Skip navigation
1 2 3 Previous Next

Technology

203 posts

Over the last few years, the use of messenger apps has skyrocketed. WhatsApp usage alone is now over 85.21 billion hours with 1.6 billion users worldwide while Facebook Messenger is right behind with 1.3 billion users.

 

apple-cell-phone-cellphone-607812.jpg

Texting and messaging through apps has become a top way to communicate. The ability to connect and chat with businesses in a convenient, accessible and trackable way is a huge benefit for customers.

 

For businesses, with engagement rates reaching up to 80 percent, it comes as no surprise that companies are adopting messaging as a key element in their marketing and customer care strategies.

 

Not only do messaging apps offer a more efficient, cost-effective way to handle customer care, they offer a means to excel at it.

 

In this article, I’ll share tips and best practices you can use to improve your social customer care in the evolving world of messaging apps.

 

The Most Popular Messaging Apps

 

The most popular messaging app in North America is Facebook Messenger. At Facebook’s recent F8 Developer Conference, the company focused extensively on Messenger as a priority. This means small business owners do need to pay closer attention to the improvements Facebook offers in Messenger, WhatsApp and Instagram Direct.

 

In addition to Facebook Messenger, Apple’s iMessage is vastly popular in the U.S. Plus, check out Apple’s Business Chat, which is growing in popularity among brands.

 

Outside of the U.S., WhatsApp is the runaway leader. If you have international customers, you’d do well to bring WhatsApp into your marketing mix and social customer care tools.

 

For third party Facebook Messenger chatbots, definitely take a look at MobileMonkey and ManyChat. Both companies offer extensive support, training and communities into which you can tap for maximum effectiveness right out the gate.

 

Related:

Facebook Messenger Chatbots Give Small Business Owners an Edge

 

Why Your Small Business Should Use Messaging Apps

 

Messaging apps in demand. A study by Messenger People found 117 million customer queries were received on WhatsApp by companies in the last 12 months. Messaging apps allow companies to meet customers where they are at, when they need them most. If this is what the market demands, the greatest step towards enhancing customer care is provide that solution.

 

Messaging apps increase engagement. When it comes to business, attention is the game. There is a strong case to be made for the ability to follow up and keep in touch with customers once they have contacted you. Certainly, millennials prefer to deal with companies by text; 83 percent of millennials open text messages within 90 seconds. Being able to communicate directly with customers with such high engagement rates is a huge opportunity for companies.

 

Messaging apps are convenient. Messaging apps evolved from social networks. They provided a way to combine all the key features from different apps and implement them into one platform for the user’s convenience. Rather than having to download a separate app or go through the traditional telephone/email process to contact a company, messaging allows users to quickly reach out to a company and start a conversation while continuing on with their day.

 

Messaging apps are efficient. Messaging apps create a centralized conversation with customers making it easy for different team members to track the conversation, access all the relevant information, and provide streamlined solutions in one place. No more passing the phone to different teams and waiting on hold for hours. This in itself improves customer care through efficient processes.

 

Messaging apps are low cost. For the most part, messenger apps are free to use. All they require is a data or WIFI connection. This saves significant resources, once only allocated to call centers and hiring a number of customer care representatives. While companies definitely still require customer care representatives, the very nature of the chat is through written word enabling employees to manage multiple conversations at one time.

 

Chat conversations are more cost and time efficient than the traditional phone conversations that were restricted to one customer at a time and often involved wait time. For customers, timely responses are a huge plus when it comes to their customer experience.

 

Messaging apps can be partially automated. Messenger chatbots can be used to provide instant solutions to standard customer service questions. Messenger chatbots are not designed to replace human interaction. They are designed to support it.

 

Most likely, there are a few key actions customers are looking to take when they message you. A messenger chatbot can provide instant first-level support by answering common questions regarding appointments, open hours, directions, returns, payments, and so on. This means customers no longer have to wait for a human to get back to them. If they still require human support, it should be made available promptly but chatbots offer an instant solution to increasing customer satisfaction.

 

As AI continues to advance, Messenger chatbots are becoming more sophisticated. This helps to find a quick solution while also creating a personalized experience for the customer.

 

Messaging App Best Practices

 

To ensure a streamlined customer experience, you’ll want to properly set up your messaging processes. To ensure you implement messenger bots successfully, here are some best practices to follow.

 

1. Be human.

 

People don’t like to talk to robots. They also don’t appreciate pre-written, scripted responses. If a customer is reaching out to you, it’s because they need help. The need people who can understand their problems on an emotional level and relate to how they are feeling in this moment.

 

If you do decide to implement a messenger chatbot, proceed with caution. Start very simply and focus on getting the process right first. Remember that chatbots are not designed to replace human support; they exist to provide quick solutions. Always let the customer know they are speaking to a chatbot and if they require human support, it is available.

 

2. Be transparent.

 

When it comes to customer service, it’s important to be completely honest and transparent. It is no different when it comes to messaging apps. People understand if you don’t know how to help them or don’t have a quick solution available if you are transparent about it.

 

Rather than leaving a customer waiting hours for a response, politely let them know that you aren’t sure of the solution but you will find out and get back to them by a set time. This way, they understand the situation, can get on with their day and they know when to expect a solution.

 

3. Streamline your processes.

 

It’s important to align your service, sales and marketing teams when it comes to messaging apps. You need to be able to understand where your customers are in their journey and provide the right solution to the right problem.

 

Once they reach the right support, teams need to be able to access all the relevant information to provide a solution. This means companies need to understand the customer journey and have responses instantly available for the most frequently asked questions.

 

4. Respond quickly.

 

Being able to quickly identify customer queries and provide a timely solution is paramount when it comes to reputation management. Of the 117 million customer queries received via WhatsApp, only 62 percentwere answered within 24 hours. If you are going to offer support through messaging apps, it’s important the right resources are allocated to the task at hand. People need quick and accurate responses. Otherwise, you could quickly turn a happy customer into an angry one.

 

People do business with people they know, like and trust. Being able to communicate directly with customers one-on-one in a scalable way is the first step towards creating a personalized experience for your customers. This allows them to feel heard, valued and taken care of.

 

Messaging apps are changing the game when it comes to customer care.  Now is the right time to embrace that!

 

About Mari Smith

 

mari_0362xFACE_preview.jpg

Often referred to as “the Queen of Facebook,” Mari Smith is considered one of the world’s foremost experts on Facebook marketing and social media. She is a Forbes’ Top Social Media Power Influencer, author of The New Relationship Marketing and coauthor of Facebook Marketing: An Hour A Day. Forbes recently described Mari as, “… the preeminent Facebook expert. Even Facebook asks for her help.” She is a recognized Facebook Partner; Facebook headhunted and hired Mari to lead the Boost Your Business series of live events across the US. Mari is an in-demand speaker, and travels the world to keynote and train at major events.

 

Her digital marketing agency provides professional speaking, training and consulting services on Facebook and Instagram marketing best practices for Fortune 500 companies, brands, SMBs and direct sales organizations. Mari is also an expert webinar and live video broadcast host, and she serves as Brand Ambassador for numerous leading global companies.

 

Web: Mari Smith  or Twitter: @MariSmith

 

Bank of America, N.A. engages with Mari Smith to provide informational materials for your discussion or review purposes only. Mari Smith is a registered trademark, used pursuant to license. The third parties within articles are used under license from Mari Smith. Consult your financial, legal and accounting advisors, as neither Bank of America, its affiliates, nor their employees provide legal, accounting and tax advice.

Last January, I was reading Twitter when I came across a hysterically funny thread commenting on actors walking the red carpet for the Golden Globe Awards. The author—Quinn Cummings, was a former child actor (nominated for an Academy Award for her role in The Goodbye Girl).

Quinn Cummings.jpg

 

Cummings “retired” from acting, wrote several books and “started making jokes” on Twitter, aiming “fora Dorothy Parker/Carrie Fisher tone.” While she “enjoyed making people laugh” Cummings, “missed writing longer stories” which lead her to create a series of threaded tweets, and “put it up with no sense of what might happen.”

 

What happened was she more than doubled her Twitter following, gained more than 430 monthly financial supporters on her Patreon account, and is one of a select group of people who’ve figured out how to make money from Twitter.

 

Rieva Lesonsky: Your Twitter feed is funny, sassy, sarcastic, political and confessional. Hard to pull that off. Is that a reflection of your personality?

 

Quinn Cummings: In real life, I am fairly quiet, very introverted; I think my most noticeable quality is that I’m punctual. When I’m online I am entirely different. I think of my online identity as Court Jester, comforting the afflicted and afflicting the comfortable. Court Jester says the things I say to myself in private, only written out and carefully designed to make people who abuse their power very angry. It’s an odd thing to say about your own writing, but I admire Court Jester. She’s ballsier than I am. Of course, she would correct me and say she has twice the ovaries.

 

Lesonsky: How did you decide to sell access to your work on Twitter?

 

Cummings: For several years, I posted a blog three times a week detailing my life and my adventures—which were mostly misadventures. It was popular. It got me a book deal. But after about seven years, I realized I was kind of burned out on the blog format and started using Twitter more enthusiastically, building followers based on political humor. I was doing well but realized I missed the longer format. Also, I wanted to write a story that just made people laugh. In November, I created that threaded Tweet about the worst decision I ever made in an office. That thread has been retweeted over 17,000 times.

