sheep bleating as communication -- importance of communication to ecommerce -- common problems and solutions

Posted by & filed under List Posts.

Understanding how to communicate effectively to online shoppers is a question that every ecommerce company must ask constantly and from many different perspectives. One way to look at ecommerce communication is in terms of problem-solving. Here are seven common mistakes, along with solutions: 

Mistake #1: Not communicating enough 

Solution: Understandably, the work of running an ecommerce business never ends, with marketing campaigns to run and orders to ship. Communicating with customers can end up low on the priority list. Taster’s Club founder Mack McConnell told Arianna O’Dell that he learned to communicate with customers soon after they placed an order – that human interaction was particularly critical at that point. 

Mistake #2: Limited channels 

Solution: Expand your toolset. Part of communication is about giving people different avenues through which to talk. Key ways that you can communicate in ecommerce that you probably already have adopted or have considered incorporating, as suggested by Ajeet Khurana in June in The Balance Small Business, are:

  • Email – For electronic commerce, electronic mail is essential. You want an email address as a point of contact for customers, along with a ticketing system that makes it possible to respond to numerous similar emails simultaneously.
  • Phone – When you think about having support people available by phone, many think it does not justify its resource consumption. However, phone personnel are valuable in answering questions through a channel that is most comfortable for some buyers.
  • Live chat – Many shoppers look for live chat so they can get questions answered immediately through your site. A wait time for live chat is generally acceptable to customers because they can keep using the computer as they wait. Like phone, live chat is resource-intensive, but it is still popular since customers often prefer it.
  • Blog – Blogging gives you a way to communicate with customers and potential customers through content that is put up periodically over time, refreshing the site’s language. Your blog will keep your site integrated with the present day (because even if you are writing evergreen content, you are inevitably using sources and topics that are more recent with each piece), and it also helps you share your thought leadership and search authority.
  • User-generated content (UGC) – While it is important for you to share knowledge and ideas with customers through your blog, it is also an excellent idea to build community by tapping their thoughts. People will be likelier to feel loyal toward your site if it allows them to submit their own comments, reviews, and other thoughts through forums and other channels, via text, image, and video.
  • Ads – Advertising is inevitably costlier than you want it to be. Think of your ads straightforwardly in terms of “staying on message” (with an eye consistently toward communication), even as you adjust and tweak to get the best possible response.
  • Product descriptions – Last but certainly not least, you want to think about how you are communicating through the ways you are describing your products. It is very important to your search-engine rankings that you change the default, stock text from the manufacturer to your own. Otherwise, it is not original content; Google, Bing, and other search engines gives significant weight to content originality. As an indication of why, the mission statement of Google states that the company intends “to organize the world’s information.” Google is in the business of information. If your site is not feeding it new information, in the form of new content, it will not appreciate your site as it does others.

Mistake #3: Failing to leverage social media 

Solution: Social media is another key form of communication that deserves its own attention. It can be confusing to determine the extent to which you want to invest time and resources in various platforms, but social media generally can give you a stronger community and greater brand awareness. It also gives you an environment in which to tell your story. To be clear, though, you aren’t just opining on social media but leveraging the opportunity to spark discussion. 

Four of the most common social media sites to connect with people today are Facebook, Instagram, Snapchat, and Twitter. While Facebook is broader in its focus, Instagram in known for images, Snapchat for short video, and Twitter for shortform versions of posts. You don’t have to stick to strict use of a platform only for a certain type of content, but you can build the same messages into various formats for use on each platform. Much of the choice of focus in social platforms will have to do with the users of it. Study your audience to determine where they are, how old they are, and other demographics. Using that data, find the social platform popular with those groups. 

Mistake #4: Neglecting to encourage feedback 

Solution: Collecting and analyzing customer feedback is key. The data and comments they provide give you valuable insight into how people perceive your brand and how customers are discovering you. McConnell also noted that gathering information from customers allows you to know what you need to fix. 

Mistake #5: Not considering storytelling 

Solution: There has been great discussion of storytelling as a marketing tactic, as a way to get the engagement you need to keep people on your site and returning for more. When you tell a story about your brand, you are able to get across information about your product within an image you are controlling.

There are many ways for storytelling to become part of your communication. You can use TV or radio ads if you have the money for that. Storytelling can also be used within your blog. Whether you are centered on storytelling or more specifically on information sharing, your blog is a good place to express knowledge and create intimacy.

To integrate storytelling, use these tips from Thibult Herpin in E-Commerce Nation:

  • Convey a positive image. Inspire people and get them excited by showing them testimonials or otherwise showing your products in a pleasant light.
  • Be accessible. Use a story and protagonist to which your prospects can relate.
  • Be emotionally charged. Help build interest in your story by using language that will stimulate emotional response from your customers.
  • Get granular. You can help people see the world of your story with details. Be careful as you get granular, because you want your information to be helpful and not overwhelming.

Storytelling as it is often explained, with the creation of character and setting, is not necessary for or appealing to all companies but is certainly interesting to explore related to content.

Mistake #6: Boring standardized emails 

Solution: Order confirmations, delivery information, shipping status, and other transactional messages do not have to use the same sleep-inducing text that is built in as default by the ecommerce platform, advised Richard Stubbings in PracticalEcommerce. You can customize the language to better engage with your customers. Point out your return policy details and steps they can take to solve problems. Give them tracking information, the way that delivery occurs, and consider tying in loyalty promotions or other discounts. 

Mistake #7: Uninspired 404 error pages 

Solution: Typically when you get to a 404 error page (also called a 404 Not Found), it simply tells you that you have reached the server but it could not find what was requested. A/B testing company Crazy Egg noted that optimized 404 pages should explain what went wrong, speak plainly or humorously, give them paths to stay on the site (such as a link to the homepage and a search bar), and should maintain the same design theme as the rest of your site. There is another way to go after the 404 issue, and that is by fixing broken links. Check for missing media and articles once monthly.

Mistake #8: Empty search pages

Solution: When you offer a way to search your site, you are also opening yourself up the possibility of sending your customers to dead ends – search results with “no results found.” Instead of accepting those dead ones, change that page so that you link to the categories to which the product belongs and/or recommend similar products as alternatives so that they can keep browsing.

Mistake #9: Standard abandoned cart emails

Solution: It is a good idea to seriously consider your abandoned cart messages and whether you believe in sending them, as indicated by Stubbings, who argued against them. If you keep sending them, measure the conversion rate from them so you know if they’re working. Also, be certain that the site did not turn down the order and the customer did, in fact, leave behind their cart. The worst-case scenario is if a shopper tries to buy from you and gets denied because their payment doesn’t work or you don’t mail to their location. If that person gets an email that says they can get a discount to purchase the same item, they would be frustrated if they again were blocked from purchasing.

Mistake #10: Complex unsubscribe process

Solution: Whenever you sent out a marketing email, make sure there is a clear unsubscribe link. If someone is thinking about leaving and finds the process easy, they may sign up again for the list. Difficult unsubscribe processes might have the following characteristics:

  • When you click the Unsubscribe link, you hit a 404 error message.
  • When you get to the Unsubscribe page, you have to enter your email address – in some cases a second time for verification.
  • When you get to the confirmation page, it tells you that you will get an email to finish the process or that it will take effect in 7-10 days.

You do not need to slow people down when they want to exit, and it is not in your best interests. “Be as graceful as possible,” said Stubbings.

Mistake #11: Failing to focus on infrastructure

Solution: Are you wanting to communicate effectively for the strongest possible ecommerce growth? One way that you communicate is through the performance of your site. By using a powerful infrastructure to back it, you save your customers and prospects valuable time by more quickly serving them everything they request.

