How to Choose a Server Provider

Posted by & filed under List Posts.

Meredith is the owner of a niche site that sells clothing and accessories to charter boat captains and other mariners. She sells dozens of products – from shirts, pants, and jackets to jewelry, knives, bags and belts. Sales are strong and continuing to grow. Customer service is fast, personal, and conscientious. Marketing has been fine-tuned to deliver a predictably good ROI for every dollar spent.


All those pieces of online success are helpful, but they aren’t enough to keep Meredith’s business growing. She has become more aware over the years that people expect impeccable user experience from her site – and that starts with her infrastructure. After unscheduled downtime that left her feeling that she had put her trust in the wrong outfit, she became more thoughtful about her choice of web host. She switched to a server provider that she felt had the knowledge, experience, security, and support that she needed.


In fact, anyone can have difficulties with their website’s performance that can be extraordinarily costly; when Target’s site crashed on Cyber Monday in 2015, they both missed out on a huge influx of sales and paid for the gaffe heavily on social media.


Online retail sales will hit almost $2.5 trillion by 2018, so having a comprehensive plan for web growth is increasingly critical. To properly address e-commerce, you need a server provider that has the stability and scalability to impress everyone who visits your website.


Here are a few of the criteria that you can use to compare different web hosting companies and find the one that’s the best fit for your business:


Help On-Hand


You hosting service should allow you to get a fast resolution of any support problem. However, there is a huge range of response time between different companies. The difference between a 3-minute response and a 3-hour response can be, in certain scenarios, a difference of 2 hours and 57 minutes of hair-pulling stress, along with thousands in lost revenue.


The fact is, it can be a bit difficult to determine how quickly a hosting service will respond until you test them. When Web Hosting Talk user tnedator first switched to a new hosting company to manage his servers, they started by hardening and optimizing them. An issue with one of his sites resulted in load spikes that made his server unresponsive. The team at the server provider would attempt to connect, ask for a reboot (through a third-party datacenter), make sure the server was live again, and try to determine what was causing the load issue. The “fast and thorough” ticket response, already evident in the first 30 days, gave him confidence that he had made the right choice.


To better understand this kind of ticketing response time in context, tnedator signed on with the new hosting provider specifically for their server management. Unmanaged service can be difficult, as he experienced; although you can still get configuration information from your vendor, you can’t get direct, case-by-case answers from your systems manager.


In other words, tnedator was benefiting, in part, from transitioning to a server company classified as a managed services provider. These hosting companies check that your configuration settings match what is needed for your load; monitor for potential vulnerabilities and breaches; backup your system; conduct patching; and handle similar ongoing responsibilities.


Regular Backup


You need all your information to be backed up periodically if you want your site to be secure. That’s a fundamental business continuity concern: if your site gets hacked or your data otherwise becomes lost or corrupted, that backup gets you back online rapidly. Know that your hosting company is as concerned with backups as you are.




As the CFO of a small Chicago manufacturing business, Pamela was well-versed on proper security practices. Nonetheless, at some point, malware was introduced to her computer, and it represented a very real danger to her company. Whenever Pamela put the web address of a financial institution into her browser, the malware automatically redirected her to a fake site mimicking the bank. A bogus message prompted her to call customer service. After speaking with the agent, $300,000 was immediately transferred out of her account. Acting quickly, they recovered the money. Disaster was averted.


These stories, of course, don’t always end happily, which is why security is critical for your firm. Intrusions can knock your site offline and cause compromise of sensitive user data – an impossibly expensive incident for many businesses and the reason why 60% of small businesses that get hacked are bankrupt within 6 months.


When you look at server providers, select a company that is compliant with internationally respected protocols regarding control of information handling. The gold standard is Statement on Standards for Attestation Engagements (SSAE) No. 16, a set of parameters for hosting companies and similar services developed by the American Institute of Certified Public Accountants (AICPA).


Beyond SSAE 16 compliance, one simple question to ask web hosts relates to password storage. Make sure they are not stored in plain text. Also avoid shared hosting, which can mean that your site gets taken down because of the misbehavior of other users.


Positive limitations


No one wants to see limitations to their ability to grow, but any hosting plan will include them – either transparently or otherwise. For example, a hosting company might try to attract your business by giving away “unlimited” bandwidth or storage for a surprisingly reasonable monthly rate. In these cases, read the fine print. For cheap hosting with “unlimited” promises, expect your server provider to either shut down your site or throttle it once you hit a certain level.




The web hosting company you choose needs to offer the software and equipment that allows it to run and serve your site and content management system installation (WordPress, etc.). You should know that certain features are available through your server provider, by asking these questions:


  • Do they offer the programs and services you need for your site? What are the main pieces of software you need? What are the system requirements for your CMS?
  • Does the web host offer additional services? For instance, do they provide database management, email hosting, and transfers (so you know you won’t have to go out and shop other companies for related services)?
  • Do you have access to cPanel or a similar control panel? Is installation of WordPress or any other CMS straightforward?
  • Does the company help with migration? What is the cost? What types of terms are involved? Will the company give you free migration to move to their company, or will simply switching providers become an unexpected expense?




You want more customers, but you obviously don’t want that to mean that your site crashes. Find out about your potential server provider’s uptime; third-party services should verify that the service has recorded uptime that’s greater than 99.9%.


Customer reviews


Check carefully online for reviews from real customers, legitimate hosting industry professionals, or IT publications that can give you a glimpse into the quality of service. Many reviews are actually advertisements with links to affiliates of the company; so be skeptical in this analysis.




Are you in need of a reliable, fast, and secure server provider? DeWayne Whitaker described Total Server Solutions on Facebook in October 2016: “No matter the time of day, our ‘average’ response time to support tickets is usually under three minutes,” he said. “Support reps are not Level 1 type support, rather they are highly qualified system admins each and every time.” Explore our platform.

Social Media Mistakes for eCommerce Sites

Posted by & filed under List Posts.

People are using social media more and more all the time. Incredibly, nearly one-third of clicking, scrolling, and typing of online users occurs on social networks. On average, we log 116 minutes every day on Facebook, Twitter, and other social channels. Assuming this behavior remains steady long-term, it adds up to 5 years and 4 months of each of our lives! Put another way, we invest more hours in social media than we do in grooming, meals, and even personal face-to-face interaction.


According to statistics highlighted in Social Media Today, daily time spent per user is as follows:


  • YouTube – 40 minutes
  • Facebook – 35 minutes
  • Snapchat – 25 minutes
  • Instagram – 15 minutes
  • Twitter – 1 minute


Given these astonishing figures, it makes sense that businesses are doing what they can to make the most of their social presence. However, posting and hash-tagging effectively can be surprisingly challenging. Errors are made by well-intentioned businesses every day. For e-commerce companies, that means lost sales and possible damage to brand credibility.


The good news related to these missteps is that your e-commerce business can garner a competitive advantage simply by avoiding them. Let’s look at 12 of the mistakes that are the most prominent among companies that sell their goods and services online.


