Which social media services should you consider for your business?

Businesses are under a lot of pressure now to move into social media. There’s so much talk about it that it’s very easy to feel like you are being left behind unless you jump in quickly.

But before you do, stop and think about which social media services would work best for your company. They aren’t all the same (even though they all get lumped into that “social media” category), and the nature of your business, not to mention your own skills and preferences, dictate which would work best for you and which you should steer clear of.

So let’s first characterize your business: B-to-B or B-to-C? Visual (for example interior design, painting, car detailng) or not visual (for example car repair, financial services, CPA)? Retail products or services?

Next, let’s go through the various social media and see which work best with which types of business:

First let’s consider blogs. There’s some question whether a blog is really social media, but most are interactive (that is, users can add comments) and they are very effective for virtually all kinds of businesses. They have multiple advantages:

1. They change, so your readers always have something new to review
2. Done correctly, they point back to your website, so they add links to your search engine listings
3. They keep you thinking about your business, which means you serve your clients better

I encourage all my clients to commit to a blog. But that, of course, is the hangup: commitment. My advice is not to start a blog if you aren’t willing to commit to continuing it. The rest of my advice, however, is to commit to it and do it. You will find you get into the rhythm of it fairly quickly, and after a while you will be turning them out like pancakes.

Now on to the more traditional social media. I will go into more detail about each of these in future blogs, but here is the abbreviated rundown:

Facebook

Pros: Best for B-to-C businesses, supports business pages, huge audience
Cons: Has a lot of security gotchas, needs a lot of TLC to be effective and safe

LinkedIn

Pros: Best for B-to-B businesses, large audience, very professional, few security issues, excellent discussion groups
Cons: Requires a fair amount of participation to be useful

Google+

Pros: Best for B-to-C businesses, growing fairly rapidly, similar to Facebook in function
Cons: Audience is growing but is nowhere near Facebook’s yet; requires TLC just like Facebook

Pinterest

Pros: Best for B-to-C, very visual focus so best for visual businesses
Cons: Uncertain future; still in its infancy but growing rapidly; requires TLC

The rest

Beyond these, there are a variety of special-interest sites that are worth watching and considering. For example, if you are in an industry that has anything to do with housing, Houzz is well worth exploring. It’s similar to Pinterest but restricted to housing issues, very visual, and like most social media, requires a lot of TLC.

Facebook paranoia

Spend a few minutes talking to people of various ages about Facebook and you will soon see that the spectrum of opinions about this social media site is very wide. There are the teens who have grown up with computers, smart phones, and Facebook, and don’t hesitate to put up all sorts of information that makes older people cringe. At the other end of the spectrum, there are avoiders who simply say “I don’t do Facebook.”

And then there are the rest of us, who use Facebook for a variety of reasons – to communicate with children, to advertise our business – but do so with varying degrees of fear and trepidation. If you are in this category, this post is for you.

So let’s settle the short answers first: Yes, Facebook by default shares more information than most of us find comfortable. Yes, in some instances this information sharing could be dangerous. And yes, you can modify what Facebook shares about you and with whom it shares that information.

The question, of course, is how to make modifications that really work. So rule #1 is: Don’t accept advice that is passed around from friend to friend in posts unless they can back it up with some documentation that it works.

For example, there’s the post that advises everyone to declare that their posts are copyright protected. And then there are the posts that ask all your friends to change your status on their Facebook page. What do these actions do? Essentially nothing, except give people bad advice.

But there are things you can do that will have a real effect.The place to start is at Facecrooks.com. That is not a typo. Facecrooks is a site with an interesting melange of warnings, instructions, and news, all related to Facebook. Perhaps the most useful article is How to Lockdown Your Facebook Account For Maximum Privacy and Security, This article takes you through the procedures that will really protect your data.

Be forewarned, however: This is not a 2-step program. You have to follow a fairly long set of instructions to set up Facebook the way you want it. Usually, you just have to go through the whole procedure once, although there have been reports of Facebook resetting some people’s security settings back to the defaults. I suggest that you record all your settings so that, if you have to reset them, the resetting process will be quicker.

It is also considered smart to check your Facebook security settings once a week, just in case Facebook chooses to reset your security settings.

And while you are on the Facecrooks site, take a look at some of the other articles. If Facebook and its interactions with its users and our legal system interest you, you will find a lot to read.

Need help with Facebook?

If you want to use Facebook but are intimidated by (or just don’t want to deal with) the security issues, contact us. One of the services we offer is to maintain your Facebook settings for you. We will sit down with you and figure out what level of security you need. Then we will check your Facebook page weekly and make changes to your security settings whenever necessary. We do this for other social media sites too.

What is a Firesheep and How do You Shear It?

What is Firesheep?

