Thursday, November 05, 2015

Don’t Get Hacked

Security risks are everywhere these days — whether it’s the NSA (possibly) listening in on your conversations or overseas hackers trying to gain access to your credit cards and social security numbers, you need to be careful about protecting your personal information. But you’re not a security expert, and you probably don’t have the time or inclination to hire one. How do you take care of your confidential personal and business information without turning your life into a endless series of padlocks and safes?

Don’t fret. Good security is really all about common sense and awareness. Perfect security is unattainable in the modern world, and you can quickly get into tinfoil hat territory when you attempt to lock everything down. Instead, I’d like to present you with a set of simple guidelines to keep your business and personal information secure. These aren’t truly “best” practices, because the absolute best practice is disconnecting entirely from the electronic world, paying for everything in cash, and living in a dark, musty cellar somewhere. So put away your rolls of aluminum foil and let’s get down to business.

Virtual Vaults

The biggest step you can take is actually one of the easiest: getting a password management tool. These software applications, like Last Pass and 1Password, do two things very well: generate high-quality passwords and store them securely; and provide an encrypted environment for your other sensitive information.

You can store secure notes, credit card numbers (your own, not your customers’) and any kind of data that you don’t want prying eyes to see here. These applications also generate complex passwords that are more difficult (though not impossible) to hack; and, perhaps best of all, they will fill in those passwords for you automatically when you visit a website.

These applications aren’t perfect, but they do add an extra-thick layer of protection around your personal data, and most of them now work across multiple devices - in other words, you can create a password on your desktop computer and, if you also have the companion app on your phone or tablet, it will automatically fill in your credentials on those devices as well.

Is that really you?

Another very simple and reasonably pain-free step to much higher security is enabling “multi-factor” or “two-factor” authentication wherever possible. If you ever worked in a big corporation for any substantial period of time, you might already be familiar with the little key fobs that change digits every minute or so, allowing you to log in to the corporate network.

Those 6 or so digits are a secondary form of authentication, and their purpose is to ensure that the person trying to log in actually has physical access to the secondary code. Since that code is randomly generated and changes every few minutes, it’s very difficult to hack - by the time a hacker could “brute force” guess the code, it’s already been changed!

For decades, multi-factor authentication was primarily a tool for securing corporate networks, especially when employees logged in from home or on the road. Now, multi-factor authentication is everywhere, and you don’t even need the little fob - all you need is your phone. With apps like Google Authenticator or Authy, you can have nearly the same level of security of a big corporate network, right on your mobile device.

Multi-factor authentication is really any authentication method that requires two or more challenges to your login. When your bank website says “We also need to know your favorite football team” before you log in, that’s decent security, but the best multi-factor authentication actually uses a completely separate communication method and device for the other “factor”. A hacker trying to get access to your bank account might be able to hack your password and guess your favorite football team. But with multi-factor, a hacker who hacks your password must also have your mobile phone in her hands in order to get past the second challenge. It’s not impossible, but it’s pretty darn close.

Many major tech companies (Google, Apple, etc.) now offer multi-factor authentication, and if it’s available for your website or application, by all means turn it on and start using it. The strongest password in the world isn’t half as powerful as good multi-factor security.

Look for the padlock

Awareness makes a big difference when it comes to security. For instance, by forcing my wife and daughter to use higher-quality passwords, I’ve made them acutely aware that there are risks out there, and they need to be careful about when and where they provide their personal information. Good passwords and multi-factor authentication are excellent practices, but it’s also worth noting a few things to avoid at all costs:

  1. Entering personal information of any kind into an insecure website or app: You probably know that when you see a padlock (or similar) icon up in the address bar of your web browser, you’ve got a secure (HTTPS for the technically inclined) connection to that website. What does that mean? Put simply, it means that the web browser itself (Chrome, Internet Explorer, Safari, Firefox, etc.) is talking to the website using encryption. Encryption makes it very difficult for someone snooping on that connection to see the information that is being transmitted back and forth. When you put any kind of personal information into a web site that does not have that secure icon, it can be hijacked quite easily by hackers.

