Thursday, October 10, 2013

Getting organized: Password Security

Use common sense: Don’t use your logins and passwords as cubicle wallpaper or leave them in on a park bench. You should, however, be realistic about them: How many people really want the password to your organization’s Twitter account? If you are representing then you should be serious about the Twitter password, otherwise... not so much. It’s OK to have these passwords printed out on a piece of paper in a file drawer or even a closed binder behind your desk. Many web services also have something called “two-step certification.” Basically, you put in your password and then you have to put in another passcode that gets emailed, texted to a cell phone, or comes up on some kind of app. As long as there aren’t too many people accessing your accounts, this is a nice extra level of security.

There are some passwords you always need to be careful with, however.

  • CMS administrator passwords. Your organization’s website might be running on a CMS or Content Management System. There are typically different levels of access to a CMS. Some people can just add and edit content, while others can really get in and edit/adjust/delete everything on the site. The latter is called an “administrator” or “superuser.” Those account passwords are typically not handed out lightly by whoever is running the server but if you get one, really protect it. If someone gets that and accidentally makes changes to your site, they can screw it up beyond recognition... really easily. That caution, actually, goes for you, too. As the web manager, you should argue for an administrator password, but be really, really, REALLY careful about what you delete. It’s important to have that password but, hopefully, you’ll never need to use it.
  • Server (root) passwords. If a bad person gets the “root” password to your server, they can change all of the other passwords and lock you out. It’s fixable but takes time to correct. That could mean your organization’s site is down for a while. If you have someone running your server and have no plans to change, you won’t ever use this password. If your organization has a “dedicated server,” it’s not a bad idea to have the root password locked up somewhere in case the server administrator leaves. If you are on a “shared server,” you should not expect to get a root password.
  • Ecommerce passwords. This is a bit of a no-brainer, but is worth repeating. If you get a password to a website that is any way connected to a bank or credit account, that password needs to be treated with a lot of care. Hopefully, your accounting group is aware of these and is keeping an eye on the accounts. If the accountants are willing to keep track of these passwords, you should not demand them for your documentation. What’s important is that the passwords are accessible to your organization, it makes no difference whose file cabinet they are in. The fewer places these passwords are written down, the better.
  • Encrypted databases. If a database is “encrypted,” the information in the database is purposely scrambled according to a mathematical algorithm. If you could look at an encrypted database, it would look like nonsense. When you apply the encryption “key,” however, your data magically turns back into useful information. It’s a security measure. Most often, encrypted databases are part of an ecommerce site. Credit card numbers are kept in encrypted databases. Sometimes membership databases are encrypted. If you run into an encrypted database that is working with your website, make sure you have a password to “decrypt” the data. As with the ecommerce passwords, the fewer places these passwords are documented, the better. 

Dedicated vs. shared servers: Neither option is better than the other.

One last thought on password security. If you are getting this job because some people left their jobs (voluntarily or not), take a half a day and start changing passwords. Do this even if there was no animosity surrounding the person’s leaving. It’s like buying a new house. The first thing you need to do is change the locks.  If a web savvy person left the organization with a less-than-happy attitude about it, that person could potentially mess with the website. Even if no one is unhappy, it’s an extra account sitting out there that could cause problems. It’s just a good practice. If you are on a CMS, you can either delete their account or just remove the “permissions” that allow them to edit the site.

Always change passwords when someone leaves. It's just a good habit.
Who should you tell about this little bit of lock-changing? Anyone who is needs access to these different systems will need the new passwords. Your immediate boss should probably know you did it and should probably have a copy of the password list in case something happens to you. You can safely just consider these new passwords “need to know” information and you’ll do fine.

At this point, you should have a pretty good overall picture of the situation:

  • Your goals for yourself and for the site.
  • A budget to work within.
  • An inventory of your human and web resources.

Now it’s time to clean house a bit.

With an eye toward those three things, look at the web presences you have already out there. If you see anything there that doesn’t directly align with your goals, delete them. Leaving a stub of a web presence on Facebook that no one has looked at or updated in the last five years just looks bad. Either start paying attention to it or get rid of it.

If it turns out to strategically useful to be on Facebook later, you can always start another account.

