Make It Happen
My Tipsheets are chock full of ideas. They are all aimed at translating knowledge into a quick, action-oriented 60-second nugget.

First Name:
Last Name:
Tipsheet Archive
Randall's Resources
Whenever I speak or write, I often prepare extra "bonus" materials.
Enter the Resource Code to access this special content:
Resource Code:
Try this example Resource Code: eventplanning

Risk Management

Do you accept every LinkedIn connection request that comes your way?  Or are you somewhat selective? More importantly, is there an overall approach that can help you make this decision in a somewhat more strategic manner?
The case for an exclusive black book strategy:
  • Relationships are all about depth, not breadth:  Accepting only your strongest connections means that you can focus your attention only on those you have a strong real-world relationship with.
  • Why add names of people who you don’t know, and who seek the relationship only to “spam” you with sales pitches and other irrelevant updates?
  • There is a risk that your connections will reach out to each other, and imply that their common link from you is an endorsement: in other words, you don’t want reputation used without your knowledge.
  • You don’t want your status updates littered with updates from people you don’t know or care about.
  • People will pester you asking for introductions.  Beyond the time commitment required, you may not feel comfortable giving the recommendation.  Or you may feel uncomfortable explicitly saying no.
  • Your details are private… and should stay that way.
  • Your connections are very senior, and you don’t want to share them with recruiters or salespeople.
The case for an anyone-in strategy:
  • If someone wants to be part of your community, why not?  It is their first step in building a real relationship: the least you can do is reciprocate.
  • As email spam filters become even more restrictive, communicating via LinkedIn’s status updates and the LinkedIn messaging system will become even more important.
  • The more connections you have, the bigger your network.  A large network means you are only one (or two) hops away from an introduction.
  • Why bother trying to keep your contact list up-to-date, when LinkedIn (or rather each individual) can do it for you?
  • If you are a recruiter or a salesperson, a large network opens the door to even more candidates or prospects.
Which approach to use?  It really depends upon your goals for using the system:  if you are building a business, or rely on your network to grow, it may be that anyone-in makes most sense.  If not, perhaps there is merit using an exclusive black-book approach. For most people, the sweet spot is somewhere in between.
This week’s action plan:  If you haven’t looked at your connection policy recently, perhaps now is the time to do so.
Marketing Insight:  For me, my policy has evolved.  I accept all connections from people who I have a real-world relationship with.  I accept all from members of my professional association.  And I also accept all connections from people who I think I may want to have a real-world relationship with.  I typically refuse connections from people whose motivation appears not to be a relationship, but a quick sale.

Note: The Make It Happen Tipsheet is also available by email. Go to to register.

Randall Craig

@RandallCraig (follow me)
:  Professional credentials site
.com: Web strategy, technology, and development
:  Interviews with the nation’s thought-leaders


Branding and Web Security

by Randall Craig on April 29, 2016

Filed in: Blog, Branding, Data, Make It Happen Tipsheet,

Tagged as: , , ,

What determines the confidence in your brand?  Yes, the visual identity and what people see.  And yes, the experience and interaction people have, both online and in the real world.  And yes, the social media (and traditional media) buzz – both positive and negative.  But there is another factor, hidden from most marketers, that can have a critical impact: the security of your website.
If a hacker gets into the website or prevents access to it, your brand is tugged into a very difficult place: trust suffers.  Even worse, if data is copied or stolen, your reputation is definitely in crisis.  You appear either incompetent, careless, or uncaring.  And while the media does report data breaches quite frequently, and it might be argued that the public is becoming immune, when it happens to a particular person, the sting is real.
While most marketers will never deal with web security directly (except in times of crisis), and most IT professionals should know how to address web security, a trust-but-verify approach is not such a bad idea.  With apologies to the non-techies, here are the rudiments of web security:
  1. Physical security:  Physical access to the actual server needs to be tightly controlled.
  2. Operating system:  Parts of the computer’s operating system that are not required should be removed.  Non-essential “ports” should be closed, and directly permissions set properly.  (And the operating system needs to be kept updated.)
  3. Physical firewall:  Depending on the level of security required, all traffic might be routed through a firewall, both to restrict all but the required type of internet traffic.  The firewall and network infrastructure should also prevent distributed denial of service attacks.
  4. Web Server software:  The latest version needs to be installed and kept up-to-date.
  5. SSL certificate:  Instead of serving pages unsecurely (eg http://), the purchase and installation of a security certificate allows the pages to be encrypted in transit (eg served as https://), and allows the user to verify that the pages actually came directly from who they said they came from.
  6. Separate web server and database server:  Instead of having the database housed on the website – which might be hacked – the database that powers the site can be housed on a completely separate machine. Using this architecture also delivers a welcome benefit: faster performance.
  7. Database and scripting languages:  The database version (SQL Server and MySQL as examples) and any scripting languages (PHP as an example) need to be kept up-to-date.
  8. Content Management System (CMS) software:  The core software (WordPress, SiteCore, SharePoint, as examples), as well as any plug-ins and modules need to be kept-up-to-date.  More importantly, the CMS needs to be “hardened” to prevent basic attack vectors.
  9. Software firewall:  This software monitors and repels hacking attempts at the CMS level.
  10. Two-factor authentication:  Instead of having a user log in only with their username and password, they also would need to put in a time-based code that would be sent to their phone, or would be generated from an app.  This prevents people from using “stolen” passwords.
  11. Social engineering:  It is too easy for an authorized individual to be conned into providing access to the website.  Staff need to be trained on their role in keeping the site secure, and the basics of site security.
Clearly, there is a cost to implementing security, but this cost needs to be balanced against the cost of rehabilitating the brand if the site is hacked.  The greater the potential cost to the brand, the more of these should be implemented.
This week’s action plan:  Use this post as a checklist (you may need to speak to your web development team): how well did you do?  If you have confidence in the technology, the market will have confidence in your brand.
A few more questions for the techs:  Are there two independent back-up systems?  How long are back-ups kept?  How often are the back-ups tested?  Are there automated notifications if the site goes down?  And if the site is hacked, how long will it take to get back up?
And for the marketers:  Do you have an external crisis plan in case of data breach?  Is there a plan B in case ecommerce is not available?  And is there an internal communication plan, particularly for the front line (receptionists, call center, etc)?

Note: The Make It Happen Tipsheet is also available by email. Go to to register.

Randall Craig

@RandallCraig (follow me)
:  Professional credentials site Web strategy, technology, and development
:  Interviews with the nation’s thought-leaders


Reputation Rescue

by Randall Craig March 11, 2016

Have you ever been in a situation where your personal reputation has been called into question online?  Or your organization’s brand is under attack from a special interest group, and it is emerging somewhat battered?  Not good. Of course, the best way to build a great reputation is to do everything “right” in the first […]

Read More

Identity theft and email spoofing

by Randall Craig November 13, 2015

Think your identity is secure?  Think again – it isn’t. Consider this email that a colleague recently received from “me”: Hello Monty, How are u doing? I will like you to handle an International bank transfers for me with some other few transactions today but first,let me know the required information needed to process an international […]

Read More

Identifying and reducing Facebook risks

by Randall Craig October 23, 2015

While many people enjoy Facebook for personal use (connections to family and friends, posting photos, playing games), does it really have a role in business? Whether the answer is yes or no, one thing is certain: Facebook represents a risk vector that must be considered.  In no particular order, here are five risks to consider – […]

Read More

Insight: 34 Social Media Risks

by Randall Craig May 8, 2015

Most leaders are not aware of the range of risks that lurk behind the shiny pull of many Social Media sites and activities.  Many can be mitigated if identified in the planning stages, through training, policy, or through changes of internal process. Monitoring can catch others; early detection can lessen their impact. Finally, some risks […]

Read More

LinkedIn Connection Policies

by Randall Craig April 10, 2015

Must you be everyone’s friend?  Or perhaps from a practical perspective, must you accept everyone’s LinkedIn connection request?  The answer for most people, and for many reasons, is a resounding no. It is true that accepting a connection request yields numerous benefits, particularly around increased access and transparency: More of the data on your connection’s […]

Read More

The Law of Unattraction

by Randall Craig March 27, 2015

Are you unrealistically optimistic? Most marketers are, and it is not particularly healthy. Think about it: a marketer’s job is usually focused on generating leads. About great design. Attracting attention. Building. It’s other people who have to worry about delivering the product or service, headcount, logistics, and the vagaries of technology. The marketer merely needs […]

Read More

Spam Rescue and Type I Errors

by Randall Craig March 6, 2015

Consider this scenario: you get a phone call from a key client or a distraught family member: “didn’t you get my email?”  They are clearly upset that you “ignored” them: they see evidence that they are not your priority. You are not unresponsive.  You don’t care.   Or maybe, your spam filter was doing just a […]

Read More

Viewpoint: Building Credibility and Legitimacy

by Randall Craig February 20, 2015

There has always been a fringe element in society; and now, Social Media has provided an unwitting channel to help advance their agendas.  Short of regulating Social Media explicitly, can anything be done about it? In the traditional channels, there have long been built-in checks-and-balances to prevent abuse. With so few TV and Radio stations, […]

Read More

CASL: Double Opt-in is not Express Consent (and vice-versa)

by Randall Craig June 20, 2014

With seven-digit penalties, many marketers are looking carefully at how they are addressing the new Canada Anti-Spam Law (CASL). Unfortunately, many are making a critical error that may later haunt them – and cost.  They are assuming that an email “double-opt-in” constitutes Express Consent. Sometimes it does – and sometimes it doesn’t. First, some definitions.  […]

Read More

Protecting your Digital Cargo

by Randall Craig August 2, 2013

Every organization owns intellectual property: in fact, this recorded knowledge is often key evidence of expertise, capability, and fit. So if it is that valuable, how do you protect it from being stolen? Before answering that question, it is useful to distinguish between content that you want to be widely distributed, and content that is […]

Read More

Scenario Planning: Social Response Strategy

by Randall Craig May 3, 2013

What do you do when you are disappointed with a product or service that you have purchased?  Most people turn to the web: a quick check on Google solves many problems.  And a few choice words on Twitter or Facebook can let everyone know about the experience. From an organization’s perspective however, those “choice” words […]

Read More

Information Thief

by Randall Craig August 16, 2012

Are you an information thief?  Have you ever plagiarized, pilfered, or “borrowed” someone else’s knowledge or reputation?  And has someone ever done this to you? With the social web in front of us, it is too easy to use others’ information without their knowledge or permission – even if it is free.  Depending on how […]

Read More

Viewpoint: Risky Business

by Randall Craig October 26, 2011

Picture this scenario: An employee gets charged with a serious offense and the company’s name gets mentioned repeatedly in the news reports.  The reporters found the connection to your organization by scanning through Social Media. Or this scenario: A subcontractor tweets (or posts pictures) celebrating the conclusion of a major, confidential project. This alerts competitors, […]

Read More