#1 – Presenting Rather than Conversing


Facebook, Instagram, and other social platforms are ready-made environments for discussion with customers and prospects. It helps enormously to lead the way in fostering back-and-forth communication by listening intently, notes Joseph Yi in Ecommerce Rules. Address the needs of your customers as rapidly as you can by checking often for mentions, comments, and messages. By keeping your ear to the ground, you can create more intelligent content that expresses a desire to meet your customers’ needs and expectations.


#2 – Racking Up Thousands of Low-Quality Followers


If you want to pivot social media into revenue, center yourself on behavior that will help you ultimately get more customers and more sales, rather than just gunning for social signals (likes, comments, etc.). In other words, there is not necessarily any value in buying “followers” (which aren’t really followers if they’re for sale) or casting a broad net that undermines your niche focus.


“A quick [or fake] fan isn’t going to translate into more sales,” advises SocialChorus marketing director Dave Hawley, “which is why brands should focus on building loyal, lifelong fans and followers who will become brand advocates.”


#3 – Putting On Blinders to Industry Rivals


The companies that are in competition with you can be a great source of information on social media, says Reshu Rathi of Betaout. Of course, you want your brand to have its own defined and unique angles, but your competitors’ tactics will certainly give rise to ideas – in terms of what to do, what not to do, how to align yourself with your sector, and how to create differentiation.


#4 – Relevance, Your Honor?


Humor can work well if it’s carefully contained and vetted, but be careful about posting anything that might irritate your customers due to its controversial or trivial nature (politics, religion, memes, cats doing nutty things, etc.). If you come across as insensitive or unprofessional – and of course your industry is key in terms of where that line is – expect your reputation to take a hit.


#5 – Disregarding Trolls and Upset Customers


Sure, block users who are hate-mongering or pulling you into their spammy agenda. However, you don’t want to delete or pay no attention to the issue if someone is upset with your product or service. Instead, try apologizing and offering to email them – even if you think their perspective is impolite or unfair. “A simple acknowledgment of a problem can prevent a potential PR nightmare,” notes social consultant Gloria Rand, “and often makes the customer so happy, the company gets a PR boost instead!”


#6 – Waiting to Respond


Along the same lines, it’s important that you keep nearly constant tabs on your social accounts if you want to meet the increasingly fast response that’s expected by customers. For instance, a Lithium Technologies report shows that 53% of people think that a firm should get a Twitter message back to them within 60 minutes (Rathi).


#7 – Lacking a Lead-Gen Plan


Social media must, of course, be approached from a more interactive, community-minded perspective than an ad or sales brochure; nonetheless, it’s still fertile ground for acquiring leads. Write an occasional opt-in post for your e-mail list, for instance. Also, remember you generally want this traffic to move from social to your site; linking to value-driven blog posts in your social posts is the most common way to achieve that.


#8 – Newsjacking Tactlessly


Trending hashtags are typically aligned with current events that are happening right now; in that way, the momentary nature of the present is a key driver of social media. At any point in time, everyone is trying to grab a piece of that real-time mindshare. The problem is that the pace of social media can become problematic. “Without evaluating the implications,” says Vocus social media manager Stacey Miller, “your company risks looking insensitive or ignorant, which can [harm] your reputation.”


#9 – Posting Too Often


Of course, you want to communicate your brand identity and message by posting (after all, you aren’t only on social media to listen). However, if you unleash too many posts, that could result in losing followers. Part of the reason that’s the case is not just that people are seeing your posts too frequently in their feed but that posting excessively inevitably means lower quality-control. For that reason, you want to post during “prime-time” for your particular target group, advises Saatva Luxury Mattress social media manager Nicolle Hiddleston. When are your followers and others you want to reach active in their accounts? Focus posting on quality rather than quantity to some extent. Posting multiple times daily is good, but posting multiple times hourly can backfire.


#10 – Barraging Your Audience with Hashtags


Related to point #4 above about relevance, including too many hashtags on a single post will often lead you far off-topic from your key focus. Relevance is absolutely critical, especially considering that people might be searching that particular hashtag for content related to it (rather than through a newsfeed or elsewhere); those users likely won’t be attracted to anything that’s off-topic. Think of it this way: you don’t just want to be going through a huge array of streams. Instead, it makes sense to square yourself directly toward your audience and provide information they might want to hear. If you do discuss current events, keep your target in mind at all times – but contribute to the discussion (i.e., it isn’t a good place to sell).


If you avoid “meaningless and shameless promotion of your business,” comments Receptional social media director Sarah Bradley, “you’ll find that your online reputation improves and people will trust what you have to say more.”


#11 – Not Having Strong Site Infrastructure to Back It Up


In light of the various mistakes that e-commerce companies can make, social media can start to seem frustrating and even, at times, foreboding. However, it’s clearly an important place (and a great place, in many ways) to interact with potential customers. It’s important because you can develop relationships, and those relationships will eventually drive more traffic to your site.


Once the traffic gets to your site, you need to meet their needs as quickly as possible, through truly impressive speed and reliability – a site with high performance. At Total Server Solutions, we deliver high-performance web hosting for e-commerce.

How to Choose a Managed Services Provider

Posted by & filed under List Posts.

What is an MSP?


In the interest of information security and staying focused on core competencies, many companies choose to work with managed services providers (MSPs). An MSP is an organization that manages the computing needs of customers. Services are performed at a distance and often funded by a subscription, a fee charged each month, although other billing models (such as hourly rates) are sometimes available.


It is also common for credible managed service providers to supply potential customers with a service-level agreement (SLA), a legal document listing parameters of the business arrangement, such as quality and performance expectations.


7 Tips to Choose the Right MSP


There are plenty of companies in this market, so you’re sure to find many options when you need a managed service; but working with the right partner can impact not only security but also key growth factors such as reliability and scalability. Beyond the prerequisite of an SLA, what other criteria do managed services providers need to meet to earn your business? Here are a few tips for selection:


#1 – SLA should be based on performance.


One main benefit you have with a managed services provider is that you can make demands: the MSP has to live up to the stipulations of the contract (i.e., the SLA). Service providers are used to the fact that businesses want the level of control of knowing that they are protected if the services are not provided at a reasonable level of quality. Service providers that are serious about serving their customers will not flinch at having to reimburse customers if their services fall below the levels stipulated in the contract.


#2 – Thorough range of services


There is by no means a rule that you must get all your IT managed services from one provider. However, with the excessive administrative, communication, and other maintenance needs of additional relationships, and with the growing concern of cloud sprawl, it’s nice to know that you can get a full range of services through one catch-all partnership.


Along similar lines, a provider should be able to manage systems manufactured and developed by a spectrum of vendors. With that breadth of knowledge, a highly qualified MSP will be able to customize what it provides as a trusted advisor to each individual customer – handling each one’s diverse elements and concerns.


#3 – Security


A high-priority concern for businesses, data security is also a primary area of computing investment. What is the scope of that concept of security? Here are five of the main areas that must be monitored to maintain a legitimately secure environment:


  • User security – Involves the end users (customers, employees, etc.) accessing your network; their email use and other actions; and their login details
  • Data security – Involves all your information that is in archives or storage (mapped drives, file shares, emails, etc.)
  • Endpoint security – Involves the company’s smartphones, tablets, laptops, workstations, and servers
  • Infrastructure security – Involves the infrastructure and network components (beyond the servers), ranging from firewalls to switches to routers
  • Physical security – Involves physical access to your grounds, facilities, and data centers or technology areas.


