Last night I observed how my e-mail inbox filled up with over 70 messages generated by the firewall component installed on a client's content management system (CMS). Each one informed me that a single IP address was attempting to log into the administrator panel in the back end and that the username/password combination had been incorrectly entered. For an occasional e-mail to arrive would usually signify an unsuccessful client login and these can normally be safely ignored, but for well over 70 e-mails to arrive in the space of one minute, there had to be a more orchestrated attempt at a brute force attack in progress.

Fortunately, we had taken the precaution of protecting the CMS with a firewall component, which did its job admirably in preventing any hacker attack, saving hours of potential downtime as the client and we went through the process of restoring from a backup. Unscheduled downtime due to attacks can mean hundreds, if not thousands, in lost revenue and sales due to e-commerce systems being affected and this is one of several reasons why it pays not to skimp on website security. Even the most meagre of websites that might be a matter of a simple WordPress blog can be hardened to attack by installing a decent third-party security component. Needless to say, this is a perfect opportunity to re-evaluate your security policy and ensure that you have adequate protection in place and a backup system as well.

Prevention is clearly better than cure and there are numerous ways to stop an attack from happening in the first place. Securing your own website software is foremost; if you are using a CMS, ensure it is running the current release version and that any add-ins are compatible, trusted and up-to-date. It is possible nowadays to take steps to prevent attack from blocks of IP addresses to effectively deny access to the website to certain countries. If you are not particularly concerned about your website being viewable by people in countries from which the vast majority of hacker attacks emanate, it may be well worth investing time in building a blacklist of countries you'd like to block and effect that at the lowest possible level.

Password security is another obvious vulnerability and it always makes good sense to use a strong password. Dealing with IT and Internet security can often represent another chore to be brushed aside by many people struggling with the demands of running a small or medium enterprise, but you can think of it as a sort of insurance against being caught unaware and placed in the awkward position of having to rebuild from scratch. If you find yourself questioning your IT and Internet security, that's a good thing. If you find yourself questioning how to deal with it because you don't know or have the time, then contact us for assistance. It may be the best decision you make this year.

Yesterday Facebook announced to brands that the Timeline feature, already deployed for personal profile pages, would be rolled out to business pages within the month. Some of the main changes include a new layout with cover image, highlighting features and the ability to edit and update without navigating to a separate page.

Facebook Timeline will be rolled out automatically to all brand pages on 30 March 2012, so while you get your brand ready for the new Timeline format, here are pointers to help you find out what the changes mean for your brand. Contact us if you would like us to handle or assist you with the migration.

1. Updated look and feel

What's new?
The format of Facebook Timeline for brands is similar to that for personal profiles. It uses a cover image at the top of the Page, which is separated into two main columns by a dividing line representing the passage of time. This format provides brands with new options for self-expression: they can outline their corporate history with milestones (such as product launches, store openings, etc.) to construct a narrative for their audience.

Recommendation
Milestones present an important and dramatic opportunity to educate the public, put a human face to the brand and remove a perception of corporate anonymity. People like to do business with people, after all, not with corporate entities. Page engagement analysis has shown continually that brands posting content depicting behind-the-scenes activities, exclusive updates or promotions encourage user interactions and promote higher engagement rates. Using interesting milestones to craft the story of the brand over time (and updating the Timeline with new milestones as they happen) can help to stimulate conversations around major achievements.

2. Reduced tab visibility

What's new?
The new Facebook Timeline format no longer includes the left side panel of links, which could include many different tabs. While applications still exist, they display differently in rectangular panels below the cover image. The width of the Timeline and the space allocated for native apps such as Photos implies that only three tab panels are viewable at any given time. To see more, users must expand the tab panel by clicking a drop-down box.

Recommendation
For brands, this major change means that the three tab apps need to be considered very carefully as this will be one of the first things users see when interacting with the brand on Facebook. Brands will want to change which tabs are visible according to current company social media strategy objectives or project popularity. A good Page analytics tool will be useful for determining which tab to promote on a day-to-day basis.