  2. Entering personal information after clicking on links in emails: Phishing emails are everywhere, and they can look so much like an official email that you might not even give them a second look before clicking. Often, they will even take you to a web URL that looks similar to the one you’d expect to go to. As a general rule, don’t ever put your personal information - user name, password, etc. - into a website when you have reached it by clicking in an email. If you get an email from your bank about logging in and checking your balance, close the email and go directly to the bank’s website instead. That way, you’ll be able to ensure that it’s really your bank and you have a secure connection prior to entering your information.

  3. Provide personal information over the phone to anyone who calls you: With a few notable exceptions (your credit card company, for instance), you shouldn’t provide identifying information (social security numbers, etc.) to anyone that calls you. No one, in fact, should ever ask for you full social security number over the phone. And if someone calls you asking for information and you can’t confidently identify them as an authorized representative of the business you’re dealing with, just tell them you’d like to call them back. There’s a lot of “human” hacking these days, where hackers impersonate a victim and attempt to get their passwords or account information via phone. The most sophisticated hacks often involve many factors, from password resets to phone calls. Again, your awareness is the key here - if it smells fishy, it probably is!

  4. Wednesday, January 29, 2014

    Network Solutions

    More reasons to avoid Network Solutions (now apparently also as your registrar - check out this exposé over at Techdirt regarding their "Weblock" program. The company allegedly tried to hit highly-valuable domain names with an opt-out $1850 domain protection charge (only $1350 per year thereafter!). Read the full story here.

    Friday, January 17, 2014

    Organic search and keywords

    In the "Basics" and the SEO classes I always emphasize that if you take one thing away, it should be signing up for Google Webmaster Tools. Webmaster Tools lets you see (with as much detail as Google will allow) your site the way Google sees it: when it's getting indexed, what pages are found and so on.

    Now it's even more important, as Google made a change to its search engine last year that encrypted all searches. It's a wonderful privacy enhancement, but it also makes it harder for site owners to understand which keywords a user typed in to reach their site. In fact, in Google Analytics, the excellent (and free) web metrics product from Google, normal organic searches no longer provide keywords. That means that if you're trying to discover whether a user used "Austin hair salon" or "Austin day spa" to find and reach your site, that kind of detail is no longer available in Analytics.

    However, that data does remain available in Webmaster Tools, so the simplest (and free) way to discover these keywords is just logging into Webmaster Tools and clicking on Search Traffic, then Search Queries. You'll see a list similar to this one:

    List of search keywords from Google Webmaster Tools

    For more insight on this change as well as some other options for viewing keywords that lead to your site, check out this excellent and thorough piece over at Search Engine Watch.

    Friday, December 13, 2013

    Link-building comment spam

    That ever-present pox on blogs and just about any site with commenting – otherwise known as comment spam – is finally getting its day in the sun. In this case, the sunlight is sanitizing, and Google's most recent algorithm updates have actively and aggressively penalized the sites who used comment spam for link-building.

    I've covered legitimate ways to build to links in class, and those methods – seeking relevant, quality links from other sites – are still good practice. But the darker art of massive-scale link building that went on for many years in the comments sections of websites around the world has now come back to haunt the companies that benefitted from those strategies, and the results are sometimes hilarious.

    For a great rundown of how all this happened and the plaintive requests that site owners are now making to have their links removed, read this great piece over at The Awl. It's a fine, brief history of "black hat" link building and a pretty humorous review of the requests that The Awl is now receiving to have those links removed.