At Total Server Solutions, our infrastructure is so comprehensive and robust that many other top-tier providers rely on our network to keep them up and running. See our high-performance web hosting for e-commerce.

cloud computing spending 2018, along with types and beneifts

Posted by & filed under List Posts.

An analysis that was released in January found that public cloud spending would exceed $160 billion in 2018, and by 2021, would almost double. The United States was allotting more money to cloud than any other nation, with China expected to shift into the number-two slot – moving past the United Kingdom, Germany, and Japan – by 2021.

The report, which was released by the International Data Corporation (IDC), found that the amount spent on cloud was rising at 23.2% in 2018 vs. 2017, achieving $160 billion. It then was expected to continue to grow at a slightly less breakneck pace of 21.9% through 2021 – hitting $277 billion at that point.

Discrete manufacturing was projected to spend more on cloud that any other economic segment, spending $19.7 billion on it. Directly below discrete manufacturing were professional services at $18 billion and banking at $16.7 billion. Below that were process manufacturing and retail, which will both spend over $10 billion.

To better understand growth of the cloud, we can look at it through a series of questions:

  • What is cloud computing, and why is it used?
  • What are the three primary types of cloud?
  • What is the history of cloud?
  • What other research suggests fast cloud growth?
  • What are the primary benefits of cloud?

What is cloud computing, and why is it used?

Cloud computing is a technology described by Merriam-Webster as meeting two chief specifications – it allows data to be accessed over the internet, and it stores the data on multiple servers. Through cloud service providers (CSPs), firms can lease access to storage and applications instead of having to run their own data centers or infrastructure.

One reason many organizations say that they use cloud is because they do not have to spend as much initially. Companies also like that they do not have to worry about the challenge of purchasing and upkeep for their own IT equipment and facilities. They can instead pay for whatever they need through third parties. Meanwhile, CSPs are able to achieve substantial economies of scales by providing many different customers with the same services.

What are the three primary types of cloud?

The basic types of cloud are infrastructure-as-a-service (IaaS), platform-as-a-service (PaaS), and software-as-a-service (SaaS).

IaaS, also called cloud hosting, is an arrangement in which the vendor creates and supports hardware that they configure and virtualize, allowing for their customers to deploy computing resources or virtual servers but not having to invest in physical machines or handle all the challenges of managing servers. IaaS generally includes the servers, storage, networking, and virtualization. Aspects of cloud servers that customers may have to handle include applications, databases, security features (although cloud may be housed in an SSAE 16 audited facility), and the operating system.

Platform-as-a-service allows developers to move away from operating system updates, applying security patches, and other hardware-related tasks to focusing on coding, testing, and releasing apps. Tools for version control systems, monitoring, and traffic splitting are often tied into platforms, along with application programming interfaces (APIs).

Software-as-a-service allows users to access an application that is provided by a host via the internet. Dropbox and Salesforce are examples of prominent SaaS applications. SaaS allows users not to have to worry about backing up the systems, updating them, supporting them, or development of the code.

What is the history of cloud?

Not everyone sees the origination of cloud computing the same. Some say that cloud computing goes back to the 1960s and JCR Licklider, who suggested the idea of an “intergalactic computer network.” In 1969, Licklider enabled development of the Advanced Research Projects Agency Network (ARPANET). He wanted people throughout the world to be able to access whatever data and applications were running at any location from any other place.

Other people say that the person responsible for cloud is John McCarthy, who suggested that you could have a public utility model for computation.

Cloud had developed via several lines, most recently via Web 2.0. Cloud has not been a mass-delivered product until recently, because significant bandwidth only started to become possible through the internet in the 1990s.

What other research suggests fast cloud growth?

The finding in the introduction is just one indicator that cloud is on the rise, in various ways. For example, another finding from IDC is that more than one-third of IT spending was currently going toward cloud. With increasing amounts of money going toward public cloud and to private clouds built on-premises, the amount spent on traditional on-premise computing is dropping.

Per Gartner, half of the worldwide companies that have adopted cloud will be shifting 100% of their systems to cloud by 2021. This growth is fueled by an expanding need for management, security, application, and infrastructure services through outside parties. In 2018, worldwide spending on cloud will hit $260 billion, rising from $219.6 billion in 2017. This rate of growth is higher than previous analyst forecasts.

What are the primary benefits of cloud?

There are numerous ways in which companies benefit from cloud adoption:

The cloud enhances collaboration. There are frequent requests for additional cloud systems at 79% of organizations, per the Cloud Security Alliance, with file sharing environments being one of the top solutions of interest. Collaboration is a central characteristic of cloud, since you can access from any location and edit so that updates are applied centrally.

The cloud has strong security. While organizations used to shy away from the cloud for its security, today it is seen as an asset. Facility access is highly controlled, and hardware monitoring is continual. In fact, cloud has been promoted as more secure than on-site infrastructure due to the strong focus on security best practices at these firms. “Very experienced staff maintain these infrastructures, processes are tight and there are many eyes on these systems at all times,” noted Zach Lanich.

Cloud improves agility. You are able to better predict time-to-market with cloud, with less full-time equivalent (FTE) because IT projects are shortened by being able to get your resources on-demand. You will have greater agility, leading to a stronger competitive stance since you are able to product results more quickly and inexpensively. One industry observer noted that he saw the use of cloud for a data analytics project allow a steep drop in cost and significantly better time-to-market, with a drop in delivery time from 4 months to 3 weeks.

Cloud does not need as much capital. One of the main struggles that startups have from the beginning is being able to pay their staff and succeed with their business model. It can be very expensive to fund servers if you are buying them. Cloud is a way to avoid those big costs of a server that you purchase. You just pay for your storage and processing needs each month. Plus, the systems are updated automatically since the cloud provider is in charge of all updates. There is no need to pay for equipment upgrades. You get the service you need without the hassle.

A strong cloud partnership

Cloud spending is increasing for all the reasons described above. Do you want to take advantage of cloud for your organization? At Total Server Solutions, with our SolidFire-SSD-based SAN storage, we are able to provide IOPS levels that are unmatched by virtually any other cloud hosting provider. We do it right.

DDoS history -- distributed denial of service attacks

Posted by & filed under List Posts.

With the rise of the Internet of Things (IoT), experts have warned that it is incredibly vulnerable from a security perspective – and it has been exploited by DDoS attackers. In September-October 2016, nearly 50,000 connected devices, spread out across 164 nations, were used to achieve traffic as high as 280 Gbps. The attack sent traffic into networks of targets primarily sent from digital video cameras. Following that attack, security journalist Brian Krebs was hit with a massive assault – followed by one that achieved a whopping 620 Gbps on DynDNS. The DNS firm had to protect its infrastructure against a packet rate that got up to 100 Mbps – a real-time issue that caused was a bigger problem for them than was the peak bandwidth.

How did we get here?

Three markers of the rise of DDoS

In three key ways, DDoS has expanded over time:

  1. Increasing degree of sophistication – While SYN floods used to be leveraged for DDoS attacks, today is about intricate attacks that go after services, infrastructure (VPS, firewall, etc.), software, and bandwidth (called multi-vector attacks). Multi-vector attacks required skill initially; however, as cybercrime advanced, it became possible for anyone to launch these attacks.
  2. Increasing frequency – Today, anyone can perform a huge DDoS attack as DDoS has been weaponized. The rate of occurrence of attacks has grown, as has the occurrence of huge attacks. Reports from the first quarter of 2018 showed that DDoS attacks were growing in frequency (as well as in length and size).
  3. Increasing volume – The size of DDoS attacks became larger with the incorporation of IoT botnets and use of new innovations such as reflection and amplification. Because of these factors, the attacks of recent years are much larger than the ones that were sustained by ISPs in the late 90s.