 

After squeezing my work into tweet-sized bites, I realized there might be a place for longer stories, so I started stitching together a fully fleshed out story every weekday. My only rule: Keep it funny, because people are stressed enough.

 

People seemed to really enjoy it. In one month, my follower count doubled, and I loved having the chance to tell stories again. The only problem was, creating these things wasn’t a quick job. It was cutting into my income-producing work. After two months’ creating five small stories a week, I created a Patreon account, told my readers what I was trying to do, and crossed my fingers.

 

After one day, I was earning enough to cover my health insurance. As a working writer, that felt great.

 

Lesonsky: How does it work?

 

Cummings: When I first considered doing this, I quizzed my Twitter followers about what they would pay for these stories [and] $5 a month was the number I heard most often. The $1 level is for those people who want to kind of leave me a tip. They don’t get the extra story, but it’s a way of supporting me and I am grateful for those supporters as well. When I started, I assumed that would be the more popular level because, hey, 2019. [But], I have more than twice as many $5 supporters as $1 supporters, and I have seen quite a few $1 supporters move up their patronage after the first couple of months.

 

Lesonsky: Are you monetizing your Twitter account or are you using Twitter as a promotional tool for your Patreon account?

 

Cummings: I would say I’m monetizing Twitter. The way to imagine it is that Twitter is the city in which I live. Recently, I have put out a shingle and started a business in the city. People who know me from that neighborhood are supporting me. There are ways to use Patreon to find new supporters and I’m learning the skills, but Patreon is not my original language, Twitter is. I will probably always speak Patreon with an accent

 

Lesonsky: You’re already making money. What’s the future look like?

 

Cummings: I…have no idea. Until January, I would have sworn there was no way to monetize what I was already doing for free. I ran the experiment and am pleased to say I was wrong. Now, what other limiting beliefs need to be tested?

 

When you’re on social media the way I am—which is to say, all the time—you notice things. I’ve noticed human beings need stories. We crave them. Joan Didion said, “We tell ourselves stories in order to live.”

 

In fact, stories may be why we’re alive; some scientists theorized humans developed language to communicate where the food was. All I know is we live in a stressful and lonely digital world, but if the right person comes up and says, “Let me tell you a story,” humans come racing. We love stories, we long for authenticity, we yearn to feel whole, sane, not angry, connected, if only for a few minutes. I want to tell stories and I’ll continue to look for new ways to do it.

 

Check out the stories of other successful entrepreneurs here.

 

 

About Rieva Lesonsky

 

Rieva Lesonsky Headshot.png

Rieva Lesonsky is CEO and Co-founder of GrowBiz Media, a custom content and media company focusing on small business and entrepreneurship, and the blog SmallBizDaily.com. A nationally known speaker and authority on entrepreneurship, Rieva has been covering America’s entrepreneurs for more than 30 years. Before co-founding GrowBiz Media, Lesonsky was the long-time Editorial Director of Entrepreneur Magazine. Lesonsky has appeared on hundreds of radio shows and numerous local and national television programs, including the Today Show, Good Morning America, CNN, The Martha Stewart Show and Oprah.

 

Lesonsky regularly writes about small business for numerous websites and for corporations targeting entrepreneurs. Many organizations have recognized Lesonsky for her tireless devotion to helping entrepreneurs. She served on the Small Business Administration’s National Advisory Council for six years, was honored by the SBA as a Small Business Media Advocate and a Woman in Business Advocate, and received the prestigious Lou Campanelli award from SCORE. She is a long-time member of the Business Journalists Hall of Fame.

 

Web: www.growbizmedia.com or Twitter: @Rieva

You can read more articles from Rieva Lesonsky by clicking here

 

Bank of America, N.A. engages with Rieva Lesonsky to provide informational materials for your discussion or review purposes only. Rieva Lesonsky is a registered trademark, used pursuant to license. The third parties within articles are used under license from Rieva Lesonsky. Consult your financial, legal and accounting advisors, as neither Bank of America, its affiliates, nor their employees provide legal, accounting and tax advice.

 

Bank of America, N.A. Member FDIC. ©2018 Bank of America Corporation

Since launching in 2016, Instagram Stories have become a rapidly growing feature now used by over 500 million people around the world on a daily basis. Since then, Facebook has continued to invest in the growth of Stories through the addition of the feature into the Facebook app in March 2017.

apple-cellphone-cellular-telephone-416681.jpg

 

Mark Zuckerberg is so confident that “The future is stories” that during Facebook’s third-quarter earnings call 2018 that he mentioned stories a total of 71 times!

 

In this article, I’m going to share with you how your small business can use Facebook and Instagram Stories to bring your brand to life.

 

What are Stories?

 

As I discussed in a previous article, Facebook-owned Instagram originally launched the Stories feature in August 2016 as a direct copy of an already popular Snapchat platform. In 2017, the company went on to launch Stories on Facebook as well.

 

The feature allows users to post photos and videos, typically in real time, that vanish after 24 hours. Add media to your story, a colored circle will appear around your profile picture letting users know you’ve shared something new.

 

Stories can be up to 15 seconds. You can add up to 100 stories in a 24-hour period making it highly flexible and a great on-the-go vlogging (video blogging) platform for users and businesses alike.

 

Fortunately, you only need to add about three Stories at a time in any 24-hour period to stay relevant and at the top of your followers’ feeds. I wouldn’t recommend going too crazy with volume unless you have the time and the assets to go for it. Excessive volume tends to have diminished returns, though, so be strategic about the content you post.

 

Why Stories have become so valuable

 

If you’re looking to grow your business through Instagram and/or Facebook, the Stories feature holds incredible value. Here are just a few reasons why.

 

Stories are Interactive.

 

Stories aren’t just a one-way form of communication. Viewers can reply to your Story and initiate a privateconversation with you. This is golden! It’s as good as having your prospect or customer’s cell phone number. You can build personal relationships with your audience and earn trust through the transparent, organic nature Stories provide.

 

Stories are real-time.

 

This makes it really easy to create video content quickly without any technical or editing skills required.

 

Stories can provide Additional Calls to Action

 

If you have over 10,000 followers, you’ll have the feature to include ‘swipe up’ links in your Stories. This is great for adding a call to action that leads your audience outside Instagram. For example, a blog post, product offering, or lead magnet.

 

Even if you don’t have access to the ‘swipe up’ feature, you can use Stories to remind and encourage viewers to click the link in your bio where you can place a strategic call to action.

 

Or, all Instagram users have the ability to link Stories to your IGTV videos. IGTV is a separate app for longer vertical video (15 seconds up to one hour), but the app is very integrated with the main Instagram app.

 

Plus, unlike the main Instagram app, any URLs you add to your IGTV videos in the description or comments are hyperlinked. So, by adding a swipe up to your IGTV video where you then direct people to an external link, you can get traffic from your Stories. I’ve seen Buffer do this strategy well, even though they have the swipe up to outside links feature, they also experiment with swipe up to IGTV videos.

 

Stories improve your reach dramatically.

 

Not everyone sees your feed posts. Stories help combat the diminishing reach on Instagram. Stories are still shown to followers in chronological order. This means the more often you post, your profile Story will place higher ranked at the top of your followers’ feeds.

 

 

How to Get Started with Facebook and Instagram Stories

 

When it comes to getting started with Stories, it’s as easy as choosing your topic, creating the content either in the Instagram app or using a third-party tool then publishing it to your Story.

 

1.  Choose Your Topic: Stories invite your community into your daily life. You can use them to document your day and/or to incorporate some of these strategic ideas for building engagement:

 

        • Offer a behind the scenes look into your brand, people, products and processes.
        • Share tips and tutorials that leverage your knowledge and expertise.
        • Host a Q&A using the questions feature.
        • Conduct market research and get to know your community using the polls feature.
        • Offer platform exclusive offers and discounts encouraging loyalty.
        • Go live and start a conversation with your community. Try also inviting users onto the screen with you to create more intimacy.

 

2. Create Your Story Content: All of these features are included natively within Facebook and Instagram stories making content creation a breeze.

Don’t worry if you’re camera shy, there are still a number of ways you can tell stories and share insights with your audience as you build confidence using the platform.

You can even use low-cost tools such as Canva to create Stories as images/graphics, or Wave.video to create short vertical videos that captivate your audience and invite them to start a conversation with you.

 

3. Publish your Story: To publish an Instagram or Facebook story, you click on the camera shown at the top left of your home screen then use the navigation at the bottom to choose your format.

 

Best Practices for Facebook and Instagram Stories

 

There are no set rules when it comes to Stories but there are some best practices to follow.

 

1. Post Consistently: The only way to engage your audience is to be present. That means showing up on a daily basis and taking the time to really invest in the Stories feature as a key strategy for growth. When you invest in your audience, you earn their attention and they will start to invest in you.

 

2. Plan Your Content in Advance: By planning your content ahead of time, you are far more likely to post consistently. Your stories will also tend to be more intentional and aligned with your goals for the platform.