The best indicator that a company has sufficient checks and balances in place to achieve a broad range of data protections is the achievement of compliance with respected third-party standards. The most meaningful form of compliance that you can see in a provider is Statement on Standards for Attestation Engagements No. 16 (SSAE 16) Type 2, “Reporting on Controls at a Service Organization,” a standard developed by the American Institute of CPAs (AICPA).


#4 – Preventive management


A managed services provider should not just be keeping your company safe moment-by-moment but give you a strategic stance so that you’re protected for the future. Beyond simplistic monitoring of your system, an excellent MSP will leverage advanced predictive analysis, scanning failure patterns throughout environments and processes. Seeing that your provider is using cutting-edge methods and technologies, such as combining hands-on monitoring with automated programs to control quality, tells you that you are safeguarded and that the provider is continually refining its systems.


A strong provider will be of more use to you if they have a specialized understanding of their niche that clarifies the market – and may even help point the way to new business for your firm.


#5 – Financial stability


Relying on another company for IT services is common, but it is always scary – because you don’t know if they will be around next year. Check how many years the company has been in business. Similarly, make sure that it is backed by people with strong experience. A transparent presentation of authority through leadership biographical information gives you a sense of who is in charge and what kind of track record they have in making decisions related to managed services.


#6 – Use of best practices & expertise


Just as you can get a sense of controls and security through a third-party SSAE 16 audit, you want to know that the MSP is following standardized procedures and best practices in areas such as problem management, capacity, configuration, and report generation.


The provider should have knowledge that extends beyond conventional operating system maintenance. They should understand and be able to help you with cloud, virtualization, mobility, integration, security, high availability, networking, middleware, and databases.


#7 – Consolidated service portal


The managed services provider should give you paperwork related to policies and procedures. They should also have a library of knowledge based on previous customer issues and solutions so that fixes can be implemented immediately in the event of a crisis. You also want a user interface that shows you all your services through one intuitive admin panel.


Example Security Challenge: Law and Change


Since improved security is a core reason that companies use managed service providers, it helps to look directly at that aspect with a sample scenario.


One industry in which companies tend to take a particularly strong defensive posture toward data breach (for obvious reasons) is law. However, even in that highly confidential field, firms have trouble getting complete sign-on with security protocols.


Fundamentally, security improvement requires operational changes. Safeguards slow down the flow of business, which is why the typical reason someone will argue against a protection is that it is tedious or inconvenient.


One specific change that a law firm might put into place is two-factor authentication (2FA) so that there is an additional step beyond the password to log in. That could be a temporary, unique token, or a short numerical code from your smartphone. 2FA is a perfect example of security steps slowing down the process just a bit – which it why it’s important for users to understand why the decrease in speed is worth it.




Given the concern with security and general ease of doing business, many companies decide that they want to work with a managed services provider. Does that describe your organization? Hopefully, the above advice smooths this transition.


If you want to look at a potential MSP partnership now, you can review our offerings. At Total Server Solutions, with an entire platform of ready-built and custom-engineered services that are powerful, innovative, and responsive, you can trust that all our decisions are driven by our relentless desire to help you succeed. See our individual managed services.

Build Trust in Your E-Commerce Store

Posted by & filed under List Posts.

Trust. Just at face value, I think we all know how important that one factor is to e-commerce sales. Certainly it should be on the minds of both consumers and businesses, given the natural security concerns on the Internet – heightened by events such as the Sony hack (a particularly devastating one, with a price tag of $35 million), Heartbleed bug, and incredible rise of the Internet botnet Mirai in an epic duel with security reporter Brian Krebs.


The question, then, is how can you build trust in this environment? How can you make the customer feel exceedingly confident on your site when everyone knows that there are dangers inherent in using the Internet? After all, you want to get your share of that e-commerce market – which is set to grow to $4.058 trillion by 2020, according to eMarketer. How can you show your customers that you are doing everything you can to protect them and that you generally look out for their best interests?


Trust is based both on perception and on actual evidence. Essentially, you want to be open about the people and personality behind your brand (for the emotional side of trust), and also to give real proof – to show everyone who visits your site that you are legitimate, that the technologies you use are from strong brands, and that third parties back your systems (as with site seals or e-commerce hosted on SSAE 16 audited servers, for instance).


What are specific actions you can take to gain customer trust?


Embed Trust Seals


People really do put quite a bit of faith in trust seals. It makes sense when you think about it. When a third party whose brand the customer might already trust vouches for the website, it will certainly make a user feel more confident when they are deciding whether to make a transaction. Just look at data on the effectiveness of these signals:


  • Survey #1 – eConsultancy asked Internet shoppers how they would determine whether to trust a site that they had just encountered (with the ability to give multiple answers). The very first result was trustmarks, with nearly half of respondents (48%) stating it made them feel more comfortable.
  • Survey #2 – A whopping 60.96% of respondents, 89 of 146 people, told Matthew of Actual Insights that they had once abandoned a shopping cart or otherwise left a site because they did not see recognizable trust logos.


Since these trust seals are so helpful, it makes sense that one related to your SSL certificate could be particularly effective and easy to implement. An SSL indicator is, assumedly, very effective because it’s based not just on some vague assessment or accreditation but on standardized encryption technology. It is also easy to implement because you simply use the trust seal associated with your SSL certificate, which is typically freely available from the provider. Buying the SSL certificate of a trusted brand will give your site more authority with people who visit.


Install a Credible Payment Gateway


No one wants to feel at-risk when they put their credit card information into a website. For that reason, strictly from the perspective of trust, is it difficult to argue against the heavy hitters. The most obvious example in this category is PayPal; so you might want to include it as an option. However, you may find it makes more sense to use one of the growing number of legitimate and widely recognized PayPal alternatives.


Demonstrate Your Product Being Used


Even if you put all the exact specifications of a product in the description, that sometimes isn’t enough. Shoppers will be likelier to trust that you can deliver what they need if you make it easy for them to see how the product looks in action. That can be achieved with big, high-resolution images that showcase the product from various viewpoints, with the ability to zoom in. In fact, you might want to implement a 360-degree shot of the product so that customers have even more realistic three-dimensional visibility.


Video is another obvious medium that can make sense for certain types of products – if not all of them, given the SEO benefits. Case in point: When marketing agency Koozai published two nearly identical posts (both about Google services), embedding a 25-second introductory video at the top of one but not the other, the one with the video received 126.75% more unique pageviews (1297 vs. 572).


Include Contact Details


Where are you? How can I reach you? During what hours are you available if I have an urgent request? For the shoppers who responded to the eConsultancy poll (“Survey #1” above), the second most important factor in establishing trust is easily accessible contact information.


A good example of a company using the contact page well to enhance comfort is Zappos, notes Sharan Suresh of Visual Website Optimizer. Specifically, they use words such as “help,” we,” and “family.”


A contact page is not just a trust-builder but a lead-generation tool, particularly if you are selling professional services or high-ticket items for which people might want substantive consultation prior to purchase.