Do you use Facebook on public WiFi connections? If so, you may be vulnerable to an attack using Firesheep, a recent Firefox extension that allows someone using the same WiFi connection to gain control of your Facebook account. This has always been possible but until now it required a lot of techie knowledge and some fairly complex software to do it. With this extension, anybody who can download and install an attachment to their browser is able to grab control of your Facebook account.

This Firefox extension was released by someone who is attempting to raise the security issue by embarrassing websites like Facebook into using encrypted connections. In the long run this will probably be the positive result, but in the short run he has provided a route for unscrupulous but less-skilled people to hack Facebook accounts.

And before anybody raises the Mac vs. PC issue, let me say that this is platform-independent, which is techie jargon for “Yes, your Mac is just as vulnerable as a PC in this case.”

Here’s a quick run-down, with as little jargon as I can manage, of how this works:

Without some help, websites have no way to track an individual user from page to page. In practical terms, this means that if you log into Facebook and then click on a link to another page (say, your Profile page), Facebook has no clue that you are the person who just logged in.

Web developers solve this by using a cookie, which is simply a text file that contains a unique identifying number. When you click that link to the Profile page, your web browser sends that cookie along with the Profile page request. That way, Facebook knows whose Profile page to retrieve. When you log out of Facebook the cookie is deleted (and if you simply close your browser, the way most people do, the cookie automatically expires in about 20 minutes).

Now here’s where the WiFi issue comes up. Each time you click on a link within Facebook, your browser sends the cookie. If you are on a public WiFi connection without encryption (and if there’s no WiFi password there’s no WiFi encryption), your browser is, in effect, shouting out that cookie to everyone using that WiFi connection.

The Firesheep extension simply captures these cookies as they go by. Then the person using the Firesheep extension can simply take over your Facebook page because they have the cookie that identifies them as you. If they are reasonably adept at it, they may wait until you close your browser (without logging off, which is the way most people do it) and then grab hold of your account before the 20-minute timeout of the cookie. Next time you try to log into Facebook you may discover that your password has been changed, along with everything else on your page.

How to Shear Firesheep

Can you protect yourself from Firesheep? For popular sites like Facebook, Twitter, and Google, you can do so fairly easily. Curiously, these sites are capable of using encrypted connections but do not do so by default. You can force them into encrypted mode. Here’s how to do it:

If you are using Firefox, install the “Force TLS” extension. Once it is installed, look for Force TLS Configuration on the Tools menu. There you can enter the URLs of sites you want to force into encrypted mode.

If you are using Chrome, install the “Use HTTPS” extension. Once it is installed, go to the Tools | Extensions menu and click on Options under “Use HTTPS.” There you can enter the URLs of sites you want to force into encrypted mode. Use HTTPS has checkboxes for selecting Facebook and Twitter to save you a little typing.

I have not found similar extensions for Internet Explorer or Safari yet but if they don’t already exist they will soon. If someone finds one please tell me in the comments.

Note that this is not a universal fix beyond Facebook and Twitter — some websites won’t work at all in encrypted mode and some will work badly. Experiment with your favorite sites. If some don’t work right you will have to decide whether to avoid using them in public WiFi settings or use them and risk being Firesheeped (I don’t know if that’s considered a verb, but I just declared it to be).

Also remember that, for each website that you want to force to use encryption, you have to enter its URL into the extension (Force TLS for Firefox and Use HTTPS for Chrome).

How can you be sure you are using an encrypted connection? Easy. Just look at the website address in your browser address line. If it begins with “https” you are using an encrypted connection. If it begins with “http” it’s not encrypted, no matter what they may tell you.

The Really Good But More Difficult Solution

Yes, there is a better solution. It works with all websites and it is secure. However it costs. You can accept that cost in speed or money. It’s called VPN, or Virtual Private Network.

VPN is nothing new — it has been used for years by large corporations to allow employees to work remotely while maintaining a secure connection to the company network. In effect, VPN creates a secure (encrypted) tunnel through which everything sent to or from your computer travels. It’s secure until it reaches the VPN server, but from there it all travels via land-line so there are fewer security risks.

There are a couple of free VPN providers: OpenVPN and ItsHidden. OpenVPN is Open Source and therefore free. ItsHidden is not open source but provides a free and a premium ($9.99/month) service. Some users of both of the free services have reported occasional slow response.

Some paid VPN services (in addition to the ItsHidden Premium service) include Golden Frog VyprVPN ($14.99/month) and StrongVPN (“from $7/month”). These seem to work faster and more reliably than the free services.

Conclusion

If most of what you do in public WiFi environments is Facebook and Twitter, use the browser extensions to force the sites into encrypted mode. Once you set it up you can forget it — it works automatically.

If you connect to sites that don’t work with encryption you should seriously consider VPN.