A place where we write words Ignition Blog

So once you've got your brand new sparkly e-commerce website up and running you're sorted! Well, kind of. Now it's time to find some customers and just because you built it doesn't mean they'll come running.

If your customers use Facebook then this could be a great place to start your advertising campaign. It is simple to use, appropriate for any budget and because it works on a cost per click (CPC) basis you'll only pay for results.

What's more, all the lovely personal information people enter in their Facebook profiles allows you to target specific audiences so you can target your advertising far more effectively than with press or radio ads.

If you want to give it a go or find out more check out our pdf Facebook Advertising Explained

-Tracey

As a business, choosing to engage in social media can often feel like an obvious thing to do. It’s a great way to get your brand awareness raised, and to interact directly with your customers.

However sometimes social media can go wrong, and there’s been a good example of that recently when Tesco’s Customer Care Twitter account got caught up in a discussion about password storage best practices with Security guru, software architect, and Microsoft MVP Troy Hunt.

The summary below is pretty brief, and focuses on the social media fallout, however if you’re interested in password security, hashing, and some general web security best practices then you can read the full story here: Lessons in website security anti-patterns by Tesco.

It started off when someone mentioned that they’d received their actual password right back after performing a lost password operation. This means Tesco are storing their customers passwords in a non-secure way, and in an era where user databases are being stolen on a daily basis (Sony PSN, Billabong, and many many more) it’s a pretty big (and obvious) nono. So Troy Tweeted the Tesco social media account challenging them to fix the mess up, and they responded, and the following conversation occurred:

The final Tweet there is the worst of the bunch, because if the passwords can be displayed in plain text then there is no way they’re stored securely. What followed was much retweeting and public laughing at Tesco:

This screenshot is a bit old, and no doubt that number has incremented a little since then, but you get the picture. 1165 retweets, and Tesco’s poor security practices are now pretty well known across Twitter. Ouch. There’s been quite a few follow up articles too, and while it’s only speculation on my part, I think it’s fair to say that if it wasn’t for the above Twitter conversation there wouldn’t have been anywhere near as much media interest.

So, what’s the lesson? Take care with your social media identities. Know the risks, and don’t forget that any business communication should have a bit of formality in it, even when conducted over an informal feeling medium such as Twitter. If the above conversation was taken privately, and conducted with less of a “We’re right – you’re wrong” attitude then the fallout may have been less. If the Tesco author had stopped and taken 30 seconds to check out Troy’s history/blog/credentials then they might have paused for a moment before replying.

It’s all too late for Tesco now, but make sure you learn from their mistakes when you’re out being social on the Interwebs.

-Ross