    Thursday, August 15, 2013

    Listicles are here to stay

    In the web marketing and advertising class, I talk about how short lists are often irresistible subject lines for marketing emails. But listicles may be soon be the top form of online content consumption for many people. What started as a teaser to get readers to view longer-form articles (see: every magazine cover for the last 20 years) has become a predominant form of publishing content online. Between the ascendancy of Buzzfeed-style listicles and Slate's what-you-think-you-know-is-wrong contrarianism, we may have a formula for online content for the next decade. Is this awesome or sad?  Read up on it in detail over at DigiDay and let me know what you think.

    Wednesday, July 17, 2013

    Auto-posting to social networks

    One of the key tools in the "Pro Toolkit" that I talk about in class is Hootsuite, a web site/service that enables you to schedule social media updates (using the "Publisher" feature) and also auto-posts articles from any RSS feed (often your blog) to your social media profiles.

    If you're creating a substantial amount of content, services like Hootsuite or Seesmic can be a good way to nail that all-important marketing automation part of your business, so that you can go and do the things that are important to your operations. has a good review of another automated publishing tool,, which is geared toward organizations that publish a lot of content. If you're planning on extensive content creation, it might be worth a look. The article also mentions Buffer and IFTTT, the latter of which is one of my favorite web-based automation tools (though not for the technophobe). Read the article.

    Wednesday, June 26, 2013

    Where's the Ad? Half of Us Can't Tell

    As I mention in class, the ads that Google and others run in their search engine results are often not obviously different from the natural (or "organic") search results themselves. Apparently, the FTC agrees and this week told search engine companies that they need to do a better job of identifying advertisements. I guess that barely visible light yellow background for Google's pay per click ads isn't doing the trick; a study by SEOBook found that almost half of searchers didn't recognize the difference. Full story at the New York Times.

    Wednesday, June 12, 2013

    The power of lists (and listicles)

    Over at the Hubspot Marketing Blog, Dan Lyons has a (very) light piece on why lists have become a primary form of information presentation and consumption on the web. There's some lighthearted commentary as well as a few serious thoughts about how we've all become accustomed to casual skimming the place of actual reading. Like most lists, the piece is cheeky, easy to consume, and light on actual content. It's meta.

    I don't know how much people truly read online, although Farhad Manjoo at Slate (also referenced in Lyons' article) has some real data about online reading trends that are pretty troubling if you value longer-form writing on the web. The long and short of it is that everything is getting, well, shorter.

    One of the tips I give in the email marketing class is that subject lines with lists ("5 things" or "10 tips") are a nearly foolproof way to increase open rates. This isn't exclusive to online publishing; magazines have been doing it for years to entice you to grab an issue off the newsstands. (Websites initially embraced lists spread across multiple pages as a way to juice page views, but advertisers caught on to this, and now more and more lists are simply spread the length of many screens.)

    Should we lament our susceptibility to this informational junk food? I don't know. We all seem to be wired to crave a quick fix, a simple solution. The web has just given us our best delivery method yet.

    Wednesday, November 28, 2012

    The Tricky Business of Selling Via Amazon

    Those of you that are building e-commerce sites are presented with a host of options, from Shopify to Magento to dozens of others. Many businesses also set up shop on eBay or Amazon because of the broad exposure you receive by being part of their marketplaces. You make a little less money on each sale and you have to abide by some fairly complex (and frequently changing) rules, but you have immediate access to a large audience of buyers without having to engage in SEO to build your presence from the ground up.

    As some sellers have seen, though, selling through giants like Amazon or eBay can be difficult if you don't meet their standards for feedback or ratings. These marketplaces put such rules in place to weed out fraudulent sellers, but they can also snare legitimate businesses and hold up their payments for months at a time. If you're considering Amazon, check out this article from The Seattle Times detailing complaints from sellers regarding Amazon's payment and account policies. While these are isolated cases out of many happy sellers, it's worth understanding the power a giant like Amazon (and eBay, Google and many others) has in its seller agreements. View the article here.

    Monday, October 22, 2012

    Pay-per-click alternatives

    The New York Times has an interesting piece on pay-per-click alternatives. Advertisers - especially small business - are beginning to search for alternatives to Google's AdWords program as the cost per click creeps up beyond many companies' threshold for a healthy ROI.