When providing contact or “about us” information, it also can be key to provide headshots of the people on your team.


Humanize Your Brand


It’s interesting to really think about what trust is in a social context such as a business interaction. Trust is defined as “anticipated cooperation” by Ronald S. Burt and Marc Knez of the University of Chicago. In other words, when engaging in commerce, a person experiences trust when they believe they will be paying a fair rate for the value they receive from you.


Trust is a way that we are able to give up control and still feel calm. We don’t know absolutely what those around us will do. Businesses are similarly unpredictable until we know more about the company culture and reputation.


The vague sense of unsureness can be alleviated with human features. Humanizing the brand can be powerful in getting more confidence from site visitors.


Sven of Userlike suggests these tactics that accomplish humanization:


  • Become more human through a more natural and approachable tone of voice. If you can avoid using excessive industry lingo and bring personality to your tone, you can establish that your brand is built on the efforts of individual people.
  • Invest in content marketing. Brand storytelling and educating through blogs, ebooks, and social profiles gives you a meaningful, targeted way to connect with your audience through text and images.


Highlight Reviews


People are likelier to believe customers than they are to believe a business – so let them do the talking. How? With reviews. Include reviews on your product pages.


One study from Moz found that 67% of online shoppers check out reviews for a product before they buy it. Acknowledging that those people are going to read reviews somewhere, it then logically makes sense to keep them on your site to get that information without browsing elsewhere (or at least limiting external activity).


When you integrate reviews into your product pages, make sure that it is easy to navigate them – giving access in a customer-centric, user-friendly way.


Adopt High-Performance E-Commerce Infrastructure


Another key way to build trust among online shoppers is to deliver a site with the high performance that customers experience when they shop major brands. We can help you with that. At Total Server Solutions, our infrastructure is so comprehensive and robust that many other top tier providers rely on our network to keep them up and running. See our e-commerce solutions.

Posted by & filed under List Posts.


  • Why integrate?
  • How to integrate WordPress and Magento with various plugins
  • Improving your blog to better spark e-commerce sales
  • General e-commerce blog rules
  • Types of e-commerce blog posts to try


When businesses go out to find core software for their businesses, two of the most important pieces are the content management system (CMS) and the shopping cart. As open source has become increasingly accepted and even preferred in business, WordPress and Magento have emerged as the leaders in these two categories:

  • Magento is the top e-commerce platform among the Alexa top 1 million, at a 29.1% market share. [source]
  • WordPress is even more popular among the CMS competition, with a whopping 58.8% of the market in March 2017. [source]


Understandably, any businesses that use these platforms want to use the solutions together as effectively as possible. From a literal perspective in terms of development, businesses want to be able to integrate the two systems. They also want to learn how to better drive traffic from the WordPress blog portion of their site to the Magento shopping cart to make purchases. This blog discusses both of those topics. First, though, let’s talk a bit more about reasoning.



Why integrate?

We all know that the general concept of integration makes it easier to manage information so you aren’t having to transition between different environments. However, there are specific reasons that businesses often cite for integrating WordPress with Magento (or CMS with shopping cart):

  • Improve the SEO of your e-commerce products so people can find you on Google and Bing
  • Theme integration
  • Ability to share components of one system (such as cart data, menus, or static blocks) within the other
  • The delivery of a user experience that is truly blog-to-cart, with products appearing in your WordPress that link directly to the Magento cart
  • Unifying the login so that shopping carts are less likely to be abandoned.


How to integrate WordPress and Magento with an extension

It makes sense to want integration of these two key systems. “Marrying WordPress and Magento can integrate your themes, break down any barriers to order completion, and increase the ease of navigation between the two platforms,” explained plugin and extension developer CreativeMinds.


Since WordPress gives you a portal for publishing content, it means you can communicate with and promote to shoppers; bolster your search visibility; and that you have an intuitive system for management of product data. On the other side, Magento is the primary tool you have for major e-commerce needs such as product creation and management; order creation; and the handling of shipments.


Harshal Shah of open source magazine Open Source For You suggested using Magento WordPress Integration, a free extension created by FishPig that is supported by the Professional, Enterprise, and Community editions of Magento (3.9 / 5 stars; 282 reviews).


To use the extension, you don’t have to adjust the core files of either WordPress or Magento; you can access it through Magento Connect. Once you’ve backed up your system and installed it, you can control both administrative accounts by just logging into your Magento account. It enables you to connect WordPress posts to products within Magento. You can even generate a menu within WordPress and pull it into Magento.


Optional add-ons from FishPig are Magento WordPress Multisite Integration and Custom Post Types. The former allows you to integrate all the sites of your entire WPMU installation with numerous Magento stores. The latter gives you the ability to use a variety of templates for WordPress blogs within Magento.


Improving your blog to better spark e-commerce sales

If your business is primarily concerned with e-commerce, you might wonder why expressing yourself through a blog is necessary for your business. To look generally at blogging, it is a way to market yourself directly to your customers, straight through your site. Every additional blog post accounts for another indexed page within Google, so it helps your search engine rankings. It gives you content to post and discuss within your social accounts. Finally, it converts traffic to leads – or, even better, into customers.

Blogging is essentially an opportunity to establish authority and show your target audience what you know; that knowledge will in turn make people feel more comfortable trusting you as their supplier.


Ryan Harris of Raleigh-based digital marketing company TheeDesign talks about e-commerce blogging using the example of a running shoe store owner. Blogging gives that owner (as it does a marketing team) the chance to talk about various running-related topics. “Consider writing topics about snacks for runners, and the dangers of not properly hydrating,” suggested Harris. “Maybe take the time to blog about a personal achievement like running a marathon.”


Now, blogging generally in this manner is part of the e-commerce process because you are driving traffic that’s searching for running topics. Plus, it helps you connect, on a human level, with those who come to your site.


Evergreen information, news reports, how-to articles, and best practices lists all work within blogs. Plus, it makes sense for an e-commerce company to ensure the blog has particular characteristics, and to spend some time discussing the products it sells.


General e-commerce blog rules

WordPress blogger and podcaster Bob Dunn provided his rules for making the most of an e-commerce blog; although published a few years ago, these ideas are still pertinent:

  1. Your offer should be relevant to your target, to increase interest.
  2. You want to be transparent and authentic with links, so that readers understand they are requesting additional details.
  3. Make your offer highly visible if you want to get clicks.
  4. Incorporate the blog with your products by writing about topics within the blog that tie to calls-to-action (CTAs) for specific products you feature.
  5. You want to leverage the blog for user-generated Look for inspiration in the comments.
  6. Exclusivity is a great way to improve sales. Give deals that are only available to your audience and related to your blog subject.


