If you are building or scaling your business, your website is one of your most powerful assets. It’s your digital storefront, your branding hub, and often the first impression you make on potential customers. And in that landscape, alt text is one of those details that can either elevate your brand visibility or leave opportunities on the table.

In this article, we’ll unpack what alt text is, why it matters, and how businesses can leverage it to maximize both accessibility and SEO. By the end, you’ll see how a few words of thoughtful description can help you win more traffic, trust, and conversions.

What Exactly Is Alt Text?

Alt text — short for alternative text — is the written description added to images on a webpage. Its primary purpose is to provide context when the image cannot be displayed or when a visitor is using a screen reader. But beyond accessibility, alt text plays a huge role in how search engines understand your content.

Here’s something that might blow your mind: Google’s sophisticated AI still can’t perfectly understand images without textual context. Search engines are also blind in a way without alt-text. While they can crawl and index your written words, they, however, can’t “see” your images. Without alt text, that valuable image content remains invisible to them. By adding descriptive alt text, you essentially translate your images into searchable language that boosts your overall SEO.

So while it may seem like a small technical detail, alt text is really a strategic tool.

Why Should I Care About Alt Text?

Here is why you should care :

Accessibility Builds Trust and Loyalty

Inclusivity is no longer optional. Many potential customers rely on screen readers due to visual impairments. If your website is missing alt text, you’re excluding a portion of your audience. By simply writing clear descriptions for your images, you show empathy and respect. And that builds loyalty.

 Alt Text Fuels Your SEO

Search engines can’t interpret images the way humans can. By writing optimized alt text, you’re essentially whispering in Google’s ear: “Here’s what this picture is about.” This extra context can help your pages rank higher, especially when your alt text includes relevant keywords naturally.

For entrepreneurs, this is free organic traffic you can’t afford to miss. Every visitor who finds you through search is one step closer to becoming a customer.

 Improves User Experience Beyond the Screen

Technical failures happen more than you think. Sometimes images don’t load. Maybe the user has a slow internet connection. Perhaps your image hosting service is experiencing technical difficulties. Sometimes corporate firewalls block certain image types or external resources. In mobile environments with limited data plans, users might disable image loading entirely to conserve bandwidth.

When that happens, alt text ensures users still understand the context. Instead of being confused by a blank square, they still get the full story.

In other words, alt text acts as your safety net. It guarantees your content communicates effectively even when technology fails.

Legal Compliance and Avoiding Risk

According to the World Health Organization, approximately 2.2 billion people worldwide have some form of vision impairment. That’s roughly one in four people on this planet.

In many regions, there are accessibility laws in place. These laws require websites to be usable by people with disabilities. Failing to be compliant can put a business at legal risk.

In 2023 alone, there were over 4,000 website accessibility lawsuits filed in the United States. That’s more than ten lawsuits every single day. Companies like Target, Netflix, and Domino‘s have faced high-profile lawsuits specifically related to website accessibility issues. Domino’s case went all the way to the Supreme Court.

These lawsuits are completely preventable. Simply adding alt text is one of the easiest ways to safeguard your business and stay compliant with regulations.

Most startups and small businesses with limited funds do not have the luxury of paying hefty settlements, so as site owners, it is best to get this remedy as soon as possible.

How to Write Effective Alt Text

Now that you know why it matters, let’s talk about how to write alt text that actually works.

 Be Descriptive, Not Robotic

Instead of writing something vague like “image” or “photo,” describe what the picture shows. For example, instead of:

  “Dog”

  “Golden retriever puppy playing with a red ball in a park”

The second example not only paints a clearer picture for users but also gives search engines more context.

 Keep It Concise

Alt text is not the place for lengthy sentences.

Aim for one short, clear description — usually under 125 characters. Screen readers cut off longer text, so brevity ensures clarity.

 Use Keywords Naturally

If your target keyword fits naturally, use it. For example, if your keyword is “eco-friendly water bottle,” and your image shows that product, your alt text could read:

  “Eco-friendly stainless steel water bottle on a wooden desk”

Avoid keyword stuffing. Forcing phrases like “eco-friendly water bottle” into every image alt text looks spammy and hurts your SEO.