Timeline of DDoS development

We can get a better sense of DDoS evolution by looking at a timeline of major events related to these attacks – which takes us back to the early 1970s:

1973 – It is difficult to determine the exact date of the first denial of service (DoS) attack, but Robert Lemos suggested in eWeek that the initial one may have occurred in 1973 (according to an unverified story told by David Dennis, adjusted to account for a probably mistake that he made in the year). The attack was said to have occurred on the Programmed Logic for Automatic Teaching Operations (PLATO) system at the University of Illinois at Urbana-Champaign (UIUC), which was used for instruction and as an online community (a precursor to the Internet). Dennis claims to have caused it as a 13-year-old high school student, when he wrote a program and deployed it to users of PLATO, causing many of them to have to restart simultaneously. He claimed to subsequently use this same technique on several networks locally and nationally, and that he was successful until the ext command was changed.

1995 – Manual DoS protest attacks were conducted by activists in the late 1990s. These activists started to think of the Internet as a place that could be used as a form of protest, through access prevention. The Strano Network was one of the first groups to engage in this activity.

1998 – This year was when the distributed denial of service (DDoS) emerged (although it would not become widely notorious until 2000). Floodnet was a tool that could be downloaded and run on the computers of users. It was created by another group of activists called the Electronic Disturbance Theater (EDT). The tool would then start going after various sites, following a list supplied by the EDT. This same year, cybercriminals started using simple but effective Smurf attacks, which leveraged the Internet Control Message Protocol (ICMP) to prompt other servers to ping a target. These attacks were the first prominent instance of reflection/amplification attacks.

1999 – The Trinoo bot, made up of 227 infected Solaris servers, was used to attack the University of Minnesota.

2000 – The first DDoS attack to get significant press occurred when Mafiaboy, a 15-year-old Canadian boy, brought down various major corporations, including Amazon, eBay, Yahoo!, and Dell. The Computer Emergency Response Team (CERT) Coordination Center also noted that there would be more DDoS attacks that amplified bandwidth by using the domain name system (DNS).

2003 – Worms had become ever more problematic for system administrators in the beginning of the century. The 376-byte MS SQL Slammer worm, the first flash worm, was let loose in 2003. This worm’s speed was unprecedented: it doubled the number of infected systems every 8.5 seconds, and overloading network bandwidth in just 3 minutes.

2005 – 8 Gbps was the largest amount of DDoS traffic that was reported by any respondent in the annual Worldwide Infrastructure Security Report (WISR) from Arbor Networks. (Compare to today’s figures below.)

2007 – A statue was moved in Estonia that honored World War II Soviet soldiers who fought against Nazi Germany. Diplomatic issues arose between the two states because of this decision, and Estonia suffered repeated DDoS attacks.

2008 – Anonymous started a series of actions, including against the Church of Scientology, in which they defaced sites or hit them with DDoS attacks.

2011 – Sony fell victim to a massive DDoS attack. This attack seemed to have been used as a distraction as the thieves stole PlayStation Network customer records.

2013 – At 300 Gbps, the most massive DDoS of all time was measured. This attack hit Spamhaus because the organization had named the hosts of botnets, spam networks, and cybercrime outfits, as well as blacklisting them.

2014 – On Christmas Day, Xbox Live and the PlayStation Network were hit with a DDoS attack, with Lizard Squad taking credit for it.

2016 – Politically motivated DDoS attacks were central to this year. The US Department of Defense was pummeled with a barrage of spam in late January. The Russian military was similarly hit with a DDoS attack in March. The Reaper (IoTroop or IoT_reaper), a botnet built by North Korea, continued to become more powerful. Qihoo 360, a Chinese web security company, reported that The Reaper had enslaved 10,000 devices, all of which were interacting with the cybercriminals’ servers regularly. The botnet had millions of IoT devices that it could potentially add via an automatic loader. There was an attack of 500 Gbps that lasted throughout the Olympics in August. As DDoS took center stage with Mirai, an attack that peaked at 620 Gbps was carried out by an IoT botnet against Brian Krebs.

2018 – Memcached was used to attack Github. In this event, there was a disruption of approximately 10 minutes. Per the engineering department at Github, 1.35 Tbps of traffic was targeted at the collaborative-software service. The Memcached protocol was subsequently shown to enable amplification through web-connected servers by a factor of as much as 51,000. Through this protocol, it was able to wage a simple attack and then amplify it, slamming a network with much more sizable packets.  There was a major blow to criminal DDoS efforts when Webstresser was shut down by authorities of the Netherlands, the UK, and the US. The organization’s leadership was arrested. Webstresser is credited with causing 4-6 million DDoS attacks between 2015 and 2018. It caused that much havoc by offering DDoS-for-hire services.


Denial-of-service attacks have certainly come a long way since they were first deployed in the early 1970s, morphing into ever-more-sophisticated distributed-denial-of-service (DDoS) events. As DDoS attacks have become larger and more expensive, the importance of working with experts on your defense has skyrocketed. Safeguard your site against the hassle and expense of a DDoS attack.

Best practices for ecommerce success -- gear representing putting best practices to work for your business

Posted by & filed under List Posts.

More than half of Americas (51%) now prefer online to in-person shopping. Since people are buying increasingly online, the competition in the market is also tightening. Implementing best practices is increasingly important if you want your business to perform well and continue to grow at a steady rate in the years ahead.

Best practices for ecommerce include the following:

#1. Establish your key performance indicators (KPI).

Strategizing through a formal plan helps guide your forward motion and embed decisions in larger purpose. All that you perform should be in pursuit of tangible goals. While that is the case, noted an Econsultancy report, ecommerce outfits do not always clearly define their objectives. If your ecommerce company does not have an up-to-date ecommerce plan, then optimizing the way you conduct online business could require you to first “work with rest of the business to come up with the framework into which ecommerce activity can fit,” said the report.

KPI, quantifiable performance metrics, must be determined during this process. As you conduct an overview of what your goals might be and how your KPI assessment might proceed, you want to consider potential for updating the way you operate. Assessing KPI data is about checking how simple it is to complete tasks effectively. In order to improve your ecommerce capabilities, you may need to modify your site and the systems that back it in diverse ways.

As you think about changes, noted the report, consider control in who can actually take the necessary steps. It is necessary to assess which of your personnel – product managers, merchandise managers, etc. – have access to the site and can make edits. Similarly, you want your user experience (UX) staff to be able to test quickly and effectively, without running into access issues.

To be clear, access controls are key to security and compliance. PCI compliance requires the formal adoption of access and data control policies and procedures, as indicated by the Stanford University PCI Policy. However, ensuring the removal of obstructions to your ability to improve the site should be carefully considered.

#2. Get rid of clutter.

You will convert more visitors to your site if you make your design as simple as possible. When you look at the homepage, it should be clear where people’s attention is being directed. A person’s eyes should be moving toward either a product you sell or a call-to-action (CTA) button. When the page is cluttered, there is a less straightforward movement through a CTA.

Clutter is an incredibly common issue with ecommerce sites, according to Neil Patel of QuickSprout. Patel cited statistics that it took users more than 3 seconds to locate the CTAs on more than half of ecommerce sites (53%).

Removing clutter is a reminder that you want people who come to your site to buy from you. Cleaning up the sight eases their task of making a purchase. It also could minimize support requests.

#3. Polish your about page.

Many people will look at your about page. Often shoppers will decide if they want to order from you based on how they feel about that page. Statistics cited by web developer Thomas G. Bennett suggest more than half of visitors will see the page (52%). The visibility of the page is also clear in the success story from WordStream Blog: when the publication upgraded its about page, it saw a 13% rise in conversions.

