SPF for Your Website: Three Simple Steps to Protect Your Online Presence

As the days get longer and the mercury rises, we’re reminded yet again of the importance of remaining vigilant when it comes to applying sunscreen to protect ourselves from summer’s damaging rays. It’s a simple yet necessary precaution that if neglected has both short-term consequences – the painful agony of sunburn – and long-term ramifications – skin damage and increased risk of skin cancer. The same holds true for our websites. If we are not proactive in taking the necessary precautions to keep our online presence safe, problems will inevitably arise. Here are three simple measures you can take to apply SPF to your website that will safeguard the integrity not only of your brand’s online presence but its reputation as well:

(S)ecure your site against SQL injections.

Websites that feature data-driven applications can be vulnerable to attacks known as SQL injections, whereby malicious code is added to an entry field, then run and executed. These attacks exploit security vulnerabilities in problematic code, attacking your site’s database and performing any number of actions, from adding unapproved content to your public-facing site to allowing the hacker to download your entire database. This is a prime example of why rigorous testing is absolutely critical prior to launch. If your site is already up and running, consult with your web team to make sure that it has undergone thorough testing and is protected against such hacks. If you want to take additional precautionary measures, there are also security companies that specialize in detecting these types of website and database vulnerabilities, and they can provide you with a security audit.

(P)rotect your domain name.

It’s common sense that you must pay to acquire the domain name where your business will reside online. However, it’s important to remember that you have to continue to pay in order to retain the rights to use that domain name. Essentially, when you purchase your domain name, you’re not buying it outright. Rather, you’re renting that name for a specified period of time. Most registrars (Network Solutions, GoDaddy, Register.com, etc.) allow you to secure a name for anywhere from 12 months to 99 years. If you allow your registration to lapse, however, the domain name becomes available for purchase again and is open to the public for anyone to acquire. Bear in mind that there are actually companies that profit handsomely from business owners who neglect their domain registrations. They monitor domains that are nearing expiration, taking ownership of them the moment they become available. If you have the misfortune of having your domain acquired by one of these companies, usually you can negotiate having ownership transferred back to you, but it will cost you dearly. Unfortunately, while this is a shady practice, it is not illegal. If you allow your domain name to expire, it is fair game for anyone to register it – including these types of companies. Before your domain name expires, your registrar will likely send you many notices prompting you to renew. I start getting domain name renewal notices six months or more before the scheduled expiration date, and as that date gets closer, the notices start coming more and more frequently. Still, despite this barrage of email notifications, there are still many companies that are unaware that their expiration date is approaching, and they either lose their domain name altogether or are forced to pay a king’s ransom to get it back. Often when this situation occurs, it is because the person who initially completed the registration process for the domain name is no longer with the company, and therefore the email address they used to register the name is no longer valid, so the multitude of email notices go unreceived. The company innocently thinks they are protected until one day they stop receiving emails (yes, your email is tied into your domain name), or a customer mentions that they tried to go to the site, and it was simply gone. Even though there is a grace period after a domain has lapsed that allows you to reclaim your ownership before it becomes open to the public, the lapse isn’t always discovered in time to take advantage of this safety net. To prevent this, it is critically important to keep the contact information for your domain registration up to date. Either contact your registrar directly or speak with your web team to make sure you know when each of the domain names you own needs to be renewed, and double-check to ensure that the contact information for your account is valid.

(F)ortify your forms.

Web forms are a staple of doing business online. In fact, rare is the site that doesn’t include a form of some sort that allows the user to input information to be transmitted to the site’s owner, whether its purpose is to make a contact inquiry, sign up for a mailing list, complete a purchase, apply for employment, etc. As anyone who has a form on their site can attest, however, not all submissions received via these forms are legitimate. This is called robot spam, which is created by spammers who write programs that send out spambots to indiscriminately fill out any and all different types of forms on the Web, looking for entryways to expose a site’s security vulnerabilities (see SQL injections above). If you find your inbox filling up with indecipherable junk submissions, it’s these bots who are to blame. To combat these spambots, you can install a CAPTCHA system on your form, which generates an image with a random combination of numbers and letters that the user must enter in order to submit the form. The spambots can't interpret these CAPTCHA images, so therefore they can’t complete the process of sending the form. While there is legitimate debate as to whether or not CAPTCHA is the most effective way to prevent bogus submissions, it still remains the most popular solution for web form security. However, the reason it’s important to block these bots goes beyond eliminating the annoyance of a cluttered inbox. A few months ago, my company decided to remove the CAPTCHA requirement from our contact form. We knew we would get a flood of spam submissions, but we decided we could deal with a little extra hassle on our end in exchange for reducing the inconvenience to legitimate users of having to interpret those squiggly letters in order to simply get in touch with us. As expected, the amount of spam we received increased dramatically, but it was still manageable. Then, all of a sudden, we stopped receiving any submissions at all. We also began seeing some of our emails to other people bounce back. What we discovered was that our web domain (which is where our emails originate from) had been blacklisted as spam by Microsoft (which is what powers our email platform). Apparently, all the bogus submissions from our website (which resides on our domain) to our email caused Microsoft to identify us as spammers. This is because our form submissions came from an email address associated with our own domain name (many web forms are configured this way). Obviously, we were not the ones generating the spam, but this strange series of coincidences conspired to get us blacklisted! Fortunately, it was an easy process to get our domain removed from the blacklist, and we quickly re-installed the CAPTCHA system on our contact form, but we certainly learned an important lesson about security and spambots along the way. If you allow those bogus entries to make it through, there is a risk that you, too, could find yourself blacklisted and unable to send email to some of your most important contacts.