 Skip Redundancy

You don’t need to write “image of” or “picture of” in your alt text.

Screen readers already announce that it’s an image. Jump straight into the description.

 Prioritize Meaningful Images

Not every single image needs detailed alt text. Decorative elements (like background patterns or design flourishes) can have empty alt attributes (`alt=””`) so they don’t clutter the experience for screen readers. Focus your energy on product images, infographics, charts, and photos that add real value.

Use Cases for Alt Text

So, how do entrepreneurs apply this practically? Let’s look at a few scenarios.

E-commerce Businesses

If you sell products online, alt text is your silent salesperson. Well-written descriptions make your products discoverable in Google Images, which drives buying intent traffic straight to your store.

For example, instead of:

  “Shoes”

  “Women’s black leather ankle boots with side zipper”

That extra detail improves both search visibility and conversion. Despite its simplicity, alt text remains one of the most overlooked aspects of web development.

Content Creators and Coaches

If you publish blogs, webinars, or guides, alt text ensures your visuals (charts, screenshots, promotional graphics) contribute to SEO. It also makes your content more accessible to a broader audience, expanding your reach.

Startups and Small Businesses

When you’re building awareness on a budget, every ounce of organic visibility matters. Alt text is one of the cheapest SEO wins available. It helps your site compete with bigger players who may overlook this detail.

Personal Branding for Entrepreneurs

If you’re building a personal brand through photos, speaking events, or media features, alt text ensures your image-based content contributes to your discoverability. Imagine someone searching for “entrepreneur keynote speaker Singapore” — if your event photo has the right alt text, you could appear.

Common Mistakes Entrepreneurs Make with Alt Text

Despite its simplicity, many entrepreneurs miss the mark. Here are mistakes to avoid:

 Keyword stuffing: Writing alt text like “alt text alt text entrepreneur SEO alt text” doesn’t fool Google.

 Being too vague: “Business image” doesn’t add value.

 Forgetting brand consistency: Use alt text to reinforce your brand voice subtly.

 Ignoring charts and infographics: Data visuals need alt text too, or you lose SEO and accessibility benefits.

Final Thoughts: Don’t Overlook the Small Things

As entrepreneurs, it’s tempting to focus only on the big, flashy strategies — product launches, ad campaigns, scaling operations. But sometimes, it’s the quiet, overlooked details that make the difference between being found and being forgotten.

Alt text may look small on the surface, but its ripple effects touch accessibility, SEO, brand reputation, and even legal compliance. By investing just a few extra minutes to write thoughtful alt text, you’re investing in a better experience for your customers and a stronger foundation for your business.

Remember the 2.2 billion people with disabilities; though they may face visual challenges, they nonetheless represent real people with real purchasing power.

So next time you upload an image, don’t just leave that alt text box blank. Use it as a chance to improve your visibility and show your customers that you care.

It’s often the little things that make the biggest impact or sink a mighty ship. If you want professional help optimizing your digital presence, drop us a note as we specialize in strategies that ensure every detail of your online presence is working for you and not against you, including alt text.

Here are some reasons why deploying a data protection policy is in an organisation’s best interest :

1.Meet regulatory requirements

Having a data protection policy and management program is mandatory to meet regulatory expectations.

Failure to comply could have serious consequences as hefty penalties are at stake, potentially impacting revenue figures. Besides financial penalties, there might be other costs including non-financial impacts like reputational damages and loss of brand confidence.

2.Increase consumer trust and credibility

Knowing that a company is compliant with data protection regulations, consumers will have more faith that their personal data are being well-protected. Your brand will be perceived to be more trusted, and they are more likely to do business with your brand.

3.Limit liabilities

Any breach and publishing of personal data could lead to untold, unexpected consequences leading to possible regulatory and civil suits.

By implementing a policy and program for managing personal data, companies can fulfill their obligations and reduce their legal risks.

4.Improve brand equity

A brand that puts consumers’ interests first will be perceived as a company that cares for its consumers. Consumers are more likely to gravitate towards and buy from such a brand. This in turn will greatly improve the brand’s equity, goodwill and bottom line.