Bennett suggested the following ways to improve this critical page:

  • Rather than thinking about this page describing you, think about it describing you solving customer problems.
  • Give the visitor a sense of your organization’s personality, but do not get so loose with the page that it becomes unprofessional.
  • Write a short snippet about your complete company. Discuss how you were prompted to start the store, if applicable. Talk about why you wanted to be your own boss. Talk about why the business is important.
  • Consider including reviews and testimonials. Reviews and testimonials will help visitors vicariously understand the experience of a satisfied customer. These statements are great because they establish your products working without you having to promote them.
  • Differentiate yourself. If your organization provides free consulting or monthly informational PDFs to your customers, let people know. Differentiate yourself and describe that difference.
  • Show imagery. You can feature a photograph of your staff together – or individual shots of employees to pair with quick bios.
  • End with a CTA. The way you describe yourself on the about page and position yourself as your customer’s problem-solver will make them likelier to want to make a purchase. Leverage that opportunity with a call-to-action.

#4. Get fast web hosting.

In many contexts, the desire for speed is reduced naturally by the desire for quality; for instance, we don’t expect fine dining to be delivered in 5 seconds, whereas we may be frustrated if a vending machine does not dispense in that window because the product is low-quality. In the context of the internet, on the other hand, speed is simply a bottom-line factor that will impact your success. A fast site leads to more sales.

In fact, the impact of speed has been clear for 10 years. Even back then, an Aberdeen Group report (no longer online but available via email here) found, “A 1-second delay in page load time equals 11% fewer page views, a 16% decrease in customer satisfaction, and 7% loss in conversions.”

It is noteworthy that Patel, a marketer, lists web hosting performance – quality of infrastructure – as a core ecommerce best practice. However, speed is a broad issue. While web hosting will solve many performance issues, ecommerce firms should be aware that downtime and slowness of a site are often not caused by the host. Almost all situations in which there is a performance issue on a site arises out of a member of your staff “blindly troubleshooting,” per Aberdeen’s Ryan Arsenault. A 2015 Aberdeen analysis looking at challenges for business web performance determined that nearly half of companies (46%) did not have web app performance monitoring tools implemented, while 1 in 5 (21%) did not have web performance monitors in place.

#5. Optimize for mobile.

In today’s environment, you need to specifically assess mcommerce – with a specific plan related to building that part of your business. Strengthening mobile seems obvious when you consider that close to two-thirds (62%) of traffic through ecommerce sites is via mobile.

Notably, mobile might be used for research, while the order is placed by the user through desktop. This jumping from one device to another by users is part of the basis of cross-device targeting. Nonetheless, a large portion of online shopping is now through mcommerce: overall in 2017, mobile device purchases accounted for $18 billion of the $78.6 billion that went toward online retail. Furthermore, more than half of people (57%) said that they do not recommend an ecommerce store if its mobile site is poorly designed.

#6. Have high-quality support that is easy to reach.

Support is absolutely key to online differentiation. Some shoppers will inevitably run into challenges when they try to order from you. When someone is trying to solve a straightforward issue, whether it’s prior to sale (such as finding an item) or after (such as troubleshooting a product you sent them), fast resolution will create greater immediate and long-term sales.

Your high-performance ecommerce solution

While more people are shifting to making their purchases online, ecommerce is no less challenging – particularly as competition continues to build. Fundamental to ecommerce success is building best practices into the way you do business. One best practice is to improve your performance through infrastructure. At Total Server Solutions, our hosting plans can accommodate everything from small, static sites all the way up to large enterprises. See our high-performance web hosting for ecommerce.

Posted by & filed under List Posts.

Inc. Magazine Unveils Its 37th Annual List of
America’s Fastest-Growing Private Companies—the Inc. 5000

For the 2nd Time, Total Server Solutions Appears on the Inc. 5000,

Ranking No. 2919 With Three-Year Revenue Growth of 140 Percent


NEW YORK, August 15, 2018Inc. magazine today revealed that Total Server Solutions is No. 2919 on its 37th annual Inc. 5000, the most prestigious ranking of the nation’s fastest-growing private companies. The list represents a unique look at the most successful companies within the American economy’s most dynamic segment—its independent small businesses. Microsoft, Dell, Domino’s Pizza, Pandora, Timberland, LinkedIn, Yelp, Zillow, and many other well-known names gained their first national exposure as honorees on the Inc. 5000.

TSS’ has a true team of talented individuals who are dedicated to customer success. Our second year in a row being named on the Inc. 5000 list is a testament to just that.” said Gary Simat, Chief Executive Officer of Total Server Solutions. “As we are just on the heels of our recent acquisition of Zerolag Communications, TSS has solidified itself as a leader in managed infrastructure as a service, servicing workloads across any platform, on any provider.  We have been realizing amazing and consistent year over year growth in revenue, client count, and talent on staff; it truly is an exciting time at TSS.”

Not only have the companies on the 2018 Inc. 5000 (which are listed online at, with the top 500 companies featured in the September issue of Inc., available on newsstands August 15) been very competitive within their markets, but the list as a whole shows staggering growth compared with prior lists. The 2018 Inc. 5000 achieved an astounding three-year average growth of 538.2 percent, and a median rate of 171.8 percent. The Inc. 5000’s aggregate revenue was $206.1 billion in 2017, accounting for 664,095 jobs over the past three years.

Complete results of the Inc. 5000, including company profiles and an interactive database that can be sorted by industry, region, and other criteria, can be found at

“If your company is on the Inc. 5000, it’s unparalleled recognition of your years of hard work and sacrifice,” says Inc. editor in chief James Ledbetter. “The lines of business may come and go, or come and stay. What doesn’t change is the way entrepreneurs create and accelerate the forces that shape our lives.”

The annual Inc. 5000 event honoring the companies on the list will be held October 17 to 19, 2018, at the JW Marriott San Antonio Hill Country Resort, in San Antonio, Texas. As always, speakers include some of the greatest innovators and business leaders of our generation.

Total Server Solutions provides managed services, high performance infrastructure and custom solutions to individuals and businesses in a range of industries. Their customers range from financial institutions, to advertising platform operators, to hosting providers, to telecom companies. Total Server Solutions is also trusted by educational institutions and government agencies to keep their data on-line and available.


Gary Simat
Total Server Solutions
+1(855)227-1939 Ext 649

Tucker Kroll
Total Server Solutions


More about Inc. and the Inc. 5000

The 2018 Inc. 5000 is ranked according to percentage revenue growth when comparing 2014 and 2018. To qualify, companies must have been founded and generating revenue by March 31, 2014. They had to be U.S.-based, privately held, for profit, and independent—not subsidiaries or divisions of other companies—as of December 31, 2017. (Since then, a number of companies on the list have gone public or been acquired.) The minimum revenue required for 2014 is $100,000; the minimum for 2017 is $2 million. As always, Inc. reserves the right to decline applicants for subjective reasons. Companies on the Inc. 500 are featured in Inc.’s September issue. They represent the top tier of the Inc. 5000, which can be found at

About Inc. Media
Founded in 1979 and acquired in 2005 by Mansueto Ventures, Inc. is the only major brand dedicated exclusively to owners and managers of growing private companies, with the aim to deliver real solutions for today’s innovative company builders. Inc. took home the National Magazine Award for General Excellence in both 2014 and 2012. The total monthly audience reach for the brand has been growing significantly, from 2,000,000 in 2010 to more than 18,000,000 today.  For more information, visit

The Inc. 5000 is a list of the fastest-growing private companies in the nation. Started in 1982, this prestigious list has become the hallmark of entrepreneurial success. The Inc. 5000 Conference & Awards Ceremony is an annual event that celebrates the remarkable achievements of these companies. The event also offers informative workshops, celebrated keynote speakers, and evening functions.