Types of e-commerce blog posts to try

Those broad rules are great, but let’s get more granular. Here are a few specific types of posts to use for your e-commerce blog, as indicated by Harris:

  • Featured product posts – In these posts, you can highlight and possibly compare your current products (either one item or the whole brand).
  • New product posts – Newness, in and of itself, gives a product more value. Show off anything you’ve just started carrying.
  • “Coming soon” posts – Create buzz prior to the arrival of products. It’s especially helpful if a new version of the product is being released, so that people can decide if they want to buy the current one or wait for the launch.
  • Exclusive product posts – We talked above about exclusivity as a general rule, and you can apply that specifically to any products that only you are selling.
  • Gift idea posts – Write up lists of gift ideas for the holidays, for birthdays, Mother’s Day, Father’s Day, and “just because.”
  • Product testing posts – You can test your products and pass on the results.
  • Review posts – You can discuss reviews of products, since reviews are such as major trust signal.
  • Sales promotion posts – Notify your customers of a sale well before it takes place. “Letting your loyal blog readers in on the sale ‘secret’ ahead of time will help them travel farther down the conversion funnel and ultimately lead to a sale,” said Harris.


Now, as a note of caution, this discussion of blog topics specific to an e-commerce blog is not intended to advocate writing about products or sales in lieu of quality information related to broader topics. Yes, you can educate on products; but simply talking about your products will make your blog read like an ad. Typically you want to include much larger quantities of helpful information such as how-to articles and trending news.



Hopefully the above ideas give you a better sense of some options for integration of WordPress with Magento, and for general integration of blogging with e-commerce. Now, what about upgrading your infrastructure? At Total Server Solutions, we offer high performance web hosting for e-commerce. Increase conversions.

Posted by & filed under List Posts.



Let’s state the obvious, WordPress is popular:

  • It represents 50-60% of the content management system (CMS) market worldwide.
  • 22% of new sites in the United States use WordPress, as do 297,629 of the Alexa 1 million.
  • Adopters of WordPress include Time, Spotify, TechCrunch, NBC, CNN, Fortune, and USA Today. [source]


Clearly businesses recognize that WordPress is an incredibly powerful platform. However, getting the most out of the environment means making it as simple to manage as possible. How can you make WP management more user-friendly? Here are 11 tips:




#1 – Get to know the admin panel

Every section of the WordPress admin interface has various features available – and you’ll find ones that will enhance your manageability. Many of these features are hidden by default. You can toggle their checkboxes using “Screen Options,” which you’ll usually find in the upper right corner of the page.


“This is a great way to either remove information that’s cluttering the display, or find options that you think should exist but can’t find (this is particularly true on the post edit page),” suggested Chris Honiball of


You’ll find especially critical options at the lower end of the navigation list – particularly the submenus of Appearance, Tools, and Settings. Getting a sense of the default system early will allow you to understand if the settings are adjusted, since some plugins add menu items to the navigation bar.


When new versions are released, become familiar with any additional features and changes, through WP news sites (see #11).


The safe way to approach a new release is not to simply install it but to create a sandbox environment so that you can see how any new menus operate. To test-run the new version, or any plugins or themes, install a new WordPress instance onto a local PHP/MySQL server or even a hidden subdomain of your live site.


#2 – Organize your categories and tags.

Understanding the proper use and finer points of categories and tags can feel a bit obtuse at the outset. Here is the basic idea:


Categories are for broadly setting your posts into different buckets or containers, similar to a table of contents. This organizational tool help readers locate the kind of content they are seeking. It’s a hierarchical model, with the possibility of subcategories.


Tags are for specifics of the posts. As opposed to the more general nature of categories, “[t]hink of these as your site’s index words,” advised WPBeginner. “They are the micro-data that you can use to micro-categorize your content.” These organizational elements do not have a hierarchy. Tags could be infinite, but businesses often limit themselves to 100-150 of them to better manage and contain content.


Meeting these guidelines will both make management easier and improve your SEO. It’s easiest to set them up before you start writing posts.


#3 – Shut off the comments

The conventional wisdom on blogs is that you want comments and to even ask for them at the end of your pieces; they’re seen as foundational to content in many scenarios. However, comments take time to moderate, and your time could be better spent continuing to produce new content, suggested Honiball.


To stop the comments, within your control panel, go to Settings > Discussion, remove the check for “Allow people to post comments,” and Save your changes.


#4 – Or… spam-sift your comments

Turning off comments may not be for you, since it can be an important way for your audience to interact with you. If that’s the case, you still don’t need to be facing everything the spambots throw your way.


To filter for spam, the most commonly recommended plugin is Akismet, which comes with WordPress by default and offers a “name your price” version. To get started, go to the Akismet plans page for a product key.


#5 – Automate your backups.

One way that you can waste a lot of time in management is preparing for horrible problems and doing damage control if and when they occur. Regular database and content backups are critical, but you also want them to be seamless. Create automated backups once a week at minimum. There are various options, but one especially highly rated one, UpDraftPlus (4.8 stars based on 2500+ ratings), lets you schedule backups to be saved to your server and another location, such as Dropbox.


#6 – Master debugging.

The concept of debugging might sound scary and esoteric, depending on your knowledge of code. However, as you start to understand the amount of control you can have over WordPress if you better understand its inner workings, you may find you want to look up error messages to try to fix them yourself. Respected places to discuss problems and get answers are WordPress Stack Exchange and the WordPress support forums – but you will find additional resources when searching your particular issue.

WP uses various programming languages, but the primary one is PHP. Like a person, if you really want to understand WordPress, learn its language. To wade into the subject, here is a relatively non-technical PHP-for-WordPress tutorial.


#7 – Take ownership of the media library.

Many WordPress blogs do not make great use of the media library. Do you ever reuse the same image at multiple points on your site? If so, it’s a good idea to edit the Caption, Alternative Text, and Description fields. That information is especially important for reused images since the data is in more than one place.


#8 – Get familiar with user roles.

Likely there are numerous people who will be working on your site. That means you want different levels of access – which is the concept behind user roles.

Within Users > All User > username, you can change anyone’s role in the Name area. The possibilities are:


Administrator: This top of the hierarchy is able to change or delete whatever they want, from the posts themselves to theme files.


Editor: Anyone assigned this role will be able to edit and publish posts, including those written by others. They can also reassign posts.


Author: Those with this role are able to edit and publish their own posts.


Contributor: This role is similar to an author but without publishing privileges. They can only edit and submit for approval by an editor or administrator.


Subscriber: This role is only able to make changes to their own profile but not the content. This largely blocked role is helpful if you want to send notifications widely using WordPress.


#9 – Use an SEO plugin.

WordPress has strong search engine optimization, and you can always approach your marketing with best practices such as consistent content publication (integrated social media and blogs) and keyword research for your site and competition. However, you should automate what you can with an SEO plugin. Yoast SEO (4.8 stars from 10,000+ ratings) is one popular option that takes care of various aspects of basic SEO, such as generating site maps, establishing metadata for each post, and creating tags for social platforms.


#10 – Remove clutter by switching to fullscreen mode.

The fullscreen button within the post editor is a great way to improve your focus when you’re working directly on editing or similar post administration. It’s actually called distraction-free writing mode and can be accessed via Shift + Alt + W or by clicking the button to the upper right of the post itself.


#11 – Get to know WordPress news sites.

Jake Rocheleau of advised staying updated by reading informational articles each week, or at least each month, from sites such as WPBeginner, WP Mayor, and WPLift.