 

You can also schedule your Instagram Stories in advance using a third-party app. Three great tools that allow you to plan, upload and schedule your feed posts and your Stories include AgoraPulse, Planoly, and Plann.

 

3. Make Use of Interactive Features: From polls to questions, GIFs, countdown timers, locations and @ mentions, there is a wide variety of interactive features built into both Facebook and Instagram Stories. Take advantage of them liberally! These features are all designed to spark engagement in a quick, fun and entertaining way. This is an easy way to get to know your audience and start building relationships with them.

 

And, keep in mind that people absolutely love to touch their phones. (Some studies say as much as 2,600 times a day or even more!) The more you can give your audience an excuse to tap a sticker, or slide the poll, or send you a heart, the more you’ll increase your engagement and loyalty.

 

4. Track and Measure Your Success: Anytime you invest your time and energy into marketing, it’s imperative you track the return on that investment. It’s no different with Stories. To access your Story metrics, just swipe up on any Story.

 

Be sure to measure your traction in terms of growth and engagement not only on a macro level but on a micro level too. You want to know which content is engaging your audience and which content you might want to limit. By honing in on the analytics, you can continuously improve your Story content and the loyalty among your community.

 

You can always go back and review the views on a particular Story within your ‘Archives’. These can be accessed by visiting your profile and clicking the clock icon on the top left.

 

Now it’s your turn to bring your small business to life with Facebook and Instagram Stories. This is an opportunity to connect with your audience and invite them into your business. You no longer have to tell your community why they should buy from you because they get to experience the benefits first hand.

 

 

About Mari Smith

 

mari_0362xFACE_preview.jpg

Often referred to as “the Queen of Facebook,” Mari Smith is considered one of the world’s foremost experts on Facebook marketing and social media. She is a Forbes’ Top Social Media Power Influencer, author of The New Relationship Marketing and coauthor of Facebook Marketing: An Hour A Day. Forbes recently described Mari as, “… the preeminent Facebook expert. Even Facebook asks for her help.” She is a recognized Facebook Partner; Facebook headhunted and hired Mari to lead the Boost Your Business series of live events across the US. Mari is an in-demand speaker, and travels the world to keynote and train at major events.

 

Her digital marketing agency provides professional speaking, training and consulting services on Facebook and Instagram marketing best practices for Fortune 500 companies, brands, SMBs and direct sales organizations. Mari is also an expert webinar and live video broadcast host, and she serves as Brand Ambassador for numerous leading global companies.

 

Web: Mari Smith  or Twitter: @MariSmith

 

Bank of America, N.A. engages with Mari Smith to provide informational materials for your discussion or review purposes only. Mari Smith is a registered trademark, used pursuant to license. The third parties within articles are used under license from Mari Smith. Consult your financial, legal and accounting advisors, as neither Bank of America, its affiliates, nor their employees provide legal, accounting and tax advice.

Nearly half of “small businesses had at least one cyber-attack in the past year,” according to the 2018 Hiscox Small Business Cyber Risk Report. Now more than ever, keeping your customer’s data safe is critical to your business success.

cyber-security-cybersecurity-device-60504.jpg

 

This past year, I saw just how easy it can be for your small business to have a data breach.

 

Let me give you a little background. In October, I was asked by executives from the Microsoft Store to participate in a video demonstration in Los Angeles to show how vulnerable most small businesses are to cyberattacks. We asked Sean Etesham and Richard Idigo, the founders of Quants Bakery (and Microsoft Store customers) to participate, and they agreed.

 

 

Quants Bakery, a subscription-based online vegan bakery, has large collections of customers’ personal data - just like any web-based subscription service - but they were confident in their cybersecurity. “We hired a third-party vendor to handle security and we thoroughly vetted them first,” Idigo said. “On top of that, we use a Virtual Private Network (VPN) in order to hide our IP addresses and encrypt our internet connections. So yes, we really believe in security.”

 

On a sunny October day, I sat down with Etesham and Idigo to perform a cybersecurity demo they won't soon forget. Microsoft Store security expert Eric Leonard had “spoofed” their website, duplicating the site exactly with the exception of one letter in the URL that was unnoticeable. Quantsbakery.com became QuantBakery.com, and their data was breached. When Etesham logged in to the spoofed site, it gave the “hacker” access to whatever was needed to potentially compromise the business.

 

(You can watch the short video of what happened that day, here.)

 

This is a hugely important lesson for small businesses. But what does this experience tell you? Well for one, that hackers have the ability to do whatever it takes to get your customers’ data. It also shows the security you have now may need some reinforcements.

 

So, what can you do, as a small business owner, to keep customer data safe and secure?

 

Install a cybersecurity software suite

 

Cyber threats are always evolving, which makes security software especially appealing. These software suites are updated to fight the latest cybersecurity threats and ensure the safety of your business so you don’t have to. PC Mag lists its top choices of 2019 for cybersecurity software suites as Symantec, McAfee and Bitdefender. The cost ranges from anywhere to $50-$150.

 

Train your staff on cybersecurity protocol

 

Avoid what happened to Etesham and Idigo by training your staff. What signs should they look for? They need to know what a phishing scam is, how it works, and what your cybersecurity rules are. Tailor them specifically to your business: what are the data that needs protecting, and how can we ensure its protection?

 

Enable two-factor authentication

 

Two-factor authentication is an extra layer of protection intended to ensure the people accessing your data were given permission to have that access. This means that after you log in to a site, you receive either an email or a text with a designated code (i.e., the second authentication.) When you receive the code, you can gain access to the information. Cybercriminals cannot duplicate this method of authentication, which makes it a favorite for keeping cyberattacks at bay.

 

Don’t forget to have strong passwords

 

You know this, but do you do it? Changing your password may be frustrating, but it truly is one of the best things you can do to protect your business. Strong passwords mean that a hacker is less likely to retrieve your data. In many cases, a password generator may be your best bet in maintaining your cybersecurity, as it uses combinations that would be tricky for a cybercriminal to guess.

 

 

Make sure you have a security expert on hand

 

If you can’t afford an IT staffer, you can use a third-party vendor to help maintain good cybersecurity.

 

Unfortunately, in this day and age, you can’t afford to not to be protected. Luckily, with all the tips we’ve listed here, you are well on your way to maintaining your customer’s data safely.

 

Get more information and tips in our Fraud and Privacy Resource Center.

 

 

About Steve Strauss

 

Steve Strauss Headshot New.pngSteven D. Strauss is one of the world's leading experts on small business and is a lawyer, writer, and speaker. The senior small business columnist for USA Today, his Ask an Expert column is one of the most highly-syndicated business columns in the country. He is the best-selling author of 17 books, including his latest, The Small Business Bible, now out in a completely updated third edition. You can also listen to his weekly podcast, Small Business SuccessSteven D. Strauss

 

Web: www.theselfemployed.com or Twitter: @SteveStrauss

You can read more articles from Steve Strauss by clicking here

 

Bank of America, N.A. engages with Steve Strauss to provide informational materials for your discussion or review purposes only. Steve Strauss is a registered trademark, used pursuant to license. The third parties within articles are used under license from Steve Strauss. Consult your financial, legal and accounting advisors, as neither Bank of America, its affiliates, nor their employees provide legal, accounting and tax advice. Bank of America, N.A. Member FDIC.  ©2019 Bank of America Corporation

What is local search engine optimization (SEO) and why is it so important to small businesses?

 

While SEO optimizes your website so it will rank higher in search results, local SEO ensures your business shows up when people search for companies like yours, specifically in your local area. Local SEO is an important marketing tool for any small business targeting a local customer base.

bottle-brand-chrome-67112.jpg

Basically, to increase customer visits to your location, you need to be doing local SEO.

 

Local SEO is becoming more important because more people now search for businesses, products and services on mobile devices. When a prospect searches via smartphone, Google takes the phone’s location into consideration when displaying search results. That gives businesses using local SEO an edge.

 

Local SEO can offer many benefits, including:

    • Putting your small business on equal footing with your biggest competitors.
    • Reaching the specific target audience you want—nearby prospects.
    • Grabbing prospects at the exact moment they’re looking for what you’re selling.
    • It’s free!

 

Here's how to implement local SEO for your business.

 

Step 1. Claim your business listing on local search directories.

 

Begin with Google My Business; then move on to other directories such as Bing Places for Business, Citysearch, MerchantCircle, Yelp and Superpages. Also add any region-specific or industry-specific directories you can think of, such as Angie’s List. You may find a directory has already created a barebones listing for your business; go ahead and claim it (it’s free).

 

Step 2. Claim and optimize your directory listings.

 

Start with the basic information prospects will use when deciding whether to visit your business—address, phone number, hours of operation and website URL. If you have more than one business location, you will need a separate directory listing for each; this helps improve your search engine rankings.

 

RELATED ARTICLE: Competing with the Giants: How a Small Store Can Thrive

 

It’s critical for your business name, address and phone number (NAP) information to be completely consistent across the various directories.  In other words, if your business is on 42nd Avenue, don’t spell it Av. in one listing, Avenue in another and Ave. in a third. Inconsistent entries confuse search engines and lower your ranking.