5.Reduce investor’s risk

Investors are always on the prowl for good companies to invest their money in. The last thing they would want to do is to invest in a company with a bad reputation. Also if the company has not been caught out by regulators, they would prefer to buy a company that has in place policies, process, and controls compliant with local laws.

6.Improve personal data management

With a personal data policy and management program in place, company leaders would have a better understanding of the personal data under their care. Company directors would be ready to provide answers, concerning personal data they manage, to regulators, shareholders, potential investors, and customers.

7.Competitive advantage

Having a personal data policy and management program in place can be a competitive advantage over another company in consideration. Increasingly many companies expect their vendors to be compliant with personal data regulations. They do not wish to be dragged into any legal non-compliance and have their brand in the limelight for the wrong reasons.

As public awareness of personal data rights increases, the expectations for vendors to be compliant with personal data regulations will increase.

8. Peace of mind

With a personal data protection policy and program in place, you can sleep more soundly at night.

Knowing that you have your back covered, you are ready for any unexpected challenges that may arise from a user compliant to a data breach.

If you need help in your personal data protection journey for your organisation, do not hesitate to reach out to us.

Companies that handle personal data from Singapore are responsible for lawful processing under Singaporean law. The transfer of personal data outside of Singapore is regulated, and the PDPC is the main enforcing authority.

As more and more companies adopt policies to be compliant and competitive, it is only a matter of time before companies of all shapes and sizes adopt data protection policies and work toward compliance. 

To be compliant with the law, there are several steps to take. 

Step 1 – Appoint a Data Protection Officer

Foremost, in accordance with section 11 of the PDPA, companies need to appoint a Data Protection Officer. The data protection representative will help management develop policies, programs, and training for employees to comply with the PDPA. The DPO will also keep the management informed of changes to the regulations and issues on the ground. 

Step 2 – Understands the PDPA Obligations

Secondly, company founders and directors need to understand their obligations under the PDPA. Currently, there are 10 obligations with the latest one added on the 1^st Oct 2022. With an understanding of the obligations, management can then have a better appreciation of the PDPA and the necessary actions to take. 

Step 3 – Develop a Data Protection Policy

Thirdly, section 12 of the PDPA requires companies to develop policies and processes to meet the obligations under the PDPA. These policies and procedures will form the baseline of personal data practices within the company. They would then need to be communicated to all staff to ensure compliance. 

Step 4 – Develop a Information Security Policy

We are now living in the information age.

Companies today are increasingly adopting technology to go digital and establish an online presence. While the adoption of technology makes things more efficient and convenient. It also exposes us to cybercriminals who want something from us.  

To remain safe and compliant, technology is employed to help fulfill certain obligations of the PDPA. They serve as controls to provide protection, alert, and audit trails for documentation purposes. Hence, an information security policy is necessary to augment personal data protection practices within the organisation. 

Step 5 – Develop a Data Protection Program

Without a program to back them up, policies are just text on paper.

A personal data protection program should detail tasks to be done to ensure compliance. Creating a data inventory, understanding data flow, and identifying owners are the baseline of any data protection program. Specific areas such as consent, notification, personal data request, handling of personal data, complaints, and data breaches need to be covered in the program.  Regular testing and rehearsals should be conducted whenever possible.  

Step 6 – Employee Awareness Training

To empower employees from becoming victims to defenders of the organisation, it is crucial for them to familiarize themselves with company policies and best practices. Hence, regular training and assessment need to be done to keep every employee on their toes. 

Step 7 – Regular Audit and Update

Finally, as new threats and new ways of working emerge, there will be changes in the way we do things. Hence, regular audits are necessary to fine-tune any process. New discoveries need to be updated in the respective policies to keep them current and relevant. Personal data regulations are not about to go away any time soon. In fact, its adoption by companies will increase. As companies become more aware of their obligations, they may require their business partners to implement PDPA-compliant policies and processes. Any failure to adopt such practices could result in a personal data breach on their end. The fallout may affect the companies that are the data controllers. This could lead to bad press, loss of revenue, and for some even their jobs. 

If you need help in any way on your data protection journey, do drop us a note.

Email marketing is particularly attractive to marketers in the early days of the Internet. It costs next to nothing to use them. Marketers need not deploy any new application but leverage off existing assets the company already owns – the email system.