Do you want to make the most out of your WordPress site? At the core of your efforts, quite literally, will be your infrastructure, so be certain that it’s strong. At Total Server Solutions, our cloud uses the fastest hardware, coupled with a far-reaching network. For your WordPress hosting, trust the cloud with guaranteed performance.

Posted by & filed under List Posts.

The CentOS 5 End of Life is fast approaching.  If you still use CentOS 5 on your server(s) now is the time to update to a more recent, supported version of this popular OS.  This was posted back in October 2016 but with the impending EOL coming up fast it’s well worth reading again.  If proper support and PCI Compliance are important to you, you need to read this.  We can’t stress enough how important this is!


On March 31, 2017, CentOS 5 will reach its End Of Life (EOL).  At this time, CentOS 5 will no longer receive any further updates.  At the same time, various software vendors such as cPanel, OpenSSL,and Redhat who produce applications which run on CentOS 5 will cease to provide support and updates for their products that are specific to CentOS 5.  

Additionally, server owners who continue utilizing CentOS5 without updating to a new, more current operating system will fall out of PCI Compliance and will no longer be able to accept credit card payments via their sites/servers on their servers running CentOS 5.  

To learn more about current PCI compliance requirements please have a look at this link:

Here are some of the reasons that CentOS 5 based servers will no longer be PCI Compliant:

  • RHEL/CentOS 5 based servers cannot support SNI which is becoming more important as IPv4 address space dwindles.  SNI was unsupported prior to OpenSSL 0.9.8f but RHEL/CentOS 5 shipped with OpenSSL 0.9.8e, meaning that unless you update, you cannot utilize SNI.
  • RHEL/CentOS 5 base servers also can’t support OCSP stapling.  This decreases the latency of the handshake in establishing secure TLS transactions.  OSCP checks certificates for revocation and was not supported prior to OpenSSL 0.9.8g, but, once again, RHEL/CentOS 5 shipped only with OpenSSL 0.9.8e.
  • OpenSSL 1.0.1+ adds support for the AES-NI instructions in Westmere/Sandy Bridge/Ivy Bridge or later CPUs.  This support increases performance of SSL/TLS connections and prevents timing attacks against AES.

We everyone who is running servers with CentOS 5 to update to CentOS 6 or CentOS 7 as soon as possible.  We are making every effort to keep our customers notified of this important update requirement.  Our technical & sales teams stand ready to help you update to a more current, modern OS on your server.  Please take the time to let us help you get up to date and maintain PCI Compliance and more effective security for your content & customers.

More information regarding the CentOS5 EOL can be found at the following places:

The TSS Sales and Support team is ready to help you upgrade your OS.

Posted by & filed under List Posts.

Nearly 400,000 video recorders, webcams, and home routers are being used to launch attacks against targets around the world. This threat is an Internet of things (IoT) distributed denial of service (DDoS) weapon called the Mirai botnet.

Below, we will look at basics on the DDoS mega-attack of security reporter Brian Krebs, open-sourcing of the Mirai code, and defense tactics from US-CERT.


In Part 2, we will explore how to use a test server to track Mirai and the botnet’s top 10 login combinations. We will then review why conventional botnets don’t DDoS and IoT ones do, and why Mirai was open-sourced. Finally, we will review a new Mirai worm variation and look forward at continuing protection.


  • Stop the botnets for $25K
  • What are Mirai and the IoT botnet threat?
  • Open-sourcing the Mirai code
  • How can you protect yourself from Mirai and Bashlight?
  • Help with DDoS protection



Stop the botnets for $25K

A January 5 headline from USA Today read simply, “How to win $25,000: Find a tool to fight zombie botnets.” That’s right, the federal government is offering a cash reward if you can figure out how to stop IoT botnets like Mirai. The concern is understandable, since Mirai’s source code has been publicly released. This is a very real and serious threat, and coverage of it sounds like a warning of technological apocalypse.


Even if Mirai does not mean the end of the Internet, the findings on this botnet (a vast network of computers leveraged for attacks through voluminous, fraudulent requests) are deeply disturbing.


What are Mirai and the IoT botnet threat?

On October 14, 2016, the US federal government (via its Computer Emergency Readiness Team, US-CERT) released Alert TA16-288A: “Heightened DDoS Threat Posed by Mirai and Other Botnets.” (The alert was updated on November 30.)


It’s no surprise that the Internet of Things is mentioned as the “systems affected” within this notice, since the security challenges of this booming computing field have been a topic of concern among thought-leaders for years.


The US-CERT announcement was prompted by the Mirai DDoS attack of Brian Krebs’ site,, which occurred the evening of September 20 and reached a climax of more than 620 gigabits per second (Gbps).


The author believed to be responsible for Mirai pointed over 380,000 different IoT device slaves (the routers, video recorders, webcams, etc.) at Krebs’ site. Slaves are captured by Mirai’s malware, which scans the web for them. “The Mirai bot uses a short list of 62 common default usernames and passwords to scan for vulnerable devices,” said US-CERT. “Because many IoT devices are unsecured or weakly secured, this short dictionary allows the bot to access hundreds of thousands of devices.”


Krebs is joined by another high-profile victim of Mirai: in September, the French web host OVH was hit with an assault exceeding 1.1 terabits per second (Tbps). It’s not just these one-off attacks that have DHS sounding the alarm bell, though. It’s that the source code for Mirai was posted publicly at the end of September. The open-sourcing of Mirai is expected to spark copycat DDoS botnet creation, effectively militarizing our devices as unwilling soldiers for use against someone else’s enemies.


Along with Mirai, you may have also heard of Bashlight – another malware botnet that is not open-sourced as of this writing. Its similar because it also exploits default passwords. This botnet is thought to have as many as 1 million devices enslaved.


Is that all the bad news? Unfortunately, no. US-CERT updated its Mirai notice in late November because use of the botnet was evolving. “[A] new Mirai-derived malware attack actively scanned TCP port 7547 on broadband routers susceptible to a Simple Object Access Protocol (SOAP) vulnerability,” explained the agency. “Affected routers use protocols that leave port 7547 open.”


Open-sourcing the Mirai code

The source code for Mirai was made publicly available, as indicated by Brian Krebs himself (via his attacked site) on October 16. Krebs noted that the leak was first announced on Friday, October 13, on Hack Forums (a service that recently came under fire for allegedly offering DDoS-for-hire).



Krebs explained that once IoT devices (cameras, routers, or whatever else) are infiltrated, they then become bots for use of the botnet – to derail target sites so they can’t be accessed by their legitimate users. In other words, Mirai and DDoS vehicles like it are generally a threat to online service, although specific victims are hand-picked.


The user on Hack Forums who released the Mirai code was Anna-senpai (senpai meaning “an older person or mentor”). “Anna” noted that he/she was releasing the source code because security pros were cracking down on IOT DDoS.


“When I first go in DDoS industry, I wasn’t planning on staying in it long,” wrote the user. “I made my money, there’s lots of eyes looking at IOT now, so it’s time to GTFO.”


Anna-senpai mentioned that they had typically been able to access and control 380,000 bots via Telnet prior to September; however, following the Krebs DDoS, they could now only use 300,000 slaves at most.