3. No default landing page

What's new?
This major change from the old business page means that with the new Timeline Page format, you are no longer be able to set a default landing Page, which was a favourite feature for many brands. The default landing page option was one of the primary ways to control the first impression a user encountered. Since there are no more tab Pages, there is no longer any method to set one as a default, which will drastically change user impressions when they first visit a brand's Timeline Page.

Recommendation
Brands need to apply new and careful attention to all the top messages in the Timeline, as they will be the first objects seen by visiting users. Similarly, Facebook ads for brands will become more important, as advertising will be one of the major ways brands on Facebook can control a user's experience. Setting up an advertising campaign for a Facebook promotion or new application will be the only way to guide new users directly to that application.

4. New way to feature content

What's new?
One major new feature that brands will like is the ability to "pin" certain posts to the top of the Timeline. Akin to marking a blog post "sticky", so that it remains at the top of a blog for a specified period of time, pinning a post to the top of Timeline allows it to precede any other content. A pinned post is distinguishable by a small, orange flag. There is a limitation, in that brands may only pin one item at a time for a maximum of seven days. The pinned item then exists in two locations, as the top item on the Timeline itself, as well as within its chronological place. Once unpinned (which happens automatically when a new item is pinned or the item has been pinned for more than seven days), the post remains in the chronology of Timeline posts, but there is no indication that it was previously pinned.

Recommendation
As brands can no longer create a default landing Page, pinning items to the top of the Timeline will become every brand's method of highlighting new and interesting content. Brands will need to craft posts specifically to be pinned, whether images, a well-designed call-to-action, a statement about brand value, or a message calling for the user to click one of the tab panels under the cover image.

5. Current tab content and applications become outdated

What's new?
The new Timeline layout displaces Facebook's existing Page tab configuration (including a tab's 520-pixel width), replacing it with a new 810-pixel layout. As a result, existing Page tab content will look centred in the middle of the 810-pixel layout without any adjustments. All applications remaining on a brand Page will require new application icons (the new dimensions are 111×74 pixels).

Recommendation
The most pressing updates for brands will be updating the images and tab functionality of the apps. As these are the first tabs users will see, they will likely be the first to be interacted with or entirely ignored if not optimised for the new experience.

6. Private messages between brands and users

What's new?
Brands will be able to exchange private messages with users. This allows for much deeper consumer interaction and will also enable Page managers to take extended customer enquiries off the Timeline and into private messages.

Recommendation
Be mindful of noise in your brand Timeline. As the real estate allocated to each post depends on how engaging it is or how much interaction it has received, it can be very easy for the Timeline to become cluttered with customer inquiries. When these enquiries can be better serviced in a more 1:1 manner, reach out with a private message and resolve the question as it is a good opportunity to yield both a happy user and a clean Timeline.

Timeline for brands will make you re-evaluate your social media strategy for how to make an impact on Facebook. The way in which content is shared and viewed within a brand Timeline Page is incredibly important. Brands that constantly create engaging updates and share important milestones will stay at the forefront of users' attention. Create and rotate new apps for engagement, pin relevant and timely content, and update the feed with user-friendly dialogues to stay relevant in this new space.

Facebook Timeline will be rolled out automatically to all brand pages on 30 March 2012. Contact us if you would like us to handle or assist you with the migration.

Have you ever clicked, then cursed? Perhaps you've been using "password" as your password, or agreeing to have all your personal details in order to download a cool app. We can all make mistakes, but even the smallest of them can have embarrassing or costly repercussions. Not to worry, we have solutions!

1. Sharing personal data

Have you searched for something and then been bombarded by ads for it?

Most of the web has the appearance of being free, but when you sign up for Google services or a Facebook account, you are potentially handing over a much more valuable commodity: your personal information. Companies spend millions on this information because it can be used to target more relevant advertisements directly to you. The more relevant the ads, the more likely you will buy. Just the other day, I searched for a company called VertBaudet.co.uk to find a dress for my daughter. I didn't find what I wanted, but every single site after that had ads from VertBaudet, which is rather spooky. Although advertisements like that aren't necessarily all bad, it can be a little disconcerting and embarrassing when you do a search for herpes treatments and see nothing but ads for that for a week. This doesn't mean you should stop using the services you love just because they have a hidden cost, but it is important to understand that free services aren't really free. You are paying with your right to privacy, which can feel a little invasive.

Fortunately, you can have your cake and eat it, too. If you don't like targeted ads based on your browser's search history, you can just avail yourself of your browser's privacy options. Facebook now offers lots of ways to set the level of privacy you want to maintain, which is great, but with all the options available, it can be tough to learn and configure correctly. The Lifehacker guide to managing your Facebook privacy can help you here. One of the first things to do with Facebook is to prevent apps from using your personal data as much as possible. Signing up for an app can provide the developers with much more information than you may realize as the apps will take information they don't necessarily need. You can find out what each app is doing and limit its reach in your Account Settings. From there, click the Apps tab and click the Edit link next to any app. You'll see a list of what it is allowed to do, as well as the information it can access. Some personal data will be required for the app to function, such as your e-mail address, but you'll almost always find something that isn't. Click the Remove link to revoke permission to access that particular piece of information.

2. Sensitive information

Have you submitted credit card or other sensitive information over what may or may not be a secure connection?

When you submit sensitive information such as your credit card number or login credentials over an insecure connection, it's not necessarily your fault. Web sites worth their salt need to use Secure Hypertext Transfer Protocol (HTTPS) rather than standard Hypertext Transfer Protocol (HTTP) in order to transfer data securely between your computer and their servers. Be that as it may, you do have to be diligent and look for https:// in the URL bar in your browser. If you don't see this, the chances are you're just using standard HTTP.

This isn't a big deal if you're just reading or watching something, but if you don't see https:// you should avoid sending sensitive information like your credit card number or even your address. The insecurity of HTTP is an even greater concern on a public WiFi connection, where anyone can easily snoop on what you're doing.

3. Information in your browser

Have you used your computer for a private matter? How private is it really?

Today we spend a lot of time in our web browser and that makes it a potential source for embarrassing personal information. If you keep yourself logged into accounts on your computer, anyone casually borrowing your browser for a quick search can stumble across some rather personal stuff without even trying hard. For anyone actually interested in snooping, your web browsing history is a prime target. Even a visit to Amazon can dig up those weird products you looked at or even bought.

Keeping your browser activity private can be a lot of work, but there is some measures you can take to avoid the pain. First of all, if you're doing anything particularly private on your computer, you can simply log out of your session or lock the computer session with a password. Enabling a guest account can be useful on a personal (but not a company) computer, so that when anyone wants to use your computer they won't be entrenched in your embarrassing web activity. If you don't want to password-protect anything, the next best thing you can do is to exit your browser whenever you've finished your session and set it to clear the history when you do. On top of that, make sure you log yourself out of any accounts. For the super paranoid, clear your cookies as well. One of our favourite tools for the job is CCleaner, which is available for Windows and Mac OS X.

CCleaner will give you a good start, but the fact of the matter is that a determined snoop has many ways to spy on your browsing behaviour.

4. No backup of online data

If there were a major problem affecting your Facebook, Flickr or LinkedIn account, would you have a backup of the data?

You already know that backing up your data is vitally important (we hope everyone here has a backup strategy; talk to us immediately if not!), because it's been hammered into your head by us and virtually everyone who knows a thing or two about computers, but somehow we tend to ignore the importance of backing up data held online. Web services go offline all the time. Most recently, MegaUpload was seized by the U.S. government and now many people have lost their uploaded files. They may be filing a lawsuit to regain access, but the reality is they no longer have their data. You never know what's going to happen to your data, especially when it's out of your direct control, so always keep at least one backup. Some say that if your data doesn't exist in at least three places, it may be lost forever!

Some data, such as photos and videos, can simply remain backed up on a local hard disk drive. If you lose your content online, you can always access a local copy and upload it elsewhere. That's all well and good if you create your content locally on your computer, but there is plenty you create online as well and that data is only ever saved on the server. In the case of Facebook, you can simply download all of your data in one big chunk. All you have to do is go into your account settings and look for the "Download a copy of your Facebook data" link at the bottom of the page. Not all web services allow a full data download like Facebook, however, and you'll need to employ other means. Insync will handle your Google Docs and Backupify can back up multiple web services like Google Apps, Twitter, Facebook, and more. If you keep any vital data online, be sure you use something to back it up. If you don't, it could be gone tomorrow with no way to get it back.

5. Anonymous posts

Do you ever express an opinion in an anonymous post? Is it really anonymous?

What you say online is going to be around for a long time and when you post a comment on a popular site, it's likely that it will surface when someone searches for your name.

It's not that it's impossible to comment anonymously online, but most of us don't follow a strict enough set of rules to remain anonymous. Even if you don't use your real name, comments stick. You'll probably use that pseudonym down the line and it will gain its own reputation. Your name may be tied to that pseudonym on as little as one web site and people will be able to find out who you are with a simple search. Additionally, you may post a comment on a blog or other page without realising that you're already logged in via your Facebook account. There are many ways your name can be tied to what you say online, so it's important to remember that your reputation rides on every post to some extent. Remember to think about what you're going to say before you say it or it may follow you around for much longer than you expect.

6. Where and when

How many people are you accidentally notifying that you're away from home and the house is empty?

Checking in to sites like Foursquare, Gowalla, and Facebook is lots of fun until somebody loses any personal belongings that a thief can snatch while he or she knows you're out of the house. As featured in February 2010 by The Daily Telegraph and the BBC, Please Rob Me demonstrates (with humour) how your check-ins can provide too much information regarding your whereabouts when you share publicly. All you really have to do to solve this problem is to share privately. Most check-in sites include this option. Follow the instructions for checking in privately on Foursquare, become a private user on Gowalla, and if using Facebook, you can tag yourself at a location after the fact so that your location isn't disclosed in real-time. That's really all there is to it. Be careful who you share your location with and you've fixed the potential damage.

7. Great password

You have a great password that is easy to remember, so you use it for everything. Easy for you, easy for hackers!

If you have consulted with us on the subject of data security, you already know that we like to use strong passwords. Be that as it may, most people seem quite reluctant to let go of their simple passwords in favour of something more complex, even if it is more robust. However, it is possible to have strong yet memorable passwords or use a multiword phrase to decrease the chances of anyone ever guessing or cracking your password. Better yet, you can let a password manager like LastPass or 1Password pick and remember your complex password for you. Anyone using a weak password at this point is probably doing so because they don't want to bother changing every password for every online service they've ever used. While that's understandable, it really is your responsibility to safeguard your information and the onus is on you to secure it with a suitably strong password. Using a password manager like LastPass or 1Password is a good option because it can save your existing passwords and automatically detect updates when your passwords change. This way you can change them at your leisure, whenever you log into a site with an old password, and make sure everything is still up-to-date and remembered by a password manager. Such password managers are also available for mobile devices such as Apple iPhone and iPad running iOS and Blackberry, Symbian, and Android smartphones and tablets and sport the ability to sync their database between devices for even greater ease of use and productivity.

In terms of creating passwords, my favourite method, which is easy to remember and completely secure, is to combine vehicle registration details. Most people are usually quite adept at recalling their car number plate for their current car and probably previous cars, too. Using the number plates in combination with a mix of upper and lower case letters and even punctuation marks provides a remarkably secure and easy-to-remember password that only you could know. Give it a try yourself!

Thanks, LifeHacker for a great Blog idea!!