The idea of using emails as a marketing channel caught on and soon many marketers were blasting away to promote their company’s offerings. This behavior resulted in SPAM. It became irritating as messages were irrelevant. Also with repeated messages, it fast become annoying and was overwhelming inboxes. Eventually, this uncontrol, excessive behavior led to the birth of SPAM laws to control these spammers and their unwanted messages.

While spam laws have been around for a long time. It never resulted in many emails landing in junk or spam folders. Something else is at foot.

The rise of phishing

Now there is a newer threat in our inboxes – phishing emails. Phishing emails are more insidious and more malicious than spam emails. While spam emails were merely irritating, they didn’t cause much trouble beyond that. However, with phishing emails, it is a whole new ballgame.

Source : FBI Internet Cybercrime Report 2021

Phishing emails can cause companies and their associates (i.e. customers, stakeholders, etc.) some damaging problems. Problems like locking digital assets, stealing confidential data, taking over IT assets to launch further attacks on other organizations, etc. These are problems companies can live without.

To counter this issue, companies have set up mechanisms to deal with this new threat.

The rise of privacy regulations

One of the major drivers for companies to start taking action to protect the organization’s inboxes is regulations, specifically those relating to personal data. With regulations like GDPR, companies are liable to pay huge fines if there is a data breach of personal data.

As cybercriminals can easily enter an organization’s network via emails, incoming emails have to be protected against these perpetrators.

To meet regulatory expectations, companies have put in policies, processes and measures to protect themselves against these new regulations.

The rise of Artificial Intelligence (AI)

In the past, organizations relied on users’ inputs on whether an email was a spam email. It was a manual process, without much automation and checks.

These days not only do we have automation but built-in intelligence in spam filtering applications to detect spammy emails. With AI, the check goes deeper into the content. Hence, increasingly you might find your email not landing in the inbox if your content is not properly crafted. For example, if you are sending promotional emails to any Gmail accounts, they will not land in your inbox, but in other folders (please refer below).

The rise of service providers’ blacklists

Blacklists have existed with us for a long time now. They existed mostly in the domain of cybersecurity specialists to list out rouge IPs and domains. However, increasingly, the use of blacklists is expanding beyond the traditional use of keeping perpetrators out of the network.

Service providers, namely Internet service providers, email hosting providers, email marketing service providers, application service providers have a blacklist. The purpose of these blacklists is to weed out rouge users of their services. Why? Simple, they themselves need to be compliant to regulatory laws

To provide an affordable service, service providers use a shared-services model where its customers use an application mounted on a server. All it takes is one inconsiderate user to ruin the reputation of the IP of the server. All users on the server with the same IP will be affected. Hence, service providers are keen to identify these abusers and will not hesitate to have them removed if they fail to heed any warnings.

Let’s have a conversation if you would like to avoid your emails heading to the spam/junk folder or blacklist.

The information security policy is gaining importance as more and more of a company’s internal processes become digitized, and outsourced. As a company relies more and more on automation, more software applications are onboarded into a company, the risks of a cyber incident increases . This would un-nerve stakeholders like bankers.

With an information security policy, it gives assurances to external stakeholders the management’s commitment to in mitigating against a cyber attack and data breach. Even if you are a small business owner, having an information security policy is needed to document what you have in place to safeguard confidential data, especially private personal data.

The trend of employees working remotely also adds to the risks of a cyber incident. Sometimes, users would be working over 3^rd party networks, whose security could be lacking. While transmitting unsecurely on these 3^rd party networks, they run the risk of being compromised through a “man in the middle attacks”.

In the last few years, many countries across the world have been erecting privacy laws to protect the privacy of its citizens.

In the event of a data breach, there will be an investigation by the regulators. One of the things they would request is the company’s information security policy. The existence of an information security policy will provide the regulators with an idea of the management’s commitment of taking cybersecurity seriously. If a information security policy is lacking, the company runs the risks of attracting a hefty fine.

Just like any other policies in the company, understanding the content of the information security policy should be made mandatory. Every employee should comply with it to insulate themselves and the organization against regulatory fines and civil suits.