How can you protect yourself from Mirai and Bashlight?

Mirai and Bashlight are both massive and can be massively destructive, preventing your systems from working and possibly running up a huge price tag through recovery and blocked access to revenue. What can you do?


Here are mitigation and preventive steps from US-CERT:


To remove Mirai:

  1. Disconnect the camera, router, or other device from the network.
  2. Reboot it. That’s it (sort of). “Because Mirai malware exists in dynamic memory,” explained the DHS, “rebooting the device clears the malware.”
  3. Secure the password. The default password is what makes it vulnerable. Here are strong passwords – especially the middle option containing ASCII (American Standard Code for Information Interchange) characters. Or use these tips from Silicon Valley nonprofit org.
  4. Reconnect only once you reboot and set a new password. Otherwise reinfection is likely.


To prevent Mirai:

  1. Change all your passwords to strong ones. Default passwords are typically posted online, so they’re easy to target.
  2. Download patches as soon as they’re released.
  3. Turn off your router’s UPnP (Universal Plug and Play) function.
  4. Buy IoT devices from businesses known to invest in security.
  5. Watch specific ports. “Monitor Internet Protocol (IP) port 2323/TCP and port 23/TCP for attempts to gain unauthorized control over IoT devices using the network terminal (Telnet) protocol,” advised US-CERT, which added that “[i]nfected devices often attempt to spread malware by using port 48101 to send results to the threat actor.”
  6. Be aware that any connected devices are at risk. Whenever you get a device that has a default password or open Wi-Fi, switch the password and contain it within a secured network.
  7. Check medical devices. Often at-home medical devices now send data and allow remote operation. These are also common malware targets.


See below to continue reading about Mirai.


Help with DDoS protection

What about the other side, though? What about when the devices are used against your business? After all, DDoS attacks were up 125% between 2015 and 2016 (ZDNet). In this botnet age, what can you do?


At Total Server Solutions, we’ve partnered with Staminus, the leading DDoS mitigation provider, to bring their enterprise level-protection to your site. Let us help you!



Posted by & filed under List Posts.



  • Huge potential for ecommerce sites
  • Elements of online shopping behavior
  • How the market is adjusting to changing needs
  • High-performance ecommerce hosting


Ecommerce is a massive economic phenomenon. According to the US Department of Commerce, more than half of web users across the planet (53%) bought something online in 2016. That means no less than 1.7 billion people (out of the 3.2 billion global users) proceeded at least once through a shopping cart checkout.


Furthermore, the amount that the average Internet shopper spends is higher than you might think: numbers suggest American users spends an average $1800 annually, while the typical British consumer spends $1600. As would be expected, a large proportion of these shoppers are in the lower age brackets, with 2 in 5 men (40%) and 1 in 3 women (33%) aged 18 to 34 saying they would prefer to make all of their purchases online.


Clearly there is a huge amount of ecommerce activity occurring, which means is there’s a vast amount of potential for the growth of your online store. However, as with any efforts to build your website, it’s critical to understand how the user behaves. Plus, it helps to know how marketers, based on user behavior, are adopting more effective means to appeal to the visitors whom they hope to convert.


Elements of online shopping behavior

 What are some aspects of the ecommerce user that can help you better understand them, so that you can meet their needs on their developing “buyer’s journey”?


Element #1 – Pre-purchase research

The way that we buy online is fundamentally different than how we purchase in-person, because the former offers immediate access to a wide range of product information. Four out of five online shoppers (81%) make use of that data.


The resources through which shoppers gather their perspectives on products and services range from testimonials to reviews, from forums to social media, from comparison sites to third-party ratings. One way or another, ecommerce users make an effort to get informed before they buy.


Element #2 – Different needs of men and women


Different groups of people tend to diverge in the way that they approach an ecommerce transaction – and that’s particularly evident along male/female lines:


  • Women (on average) want shopping online to be more social, while men want it to be a no-frills, linear experience.
  • Men shop because they need something now, while women are often planning ahead.
  • Men are more geared toward finding a solution they view as acceptable, while women make their buying decisions more carefully.
  • Men tend to make purchases to meet their own needs; women, on the other hand, are often getting presents for loved ones.
  • Women tend to be more impulsive in their online purchases.
  • Women are also more attracted to discounted pricing.
  • Women are likelier to find out information about a product from their friends, while men tend to get their ideas from strangers posting on review sites.
  • While men are more concerned with content such as reviews and product descriptions, women are more interested in forums, images, and live chat.


Element #3 – The multi-faceted user

Nearly all ecommerce users (90%, according to one study) use different devices for online shopping. Since consumers are typically accessing your site from different technological environments, it’s important to leverage a multi-screen approach.


Does that sound unlikely? The truth is that a significant amount of ecommerce moves from mobile to desktop. The majority of online shopping is completed on the latter, but the breakdown of where people start the buying process shows how important the former is for research:

  • smartphone – 65%
  • tablet – 11%
  • PC (desktop or laptop) – 25%.


Element #4 – The concept of “showrooming”

Not everyone appreciates e-commerce, of course. To a brick-and-mortar business that doesn’t have a big Internet presence, your online shop means unwanted competition. What particularly bothers these offline stores is showrooming.


What’s showrooming? It is “the situation in which a customer goes to a physical store to touch, try on, or interact with a product and then purchases the product online from a different retailer,” explained John Rampton in Forbes.

Note that while this does happen, it isn’t really a rampant activity: one study suggests that only 1 out of every 10 consumers look at products in-person before buying them online from a different retailer.


Element #5 – Checkout expectations

As people have grown more accustomed to making purchases online, they have developed more specific expectations for the checkout process:

  • They want it to be snappy, and that’s especially the case on mobile. When using smartphones or tablets, users like to be able to buy in just 1-3 clicks.
  • They don’t like surprises but want the shopping experience to be straightforward. (That means it’s usually a good idea to list shipping or other added costs upfront.)

How the market is adjusting to changing needs

Understanding the consumer is, of course, just the beginning. How are ecommerce businesses adapting their efforts to better meet the needs of potential and current customers? Here are a few strategies that are becoming more central to online success:


Strategy #1 – Cohort-specific targeting

When you think about the value of a one-on-one interaction with a salesperson, it can be difficult for an online store to compete (since chat just isn’t the same). However, using the power of data, ecommerce sites can use cohort-specific targeting to zero in on the needs of certain types of buyers.


How does that work? “If data shows that customers tend to buy blue scarves after they purchase black boots,” suggested CellularOutfitter marketing VP Edwin Choi, “companies can now craft ad creative that speak to this specific merchandising experience.”


Strategy #2 – Mobile moving images

Cellular data costs are on the decline, as are mobile page load times. The result of those two trends is that the way people use their smartphones and tablets is quickly evolving. Specifically, apps are becoming more immersive, and video is generally becoming more prevalent.


To cater to the changing mobile world, savvy ecommerce sites are creating video ads that rapidly present their product in all its dimensions.


Strategy #3 – Engaging across channels

The ways in which businesses appeal to online consumers has become diversified, and not just in terms of the multi-screen experience. Marketers now speak in terms of multi-touch conversion and multi-channel attribution.