Seize the day and stay safe.

Since summer is vacation season for many of us, business tends to slow down slightly as our clients and colleagues enjoy much-deserved time off. That makes this the perfect time to seize the opportunity to apply these S-P-F practices today to ensure that your online presence is well protected all year long.

---

Four Ways to Delight – Not Annoy – Visitors With the Element of Surprise

During its most recent keynote event, Apple announced that it had a surprise in store for their customers: every iTunes accountholder in 119 countries would receive a free copy of U2’s latest album “Songs of Innocence.” This giveaway translated into over half a billion albums given away, representing the largest release in history in a deal that is speculated to have cost Apple $100 million dollars. It would be easy to assume that Apple’s customers would be thrilled by this generous gesture. While many certainly were, there was also a very vocal segment who were not so pleased to see this album suddenly appear in their music collection. Many of these naysayers took to social media to express their concerns, which were centered not as much on the album itself but rather on the way that its delivery had been handled. While Apple undoubtedly thought that they were providing a convenience by automatically pushing the album out to all iTunes accounts, in doing so, they took away the customer’s ability to choose whether or not they wanted to receive this gift. What was meant to be a nice surprise came across as an act of overstepping the bounds of privacy for some customers – definitely not what Apple was hoping for when they conceived this promotion. Employing the element of surprise in marketing and in web design is tricky business. When done right, it can delight your customers, but if handled incorrectly – as with the Apple giveaway – it has the potential to frustrate and alienate them instead. Let’s take a look at four ways to use the unexpected to make a favorable impression on your website visitors and leave them wanting more – and the pitfalls to avoid along the way.

Surprise! Here’s a free gift!

Freebies have long been a staple of marketing and promotion. From product sampling to contests to incentives for joining a mailing list or sharing contact information, they are an effective way to break the ice when building relationships with new customers. There’s nothing wrong with a good giveaway – as long as you obey the fundamental rule of trustcasting, recognizing that all promotional efforts must be founded first and foremost in building trust with your customers and website visitors. As we touched on above, the problem with Apple’s U2 album promotion had nothing to do with the giveaway itself but rather with its delivery. Permission is a key element of trust-based marketing, and Apple’s circumvention of the act of permission seeking was perceived as a violation of trust by some iTunes customers. A direct contrast to this is MailChimp’s free t-shirt promotion. When a new customer opens a paid account and sends their first email campaign, they receive a message of congratulations along with the offer of a free t-shirt. In order to receive the t-shirt, however, the customer must select the size they would like, thereby accepting the offer; the shirt doesn’t simply turn up unexpectedly in their mailbox. Of course, we have no way of knowing how many people actually decline this free gift, but regardless of whether it’s zero percent or fifty, the most important aspect is the respect for the customer demonstrated by the act of seeking permission. MailChimp allows the customer to maintain a sense of control over the transaction rather than removing that control the way that Apple did. As this comparison shows, permission is a make-or-break element between a surprise that delights and one that compromises trust and goodwill.

Surprise! You’ve got mail!