With the increased chance of a cyber incident, companies need to start preparing themselves for one. Careful consideration of how to defend and respond to one is more important than ever. The information security policy is an excellent place to start in improving a company’s cyber posture.

We can help in drafting one for your organisation, shall we have a conversation?

Today the Internet plays a crucial role in businesses. The Internet has gone from just being a communication platform to one where transactions are made daily. Along with the latter, personal data like credit card details are indiscriminately captured, manipulated, and even sold.

Governments all around the world are stepping in to protect the privacy of its citizens. Besides internal corporate policies and business legal documentation, regulators are introducing requirements for companies to have policies and documented procedures to safeguard personal data of their users.

Below is a list of policies that generally all corporate and online vendors should have on their website and internally within their organization.

On every website, below are some baseline policies you would want to include on your website. The first three would be a requirement by law.

• Cookie acceptance bar

• Cookie policy

• Privacy policy

• Terms of Use

Within an organizational, the following internal policies would supplement the above policies.

• Human resource policy

• Information security policy

• Data Privacy policy

If you are running an eCommerce business, you might further need to have the following policies

• Listing policies

• Payment policies

• Refund policy etc.

Do note the above list is not exhaustive as each industry have their own sets of governing regulations which would require them to take domain-specific policies. Take, for example, if you are in the financial sector, you need to further comply with Anti-money laundering policies as required by respective financial regulators.

This post was written to enlighten and help our reader in understanding what some of the legal documentation and policies they need to have in place to safeguard their online presence are. The list outline in this post should not be viewed as the final and complete listing of all policies and legal documentation need internally within the organization or on the website. Ultimately all companies have different business models and offer various services operating in different industries.

We strongly recommend that you check with your legal team or a specialized third-party legal service provider to ascertain what are all the complete set of policies and documentation needed.

Prior to the GDPR, websites would drop cookies onto their visitors’ browsers without their knowledge or consent. However, all that changed with the GDPR legislation. Recital 30 of the General Data Protection Regulation considers cookies as part of personal data. It requires websites to obtain valid consent when collecting personal data from its users. The law now gives its citizens rights over their data.

Why do we need cookies?

Cookies are lines of code that a web server sends out along with the requested website the very first time it is called out by the browser. Once in the browsers, these cookies transmit data like user ID, session ID, and settings, back to the web server. The cookies will remain in the browsers until it gets flushed out through the “clear cookies” action.

Cookies help to improve user experience on the site. They stored information to identify you and provide personalized content and settings.

For example, one of the significant backend applications that use cookies is Google Analytics.  Google Analytics uses cookies to monitor site traffic information and user behavior.

Why do the regulators care so much about these cookies?

Like all things good, cookies can be misused in the wrong hands. While cookies can be convenient for website users, they can turn sinister by tracking and remembering user behavior for monitoring and marketing purposes.

Regulators aim to make users conscious of what they allow, rather than granting marketing companies unrestricted access to collect personal data. Users should be given the opportunity to refuse cookies when they visit a site. Hence, the rise of cookie consent and its management.

How does one be GDPR-compliant with regard to cookies?

For starters, you would need to have a prominent cookie consent banner on the front of your home page. The purpose of the consent banner is to inform your visitors that you are using cookies on your website. The visitor then has a choice of whether to accept and proceed. Should they disagree on the use of cookies, they would not be able to proceed further and have to exit the website.

The banner could be either a pop-up or a banner bar. The bar could be either at the top or the bottom of the page. The pop-up or the banner should have clear and precise information about the purposes of cookies that are placed on the user’s browser. Pre-ticked boxes for cookie consent are now allowed. What regulators would like to see is affirmative action like “accept” or “reject”.

Next, you need to have a cookie policy to inform visitors what cookies are being used on your website and their purpose. This provides visitors with some knowledge and comfort of how their data will be used.

Next, you have to keep a cookie consent log to document cookie consent for proof of compliance in case you come under regulatory scrutiny.

If you need help in implementing any of the above, let’s connect.

Today, almost every country has regulations to protect the privacy and personal data of its citizens. The European Union (EU), is no exception.