 

Once you’ve got the basics covered, go back to the listings and add details to convince customers to patronize your business. This might include photos of your location or products, menus, current promotions or seasonal hours.

 

RELATED ARTICLE: How to Create Irresistible, Thumb-Stopping Facebook Ads

 

Finally, make sure to categorize your listing under the proper type/s of business. (Most search directories allow this.) Proper categorization helps to deliver more accurate search results to users.

 

Step 3. Optimize your website for local search.

 

For even better results, you’ll want to implement local SEO on your website, too. Start by including your business address in the footer of the home page, on the Contact Us page and anywhere else it’s appropriate. Then add location-specific keywords (such as your neighborhood, city, county or state) in your website’s meta tags, title tags, descriptions and content.

 

Step 4. Keep your information up-to-date.

 

To get the most from local SEO, you need to maintain current listings on local search directories. Once a month, review your listings and make sure all the information is still accurate. Update as needed—for example, add recent photos or new specials. (Your webhosting company may be able to handle this for you as an added service, so you don’t have to visit hundreds of local search directories and update them by hand.)

 

Refreshing your content gets search engines’ attention and improves your standing in search results.

 

 

About Rieva Lesonsky

 

Rieva Lesonsky Headshot.png

Rieva Lesonsky is CEO and Co-founder of GrowBiz Media, a custom content and media company focusing on small business and entrepreneurship, and the blog SmallBizDaily.com. A nationally known speaker and authority on entrepreneurship, Rieva has been covering America’s entrepreneurs for more than 30 years. Before co-founding GrowBiz Media, Lesonsky was the long-time Editorial Director of Entrepreneur Magazine. Lesonsky has appeared on hundreds of radio shows and numerous local and national television programs, including the Today Show, Good Morning America, CNN, The Martha Stewart Show and Oprah.

 

Lesonsky regularly writes about small business for numerous websites and for corporations targeting entrepreneurs. Many organizations have recognized Lesonsky for her tireless devotion to helping entrepreneurs. She served on the Small Business Administration’s National Advisory Council for six years, was honored by the SBA as a Small Business Media Advocate and a Woman in Business Advocate, and received the prestigious Lou Campanelli award from SCORE. She is a long-time member of the Business Journalists Hall of Fame.

 

Web: www.growbizmedia.com or Twitter: @Rieva

You can read more articles from Rieva Lesonsky by clicking here

 

Bank of America, N.A. engages with Rieva Lesonsky to provide informational materials for your discussion or review purposes only. Rieva Lesonsky is a registered trademark, used pursuant to license. The third parties within articles are used under license from Rieva Lesonsky. Consult your financial, legal and accounting advisors, as neither Bank of America, its affiliates, nor their employees provide legal, accounting and tax advice.

 

Bank of America, N.A. Member FDIC. ©2018 Bank of America Corporation

Mark Zuckerberg started 2018 with a renewed commitment to bringing people closer together, prioritizing more meaningful interaction, and ensuring time users spend on Facebook was well spent.

 

blur-browser-close-up-479358.jpg

However, as 2018 unfolded with one scandal or setback after another, it became Facebook’s biggest annus horribilis—the single worst year in the company’s history. The world’s top social network found itself at the center of global storms over a wide variety of major issues such as data breaches, election interference, congressional testimonies, security breaches, fake news, lawsuits, fines, threats of antitrust cases, and possible government regulation.

 

Yet, despite the repeated claims that it would do better when it came to security, the company ended 2018 explaining why it was sharing information about users’ friends and families with dozens of companies without users’ consent.

 

“For years, Facebook gave some of the world’s largest technology companies more intrusive access to users’ personal data than it has disclosed, effectively exempting those business partners from its usual privacy rules, according to internal records and interviews,” the New York Times reported in December.

 

Related: Facebook Privacy: What Small Business Owners Need to Know

 

Facebook loses the public’s trust

 

Research shows that, out of the major tech companies, people trust Facebook the least with their personal information. Five times more people place Facebook as the least trustworthy company to handle their personal information when compared to Amazon and Twitter, according to this chartcompiled by Statista.

 

Only 28 percent of the Facebook users surveyed after CEO Mark Zuckerberg’s congressional testimony (April 2018) believe the company is committed to privacy, down from a high of 79 percent in 2017, according to a survey by the Ponemon Institute and NBC News.

 

Of course, as trust in Facebook hits an all-time low, the company’s overall reputation has been impacted severely. Looking at the public reputation of the 100 most visible U.S. companies, Facebook is currently a dismal No. 94, according to a Harris Poll survey in partnership with Axios.]

 

Use of personal data becomes mainstream - it’s a good thing!

 

Yet,  one positive outcome of 2018 was personal data became a mainstream topic of conversation among the general public. Consumers are becoming much more educated about tech companies’ terms of service, privacy policies and their respective country’s personal data laws.

 

People are starting to really wake up to the fact that major tech companies have been tracking, storing, utilizing and—in some cases—selling or sharing their data to advertisers.

 

Because of this new awareness, U.S. consumers are starting to a) think twice before automatically accepting terms of use for online services and apps, b) demand more control over their personal data and privacy rights, and c) pay attention to current privacy laws and lobby for better regulation, such as European governments are implementing.

 

Understanding Zuckerberg’s new privacy-focused social foundation of the future

 

Due to all of the above, we now know that Zuckerberg had been working hard behind the scenes for some time to come up with a turnaround strategy for Facebook and its family of apps and services, that includes Instagram and WhatsApp.

 

In March, Zuckerberg published a 3,200-word privacy manifesto as a note on his Facebook personal profile. Zuckerberg details his vision for this new privacy-focused foundation with these six pillars:

 

1. Private interactions: Facebook is shifting the focus to its messaging apps with Facebook Messenger, WhatsApp and Instagram Direct. Zuckerberg has commented previously on the fact that people feel safer and more confident to share when they know their conversations are private.

 

2. Encryption: Currently, Facebook-owned WhatsApp is fully end-to-end encrypted, meaning that messages cannot be read even by WhatsApp/Facebook. Facebook now has a goal to bring this same level of encryption to Messenger and Instagram Direct to provide more security to its services.

 

3. Reducing Permanence: Facebook has also found that people feel more comfortable being themselves and sharing more openly when they know their content won’t ‘stick around.’

 

4. Safety: Zuckerberg states that “People should expect that we will do everything we can to keep them safe on our services within the limits of what's possible in an encrypted service.”

 

5. Interoperability: Zuckerberg confirmed on the Q4 earnings call on January 30, 2019, that Facebook plans to merge the underlying infrastructure of its three messaging apps/products (Facebook Messenger, WhatsApp and Instagram Direct). This will make it easier for users and businesses to communicate seamlessly through the messaging app of their choice.

 

6. Secure data storage: Finally, Zuckerberg wanted to drive home the point that Facebook will not be storing sensitive data in countries with weak records on human rights like privacy and freedom of expression in order to protect data from being improperly accessed.

 

Thoughts on encryption

 

Regarding No. 2, I have long been a proponent of full end-to-end encryption. However, I’ve come to understand counter-opinions and realize that encryption can also spawn its troubles.

 

It’s one thing to have third parties or governments unable to read our messages. But, if even Facebook cannot read messages on its own services (either via humans or artificial intelligence), this can potentially wreak havoc because horrible things can be happening behind the scenes without anyone knowing. In fact, this was apparently one of the main areas where recently departed Chief Product Officer, Chris Cox, disagreed with Zuckerberg.

 

More on ephemerality

 

Regarding No. 3 , ephemerality – the concept of content lasting only briefly – is  already inherent in the Stories product across Instagram and Facebook. This simply means that all Stories disappear after 24 hours unless the content owner/publisher chooses to showcase Stories in their archives.

 

Now, Zuckerberg plans to introduce a level of ephemerality to other areas, such as disappearing private messages and expiration dates on public content, if you choose. (Expiration dates are currently already available for Facebook business pages owners and comes in handy if, say, you have news, updates or offers that are no longer relevant after a certain date.)

 

What small business owners should focus on now

 

At the end of the day, I firmly believe the six pillars detailed in Zuckerberg’s privacy manifesto are a giant leap forward for Facebook, its family of apps and services, and its combined 2.7 billion active users.

 

I further discuss my own thoughts on Zuckerberg’s new privacy-focused approach on my Facebook Page on this post and on this Live broadcast.

 

The bottom line is that this new “privacy-focused social foundation for the future” is a major pivot point for Facebook and a major pivot point for marketers and small business owners.

 

Keep publishing your compelling video content, create niche groups where your community can create meaningful connections with you, and be sure to integrate a Messenger chatbot for your Facebook business page.

 

Related:

How to use Compelling Video On Social Media for your Small Business

3 Social Video Marketing Tools to Grow Your Business

How to Use Facebook Groups to Build a Loyal Community

Facebook Messenger Chatbots Give Small Business Owners an Edge

 

And, as I told the 5,000 attendees at Social Media Marketing World 2019 in my opening keynote, pay attention to what Facebook deemphasizes and what the company prioritizes. We have to stay nimble, stay educated and be ready for change!

 

Keep reading the great content here on Bank of America’sSmall Business Community and be sure to follow my Facebook Page closely as the year continues to unfold and we all adapt to pending changes on Facebook, Instagram, Messenger, and WhatsApp.