For more information on Inc. and the Inc. 5000 Conference, visit

For more information contact:
Inc. Media
Drew Kerr

Ecommerce ethics attempt to describe fair and just behavior by online merchants. (Yellow ethics sign)

Posted by & filed under List Posts.

A Tesla investor sued Elon Musk in early August, saying that they believed his claim on Twitter that he had funding solidified to turn the publicly traded company private was fraudulent. This story is still in development and certainly Musk has not (at least at this point) been found guilty of any wrongdoing. The investor, who is not suing related to ethics but purported crime, is hoping to recover financially (asking other short-sellers to join a class-action): Musk’s tweet is potential fraud that hurt their portfolios. However, it also represents an ethical issue since deceiving people would not be considered acceptable ethical behavior within common mainstream understanding.

With the rise of the Internet, business has become truly global. Since people across the planet want the marketplace to be as fair as possible, there is worldwide concern with the specific business area of ecommerce ethics. For instance, it is addressed by ethical design consultant Tina Farber in German magazine Smashing Magazine as a basis with which to conduct design work. Thousands of miles away, Professor Pathik Variya of India’s Dharmsinh Desai University listed ethical obligations of ecommerce firms. You certainly see significant overlap in the discussion of ethics for online business.

This article explores some of the core ethical issues related to ecommerce. First, though, it grounds discussion to talk directly about what ethics and business ethics are.

What exactly are ethics?

The definition for ethics from the Markkula Center for Applied Ethics is perhaps particularly interesting since it comes from a Silicon Valley based institution, Santa Clara University. The center’s definition is twofold. For one, it describes ethics as “well-founded standards of right and wrong that prescribe what humans ought to do, usually in terms of rights, obligations, benefits to society, fairness, or specific virtues.”

Secondly, the center adds that ethics refers to the study and development of ethical principles. To take on both of those meanings of ethics at your organization, you could espouse ethical principles in the way you operate, as well as commit to further improving your ethical framework and practices as you proceed.

Ethics can be followed and applied personally or organizationally, internally and externally. Business ethics may initially sound as if they are solely the concern of industry, but that is not the case, as indicated in the Stanford Encyclopedia of Philosophy (run by the school’s Metaphysics Research Lab) by business ethics specialist and Bentley University professor Jeffrey Moriarty. As Moriarty noted, business ethics are something with which we should all be concerned since everyone does business at least to the extent that we purchase items on a daily or near-daily basis. Moriarty also commented that many of us additionally spend hours daily and throughout our lives focused on producing within a business context. The actions of businesses help to determine the nature of our culture, both for good and for bad, he concluded.

Core ethical issue #1 – security

To get into specific concerns, security is one issue that is mentioned often in discussion of business ethics. After all, security is not just about meeting Payment Card Industry Data Security Standard (PCI DSS) compliance but meeting ethical expectations that define fair and forthright business interactions.

An analysis on focused its discussion of security ethics on an increasingly key issue: protecting your information systems from insider threats. That point of focus makes sense given the numbers. In healthcare, 58% of breaches are now caused by the insider, according to a 2018 Verizon study. Throughout industry, a 2015 analysis from Intel found that the insider was responsible for 43% of data breaches. Some statistics are even higher than these already high numbers. For example, cited statistics finding that human error accounted for 80% of data breaches. Regardless the specific figures, it is certainly true, as Chris Duckett said in ZDNet, that “[y]our biggest threat is inside your organisation [sic] and probably didn’t mean it.”

Since error is so prevalent, it should be addressed through robust and regular training – which is a best practice for infosecurity anyway. Routine risk assessments (both comprehensive ones and ones that target systems you are evaluating for adoption) are also critical for breach prevention.

Core ethical issue #2 – Accuracy in descriptions and marketing

Another key ethical notion is that ecommerce companies should be straightforward in their descriptions of products through all communications – advertising, product pages, the blog, social media, and any other settings. (This aspect of ethics was central to the Musk lawsuit described above.)

Delivering on the promise, that what a person gets in the end is what they thought they were getting from the start, runs contrary to the ethical issues of bait-and-switch sales and deceptive advertising. In ecommerce, in contrast to traditional brick-and-mortar retail, the customer is unable to directly see or touch a product prior to purchasing it. Online, they are able to see products within videos and photos; however, that image undoubtedly presents the items in as near-perfect conditions as possible. This aspect of the images being so close to perfection on an ecommerce site is interesting in that what the shopper sees is not the product that gets purchased. Instead, it is a picture of another copy of the product.

It is easy to make mistakes with product descriptions. However, ethics require care that what the customer is actually getting is aligned with how it is presented online.

Core ethical issue #3 – Surveillance capitalism

A core issue of design ethics will be uncomfortable for many but is worthy of consideration given the amount of data flowing through ecommerce platforms: surveillance capitalism. This issue, brought up by Falber, arises when you consider your reasons for gathering and analyzing your user data. Falber cited ethical designer Aral Balkan, who offered a disturbing analogy. Balkan noted that Facebook using data to improve its platform is similar to a cow getting a massage in order to make Kobe beef – because those massages are “not for the benefit of the cow but to make the cow a better product.” He concludes his point, “In this analogy, you are the cow.”

Falber expanded Balkan’s thought by noting that data collection and analysis is problematic when its real aim is financial gain. People could debate Facebook’s side in this matter, but the issue of surveillance capitalism is certainly discussed in ethical circles related to web design and development.

Core ethical issue #4 – Moral agency

The notion of corporate moral agency is used by some thinkers to describe business ethics. Through this framework, any individual engaged in business is a moral agent – just as the collective of people working for a certain firm make up corporate moral agency. There is disagreement over whether a company should itself be considered a moral agent as well (beyond thinking of morality in terms of the staff as a group).

While it may not be easy to think in terms of moral agency, it can help develop a deeper understanding for ethics as a systemic value and as something to improve both individually and collectively.

Ecommerce based on key standards

Clearly, following ethics is important in how business is conducted. While we expect ethical behavior from those with whom we do business, we do not always get it; to protect ourselves, we seek proof that organizations follow established standards. One of the most credible ways for any service provider to demonstrate how strong its systems are from a security and control perspective is the Statement on Standards for Attestation Engagements 16 (SSAE 16) from the American Institute of Certified Public Accountants (AICPA). See our SSAE-16 and PCI-compliant ecommerce solutions.

Figuring out your cloud ROI will help you make better decisions. Money cloud in the sky.

Posted by & filed under List Posts.

As the saying goes, “You have to spend money to make money.” However, we all know that how you spend money will be a major factor in determining your success. By measuring the return on investment (ROI) of a certain expense, an organization can decide whether it is a wise choice moving forward or not.

Cloud computing is a great example of a key IT area for running the ROI formula. Increasingly cloud systems are replacing on-premise ones. Were those decisions the right ones? If you think so, you can prove it with ROI, giving you strong evidence that you are moving your company in the right direction.

This article looks at how many companies do NOT measure cloud ROI; thoughts on agility and the breakeven point from David S. Linthicum; and 5 obstacles to strong cloud ROI.

Poll: 1 in 3 firms do not measure cloud ROI

If you are not yet checking your ROI systematically, you are certainly not alone. There is obviously not a consensus that performing this calculation is a high priority. Almost one-third of organizations do not determine cloud ROI, according to an international survey from the Information Systems Audit and Control Association (ISACA). The ISACA poll of chief information officers found that 68% of firms calculated cloud ROI. ISACA noted that the 32% of companies that were not calculating ROI were able to justify their use of the technology on other grounds: transitioning from capital to operating expenses (CAPEX to OPEX), improved agility, etc.

Organizations that did calculate ROI typically used a 1-5-year timeframe for measurement. Most used a hybrid method that included both perceived quantitative and qualitative factors. The most common elements included in the hybrid model were business impact (time to market, penetration, agility, etc.), time savings, cost of transition, and staffing changes, along with capital and operating expenses.