Email is definitely an area of online marketing that’s fraught with pitfalls. You can be a welcome presence in your customers’ inboxes, or you can be a nuisance that’s banished to the junk mail heap. One way to practically guarantee that you’ll end up in the latter category is by “surprising” your customers with a flood of emails that they did not expect to receive. Undoubtedly, you’ve experienced this scenario at some point: you make a purchase from a website or register for an account, and all of a sudden your inbox is overrun with promotional emails from that company trying to get you to come back to their site and buy, buy, buy. Make no mistake: the simple act of placing an order is not an invitation to unleash a deluge of spammy messages. Again, returning to the theme of permission, the first step to ensuring that your emails are welcome is by allowing your customers to explicitly request to receive them. A common way to accomplish this is by including a mailing list opt-in on your site’s checkout form accompanied by a message affirming that the customer wishes to receive updates with special offers and future promotions. In and of itself, this is a fine practice. If someone wants this information, allow them to receive it! The problem is that many companies have this option selected by default, and as a result, in their rush to complete their transaction, many customers will overlook this feature entirely and will unwittingly opt in to the series of emails that will follow. Again, this is an unpleasant surprise that does not contribute to improving the customer’s perception of your brand. If you are going to employ a mailing list opt-in checkbox anywhere on your site, make sure that it’s unchecked by default and that customers must actually see, read and make a conscious effort to elect to receive ongoing communication from you. Your mailing list won’t grow as quickly this way, but you will avoid surprising unwitting subscribers with emails that they did not expect or want. But obtaining permission to send these emails is only half the story. You also need to make sure that the content of your messages is designed to delight. Anything that is purely self-promotional in nature will be regarded as nothing more than an annoyance. You must use your carefully garnered inbox privileges to provide value to your customers – whether that comes in the form of special offers, fun promotions, reminders about upcoming events or just plain useful information. Your focus should be on crafting email campaigns that leave your customers looking forward to seeing what you’ll send next – not hitting the “spam” button as soon as it lands.

Surprise! Let’s watch a video!

Video content is a great way to engage with visitors to your website. As much as we writer types are loathe to admit it, people don’t like to read. They like to look at pretty pictures, and even more, they like to be entertained by videos. If you can create compelling videos – whether they demonstrate your products, offer helpful tips or are just flat-out amusing – your visitors will be delighted that you’ve gone the extra mile to give them the kind of content that they prefer rather than forcing them to wade through page after page of written text, and you’ll be head and shoulders above your competition. But there’s one important caveat to video content: never, ever, ever set your videos to auto-play on your site. Uncued audio, video, animations and pop-ups are completely taboo in modern website design, and if you use them, you’ll provide an unpleasant surprise that sends visitors scrambling for the back button to get away from this sensory onslaught. Don’t insult the intelligence of your visitors by forcing content upon them. It’s the online equivalent of having a pushy salesman pounce on them the minute they walk in the door and hound them into looking at products or services that may not be relevant to their interests at all. Instead, provide contextual clues on the page that indicate what your video is about, and allow your visitors to decide for themselves whether or not they wish to view it. This removes the element of unwelcome surprise without eliminating the value of the video content itself.

Surprise! We’ve made changes to our website!

Inevitably, there will come a time when it’s necessary to make changes to your website. These changes could be as minor as adding new types of products or services or as significant as a complete redesign. The problem comes when regular visitors return to your site expecting one thing (the site that they have become familiar and comfortable with) but receive something else instead (the new site). Of course, it goes without saying that any changes you make to your site should be driven by the objective of creating a better experience for your users. Make sure you carry this objective through to the launch of your new site or its new features by smoothing the transition for your regular visitors. After all, every website comes with an inherent learning curve. If you’ve done your job right, that learning curve should not be very steep; yet, it will still exist as visitors determine where they need to go and what they need to do to accomplish their goals. Therefore, when you make a change, you can ensure that it’s well received by visitors simply by alerting them to these changes and guiding them through the process of navigating them. One example of how to execute a re-launch right is Citizens Bank. Weeks before the release of their new site, they posted a message on their existing home page announcing that changes were ahead and signaling the date when the newly overhauled site would launch. They also offered a preview of the new site complete with an overview of new features and instructions for where to find commonly used tools. Did every customer see this message and take the tour? Of course not, but many did, and as a result, they were not taken aback by a jarring surprise on the day of the new site’s launch. Instead, they were already acclimated to the new features and functions, thereby maintaining a sense of certainty and control throughout the transition process. By demonstrating to their customers that their needs and desires were an important consideration in the bank’s plans for their new site, Citizens Bank was able to create a positive experience out of their redesign and avoid the potentially hazardous pitfall of forcing their customers to stumble unassisted through the process of re-learning how to use their site.

In summary

Going above and beyond to provide customers with unexpected value can be a powerful way to separate yourself from the competition, but if done incorrectly, it can also backfire in a big way. In the case of Apple, the company had to release a tool to allow customers to remove the free U2 album that they had been gifted – something they clearly did not foresee as necessary when they conceived the promotion. When you are considering how to implement the element of surprise in your marketing and website design plans, remember never to lose sight of your customers and their needs. Always ask their permission, keep the power in their hands and allow them to remain in control of the process as much as possible so that your surprise will be welcomed with delight and satisfaction.

---