                                                                                                          

Related:

The Power of Facebook – with Mari Smith

Is Facebook Still the King of Social Media?

 

 

About Mari Smith

 

mari_0362xFACE_preview.jpg

Often referred to as “the Queen of Facebook,” Mari Smith is considered one of the world’s foremost experts on Facebook marketing and social media. She is a Forbes’ Top Social Media Power Influencer, author of The New Relationship Marketing and coauthor of Facebook Marketing: An Hour A Day. Forbes recently described Mari as, “… the preeminent Facebook expert. Even Facebook asks for her help.” She is a recognized Facebook Partner; Facebook headhunted and hired Mari to lead the Boost Your Business series of live events across the US. Mari is an in-demand speaker, and travels the world to keynote and train at major events.

 

Her digital marketing agency provides professional speaking, training and consulting services on Facebook and Instagram marketing best practices for Fortune 500 companies, brands, SMBs and direct sales organizations. Mari is also an expert webinar and live video broadcast host, and she serves as Brand Ambassador for numerous leading global companies.

 

Web: Mari Smith  or Twitter: @MariSmith

 

Bank of America, N.A. engages with Mari Smith to provide informational materials for your discussion or review purposes only. Mari Smith is a registered trademark, used pursuant to license. The third parties within articles are used under license from Mari Smith. Consult your financial, legal and accounting advisors, as neither Bank of America, its affiliates, nor their employees provide legal, accounting and tax advice.

The best way for any small business to make sales is always face-to-face. Nothing beats the personal touch. A talk with a company rep is often the only way to understand a buyer’s doubts, overcome their objections, show off your products, and push home your sales points.

 

A live video Q&A lets you do that online to hundreds and even thousands of potential buyers at the same time. It turns a sales pitch into a communal chat. You can think of it as creating your own shopping channel… but live and with two-way communication. You talk on the screen and the audience talks back to you through comments.

 

To make things even easier, built-in tools like Facebook Live let you get in front of an audience you’ve already grown for your business on social media. All you have to do is tell them when to tune in, point the camera at yourself, and hit the button.

 

How to get Best Results with a Live Q&A

 

First, welcome people as they arrive. You should see notifications as people join the audience. Mention them by name. Bring them in and make them feel at home. You might be talking to several hundredpotential buyers at the same time, but each person watching should feel you’re addressing them personally and that their questions and contributions are welcome. The more people who engage with you live, the more your audience will be alerted to the live stream and having the chance to join in and ask their own questions in the comments.Screen Shot 2019-02-26 at 9.53.51 AM.png

 

Second, use supplementary services to improve the presentation of your Q&A. Belive.tv, for example, will let you brand the appearance of your video and show the question you’re answering in a bubble-like chyron on the screen. It looks very professional. Everyone can see what you’re discussing, and you can even ask an assistant to add explanations or links to a sales page in real time so people can explore or purchase the product you’re describing.

 

Third, and most important, make the broadcast entertaining. This shouldn’t just be a chance for you to sit in front of a camera and be interviewed by an audience you can’t see. It should be a chance for you to show off your product, skills or services.

 

A cake designer, for example, could get the ball rolling by saying, “A lot of people ask me how I make cakes shaped like footballs. Here’s how I do it.” As she demonstrates the cake, her audience can ask her their questions about baking and cake decorating. Instead of just getting a Q&A, they get a live “television show” on a subject they love and in which they can ask the expert questions. It’s better than Netflix!

 

But you need to make sure that you prepare your audience prior to a live Q&A. Use the audience insights from your Facebook Business page to pick a time when you know the largest number of your audience is likely to be online. Let them know you’ll be doing a live stream and when it’s going to take place. Ask them the topics you’d like the Q&A to cover so you can prepare good, detailed answers. And encourage viewers to tell their friends. A live Q&A can take a few minutes to get going as people arrive late, so as they come in, take advantage of the intro period to encourage viewers to tag their friends in the comments or share the live stream link so their networks can tune in as well.

 

Lastly, remember that a live Q&A has another advantage: after it’s been live, it becomes a recorded Q&A. You can edit it, put it on your YouTube channel and your website, and keep building your audience and your community.

 

Twice the opportunity with half the work! Happy live streaming.

 

RELATED CONTENT

 

 

About Joel Comm

 

Screen Shot 2019-02-08 at 9.16.44 AM.png

As an Internet pioneer, Joel has been creating profitable websites, software, products and helping entrepreneurs succeed since 1995. He has been at the frontlines of live video online since 2008 and has a deep expertise in using tools such as Facebook Live, Periscope, Instagram or Snapchat to broadcast a clearly defined message to a receptive audience or leveraging the power of webinar and meeting technologies.

 

Joel is a New York Times best-selling author of 15 books, including “The AdSense Code,” “Click Here to Order: Stories from the World’s Most Successful Entrepreneurs,” “KaChing: How to Run an Online Business that Pays and Pays and Twitter Power 3.0.” He is Co-Host of The Bad Crypto Podcast one of the top crypto-related shows in the world and has spoken before thousands of people around the world and seeks to inspire, equip and entertain.

 

Web: https://joelcomm.com/ or Twitter: @JoelComm

Read more from Joel Comm

 

Bank of America, N.A. engages with Joel Comm to provide informational materials for your discussion or review purposes only. Joel Comm is a registered trademark, used pursuant to license. The third parties within articles are used under license from Joel Comm. Consult your financial, legal and accounting advisors, as neither Bank of America, its affiliates, nor their employees provide legal, accounting and tax advice.

When you own a business, it can feel like doing the work of 10 people. Particularly at the start, a business owner can be responsible for managing everything from accounting to travel arrangements to making sales calls. Fortunately, today’s business software can make juggling all these tasks a little bit easier.

 

Here are 9 online tools no small business owner should be without.

 

1. Appointment-Plus

blurred-background-coffee-cup-computer-908284.jpg

Scheduling appointments is a pain for small business owners with limited staff. Turn the job over to this handy app. It allows customers to schedule their own appointments online and helps you manage them by sending confirmation and reminder messages via email or text. Appointment-Plus integrates with MailChimp, Constant Contact, iContact and more.

 

2. Bank of America Business Advantage 360

Get a 360-degree view of your business finances with the new cash flow management dashboard from Bank of America with no enrollment or cost for business clients who use Bank of America Online and/or Mobile banking, since its fully integrated into your digital experience.  Integrate your account activity to help categorize and track debits and credits, major expenses and key transactions all in one place. You can set cash flow thresholds, and alerts to make proactive adjustments.

 

3. Cloze Business

Manage your inbox, contacts, and relationships all in one app. Cloze automatically pulls from your email, social media, calendar, calls, notes and more, then gathers all the information about each contact in one place. Next time you contact that person, your entire interaction history is at your fingertips. Cloze Business is $13.33/user/month.

 

4. JoinMe

Make web conferencing a breeze with JoinMe. For $20/month you get unlimited audio, video, and screen-share meetings and unlimited time for up to 50 people per meeting. Dial in with VoIP or by phone (you can even give participants a toll-free number to call). Then stream up to 10 webcams and record and store up to 5GB.

There are plenty of other helpful online tools. Please share your favorites with us.

 

5. Shoeboxed

Shoeboxed does more than scan and organize receipts (although if you’re a frequent traveler like me, that’s enough). It also creates expense reports, helps you prepare for tax season, tracks mileage using your phone’s GPS, and scans and organizes business cards to create exportable contact lists. Plans start at $29/month.

 

6. Toggl

Whether you’re a solo-preneur or have a staff, every entrepreneur can benefit from this free app. Just push a button on your device or computer to start tracking your time. It helps you track billable hours, create more accurate invoices, and pinpoint time wasters. Toggl syncs across all devices so you can start on one and stop on another. It also integrates with popular apps such as Asana, Basecamp, and Trello.

 

7. Trello

This project management app’s boards, lists, and cards make it intuitively easy to use. Create a board to track an overarching project, then add cards and lists to break down the associated tasks. You can add comments, file attachments, labels, due dates and more to cards; checklists and due dates ensure no one misses a deadline. Trello works on devices from iPhones to smartwatches and Kindle tablets, ensuring you and your team can use it on the go. The Business Class plan ($9.99/user/month) lets you connect Trello to Salesforce, Slack, GitHub, Evernote, Google Drive, Dropbox, Mailchimp and other popular business apps for even more functionality.

 

8. Tripit Pro

This app ($49/year) has everything you need to stay calm, cool and collected no matter where business takes you. Tripit Pro gathers all your travel information in one place and syncs it across all your devices. Share your itinerary with others, track reward points, get alerts for flight schedules and delays, and find new flights if your plans change. 

 

9. Zoho Social

This collaborative social media management platform is ideal for businesses that actively market on social channels. Zoho Social allows you to manage multiple social networks, schedule unlimited posts and monitor keywords—all from one single dashboard. It’s easy to learn what customers are saying about you, making social listening a snap.  Beyond these features, Zoho provides robust analytics and offers customized, real-time reports about your results including how far your content reaches and the amount of engagement it earns. There are three plans available to small businesses, including a free plan that offers the option to try before you buy more advanced features.