The survey also found that companies that do come up with ROI numbers often only do it once, which misses the benefit of being able to check your expectations against results. When you look at that population that is calculating ROI, only 52% do so before and after cloud deployment, while 43% only check before and 6% only after the transition.

While 32% may seem low, the figure is rising over time, according to ISACA research director Ed Moyle. Indeed, see this InformationWeek poll of 339 organizations from 2014, showing the level at 20%. Moyle added, “If ROI is not calculated in advance of implementation, it becomes difficult to validate or refute the expected value.” To extend that thought, the validation or refutation could then occur with the second check of ROI following implementation.

An agility-based ROI model

Deloitte chief cloud strategy officer David S. Linthicum explained that this poll demonstrated using agility as the central component of an ROI model now makes more sense. Linthicum has been arguing for moving away from capital and operational cost reduction to an agility-based model since 2011. Linthicum noted that he thinks we are beginning a shift in the understanding of cloud from cost savings to agility – which he believes will lead to much greater disruption.

There are tools that you can use to determine the agility that is generated by cloud adoption. Factors including your business’s size, its level of innovation, and the vertical market all must be included to gauge your agility.

You can bring in your past metrics, and you can use the same algorithms for different environments. You could use an agility-based model to look at competitors, determining their cloud ROI.

While you can create comparative analyses, there is not much as far as cloud ROI public case studies go – so it is challenging to confirm that your numbers are solid. However, Linthicum noted that it is still a good idea to move forward with agility-centered ROI measurement since it will give you a much better sense of the true value the technology is bringing to your efforts.

Breakeven: 20% to 40% of workloads

It makes sense with a new technology to test the waters and wade in gradually. However, it is also important to realize that you will not see the ROI results that you want from cloud immediately.

While Linthicum talks a lot about the importance of agility, there are other key metrics that he believes are pivotal as well. One is commitment to the technology.

Organizations that dabble in cloud in small pieces over time will likely not see any advantage in using it, he noted. That’s because there are sunk costs (unrecoverable costs that have already occurred) related to cloud: integrating cloud systems into your management and monitoring platforms, addressing security concerns, recruiting new personnel, training, etc.

The real question is, when do your returns start to overcome the sunk costs? That is the breakeven point, after which cloud becomes increasingly beneficial since the bill is already partially paid. Linthicum noted that there is very little difference in cost between 500 to 2000 workloads. Once your sunk costs are returned, your operational costs will not rise significantly as you continue to add workloads. It is impossible to avoid the upfront cost to see the ROI benefits.

The breakeven point for an enterprise with 2000 workloads is usually about 400 to 800 workloads, in Linthicum’s experience. That is equivalent to 20% to 40% of all IT processes.

Keeping only small amounts of IT in cloud prohibits an organization from seeing its full benefit. In fact, when companies run the ROI on cloud that only represents a small portion of overall computing, they will often find that ROI is negative – i.e., it is not paying for itself.

Now, while it may make sense to commit a substantial portion of your IT to cloud, you do not want to necessarily move your entire infrastructure to cloud overnight, Linthicum stressed. However, it is clear that the faster you shift most of your systems from on-premise to public cloud, the faster you will see a positive ROI. You will not typically get a benefit from the cloud when you are only moving a small amount of workloads, but only farther along the path of increased adoption.

5 things that hurt cloud ROI

While cloud ROI benefits from increased adoption, it is not as simple as overcoming a breakeven point. Issues can also arise. Consultancy Cloud Technology Partners noted a few things that stand in the way of ROI. Here are those five obstacles:

  1. Culture – Some obstacles will be within your corporate culture. You have to reconceptualize the way the business runs in order to realize the potential of cloud.
  2. Politics – Often a political problem that arises with cloud is division over the extent to which it should be adopted, with conflict often between the data center chief and whoever is advocating for cloud.
  3. Expectations – Many organizations will start out thinking immediately in terms of hybrid cloud or complex systems within cloud management platforms (CMPs). Focus your efforts before expanding to larger and more complex projects.
  4. Execution – Managing the transition can be tricky. “Minimal viable cloud” is recommended by CTP. This strategy bundles together a small group of workloads, with operations, controls, and security applied to it. Then you can add additional small sets in the same manner.
  5. Technical difficulties – Dedicating yourself to the cloud will avoid technical issues, particularly when you want to integrate with your on-premise system. When you want to combine on-premise with cloud, it creates difficulty. Consider replacing legacy tools with ones based in cloud.

Realizing strong cloud ROI

We talk quite a bit about cloud as if it were one system, but of course, it is many — and all clouds are not created equal. To realize strong ROI, you need the fastest, most robust cloud platform in the industry. See our High Performance Cloud.

ROSI - the return on security investment. Fingerprint on keyboard - assessment of solutions

Posted by & filed under List Posts.

People often talk about security in terms of defenses and caution – an emergency system to prevent worse-case scenarios. However, thinking in terms of defense and prevention can distract us from a fundamental truth: security is powerful. It has an incredible amount of value to organizations across all sectors and markets. Establishing the ROI of security – the return on security investment (ROSI) – in a systematic way is worthwhile so that you know exactly how much you are getting back for what you spend on security environments, tools, and services (such as hosting in an SSAE-16-compliant data center).

What are return on investment (ROI) and return on security investment (ROSI)?

Entrepreneur defines ROI as “[a] profitability measure that evaluates the performance of a business by dividing net profit by net worth.” If your total assets are $1 million and your net profits are $250,000, your ROI is .25 or 25 percent. While that framework introduces how to calculate ROI, perhaps a simpler way to consider ROI is comparing the amount you get back to the amount you put in. A 100% ROI is the break-even point when the business or aspect of your business has at least made back the amount that you spent.

Establishing a strong ROI helps to make a good business case for further investment in something we all know is important given the current digital landscape: information security.

Metrics-driven ROSI approach

By using metrics to determine how effective various security tools are, organizations are able to consistently be assessing how well their overall defense system is functioning, understand the most pronounced threats they face, and reveal areas that might need replacement or additional safeguards.

Metrics help you better understand your systems, but they are also important because they help you sharpen the analysis behind your ROSI calculations so your investment proposals are stronger. Even though determining ROSI is valuable to organizations, fewer than 1 in 5 (17%) use this approach, per the NSS Labs 2017 Security Architecture Study.

Determining the ROSI and backing it with applicable metrics is becoming increasingly important, noted Vikram Phatak on security news site Dark Reading. Phatak said that not having the ROSI figures to back up their assessments could lead to situations in which security leaders have to report “that the cause of a data center breach was a result of ‘having had [italics his] a technology solution for the problem in the budget, but it got cut.'”

The basis for the ROSI formula

Here are risk assessment concepts that you can use to leverage your metrics and make your ROSI calculations. These concepts together make up the ROSI formula:

Annual loss expectancy (ALE) – The total amount you should expect to lose to security problems every year, ALE is a control figure that is used to show the amount of money that can be lost assuming no changes are made.

ALE = Annual Rate of Occurrence (ARO) * Single Loss Expectancy (SLE)

Annual rate of occurrence (ARO) – ARO gauges how likely it is for a security incident to happen during a year. You can look at your history to determine how many incidents occur in the average year.

Single loss expectancy (SLE) – This figure is the total amount of money that you expect to lose during one security event. Determining the SLE can become easier and more systematic if you have organized and valuated your data. This number should at least include your direct and indirect costs for a breach.

Modified annual loss expenctancy (mALE) – The mALE is identical to the annual loss expectancy except that you add the losses saved when you install a security measure. Your improvement should be expressed in the mitigation ratio, which is the percentage of threats that the security tool blocks.

