology. A mechanic might be an expert in Fords, but not know much about a Chrysler and it’s idiosyncrasies that are particular to the factory recalls / fault history and fixes. So it may take them longer to get results.Karen, Yes a mechanic is a mechanic, and they do specialize in different areas, and like you say they mey be experts in fords but just fiddle with a Chrysler.
But they all do have recognized training, and there are organisations that they join (ie. VACC in Victoria), so there is a loose standard of regulation (wrong word). And yes you still get shonky operators who are regulated.
And the same with SEO, some may be better at one specific area, than the other, but the issue is there is no real training, or industry body to try to give some professionalism to the industry.It would be very hard for me to go and setup a Motor Mechanics business, as I would not be able to join VACC or other industry orgainsations, and a lot of consumers will now only go to those who do belong. But I could setup a web site tomorrow and call myself an SEO expert, as there is nothing that I need to say I belong to. And I promise you, you don’t want me setting up an SEO business I would bring it down even further (LOL).
Like any industry or professional business, take accountants, there are 10 different specialties, you wouldn’t go to a tax accountant for property accounting advise (well you may, but you get the drift), but they all come under the umbrella of CPA or the other one, which gives them some credibility, and again stops Bert M from calling himself an accounting guru across all fields.
We have some excellent SEO’s here in FS, they are being dragged down by the shonks in the industry, until the industry does something they will be dragged down further.
October 28, 2015 at 8:13 pm #1189116Up::0JohnW, post: 222895, member: 6375 wrote:I suggest owners of any sized business who receives SEO proposals/quotes based on:- targeting various numbers of keywords
- creating unspecified external links
- publishing quantities of social media
…should toss them out as they are likely to be irrelevant, inaccurate, out of date, dangerous or scams.
Regs,
JohnWJohn,
This is 100% correct, the problem for a lot of small business’s is that they just don’t know enough about this stuff, and with a slick salesman sitting on the other side of the table, we just assume these offers are right. To use Karen’s analogy if a mechanic says he is going to replace the engine on our car, when all that is wrong is the indicator doesn’t work, we have enough knowledge about a car to know that’s BS. To the general small business owner SEO is one huge BIG black box.And sure we can do our due diligence and try to find out more, but there is that much false information on the internet (even some here, which you and others point out, but it is still there in black and smudge)), but it sounds like it is right, that the small business owner doesn’t know if he/she is Arthur or Martha.
And yes here on FS we have several excellent SEO people, but that only reaches a small part of the business community. Until the industry can get out and sell, tell, educate the business owners, my daily receipt of shonky emails offering me page one ranking will just increase.
October 29, 2015 at 7:47 am #1189117Up::0bb1, post: 222903, member: 53375 wrote:Until the industry can get out and sell, tell, educate the business owners, my daily receipt of shonky emails offering me page one ranking will just increase.
Hi Bert,
I’m afraid SEO will never be considered an industry or profession with formally recognised certification. Here’s why…“Certification” requires conformance with known performance standards.
Apprentice motor mechanic gets stacks of detailed manuals provided by each car manufacturer. These define the processes for maintaining and repairing the vehicles and the mechanic’s skills in implementing the tasks can therefore be assessed.
There can be no SEO “performance standards” when all we get are a few vague sets of “guidelines” from SEs and statements from them that their algorithms are constantly changing.
IMHO, SEO is but one small part or tactic in what might be more broadly called Internet Marketing. This might become a profession where I could see “certification” being implemented. The problem is that even this form of certification does not potentially provide much real protection.
Then there is the International spread of SEO services – the source of most of the spam SEO emails I receive. What value is an Aust certification when the vast majority of SEO services are based overseas?
Disatisfaction with SEO services are very obvious when money is spent and results don’t ensue.
You could argue that many web designers/developers get away with worse rip-offs because the business owner can’t measure their performance.
Ever been to a designer/developer’s website where they don’t offer SEO enhanced websites?
My SEO advisory business only exists because SEO has not been built into a website.
Could it be that SEO services exist primarily because site designers/developers don’t build it into their clients’ sites?
Regs,
JohnW -
AuthorPosts
- You must be logged in to reply to this topic.