    As I've pointed out in the SEO classes, many advertisers are also building content to improve organic ranking, and it works well for those who put the time into it. Check out the article here.

    Thursday, September 13, 2012

    Bare-Bones Analytics

    Over at the eBlox blog, I discuss the basics of web analytics in a hopefully non-soporific manner. If you want to understand the basic measurements of success (and failure) on the web and don't have a month to learn an analytics package, you might want to check it out for a quick read.

    Wednesday, June 06, 2012

    The rapidly diminishing area for organic results

    It Really Is a Google World and We Are All Just Living in It | Mihmorandum:

    We've talked extensively in the SEO classes about how Google's organic (or "natural") results are being pushed further and further down due to the predominance of paid advertising in the search engine. This article (and the heated discussion below) provides a good overview of what's happened to that supposedly sacrosanct search results page (SERP) over the years.

    Tuesday, May 29, 2012

    Email Subject Lines

    Mailchimp has a great piece - with some actual data to back up their findings - on best practices for writing subject lines. Since we cover subject line writing in class (and I suggest a few tips of my own, including the cheesy ones), this is a good set of guidelines for those of you wishing to dig a little bit deeper into subject line writing: What are some best practices in writing email subject lines? |

    Wednesday, October 19, 2011

    A Restaurant, Dive Shop, And Bakery Share Their Groupon Experience (TCTV) | TechCrunch:

    Three San Francisco businesses recount their experience with Groupon.

    Monday, October 17, 2011

    Infographic: Why Content For SEO?:

    Some good data on why content matters so much for SEO and ranking, all zipped up in a neat little infographic for your pleasure.

    Wednesday, September 07, 2011

    Google Places Mischief
    Interesting piece in the New York Times on the dangers of crowdsourcing business information. Google Places, like similar services such as Yelp, uses user-submitted information on local businesses to keep its listings up to date. Unfortunately, some unscrupulous users post incorrect information intentionally, such as indicating that the business has closed down! Read the full article here, along with some additional analysis from The Atlantic Wire here.

    Sunday, August 21, 2011

    Over at the eBlox blog, thoughts on how Google's local deals ambitions are rubbing up against their fight against web spam. Is encouraging quantity over quality in reviews a violation of Google's own principles? Read it here.

    Monday, August 01, 2011

    Infographic: Are Deals Sites Here to Stay or Just the Latest Craze? - Nicholas Jackson - Technology - The Atlantic

    I've got mixed feelings about daily deal sites. As we've discussed in the Web Marketing and Advertising class, if you view them purely as a marketing expense and measure their value by customer acquisition cost, then at least you've got a good basis for determining whether or not they actually make economic sense. This G+ infographic (analyzed in detail by The Atlantic) gives a pretty good idea of how deal sites work and what they actually mean to merchants in terms of cost. For merchants that can afford the customer acquisition cost, there's the secondary issue of capacity - can you handle the rush of deal-seekers? As always, be careful what you wish for. Full article here.

    Monday, July 18, 2011

    The Top 20 Most Expensive Keywords in Google AdWords Advertising | WordStream

    Some interesting info for those of you considering advertising online. Wordstream has compiled a list of the most expensive keywords in Google's AdWords pay-per-click advertising system. "Insurance" takes the cake with a 24% share and a top CPC (cost per click) of almost $55! Check out the infographic here. It might give you a few good ideas on keyword campaigns to avoid!

    Monday, June 27, 2011

    The New York Times on Content Farms

    The paper of record provides a good overview of the hows and whys of content farms, and what Google has launched in the last few months to combat them. If you're looking for a straightforward, layman-friendly explanation of how content farms work and why they make money, you should check it out.

    Of course, you can expect the content farms, spammers and questionable SEO companies to adapt in response, but for now, the results are looking pretty good. Read it here.