 

 

About Rieva Lesonsky

 

Rieva Lesonsky Headshot.png

Rieva Lesonsky is CEO and Co-founder of GrowBiz Media, a custom content and media company focusing on small business and entrepreneurship, and the blog SmallBizDaily.com. A nationally known speaker and authority on entrepreneurship, Rieva has been covering America’s entrepreneurs for more than 30 years. Before co-founding GrowBiz Media, Lesonsky was the long-time Editorial Director of Entrepreneur Magazine. Lesonsky has appeared on hundreds of radio shows and numerous local and national television programs, including the Today Show, Good Morning America, CNN, The Martha Stewart Show and Oprah.

 

Lesonsky regularly writes about small business for numerous websites and for corporations targeting entrepreneurs. Many organizations have recognized Lesonsky for her tireless devotion to helping entrepreneurs. She served on the Small Business Administration’s National Advisory Council for six years, was honored by the SBA as a Small Business Media Advocate and a Woman in Business Advocate, and received the prestigious Lou Campanelli award from SCORE. She is a long-time member of the Business Journalists Hall of Fame.

 

Web: www.growbizmedia.com or Twitter: @Rieva

You can read more articles from Rieva Lesonsky by clicking here

 

Bank of America, N.A. engages with Rieva Lesonsky to provide informational materials for your discussion or review purposes only. Rieva Lesonsky is a registered trademark, used pursuant to license. The third parties within articles are used under license from Rieva Lesonsky. Consult your financial, legal and accounting advisors, as neither Bank of America, its affiliates, nor their employees provide legal, accounting and tax advice.

 

Bank of America, N.A. Member FDIC. ©2019 Bank of America Corporation

NCSS small.png

WHAT ARE THE CYBER RISKS TO MY BUSINESS?

 

Cyber risk can be defined as the risk of financial loss, disruption or damage to the reputation of an organization through a failure of its information technology systems. Information technology has fueled rapid growth to small businesses, which can help you -- reach more customers, tap into new markets, grow faster, and create more jobs. With that increased reliance on information technology and access to data, new risks to your businesses’ financial, customer data and reputation can occur. 

The process of cyber risk assessment includes identifying your organization’s important data (financial data, customer data, and intellectual property), potential vulnerabilities for the systems that store or handle that data, and the potential impacts to your organization associated with a loss of confidence, integrity, or availability to that data.

 

FACT 1: ASSESSING CYBER RISK

Assessing and managing cyber risk is no different than managing other types of risk. If you were to manage the risk to your business from flood damage you would -- identify the most important assets that could be affected; consider how vulnerable those assets would be to a flood; consider the likelihood of flooding in the area; and determine what responses make the most sense based on the corresponding costs of responding to that risk. (Eg: invest in measures to protect those assets, move the assets, transfer the risk through insurance, or accept the risk.)

 

FACT 2: RESOURCES

There are many available resources to assess cyber risk. How extensive to analyze risk – is based on a range of factors --- business priorities, regulatory standards or cost considerations. The National Cybersecurity Society provides a free survey that helps small businesses assess cyber risk called NCSS CARES (Cybersecurity Assessment and Resiliency Evaluation for Small Business). The assessment methodology was adapted from two main sources: The NIST Cybersecurity Framework and Carnegie Mellon’s Software Engineering Institute, CERT, Resilience Management Model.

 

FACT 3: NCSS CARES

NCSS CARES measures small business risk based upon the level of maturity of the business’ organizational cybersecurity and resiliency processes as defined by CMMI. CMMI (Capability Maturity Model Integration) is a process level improvement training and appraisal program, developed by Carnegie Mellon University. NCSS CARES can be found at: https://nationalcybersecuritysociety.org

FACT 4: INSURANCE

Assessing your cyber risk is an important consideration for any organization’s overall evaluation of risks. Many insurance providers are using an assessment to set rates for policies; therefore, an understanding of your risks and how your organization manages risk are a critical steps in ensuring your business is resilient. Begin now by assessing your risk through the NCSS CARES.

FACT 5: VENDOR AGREEMENTS

The American Bar Association is recommending all vendor agreements include a section on assessing the risks of an organization’s partners. NIST 800-171, Protecting Critical Unclassified Information in Non-federal Systems, is requiring contactors who do work with the government assess their risk and provide an affirmation statement that they have complied with addressing and mitigating known risks.

 

FACT 6: NIST CYBERSECURITY FRAMEWORK

The NCSS has mapped NCSS questions in the survey, NCSS CARES, to the cybersecurity framework. The mapping can be found elsewhere on our site.

 

RISKS

HERE ARE SOME RISKS TO CONSIDER:

  • Reputational
  • BYOD
  • Internet of Things
  • Lack of employee awareness/training
  • Social Engineering
  • Weak Passwords and the lack of 2 Factor Authentication
  • Unsecure website
  • Lack of data retention policy
  • Limited to no backups of critical data/systems

 

Download a PDF of this fact sheet.

 

 

Still have questions, need help?

Contact us at our “Ask-an-Expert” service, web@thencss.org or visit us at the link below.

 

 

©2018 National Cybersecurity Society, All Rights Reserved

www.nationalcybersecuritysociety.org

 

JOIN THE NCSS

Become a member of The National Cybersecurity Society today and learn more about how to protect your business from a

cyber attack.

 

 

About The National Cybersecurity Society

The National Cybersecurity Society is a non-profit organization focused on providing cybersecurity education, awareness

and advocacy to small businesses. The NCSS provides cybersecurity education tailored to the needs of the small business

owner; helps small businesses assess their cybersecurity risk; distributes threat information to business owners so that they

will be more knowledgeable about the threats facing their business; and provides advice on the type of services needed to

stay safe online.

NCSS small.png

 

Your reputation depends on securely connecting to your customers

and suppliers via the Internet. Do you know how to create a secure

website?

 

STEP 1: HOSTING SERVICE

Unless you’re a technology security company, we don’t recommend you host your website on your company or

home server.

 

Purchase website hosting services from a commercial service provider. There are many available. Ensure the

company can support SSL/TLS encryption, security monitoring, and a back up copy of your website.

 

Commercial Website hosting companies have the ability to provide:

  • Availability – nearly 99.99% availability - meaning you’re always open
  • Flexibility – ability to expand when your business grows
  • Security – up to date security monitoring and patches aligned with industry standards
  • Data Backups – your website and website content will be backed up – another way to ensure you are resilient

 

STEP 2: ENCRYPTION

SSL/TLS are protocols used for encrypting information between two points. SSL Certificates are issued between

the two entities, usually between server and client, but there are times when server-server and client-client encryption

are needed.

 

By selecting the feature of SSL/TLS encryption, your company and customer’s private information such as passwords,

credit card numbers are encrypted. What that means, if someone were to hijack the data transmission the data would

be encrypted and the bad guys won’t be able to steal it or read it. Without this feature, your data is transmitted in the

clear, and anyone can read it, steal it or manipulate it.

 

Customers can buy with confidence, knowing their info is safe, and your website url will have the https:// qualifier,

meaning their web experience will be safe.

STEP 3: BACKUP

Most hosting companies provide a backup copy of your website content and the ability to restore your site to an earlier

version if you get into trouble. This is usually a standard feature – but check the plan to ensure you have this provision.

 

Ask how long it will take to restore your site to an earlier version. If you can be down for a day or two, then at least you will

know in advance. If you can’t be down for a day or two, select a service provider who can restore your site within your time

constraints.

 

STEP 5: DNS SECURITY

This is a premium service, but well worth the cost. Ever wonder if a hacker could interfere with your site and redirect

users to a site that looks just like your site, but they steal all of your customers and business? Domain Name Server (DNS)

converts your URL (www.howtoguide.com) to a series of numbers (an IP address) that a browser uses to locate a website. 

When you type a domain name into your browser, the DNS looks through a huge database to find the right IP address you

requested and directs your browser to the correct website content. DNSSEC or DNS Security stops hackers by securing

the look up process and verifying the visitor is actually arriving at your site.

 

Select DNSSEC as a service with your website hosting contract. This will improve performance, accessibility and security

by placing you DNS information in a secure location. The hosting company will place your DNS information in multiple

servers around the world, so visitors searching for your site can get connected to the closest server location for a faster

response. It eliminates the error, “website not found”, which usually happens when a server is slow to respond. With this

feature, hackers won’t be able to redirect your customers to their website to steal user names, passwords or credit cards

numbers.

 

STEP 6: ESTABLISH A LOGIN/PASSWORD

When you establish a website account, you will be asked for a user name and password. Simple, right? Not so simple,

your password shouldn’t be password! Passwords should be between 10-20 characters – the longer the password, the

harder it is for someone to crack.

  • Don’t use words or phases that link to who you are, where you have lived – street, city you were born, date you were

married, your business name, your business owner, kid’s names or birthdays.

  • Change your password every three months or when prompted by the hosting provider
  • The password you established should only be used for your website, don’t reuse passwords.

STEP 7: ASSIGN AN OWNER

Having a website owner or “system owner” is one of the critical steps in managing a website or any critical system or service.

He/or she can manage the account, keep up to date on the latest changes, and interface with the website hosting company.