These concepts have become important because we now have a more sophisticated understanding of the way that people shop on the web – and that information has also become more widely accessible. For example, low-cost platforms such as Kissmetrics are giving websites a more granular viewpoint on user behavior, allowing them to make connections based on a full spectrum of data points.


Even free systems such as Google Analytics can provide powerful insights on how an integrated blend of channels leads to sales. It can even inform cohort analysis. “Marketing channels will continue to bake in this type of transparency into their baseline reporting metrics on a post-click and post-impression basis,” advised Choi.


High-performance ecommerce hosting

The interaction between online stores and online customers is rapidly changing, as user behavior evolves and businesses adapt to meet changing needs. One aspect we haven’t yet discussed is the pivotal role of hosting infrastructure on your site’s speed and reliability. At Total Server Solutions, our high-performance hosting plans can accommodate everything from the smallest, static websites all the way up to large operations getting massive traffic. See our plans.

Posted by & filed under List Posts.


Have you heard of The Worst-Case Scenario Survival Handbook? When we talk about a business impact analysis, that is basically what it is: a guide of everything that can bring down your business, along with steps for restoration.


  • Business impact analysis: exploration and planning
  • Why the BIA is important
  • 7 types of impact you’ll frequently see
  • 7 common ways businesses are disrupted
  • When and how long is the business disruption?
  • Tapping internal intelligence: the BIA questionnaire
  • Putting it in writing: the BIA report
  • Smart hosting protections: SSAE 16 compliance



Business impact analysis: exploration and planning

Business impact analysis (BIA) is one of those business buzzwords that sounds quite a bit like the TPS reports that were ridiculed (sort of) in Office Space. However, the concept is actually very straightforward; it means just what you would think. A BIA is simply a process to look at the possible results of natural disasters, human errors, and malicious activities on operational elements ranging from credibility to liability, compliance, safety, and finances.


A well-strategized business impact analysis doesn’t just pessimistically describe worst-case scenarios, of course. It foretells the effects of an interruption to business continuity and collects knowledge to help create a disaster recovery plan. These two aspects of the BIA are called the exploratory and planning components.


During the risk assessment component of the BIA, you should delineate possible forms of loss that can occur internally. Additionally, the analysis should evaluate what the consequences would be if a vendor weren’t timely or otherwise didn’t meet expectations.


Why the BIA is important

Boy Scouts will understand right away why you need to conduct a BIA since it’s written right into their motto: “Be prepared.” Why specifically is this preparation wise? There are three primary reasons it makes sense to invest your time and resources in a business impact analysis:


#1 – You aren’t improvising when a disaster occurs. During the stress of a business continuity disruption, it isn’t easy to make the most logical, practical and sound decisions. The business impact analysis gives you a rational and straightforward process with which to recover, not just broadly but in the specific scenario the business is experiencing.


#2 – You use your recovery funds meaningfully and systematically. Part of a BIA is determining restoration priorities so you can allocate funds and apply effort correctly during a crisis. You also have an estimate of how long each step of the recovery process should take.


#3 – You are able to evaluate your vendors appropriately. You want to look deeply at your own system but also the aspects that are handled externally (as with your hosting provider – see below).


This type of analysis is essentially a framework that helps you more wisely determine how to spend money and time. “Identifying and evaluating the impact of disasters on business provides the basis for investment in recovery strategies as well as investment in prevention and mitigation strategies,” explained the U.S. Department of Homeland Security.


Specific to the provider you choose for hosting infrastructure and other IT services, this process helps you better understand the extent to which a secure, stable, high-performance infrastructure should be a priority. You can assign an appropriate value to a datacenter that is audited to meet the standards of the American Institute of CPAs (AICPA) – via Statement on Standards for Attestation Engagements No. 16 (SSAE 16).


7 types of impact you’ll frequently see


A BIA should give you a better sense of how your business could potentially malfunction and how money could be lost if a business system goes down or anything else isn’t fully operational. To look at it a bit more broadly, here are seven ways in which companies suffer when infrastructure or other elements become unavailable:


  1. Revenue is lost.
  2. Revenue comes in later than expected.
  3. Your operational costs rise (such as having to pay overtime or expedite).
  4. You incur fines for regulatory violations.
  5. You fail to meet bonuses or get penalized for not meeting contractual parameters.
  6. You lose or irritate customers.
  7. Projects you were planning to start don’t get launched on time.


To look specifically at the money, expenses related to disasters can be more extensive than you might initially think. One cost for which many companies fail to account properly is reputation management. For instance, your business could reasonably spend four times as much for marketing simply to retain your customers’ trust when your services aren’t working as your users expect.


7 common ways businesses are disrupted


How might your business be blocked from continuing to operate normally?

  1. Your facilities are damaged.
  2. Equipment becomes broken.
  3. You are unable to access facilities.
  4. Supply chain problems occur, either at the vendor or in transit.
  5. Power or other utilities go down.
  6. Software or hardware malfunctions.
  7. Key staff members are either out or make errors.


When and how long is the business disruption?

In terms of negative impact, there’s clearly a vast gulf between a split-second blip in your services and an outage of multiple days. It’s not just about duration, though, but timing as well. For instance, a B2C ecommerce site could miss out on a much larger chunk of annual sales if it were derailed by a distributed denial of service (DDoS) attack on Black Friday than if it had unscheduled downtime at a less pivotal time of year.


The business impact analysis covers all possible scenarios – not just the scariest and most far-reaching ones. Certainly it is a top priority to think in terms of those most devastating disruptions, such as your site going down for a full day or a product becoming unavailable for 48 hours when everyone is making their holiday purchases.


However, you also want to look at the situations that seem to just be momentary inconveniences – such as an electrical outage of just 5 or 10 minutes. After all, Gartner reports that the average cost of a minute of downtime is $5600 – or more than $300,000 per hour. Your own BIA should reveal how much your costs for downtime and other elements are over certain timeframes.


Tapping internal intelligence: the BIA questionnaire

 The business impact analysis is, to a large degree, a fact-finding mission. You want to organize the effort by distributing a standard form, a BIA questionnaire, to leadership and other personnel.


You want to get ideas from those who are knowledgeable about each type of business process. “Ask [these individuals] to identify the potential impacts if the business function or process that they are responsible for is interrupted,” said the DHS. Plus, the analysis should detail the key systems that will allow the organization to maintain varying degrees of operation.


Putting it in writing: the BIA report

You obviously want to have documentation of this process, and that’s all detailed in the business impact analysis report. It’s especially important (although certainly an imperfect science) to put an estimated dollar figure on every potential situation you can. These numbers are helpful because they give you a better sense how to evaluate the costs of preventive and mitigation services. Plus, you want to list out step-by-step recovery that should occur in the event of disruption, moving from the most to least mission-critical systems.


Smart hosting protections: SSAE 16 compliance

As stated in the title of this piece, your BIA should show you how to make the best hosting decisions – meaning that it helps you place a value on stable and secure infrastructure. The SSAE-16 Type II audit is your assurance that Total Server Solutions follows the best practices for keeping your systems running strong. Learn more.