On the 25th of May 2018, the EU released its version of the data privacy law. It is called the General Data Protection Regulations or better known as GDPR. Any company caught flouting the rules of the GDPR is liable. They can be fined up to 4% of their annual revenue or 20 million euros, whichever is higher.  

While the geography of most country bounds the privacy laws of the country, the EU’s GDPR is unique. The GDPR is not restricted by geography at all. As long as the personal data of a citizen of any of its member states is collected leaked,  the organization collecting the data would be held liable and fined under GDPR. Under GDPR, the organization or company will be prosecuted even if they do not have a legal entity in the EU.

One of the significant areas of violation for companies is the company’s very own website. The website is a very public application and has such everyone has a view of it, including regulators

In the event of a personal data breach, privacy investigators will inspect your website. They can very quickly ascertain whether you have taken the regulations seriously and put in place measures to be compliant.

Hence to understand whether you would be prosecuted under GDPR, you need to ask yourself the following questions :

• Does your website allow a visitor to add or submit information on your website?

• On any part of your website, can your visitors leave any comments?

• Does your website accept any form of payment?

• Can your site visitors chat with you directly?

If your answer to any of the above questions is yes, then you will be impacted by GDPR if there is a personal data breach. Moreover, you never know which country your website visitor could be a citizen of.

Even if you are not actively doing any business with the EU, you need to understand your GDPR obligations to protect yourself and business.

Let’s have a conversation if you need assistance in this area.

Many activities are happening at the backend of a website – you will be making changes on your website, adding new capabilities, configuring them, doing back up, etc.  Though it may not seem important when you are building your website, however, when things go wrong, you want to be able to quickly understand what you have done on your website as things do and can go wrong from time to time.

Track changes

One of the primary use of a logging feature is to track changes. An audit log is something that will result from it. With an audit log, you will have a better understanding of what is happening on your website.

An audit log can advise on changes done, and some can also highlight the criticality of the changes.

Ideally, the audit log application should be able to send off an alert on these critical issues when it detects them.

Some audit log application can also send off an email alert if there is an abnormality (i.e., file size changes)

Multiple users

As more users work on your website, the complexity increases. The need for accountability increases. With a logging feature, you now know who has access to the backend of the website and what action they have taken.

Without an audit log, you wouldn’t know who has done what. Pinning down responsibility would be difficult.

Access by an external vendor

From time to time, you may encounter issues beyond your or your team’s capabilities. You need outside help.  You need to grant access to an external third-party vendor.

When you allow that, after the work is done, you want to have a peace of mind that they do not leave any backdoor application, which they can later use to gain access to the website.

Having this assurance is essential.  Otherwise, you will have sleepless nights. You will constantly be wondering whether you have made the right move in getting a third party to help out. You will be wondering have you solve a problem but created a greater problem of vulnerability that can be exploited anytime by the vendor.

Cyber incident

Audit logs are most useful and critical if there is a cyber-incident or data breach. In certain circumstances, an investigation is required by law. Intimate details of the incident – when it happens, how it happens, what path it took, what systems were involved, etc., would be needed to understand the scope of the damage and how to prevent it from ever occurring again.

The information provided by the audit log will be handy during this moment. It will significantly facilitate and shorten the investigation. It would also reduce the number of days for hiring a cyber-forensic specialist to conduct the investigation.

Think of an audit log like an in-vehicle camera. When something happens, the camera (i.e., audit log) will provide clarity of the incident. While sometimes, it may not give the full picture, but it does narrow things down somewhat.

Backup error

Surprise, surprise, but backups do fail too.

Failures could happen anytime when there is a software conflict within the CMS. When it happens, this might cause the last backup not to restore itself properly.

Your next course of action is to determine what has happened between the last and prior backup. You might want to know who has access to the system and what steps have they taken.

If you have been actively working on the CMS, you want to know what work or actions you have undertaken during the period between the last two backups.

By taking a snapshot of the activities before doing a backup, you will gain some understanding of what you have worked on.

That will save tons of guesswork from stretching your mind trying to recall those activities.

From the above scenarios, the benefits of deploying an audit log application are overwhelming. Its use becomes more critical when the site gets larger or when there are more users in your CMS.