He/she is responsible for keeping up-to-date records of changes made to the website, contract details, restoration details,

etc. He/she is the go-to person for keeping the website up and operational and interfacing with the hosting provider. This

can be a part-time job, but because it is such a critical function for your online business and reputation, it’s important to have

the responsibility defined and assigned.

 

STEP 8: TRAIN

Training employees is a critical step in ensuring your site is functional and resilient. Your employees can be the first line

of defense – by knowing your website, and whether it’s functioning as it should. They need to be advised they should notify

your website “system owner” and website hosting provider if the site is not functioning as it is intended.

 

Employees need to understand the value of protecting customer data, and to stay watchful and speak up. Customers who

call in and need help navigating the company website could actually be hackers trying to steal critical data. Employees need

to be trained not to give out critical information over the phone. Employees should also be advised not to write down

customer credit card data – but rather instruct the caller on how to enter the information on line.

 

At least every quarter remind/train employees on how to protect customer data, and to stay watchful of your critical asset –

your website.

 

DID YOU KNOW?

  • Compromised websites are used for a number of reasons:

    • To redirect traffic to a hacker’s spurious website; steal customer data including payment and email information; host

malware, spam pages, and/or porn; advertise illicit products; or simply vandalize the site.

    • Ransomware, a type of malware, has become the latest threat to the business community - whereby criminals lock

or vandalize the website and demand a ransom before the website can be put back into use.

    • Having an unsecure site offers criminals the platform to launch these crimes.

 

Download a PDF of this fact sheet.

 

Still have questions, need help?

Contact us at our “Ask-an-Expert” service, web@thencss.org or visit us at the link below.

 

©2018 National Cybersecurity Society, All Rights Reserved

www.nationalcybersecuritysociety.org

 

JOIN THE NCSS

Become a member of The National Cybersecurity Society today and learn more about how to protect your business from

a cyber attack.

 

About The National Cybersecurity Society

The National Cybersecurity Society is a non-profit organization focused on providing cybersecurity education, awareness

and advocacy to small businesses. The NCSS provides cybersecurity education tailored to the needs of the small business

owner; helps small businesses assess their cybersecurity risk; distributes threat information to business owners so that they

will be more knowledgeable about the threats facing their business; and provides advice on the type of services needed

to stay safe online.

NCSS small.png

 

 

Every day in the news, we hear about data breaches. Are you concerned

your sensitive business, customer and supplier data is not protected?

 

 

STEP 1: DATA OWNER

All data needs someone in your organization to determine how valuable the data is that you want to protect. In the

cybersecurity business, we call that person a data owner.

 

The data owner could be the inventor who created your secret sauce, your CEO who devised your unique business

strategy, or the customers who depend on your services.

 

Not all data needs protection. The data owner can be called upon to determine which data to protect, how sensitive

it is, who can access it and use it and the severity/criticality of the data if it is lost or stolen.

 

It’s easy to say that your payroll data is critical for your business, but what about the age of your equipment and warranty

schedule? It may not be critical now, until you need to replace it or ask the manufacturer to repair it. The business/data

owner can help you decide how “critical” various data elements are that you need to protect.

 

STEP 2: DEVICE MANAGEMENT

Data protection can include protecting the data by preventing access to the device (via passwords or other authentication

methods) even while it is stored on a laptop or memory device. Ensure that any critical data stored on removable device

(memory stick, disk, hard drive, laptop, tape) is password protected. These devices and the data that resides on them can

be easily stolen and compromised. If the device is password protected, it will be harder to gain access to the data stored.

 

STEP 3: CYBER SAFE BUSINESS PRACTICES

Simple cyber safe business practices can help protect your data. Your employees are often your best defense in protecting

your data. They know the ins and outs of your business, when deliveries are made, who the suppliers are, who your critical

customers are, profit and loss data and many more unique business facts. Don’t let that information get leaked, stolen or

posted on social media.

 

STEP 4: HARDWARE AND SOFTWARE

  • Data protection is also about protecting the devices you use to store, manage and track your data. Here are some simple

tips to prevent data loss.

  • Hardware and software inventory life cycle status – do you know if your equipment is still supported by the manufacturer?

Have you downloaded the latest updates? Does the vendor still support the applications you are using for your business?

It is important to know where you stand in your inventory life cycle and whether it might be time to update your hardware

and software.  This is one of most overlooked cyber safe practices that criminals often use to gain access to your data.

  • Conduct regular maintenance and run virus scans, learn how to run a utility system that can diagnose your system for

problems. These utilities can prevent little problems from becoming big problems, and will keep you in business.

 

STEP 5: BACKUPS

Before you make changes to critical data, always make a duplicate. Even if you just made a backup yesterday, make another

and label it. If you or your employees create a backup on a removable drive, have the drive or memory device password

protected.

 

STEP 6: OFF-SITE STORAGE

Something you probably never thought of, but what happens if there is a fire at your facility and your only backup was on-site

and was lost in the fire? Keep a copy of your critical data offsite. If you use a managed service provider to store your data and

applications, ensure that they provide you the ability to recover your data if it is compromised at their site. Know what is in the

fine print before you sign the agreement. If they don’t provide a guarantee - find another provider. Another option - one service

provider may not be enough - you might need another provider in another region of the country to ensure your data is backed

up – based upon your needs for recovery.

 

Did you know…

Here is a set of cyber safe business practices that you can easily implement:

  • Advise employees to routinely save their work, sounds simple, but hours of work could be lost if they don’t think to stop

and save.

  • Never open email attachments by habit or click on links unless it is a secure site and you know where the email

originated.

  • Never allow employees to use memory sticks or disks from someone outside the company, unless someone has

scanned it first for viruses.

  • Keep your business operations private and instruct your employees about what can and cannot be posted on social

media. Adversaries can use facts posted on public sites to conduct social engineering scams to trick your employees and

compromise your operations.

  • Advise your employees to keep their passwords safe and secure and use our guide on how to create secure passwords.

 

Download a PDF of this fact sheet.

 

Still have questions, need help?

Contact us at our “Ask-an-Expert” service, web@thencss.org or visit us at the link below.

 

©2018 National Cybersecurity Society, All Rights Reserved

www.nationalcybersecuritysociety.org

 

JOIN THE NCSS

Become a member of The National Cybersecurity Society today and learn more about how to protect your business from a

cyber attack.

 

 

About The National Cybersecurity Society

The National Cybersecurity Society is a non-profit organization focused on providing cybersecurity education, awareness

and advocacy to small businesses. The NCSS provides cybersecurity education tailored to the needs of the small business

owner; helps small businesses assess their cybersecurity risk; distributes threat information to business owners so that they

will be more knowledgeable about the threats facing their business; and provides advice on the type of services needed to

stay safe online.

NCSS small.png

Do you know what organizational assets you need to protect? Is it only your IT assets? 

Are you unclear where to start?

 

These are the first questions in developing an asset protection strategy. All that is needed is an understanding

of your business and some time to develop an outline.

 

RISK MANAGEMENT METHODOLOGY

The Carnegie Mellon Risk Management Methodology (RMM) (which the NCSS CARES questionnaire is based

upon) lists asset definition and management as the first step in a cyber secure business strategy. It is

recommended you identify the organizational assets (people, information, technology, facilities) and assign

responsibility of those assets in order to protect them appropriately.

 

Once organizational assets are defined, the next step is to define the relationship between these assets and the

high value services they support. It requires a process be established that examines and validates this relationship

through periodic reviews. Lastly, it requires your organization to maintain and sustain an inventory of these assets

and high value services. It is important to keep this information up to date and modified when events change.

 

 

STEP 1: INVENTORY

Inventory – create an inventory of your people – not just your employees, but your suppliers and partners; the data

you need to run your business; the technology assets you need (computers, servers – the entire infrastructure); and

the facilities needed to house and operate your business.

 

STEP 2: HIGH VALUE SERVICES

Listing of High Value Services – create a list of high value services that keep your business functioning – logistics,

financial, service delivery, assembly, manufacturing. Define what are the key services you need – those services that

if lost, delayed or compromised would impact your business.

 

STEP 3: MAPPING

Mapping – create a mapping of people, data, technology and facilities to the high value services they support. Define

the relationship between these assets and the high value services. Validate the relationship through periodic reviews.

As an example, if the supplier for your medical equipment changes, and this supplier has been identified as key

personnel, have you updated your mapping relationships? Did you review the contract with the new medical supplier

to determine if anything has changed that would affect your service delivery? Leveraging your people to take

responsibility for certain high value services and keeping the critical information current is key to protecting your assets.

 

STEP 4: INVENTORY PLAN

Inventory Plan – a plan is only useful if it is kept current and up-to-date. Schedule an annual inventory and mapping

exercise to ensure that the protection mechanisms you employ support valid assets. A good rule of thumb – once a year.

 

STEP 6: CONTINUITY PLAN

Continuity Plan – A sound business strategy includes continuity plans. For all your high value services that depend on

critical people, data, technology and facilities, you will need a contingency plan in place in the event any of these assets

is compromised.  See our “How-to-Guide” to develop a Continuity Plan.