You won’t have time to outreach in a useful way on a dozen other websites. Focus on what’s important to your audience and on what directly supports your goals. Let the tangential stuff – no matter how cool it is – go.

Buy the full book at Amazon!

Tuesday, October 8, 2013

Getting organized: Figure out what resources you have

So, presumably, you know what to do now that you have the goals. What do you have (or not have) to make this happen?


Comparing website development with creating printed documents is not a good idea.
Money makes the world go around, and that also goes for the Web. If you have zero budget (that is, your salary is the budget) then that cuts way down on what you’ll be able to do... and, hopefully, on what you’ll be expected to do.

Websites are not free. Most people kind of get that now, but you might still run across little pockets of irrational thinking. You have the same costs you would have for creating a printed document like an annual report... just without the printing and mailing. A lot of time-consuming and expensive steps come before you print a document. In addition, a website needs a lot more content written and graphics created than an annual report.  Your organization’s website needs to... you know... change every now and then.

A small budget is actually a blessing in a lot of ways. Like having measurable goals, it adds focus to your life. If you walk into a situation where there is a six- or (heaven help you) seven-figure budget associated with a website, spending that money in a responsible way becomes another enormous task (and you should probably have an experienced consultant backing you up). If you don’t know a lot about what you are buying, this becomes a rather daunting task that takes up a lot of time.

Human resources

Make sure anyone editing your website text knows your organization.
This could be a staff of full-time web people, a “buddy” helping you with the management, access to a few freelancers, or the bored intern in the corner that no one can figure out what to do with. You’ll need help so if you haven’t been offered the bored intern, ask for him or her. See if there are any ambitious administrative assistants who are looking for something a little different to do. It doesn’t have to be full time for your helpers. Someone who is helping you out “in their spare time” can do the following:
  • Organize content (articles, PDFs, audio or video, graphics).
  • Track down organizational graphics (like logos), PDFs or other things that you need for the website but can’t seem to find anywhere.
  • Find free stock art for you to use on the site.
  • Write or edit editorial content.
  • Check vendor proposals against a checklist of requirements that you give them.
  • Tag content for search engine optimization (find out more about search engine optimization or “SEO” in Section 5).
  • Check for broken links, broken graphics, or anything “weird” on your web pages.
  • Participate in marketing outreach efforts for the site.
  • Check the organization’s social media presences for questions or issues and bring any to your attention.

Be careful to align the task to the person’s skill set. Don’t give the person with fourth grade grammatical skills editing or outreach tasks. If someone has never really used the Web to do anything more than browse sites, don’t give him or her the Facebook account to maintain. That person won’t know the social rules around how to interact on Facebook (like don’t constantly blast people with advertisements) and might do real damage to your efforts.

No matter whom you give this responsibility to and how much you trust this person, force yourself to check in on him or her regularly. It’s easy for your helpers to make honest and well-intentioned mistakes. It’s important that you catch those mistakes before they snowball. Website development happens quickly so those snowball mistakes tend to grow quickly.

Existing web resources 

Sometimes you can be surprised at what people have put out on the Web in your organization’s name... including people in your own organization. You are rarely dealing with just one web presence (website, Facebook page, abandoned mini website relating to a specific promotion, etc.). Start by getting a list of organizational web presences from the person who came before you, your boss, or a helpful colleague who seems particularly knowledgeable. Don’t rely on your organization’s IT person/staff. Nobody tells them anything.

It’s sad but true.

Next, find out who (if anyone) has been updating the website. Start a list of web addresses, login names and passwords, as well as any information about the person who set them up, why they were set up, and when. A lot of the information you find will be wrong, but if you have either login names or the email addresses of the people who started up the accounts, you can usually delete them. If you can’t find any, start contacting the companies running your web presences and explain. This is a common problem. You might need to make a lot of phone calls and do some faxing, but you’ll get your login information.

You have the list? Great. That list represents the initial scope of what you are going to have to keep updated, and what you are going to shut down.

Use quotes in your search engine searches to get more specific results.
Now hit the search engines to find the web presences that your organization doesn’t know about. You’d be surprised how often that happens. You can use any search engine you are comfortable with, but be creative with your searches. Start with your organization’s name. If your organization’s name is more than a word or two, do it with quotes.

This task also has another use. You’ll start to see what comes up on the search engines when you put in your company’s name. Search engines need to guess what your organization is and where it fits in this great big crazy world based on the content on its website. The guesses are usually pretty good, but they can be a little odd sometimes. Make notes of the “odd” ads or websites that show up next to your organization in the search results. You might be able to adjust this with a little search engine optimization later.

You will also see competitors. Look at their sites. You’ll need to know what they are doing for two reasons:
  1. So you can do it better, and
  2. So you know what to focus your efforts on. (If your competitors aren’t bothering with Twitter, maybe you should put that a little further down on your own priority list.)

Keep notes of everything you uncover 

Always back up important documents in at least two places.
Combine it with any goals or existing strategy information you got earlier. Put it in a nice binder or save it in a special folder on your computer. This will be your initial web management documentation. Your documentation should be centralized so that people who are working with you can get to it and add to it themselves. Don’t worry about inconsistency in format or how something is written. Focus on completion.

There’s going to be a lot of documentation and you have better things to do than check every tech note for grammar or capitalization.

When thinking about what to document and how to organize it, think about what your boss would need if you won the lottery tomorrow and decided to retire to your own personal tropical island. Always think about what you would need if the same thing happened to your team/helpers/vendors.

In your first year, you should have the following:

  • Basic documentation about the website should be pretty complete.
  • There should be a few people who routinely refer to and add to the documentation.

For a large corporate site, assume you’ll be spending an average 20-30% of your time on documentation. It’s a time suck, but worth it so just plan for it. For a little corporate site that doesn’t get updated very much, the documentation will take a lot of time up front but then you’ll be able to put it away until the next redesign.

Some ways to centralize documentation include an office network drive, online editable documents, and an online backup system.

What is “basic” documentation?

“Basic” documentation for a website is basically all of the information you just spent time gathering yourself.
  • A list of all of your organization’s web presences.
  • Budget.
  • Goals.
  • Analysis of the competition.
  • Who is working on (or is responsible for) what.
  • Contact information on any outside contractors you have working on the website (particularly any technical vendors such as who is hosting the server).
  • The location of the passwords (since putting passwords in a shared document isn’t terribly secure).
  • Any scheduling you have for editorial content, outreach, or website reviews.
  • The location of any graphical resources you have.
  • The location of your web analytics reports.
  • Any editorial guidelines you want followed.
Next: Password security.

Thursday, October 3, 2013

Section 3: Getting organized

Figure out corporate goals for the site.

What’s the first thing you do when you getting ready for an unexpected big change in your life? Scream? Well, all right. If that works for you, good luck with that. Once you’ve finished with that, you might want to inventory what you’ve got (and what you don’t) to help you get what you need.

Websites are still like a kind of black magic in a lot of people’s minds. People don’t have a solid mental model about what a website does and how it relates to their work/responsibilities. Because of this, you tend to get wildly wide-ranging expectations. Some people will think the website is a waste of time. Others will think it’s going to magically solve all of the organization’s problems. Most people fall somewhere in between and tend to sway from one end of the pendulum to the other depending on whom they are talking to.

Why does this matter? If you don’t nail down some authoritative and agreed-upon goals early on, you are going to find yourself doing a lot of tap-dancing later to incorporate the new goals that tend to pop up unexpectedly. See if the person you are replacing ever had any specific goals for the website – not personal performance goals, but corporate goals for the website. Often the goals are annoyingly vague: “to communicate product information” or “to help create a positive image of the organization.” If the CEO signed off on them, however, they are still useful. When someone comes up to you and suggests that the website would be much more snazzy if you put his or her life story on the home page, you can point back to “communicate product information” and at least have a place to start negotiating. The key is to emphasize that you aren’t haphazardly making up rules about what does and doesn’t go on the site. You want to emphasize that your content decisions align with business strategy.

Remember that you have to stick to your corporate goals.
Don’t forget to toss in the fact that the CEO (or some other feared executive) signed off on it. If it’s on the year’s strategic plan, all of the execs signed off on it.

If you are lucky enough to have some very specific goals (i.e., numbers attached), paste those bad boys up on the wall over your monitor because every decision you’ll make from now on will need to map back to those goals. It’ll help you stay focused and with as many decisions as you’ll be making over the next year, focus will really help.

If you’ve rifled through the strategic plan six times and can’t find any mention of the website anywhere, then you need to write some goals down. Don’t be tempted to take the “vague” path. The vague approach will can come back and bite you later. Look at your web server analytics (measures of how people are using the website) and see what you can measure. Check to see if there are any existing trends you can build on. Put numbers (and make them as conservative as you can get away with) on every goal and get someone in a higher pay grade than you to approve it. Common and easily measurable goals include:

  • Number of unique visitors
  • Percent of new visitors
  • Revenue from the website or from outreach efforts (such as an email campaign) 
  • Time each visitor spends on the site
  • Number of page views
  • Number of products purchased on the site (if applicable)
  • Number of comments/forum posts posted on the site by site visitors
  • Reduction of phone calls to a help desk (if applicable)

Ten percent growth in a year is pretty safe, even without marketing. Be aware that these aren’t particularly sophisticated ways to measure a website’s effectiveness, but they are common and pretty easy to understand. If you decide you are going to stick with this web management thing and really build on it, you’ll need a much more sophisticated set of measures that really target who is using your site and how.

Quicky guide to Web analytics terms.

Goals and “discovery” 

If you have been brought in to oversee a big redesign or replatform to be done by an external vendor, don’t spend a lot of time creating goals yourself. The vendor will take you through a long “discovery” period (that your organization will pay dearly for) that gets to these goals. No vendor worth his or her salt will negotiate away this discovery period. It’s just too important.

What is a “discovery period”? That’s basically where the vendor comes in and asks for the goals and expectations that I’ve pretty much laid out here. Every vendor has their own process and documentation, but they all boil down to the same things:

  • What do we need to do?
  • Who do we need to do it for (who is the key audience)?
  • When do we need it done?

If an organization isn’t 100 percent sure of what they want from a web redesign or replatform, the vendor can use this “discovery” as a gentle prod to get the decision makers to... well… make some decisions.

There’s no need for you to duplicate the effort. The vendor will probably do a more thorough job and will have more caché with the executives in your office.

Tuesday, October 1, 2013

Section 2: What do I do first?

Cover yourself at home

Set expectations with your family

If you have a family, make plans to cover yourself for unexpected long hours. If something breaks on a website, you have to stay there until it is fixed. Websites are a 24-hour, global presence. You don’t just get problems during work hours.

You won’t be dealing with problems like this every day. The “bad days” are few and far between... but they will come and you will have to deal with them. Hopefully you won’t miss dinner with your significant others often, but setting expectations with family and making arrangements for children will lower your overall stress if – well, when – it does happen.

Equip yourself at home

Multitasking can be embarrassing - if you are working at home, focus on what you are doing.
Another way for you to cover yourself for unexpected, off-normal-business-hours problems is to get yourself a cheap laptop or even a full-sized tablet. Most things on a website can be managed through a simple web browser (Internet Explorer, Chrome, Firefox, Safari, etc.) so you don’t need to buy a fancy (i.e., expensive) laptop. You just won’t need the power. A cheap laptop or a tablet (that you can lock up from the housemates, spouse, or children) will be fine. It’s amazing just how much you can get done snuggled up to the little one who insists on watching freakishly cheerful cartoon creatures help the little puppies... for the fifty-eighth time.

That said, don’t go for the 10-year-old laptop Aunt Sally is trying to get rid of. It’ll be slow – really slow – and that will make you crazy.

Cover yourself at work

Set expectations with your boss

Talk to your boss about your personal performance expectations. If you still have the responsibilities of another full-time job to manage, be clear with your boss about how much time is to be spent on the website. If you are stepping into a website that has been running along pretty easily (with no big redesigns on the horizon), you’ll probably be able to manage it on a part-time basis. If your organization’s website has been sort of ignored and you are stepping in to “get it back on track,” there probably aren’t a lot of specific expectations connected to it. You’ll be able to manage the amount of time you have to spend by defining what needs to be done.

If you are being asked to oversee a large-scale redesign or replatform, the website will take up all of your time. This is true even when you have an outside vendor doing the design and technology. Here’s a quick list of the things you’ll need to do even if you are outsourcing all of the work:

Everyone thinks they are a designer so they all have opinions. Plan for extra time on this step.
  • Work with internal stakeholders to figure out what the site needs to do/look like.
    • Document this in as much detail as possible since you’ll need to communicate it to vendors.
  • Create an RFP (request for proposal) to find a vendor (or multiple vendors).
  • Analyze the proposals as best you can with a limited background in this stuff.
  • Sit through the vendor presentations. 
  • Select a vendor.
  • Negotiate a schedule and contract with the vendor(s).
  • Work with the vendor’s project manager to write up some formal documentation (requirements) for design and technology.
  • Talk to the vendor’s designers about what your organization needs.
  • Keep talking with internal stakeholders about visual designs. 
  • Make a lot of micro decisions on the fly about what the site does and looks like in order to keep the project on schedule and on budget.
  • Find or create graphical resources (logos, photos, etc.) for the designers.
  • Find, create, or get others to create an awful lot of editorial content.
  • Make a million more micro decisions about the technology. The programmers will need a lot of information from you. 
    • A coder working on a form, for example, would need to know what the questions are, what the answers are, what font and type size they need to be, what colors need to be on the form, whether each question is multiple choice or yes/no, and what happens when the “submit” button is pushed.
  • Deal with (i.e., manage) changes/new ideas from internal stakeholders as time passes. Keep managing these changes to your budget and schedule.
  • Create more content. If you can create a little backlog of articles, headlines, “teaser” paragraphs (that will draw people in deeper to the site), and graphics it’s easier to make sure the site keeps changing after its launched.
  • Do technical and content quality assurance (QA) on the initial software. Basically, that means clicking on every single link and making sure everything works right. 
    • This is important. The minute you say it’s OK, the vendor has completed his or her contractual obligation. Fixing problems later could cost you more money.
  • Communicate internally to your boss and your coworkers about the new site and how it will help them/impact them.
  • Oversee the launch – do another QA. Fix any problems you uncover.
  • Create some documentation for the person who will follow behind you and maintain/grow the site.
  • Possibly hire the person who will follow behind you and maintain/grow the site.

I don’t care how amazingly organized you are, you won’t be able to do all of this and effectively maintain your other job. Save yourself the ulcer and find a way to take a leave of absence from your other role until at least a month after the redesigned site has been launched. How do you do this? Talk to your boss. Explain that you’ll need the focus to stay on top all of the details you are managing, and show him or her this list. Even if a vendor is “doing everything,” someone at the organization has to check and approve what the vendor does and that will most likely be you. Things will get a little hairy as the new site gets closer to completion (“launch”).

You’ll need the extra month to clean up little problems that came up during the main development process and get everything organized for the person who will come in after you.

If that’s not an option, then you’ll need to cut way back on what you are doing. You can maintain an existing site while juggling another job, but a redesign or a replatform are pretty tough to do. One possible alternative: Get a buddy. See if you can get your organization to assign at least one other person to help you manage all of this. Two organized people who work well together could pull this off while doing other jobs.

If all else fails…

If you are going to be essentially juggling two jobs, here’s another hint. Be really up front with your vendor when you are talking to them initially – before you sign a contract. Tell them, even before the contract is signed, that you are juggling two jobs here and that you’ll have limited time for feedback. They can take a lot of the micro decision-making, internal stakeholder communication, and documentation off your plate. You’ll need to pay the vendor for the extra time, but it might end up cheaper than putting you on the project full time… or paying for your therapist later.

Activate your resource network

If you participate at all on the Web (e.g., Twitter, Facebook, LinkedIn), start pinging those networks. Ask around for relatives, friends, or friends of friends who manage websites – look for some people you can ask questions of.

If you don’t participate in any of those networks, you should probably start. Facebook and LinkedIn both offer great tools for connecting with people you already know. Since the Web is such a big part of our world, you might be surprised how many people you know have some kind of experience with it. Having a group of friendly people that you can ask questions of (or commiserate with on the bad days) will make a world of difference.

Next is Getting organized: Figure out corporate goals for the site.