Return on security investment (ROSI) formula – Using the above concepts, you create the ROSI formula. This formula takes into account the costs and risks of security events, along with how much it costs to put a security protection into place. When you talk about ROSI, you can discuss the technical manner in which the number was calculated. Here is the formula:

ROSI = (ALE * mitigation ratio – cost of solution) / cost of solution

ROSI example #1: warehouse robots

Risk represents costs. There are potential costs associated with a risk that are mitigated with security defenses. Information security to lower risk can be very expensive. Since that’s the case, risk analysis (indicated in the above concepts) will guide organizations in determining ROSI because it will reveal just what level of investment is needed in safeguards.

An example suggested by Norman Marks in information management publication CMSWire is the defenses for robots implemented in a warehouse. The information executives at the company collaborated with business decision-makers to determine the level of risk – chance of a risk and its potential impact. The business managers, as a round figure, estimated that the total cost of a breach would be about $10 million. The chief of information security (CISO) reported that he thought the current chance that a breach of that scope would occur was 5%.

The CISO wanted to spend $250,000 annually in order to get the risk of that $10 million event down to 2%. To measure ROSI, you are adjusting the ROI formula so that you are gauging the level of risk reduction (through the mitigation ratio) rather than the level of investment gain. By reducing the risk from 5% to 2%, that would mean a 3% improvement in risk. Turn that risk chance into a real number: a 3% reduction in the chance of a $10 million loss should be caulculated as 3% of that figure per year, which in this case would be $300,000. Since the idea is that you are putting in $250,000 per year of protections but are getting back $300,000 in reduced risk, your ROSI is 20%.

Additional analysis should occur to determine if the investment is sound, but that initial assessment looks positive.

ROSI example #2: UBA platform

Another example ROSI situation is described by Isaac Cohen in IDG’s CSO. In that example, a company is looking into a company-wide solution, a user behavior analytics (UBA) platform, to prevent breaches. The CIO of the company calculates that there have been 30 security incidents over the last 3 years – so 10 annually on average. In total costs related to fines, lost productivity, and lost data, each incident represents a cost of $20,000. The UBA is expected to be able to defend against 9 out of 10 current attacks. The cost of the UBA platform is $50,000 per year. The way you would calculate ROSI in this case would be as follows:

  • 10 incidents times $20,000 per incident = $200,000.
  • $200,000 times mitigation ratio of .9 = $180,000.
  • Subtract the $50,000 from that for the solution, and you get $130,000.
  • Now take $130,000 (your return) and divide it by what you spent, $50,000.
  • You get 2.6, equivalent to a 260% ROSI.

Strong security for your critical data

Implementing strong security is in part about finding the right partners. At Total Server Solutions, our SSAE-16 Type II audit is your assurance that we follow the best practices for keeping the data center up and running strong. See our security commitment.

Lock against code - WordPress security steps to take in 2018

Posted by & filed under List Posts.

Statistics garnered from analysis of tens of thousands of WordPress sites within the Alexa top 1 million suggest why hackers often choose WordPress to attack. Incredibly, the study from WP WhiteSecurity found that 70% of installations are vulnerable to hacking.

The researchers looked at the WordPress installation status and behavior of these WordPress sites in the four days following the release of WordPress 3.6.1 (replacing 3.6) on September 11, 2013. The researchers found that there were 74 different versions of the WordPress software being used. Four days following the release of WordPress 3.6.1, 30.95% of the websites (13,034 WordPress installations) were still running WP 3.6, which had known security flaws.

Five years later, many sites could still use help with security best practices. The below steps to harden WordPress in 2018 will discuss fast updating and other actions you can take to better protect your sensitive data.

Quickly update to new WP versions.

WordPress is open source, and it is frequently updated to patch security holes (as well as to fix bugs and add features). You typically do not need to worry about minor updates, because WordPress auto-installs them by default. However, when updates are classified as major versions, you will have to start the update process manually.

Beyond the core code, there are thousands of themes and plugins that you can attach to your site; these add-ons are developed by independent parties, and the most attractive ones are also updated regularly.

Updates are critical for your site’s security, as well as its stability. All components of your site should always reflect the most up-to-date version of the software.

Use a password manager, and strengthen your passwords.

If you know any of your passwords and have used them to log in to an account on another service, your password policy should be changed, noted Gerroald Barron of premium WP plugin firm iThemes. A strong password is long, unique (i.e., only used once), and randomly generated. If you are able to remember any of your passwords, they probably need to be strengthened. If you have a credible, well-maintained password manager, you can keep your account logins secure while also being able to choose random strings of characters (as you can do through Perfect Passwords).

A password manager can both generate passwords and securely store them via a browser extension. You then just need to know the master password for the password manager.

Utilize a web application firewall (WAF).  

Using a web application firewall will help stop unauthorized traffic prior to it accessing your site.

Switch your WP salts and keys routinely. 

Another important task brought up by Barron is regular replacement of salts and keys. WordPress stores data in your browser, as cookies, to verify anyone who uses the installation internally or places a comment. It is important that all the login data stored in these cookies is encrypted so no one can view it after the fact. WordPress achieves that encryption through authentication salts and keys stored in the configuration file (wp-config.php). Modify these on a regular basis. If you want, you can use a plugin to manage the process.

Disable file editing.

There is a code editor, built into WordPress, that enables the editing of themes and plugins with the admin page. This feature should be disabled, though, so that no one exploits it to insert malicious code.

To disable file editing, you need to insert a snippet of code yourself into the wp-config.php file:

// Disallow file edit

define( ‘DISALLOW_FILE_EDIT’, true ); 

Strengthen user and admin logins.

Go beyond the use of strong passwords. You certainly want to change the administrative account name from admin to something else. Actually, it is a good idea to create a new user and assign it with admin privileges. The admin account can then be removed or switched to having subscriber permissions.

Use two-factor authentication (2FA) for better security. When you use two-factor authentication, you are sent an additional token or code to a secondary device for an extra layer of authentication.

Change the default setting to limit the allowable login attempts. You can limit the number of login efforts through a plugin. Some plugins will additionally ban the IP address of the user and send you a notification about the incident.

Finally, switch to a custom login page. You can prevent the vast majority of brute-force attacks through taking greater care with your username and password, as well as changing the URL for login. Examples of changed URLs from Anushree Sen of Page Potato are as follows:

  • Change wp-login.php to my_new_login
  • Change wp_admin/ to my_new_admin
  • Change wp-login.php?action=register to my_new_registration.

Back up the WordPress database.

To improve your database security, create a backup at regular intervals. Backups may not seem to be security measures, but they are because they will ensure that you still have a clean copy of the data regardless if an attack were to succeed. Backing up will allow you to know that you can recover if a disaster occurs. Data should be backed up regularly – at least once per day. Secure cloud backup is a strong idea. Your hosting service could keep the backup safe and in a distant physical location, for additional disaster preparedness.

Change your database table prefix.

It makes it easier to conduct SQL injection attacks when the default prefix for your database table is retained. It should be changed to a challenging string of characters. The default prefix is wp_. You could change to wp_38sjR94_, for instance. Whatever you choose, do not go with your gomain name as the prefix. In order to change this prefix, update the wp-config.php file. You can only use numbers, letters, and underscores.

Here is the adjusted line in code:

$table_prefix  = ‘wp_38sjR94_’;

Now go to your database, via phpMyAdmin. There, modify the name of the table so it matches what you put in the configuration file. If you use cPanel, you will see phpMyAdmin within it, in the Databases section. Once you are in, run this SQL query from WPBeginner to change the names with one action:

RENAME table `wp_commentmeta` TO `wp_38sjR94_commentmeta`;

RENAME table `wp_comments` TO `wp_38sjR94_comments`;

RENAME table `wp_links` TO `wp_38sjR94_links`;

RENAME table `wp_options` TO `wp_38sjR94_options`;

RENAME table `wp_postmeta` TO `wp_38sjR94_postmeta`;

RENAME table `wp_posts` TO `wp_38sjR94_posts`;

RENAME table `wp_terms` TO `wp_38sjR94_terms`;

RENAME table `wp_termmeta` TO `wp_38sjR94_termmeta`;

RENAME table `wp_term_relationships` TO `wp_38sjR94_term_relationships`;

RENAME table `wp_term_taxonomy` TO `wp_38sjR94_term_taxonomy`;

RENAME table `wp_usermeta` TO `wp_38sjR94_usermeta`;

RENAME table `wp_users` TO `wp_38sjR94_users`;

You may also have to add a few lines related to any plugins since they will sometimes insert their own tables into the database. Your goal here is to adjust all of the table prefixes.

Choose a secure host.

According to Sen, your choice of a secure WordPress host is the most important one you will make related to data protection. Your account could be hacked if you use a low-end shared hosting service. “[C]hoos[e] a reputable and trusted web-hosting service provider… who understands the risks of cross-contamination, segregates the website accounts and configures the security permissions of each account present in their WordPress-optimised environment,” noted Sen.

Are you in need of a secure WordPress environment? Turning to an experienced WordPress hosting provider allows you to the leverage the niche expertise derived from focusing on IT infrastructure. At Total Server Solutions, our data center is PCI-DSS compliant and SSAE-16 audited. See our commitment to the security gold standard.

With growth of malware and ransomware, security is a top priority.

Posted by & filed under List Posts.

It is easy to develop blind spots in our thinking, particularly toward things that we see often, as if they become invisible to us after so much repetition. For instance, we may read so much about cyberattacks and how important security is that it may make it more difficult to logically consider the topic and strategize protection. After all, just about every type of system you can imagine has been hacked, from smart city technology and alarm systems to mobile bank apps, plane systems, and cars.

The seeming overabundance of attention on cyberattacks is actually a window into the reality that the threat landscape is increasingly complex and must be confronted to avoid huge losses. Spurred by various forces, companies know that cybersecurity deserves consideration – but they do not always move forward systematically. This article looks at drivers of cybersecurity as a top priority, evidence of failure to implement full security best practices, and steps you can take to fortify your posture.

3 forces driving the increasing importance of cybersecurity

According to a 2017 Fortinet poll of IT executives, three key reasons that cybersecurity is becoming a bigger priority in business boardrooms are:

Cloud migration proliferating – It is no secret that cloud is being utilized more broadly within business. With workloads being switched over to cloud, nearly three-quarters of IT security executives said that they think cloud security is becoming a greater concern. Just over three-quarters (77%) said that their boards were recognizing cloud security and a budget to ensure it as top points of focus. The actual implementation of cloud security solutions was not quite as high, though, with only half of those polled (50%) saying that they would adopt cloud security solutions in the upcoming 12 months.

Regulatory scrutiny growing – Greater prioritization of IT security is also fueled by additional regulations, cited by one-third of those polled (34%). Of particular interest is the General Data Protection Regulation (GDPR), which could bring fines, additional costs, and credibility concerns (since violations are posted publicly).

Cyberattacks and data breaches rising – The vast majority (85%) said that their organization had suffered a data breach. The most common form of attack was malware and ransomware, listed by nearly half of decision-makers surveyed (47%). There was progress in the right direction in making security a bigger focus following WannaCry and other prominent worldwide attacks. The scope and makeup of today’s attacks are making it a concern of boards rather than just IT leadership.

Concern with security does not always result in action

Agreeing with the above survey, another indicator of how critical security is to business comes from the UK’s Department for Culture, Media and Sport. When this agency polled more than 1500 UK-based businesses in 2017, nearly three-quarters (74%) said that digital security was a top priority for senior management, while two-thirds (67%) said that they had purchased cybersecurity systems or services in the previous year. Investment in cybersecurity was stronger with larger organizations: the survey found that 91% of those from large enterprises had spent on information security, while the number was 87% for midsize firms. The safeguarding of customer data was the #1 reason for cybersecurity investment, cited by 51% of those surveyed. Problematically, only one in three respondents said that their business had a formal cybersecurity policy in force (or had cybersecurity guidelines listed within audit documentation or a business continuity plan). The number was even lower for the implementation of cybersecurity incident management plans (i.e., the actions to take if you were to learn you were being attacked): just 11 percent of UK organizations polled had one enacted.

Perhaps the key point to take away from that survey is that businesses are generally prioritizing security – investing in security technologies, for instance – but do not comprehensively follow cybersecurity best practices. As George Ralph noted in Private Equity Wire, “It seems like the fear of attack has induced spend, but hasn’t extended to policies and procedures that could reduce the threat of attack, or ensure attacks were dealt with more effectively.”

Taking action for better cybersecurity

Here are 7 action steps you can take to improve your cybersecurity, from the International Council of E-Commerce Consultants (EC-Council), PricewaterhouseCoopers, and Deloitte:

#1 – Take a proactive approach to cybersecurity.

It is critical to develop some knowledge about common threats and understand essential ways that you can identify threats, noted Deloitte.

#2 – Go beyond risk avoidance to building resiliency.

PwC found that organizations that were creating a climate of risk resilience were seeing better long-term financial gains than those that were simply responding to problems as they arose. The PwC researchers gave the example of Japan following the tsunami in 2011, when businesses that had risk management programs with business continuity plans were able to get back up and running much more quickly than those that did not.

#3 – Test for the weakest link.

Seeing how well you handle mock situations can inform a much stronger approach, so use stress tests. These tests should incorporate all your interdependencies, so that you know what might go wrong with other systems on which your own systems rely.

#4 – Strengthen your defenses.

Develop a complete strategy for patching, secure software development, and a secure physical environment, said Deloitte.

#5 – Give special attention to threats that could alter or eliminate data.

While confidentiality now stands as the most critical objective of cybersecurity within the business world, integrity will take its place in the near future, per Dan Geer (cited by PwC), who specializes in risk management and IT security. A heightened focus on maintaining integrity will facilitate recovery from an attack. Blockchain is one technology that will assist organizations with integrity.

#6 – Maintain oversight and make updates.

Typically organizations detect vulnerabilities, create patches, and keep threats from becoming broader problems. At the same time, many businesses do not make sure that their disaster recovery plan is relevant to their circumstances or that their staff remains informed on key security concerns, per the EC-Council.

While it is critical to monitor your system and react to what you see, monitoring is not enough on its own. It is important, said the council, to change the way that you approach cybersecurity given the continuing growth and development of threats. The council suggests including these three strategies:

  • Establish an inventory that routinely scans your assets and rapidly locates vulnerabilities.
  • Fix vulnerabilities systematically through a mitigation process.
  • Organize and consolidate your threat intelligence in a central location.

#7 – Be aware of ransomware.

According to Panda Security, we were already clocking 230,000 new malware samples per day in 2015. Specifically, ransomware is on the rise. This type of attack occurred 36% more frequently in 2017 and is projected to become increasingly prevalent.

As the EC-Council puts it, what is now occurring in cybercrime is mass blackmail. Ransomware is a threat to the confidentiality of private information. Malicious parties access your personally identifiable information (PII), encrypt it, and also transfer out a copy of all the data from company devices – for leverage in blackmail efforts. The thieves then demand payment, which is sometimes collected in installments.

Your secure ecommerce platform

Do you need full-featured ecommerce software run on secure infrastructure? At Total Server Solutions, your data is hosted within our PCI-DSS and SSAE-16 compliant datacenter. See our comprehensive ecommerce solutions.