RESOURCES NEEDED:

  • Inventory of Organizational People, Data, Technology, Facilities

  • Listing of High Value Services

  • Mapping

  • Inventory Plan

  • Continuity Plan

 

 

DID YOU KNOW?

 

THE NUMBER ONE PREVENTION METHOD TO COMBAT RANSOMWARE --- HAVE A BACKUP AND RECOVERY PLAN

 

Download a PDF of this fact sheet.

 

Still have questions, need help?

Contact us at our “Ask-an-Expert” service, web@thencss.org or visit us at the link below.

 

©2018 National Cybersecurity Society, All Rights Reserved

www.nationalcybersecuritysociety.org

 

JOIN THE NCSS

Become a member of The National Cybersecurity Society today and learn more about how to protect your business

from a cyber attack.

 

About The National Cybersecurity Society

The National Cybersecurity Society is a non-profit organization focused on providing cybersecurity education,

awareness and advocacy to small businesses. The NCSS provides cybersecurity education tailored to the needs of

the small business owner; helps small businesses assess their cybersecurity risk; distributes threat information to

business owners so that they will be more knowledgeable about the threats facing their business; and provides advice

on the type of services needed to stay safe online.

NCSS small.png

Passwords, passwords, too many to remember… Ever wonder

how to create a safe and secure password that is impossible to crack?

 

STEP 1:

Imagination – we know you are busy and don’t have time to think up unique and creative passwords, so

here’s a suggestion:

 

Use a random word generator. Like the link below:

http://www.textfixer.com/tools/random-words.php

 

Pick 2-3 words add some numbers, unique characters and a capital letter – and you are ready to go!

 

Like this:  noble3$kitten72True – 19 characters!

 

STEP 2:

Safe storage – we know you can’t remember all these passwords, and you have a lot more important things

to remember to keep your business running. If you have to write them down, don’t store them in a file on

your computer!! Write them down and lock them up, just like you would for an extra set of your car or

warehouse keys, or lock combinations. These should be treated as any other “critical data” that needs to be

kept in a secure location.

 

There are commercial products to store passwords, such as KeePass and backup services such as SpiderOak

or Dropbox – all can be used to keep your password backed up and encrypted.

 

Did you know…

  • Longer the better – 10-20 characters – the longer the password, the harder it is for someone to crack

 

 

  • Don’t use words or phases that link to who you are, where you have lived – street, city you were born, date

     you were married, your business name, your business owner, kids names or birthdays

 

 

  • Change your password every three months or when prompted by the service you are using

 

  • Each password should only be use for one service. Don’t reuse passwords

 

  • Consider using a password manager – such as Dashlane or KeePass

 

Download a PDF of this fact sheet.

 

Still have questions, need help?

Contact us at our “Ask-an-Expert” service, web@thencss.org or visit us at the link below.

 

©2018 National Cybersecurity Society, All Rights Reserved

www.nationalcybersecuritysociety.org

 

JOIN THE NCSS

Become a member of The National Cybersecurity Society today and learn more about how to protect

your business from a cyber attack.

 

 

About The National Cybersecurity Society

The National Cybersecurity Society is a non-profit organization focused on providing cybersecurity

education, awareness and advocacy to small businesses. The NCSS provides cybersecurity education

tailored to the needs of the small business owner; helps small businesses assess their cybersecurity

risk; distributes threat information to business owners so that they will be more knowledgeable about

the threats facing their business; and provides advice on the type of services needed to stay safe online.

NCSS small.png

WHAT IS A WHITELIST AND A BLACKLIST?

Whitelisting and blacklisting are two methodologies to control access to websites, email, software

and IP addresses on networks.  Whitelisting denies access to all resources and only the “owner” can

allow access. Blacklisting allows access to all with the provision that only certain items are denied.

 

FACT 1: WHITELISTING

Whitelisting has advantages in that you control access to the website or virtual resource you want

your business to use, however, is less dynamic and more restrictive in terms of ease of use and

versatility. This is a control mechanism where you deny access to all resources by default then allow

access to resources by name. Think of your home, where only you and your family can get access

the front door. Everyone in your family would have a front door key, but some individuals don’t have

keys to every door. You may have a shed out back that only you have they key because dangerous

chemicals are stored there. The disadvantage is that not everyone in your family has open access to

the shed and would have to ask permission to get something out. Now, that may work for a small family,

but would be unworkable unless the number of employees requiring access is small. This type of access

control is useful for financial or personnel records, where a business might have only 2-5 employees

who access these files, software or websites.

 

FACT 2: BLACKLISTING

Blacklisting is advantageous in that it allows free and open access to any email, website, IP address or

software as long as it’s not a security risk. This is the concept that all web traffic is allowed, and certain

items are disallowed by name or circumstance (aka security risk).

 

Download a PDF of this fact sheet.

 

Still have questions, need help?

Contact us at our “Ask-an-Expert” service, web@thencss.org or visit us at the link below.

 

©2018 National Cybersecurity Society, All Rights Reserved

www.nationalcybersecuritysociety.org

 

JOIN THE NCSS

Become a member of The National Cybersecurity Society today and learn more about how to protect

your business from a cyber attack.

 

 

About The National Cybersecurity Society

The National Cybersecurity Society is a non-profit organization focused on providing cybersecurity

education, awareness and advocacy to small businesses. The NCSS provides cybersecurity education

tailored to the needs of the small business owner; helps small businesses assess their cybersecurity

risk; distributes threat information to business owners so that they will be more knowledgeable about

the threats facing their business; and provides advice on the type of services needed to stay safe online.

NCSS small.png

An IT vulnerability assessment is a process to identify weaknesses within your computer system

and infrastructure. A vulnerability assessment will rank and quantify the vulnerabilities found based

on security risk. Common types of vulnerabilities include flaws in software code, poor implementations,

and/or outdated software. Hackers look to exploit these weaknesses to gain access to your critical data.

Many security breaches occur because system patches were not kept up to date. Vulnerability

assessments scan the IT environment to identify unpatched software and unsecure configurations. A

hacker will use similar tools to identify the same weaknesses. A vulnerability assessment will allow you

to discover them, before they do.

 

FACT 1: TYPES OF SCANS

External scans – An external scan looks at your computer system or IP address from the outside to

determine what vulnerabilities are publically facing. This type of scan looks for holes in your network firewall(s)

and any open ports that can be used to “exfil” or steal data.

 

Internal scans – An internal scan looks internally at your computer system(s) to identify what patches or

unsecure configurations exist.

 

FACT 2: PRIORITIZING REMEDIATION

After the scans are complete, your security provider will provide a list of remediation activities based upon risk.
Vulnerabilities will be categorized as critical, high, medium or low, based upon the risk as defined by the

National Vulnerability Database (NVD) and the Common Vulnerabilities and Exposures (CVE). The National

Institute of Standards and Technology in partnership with the MITRE Corporation maintains the NVD and CVE

– and can be found at http://cve.mitre.org/cve/cve.htmlhttp://cve.mitre.org/cve/cve.html.  The website provides a

description of the weakness and resources to remediate the vulnerability. When remediating vulnerabilities,

correct the more severe vulnerabilities on your most valuable resources.

 


FACT 3: VULNERABILITY SCANNING TOOLS

There is several vulnerability scanning tools on the market – including many free scanning tools. Many are industry

leaders in the scanning business and can give your business the insights needed to correct any weaknesses found.

Vulnerability scans should be completed annually (some do so continuously), as new vulnerabilities are continually

identified. If an IT security vendor supports your business, ask the vendor the status of scanning and how the work

is prioritized against other clients. These vendors may remediate issues based upon their schedule, not yours, and

nor do they understand which assets are most critical for your business.

 

FACT 4: RESOURCES

There are several free scanning tools on the market – one option is OpenVAS. OpenVAS is a framework of free

services and tools of vulnerability scanning and vulnerability management solutions. The framework is part of the

Greenbone Networks’ commercial vulnerability management solution – visit www.openvas.org.  Another option is to

ensure your security provider is conducting scans of your infrastructure as part of the managed security services they

offer.

 

COMMON HACKS

 

HERE ARE SOME COMMON HACKS THAT EXPLOIT CYBER VULNERABILITIES:

 

  • WannaCry – exploited unpatched software
  • Equifax – exploited flaw in software code
  • Shellshock – injection vulnerabilities; exploits websites
  • Kermuri Water Company – exploited the company’s use of out of date software

 

Download a PDF of this fact sheet.

 

Still have questions, need help?

Contact us at our “Ask-an-Expert” service, web@thencss.org or visit us at the link below.

 

©2018 National Cybersecurity Society, All Rights Reserved

www.nationalcybersecuritysociety.org

 

JOIN THE NCSS

Become a member of The National Cybersecurity Society today and learn more about how to

protect your business from a cyber attack.

 

 

About The National Cybersecurity Society

The National Cybersecurity Society is a non-profit organization focused on providing cybersecurity

education, awareness and advocacy to small businesses. The NCSS provides cybersecurity

education tailored to the needs of the small business owner; helps small businesses assess their

cybersecurity risk; distributes threat information to business owners so that they will be more

knowledgeable about the threats facing their business; and provides advice on the type of services

needed to stay safe online.

Filter Article

By tag: