Make It Happen
My Tipsheets are chock full of ideas. They are all aimed at translating knowledge into a quick, action-oriented 60-second nugget.

First Name:
Last Name:
Tipsheet Archive
Randall's Resources
Whenever I speak or write, I often prepare extra "bonus" materials.
Enter the Resource Code to access this special content:
Resource Code:
Try this example Resource Code: eventplanning


Branding and Web Security

by Randall Craig on April 29, 2016

Filed in: Blog, Branding, Data, Make It Happen Tipsheet,

Tagged as: , , ,

What determines the confidence in your brand?  Yes, the visual identity and what people see.  And yes, the experience and interaction people have, both online and in the real world.  And yes, the social media (and traditional media) buzz – both positive and negative.  But there is another factor, hidden from most marketers, that can have a critical impact: the security of your website.
If a hacker gets into the website or prevents access to it, your brand is tugged into a very difficult place: trust suffers.  Even worse, if data is copied or stolen, your reputation is definitely in crisis.  You appear either incompetent, careless, or uncaring.  And while the media does report data breaches quite frequently, and it might be argued that the public is becoming immune, when it happens to a particular person, the sting is real.
While most marketers will never deal with web security directly (except in times of crisis), and most IT professionals should know how to address web security, a trust-but-verify approach is not such a bad idea.  With apologies to the non-techies, here are the rudiments of web security:
  1. Physical security:  Physical access to the actual server needs to be tightly controlled.
  2. Operating system:  Parts of the computer’s operating system that are not required should be removed.  Non-essential “ports” should be closed, and directly permissions set properly.  (And the operating system needs to be kept updated.)
  3. Physical firewall:  Depending on the level of security required, all traffic might be routed through a firewall, both to restrict all but the required type of internet traffic.  The firewall and network infrastructure should also prevent distributed denial of service attacks.
  4. Web Server software:  The latest version needs to be installed and kept up-to-date.
  5. SSL certificate:  Instead of serving pages unsecurely (eg http://), the purchase and installation of a security certificate allows the pages to be encrypted in transit (eg served as https://), and allows the user to verify that the pages actually came directly from who they said they came from.
  6. Separate web server and database server:  Instead of having the database housed on the website – which might be hacked – the database that powers the site can be housed on a completely separate machine. Using this architecture also delivers a welcome benefit: faster performance.
  7. Database and scripting languages:  The database version (SQL Server and MySQL as examples) and any scripting languages (PHP as an example) need to be kept up-to-date.
  8. Content Management System (CMS) software:  The core software (WordPress, SiteCore, SharePoint, as examples), as well as any plug-ins and modules need to be kept-up-to-date.  More importantly, the CMS needs to be “hardened” to prevent basic attack vectors.
  9. Software firewall:  This software monitors and repels hacking attempts at the CMS level.
  10. Two-factor authentication:  Instead of having a user log in only with their username and password, they also would need to put in a time-based code that would be sent to their phone, or would be generated from an app.  This prevents people from using “stolen” passwords.
  11. Social engineering:  It is too easy for an authorized individual to be conned into providing access to the website.  Staff need to be trained on their role in keeping the site secure, and the basics of site security.
Clearly, there is a cost to implementing security, but this cost needs to be balanced against the cost of rehabilitating the brand if the site is hacked.  The greater the potential cost to the brand, the more of these should be implemented.
This week’s action plan:  Use this post as a checklist (you may need to speak to your web development team): how well did you do?  If you have confidence in the technology, the market will have confidence in your brand.
A few more questions for the techs:  Are there two independent back-up systems?  How long are back-ups kept?  How often are the back-ups tested?  Are there automated notifications if the site goes down?  And if the site is hacked, how long will it take to get back up?
And for the marketers:  Do you have an external crisis plan in case of data breach?  Is there a plan B in case ecommerce is not available?  And is there an internal communication plan, particularly for the front line (receptionists, call center, etc)?

Note: The Make It Happen Tipsheet is also available by email. Go to to register.

Randall Craig

@RandallCraig (follow me)
:  Professional credentials site Web strategy, technology, and development
:  Interviews with the nation’s thought-leaders


A Motivating Web Call to Action

by Randall Craig on November 22, 2013

Filed in: Blog, Communication, Make It Happen Tipsheet, Marketing

Tagged as: , ,

Have you ever been in a situation where someone has used a word that seemed wrong?  Or maybe out-of-place, suboptimal, or or ill-considered?  Each of these means something slightly different, and each tugs a slightly different emotional chord.  The words we choose have a direct impact on the recipient’s state of mind, and their motivation to act.  In no other place is this more true than on the web – and particularly with information collection forms.

Most forms will ask for basic information (name etc), followed by some demographics or qualifying questions.  When the user clicks Submit, their info is sent to the server.  Think about it: “Submit” – a borg-like term, and a close relative of the unkindly word submission is hardly a positive, encouraging, user-friendly choice.  You WILL submit!

There are other terms (“Go“?) that are far more neutral; but is that the best we can do?  Consider the hierarchy of terms that can be used:

  • Submit:  Highly directive:  more appropriate for government forms than for marketers.
  • Subscribe: Better, but given the negative connotations of spam e-mail, this term is fast losing its luster.
  • Register: This term speaks more positively of choice.  The user is doing something for him or herself.
  • Apply:  A term that rings of exclusivity and selection.  At the end of the application process – and only if your application is accepted, you will get something “good”.

This week’s action plan:  Each information collection form on your website is an offer for engagement.  This week, double-check your wording and make sure that it is inviting.

Note: The Make It Happen Tipsheet is also available by email. Go to to register.

Randall Craig

@RandallCraig (follow me)
:  Professional credentials site
.com: Web strategy, technology, and development
:  Interviews with the nation’s thought-leaders


Marketing Insight: Improving Web ROI

by Randall Craig April 25, 2013

Does this sound familiar?  You have a website (or two), a marketing budget, and more than likely, a desire to grow.  It doesn’t matter if growth is defined as more event registrations, newsletter sign-ups, leads, or transactions – the problem is that too often, a web initiative doesn’t always pull its weight. There are four […]

Read More

Attraction and Conversion

by Randall Craig June 29, 2012

Are you one of those thousands (millions?) who build a social profile, only to find that you have very few friends? Maybe you are one of those millions (or billions?) of businesses that have built a website, but have found that no one is calling? Or no one is buying? If this sounds familiar, there […]

Read More