October, 2008

Hacking, cracking, and codejacking have exploited application vulnerabilities from the time the earliest programmers wrote their first “Hello World”.  In the past, only application developers were vulnerable to such attacks. The dynamic web brings these attacks into the domain of the common website, as more contemporary sites use a database to drive their content.

In the early 2000s, common websites were composed of several static HTML pages, and only programmers (and wealthy corporations) could enjoy the luxury of a database-driven content management system (CMS). When I wanted a database-driven site, I had to build one myself using PHP and MySQL. Sure, there were bulletin board systems (now referred to as forums), wikis, and web site building applications, but their use was nowhere near as popular as today.

With affordable website hosting came the deluge of database-driven websites. Blogs, forums, wikis, and open-source and commercial CMSs now drive most websites. Every one of these sites can accept user-generated content (UGC), and every one of these sites can be exploited. The web-based forms that interface with the database can open the door for SQL injection or cross-site scripting (XSS) attacks that can do anything from redirecting traffic from your site to an online pharmaceutical company to turning your server into a drone machine that attacks other servers.

At the time of this writing, Google returns over 16,000 results for ’sql injection’ and 30,000 for ‘cross-site scripting’ OR ‘xss’ from articles indexed within the past 24 hours. Click the links to compare that number with the current articles at the time you read this. There shouldn’t be much difference. If anything, code exploits should become more frequent. After all, it is a numbers game, the number of database-driven sites increases exponentially.

We can’t lay blame on Microsoft vs. *nix based servers, open-source vs. commercial software, or even specific companies, as all machines connected to a network are at risk. My fellow bloggers have had their Wordpress sites hacked through their comments forms. When I explored Moodle on my server a couple of years ago, the landing was replaced by a “YOU’VE BEEN HACKED” page even though I hadn’t publicized the link to anyone. It was only set up for a week.

While some users are malicious, some are just experimental. I recall a story of one user who hacked MySpace to exploit a hole that bypassed both the captcha and confirmation usually required to add “Friends”, and successfully befriended over a million users in the span of eight hours. Maybe I’m exaggerating, but over two days that script effectively shut down MySpace. The point is that regardless of how secure your site is today, you need to monitor your security, constantly.

Fred Salchli, Duo’s Chief Technical Officer, told me a story of how SQL injected into an unmanaged web application once corrupted a series of websites hosted on the same server. Duo was called in to rescue the data by running a script on each of the websites to determine which fields were affected with this code. Then they proceeded to update the applications to block the holes and prevent any future attacks.

He also gave some tips to reduce the possibility of your site being attacked. Initially, insulate your database from raw information submitted through web forms by cleaning the input through validation and encoding and escaping strings. Within your code, enforce strong typing of variables that work with data input. Additionally, incorporate a database abstraction layer to provide a buffer between submitted data and your database.

Once your code is secure, keep it secure by keeping abreast of security issues and applying patches and updates as required. And if your database still gets attacked, be sure that you have a current backup to restore your data.

Most attacks use JavaScript in combination with SQL. Some involve more complex code execution from image header information. However, a new threat has made recent news, that uses neither of these methods. The first report I read about ‘clickjacking’ was so vague it was unclear whether even the author knew the exact nature of the problem.

However, other coders developed sample code exploits based on speculation of how these attacks could happen, and the results were downright scary. One turns your MySpace profile from private to public, and another sends an email to cyberspace using your gmail account. (Note: if you are not already logged into these systems, these examples won’t work. You can bet the more malicious clickjacking scripts monitor your system, waiting for you to shop or bank online, and then send your keystrokes to remote locations.)

More recently, a quick scan of my server logs found an unusually high number of requests for aedating4CMS.php, as that script contains some apparent vulnerability. I would have been a lot more worried if I actually used that application. Nonetheless, because I treat invalid page requests as directives to search my Wordpress database, allowing that request would tie up server resources and poses a security risk. Rather than letting this sort of behavior go through, I hacked my server script to redirect all requests containing ‘aedating’ back to the originator. Problem solved.

Most users don’t have the interest, the understanding, or the time to manage their server and database security to this extent. In these cases a web services company is your best friend, as their staff will test and troubleshoot your applications, apply upgrade patches, and even maintain backups in the event something happens. Hiring others to manage your hosting services frees you up to work on and build the core of your business.

Twitter, Twine, and now Twing - I have signed up for all these web applications that start with “Tw!”

Twing is a specialized search engine for deep searches within community discussion groups or forums. So if you want to find niche communities or specialized discussion, actual online conversation, about a topic or a brand, Twing offers a way to search through community content that Google or other search engines may miss. Twing sports a directory listing of different communities so you can click down through the forums that interest you (or may be of interest to your clients or customers).

Especially fun at election time and Trick-or-Treat time is the Twing Buzz Chart. Here’s a comparison of some favorite candies for Halloween - candy corn is obviously being talked about much more than the other chocolate-y goodies! The default on the site right now is comparing Obama, McCain, Biden, and Palin.

Twing was recently named one of Laptop Magazine’s Top 50 Web Tools of 2008 in the November 2008 (alas, printed edition only), and also is listed in PC Magazine’s 15 alternatives to Google’s “classic” search.

Mashable’s Kristen Nicole reviewed it when it was still in pre-beta in February 2008, with Twing:Another Funny Name for Forum Search and she noted the nice use of filters in the sidebar to filter through the results, saying “I was happy to see a rather extensive filtering sidebar that’s present for narrowing down all of your search results. Modify existing searches by category, forum name, exact phrase inclusion or exclusion, and more. This is helpful in the sense that it lets you sift through the forums without having to read through all of them.”

I’d imagine you could search for communities related products, hobbies, concepts, clubs, bands, brands, groups, events, and people. If your goal is to find others to talk to online, Twing is your site.

Updated to add: Apparently Twing is no more as reported by Michael Arrington on TechCrunch December 1, 2008. Just wanted to be sure to let readers of this entry know why the link won’t work!

The wake left by the international financial crisis has caused some general anxiety among marketing professionals, and with good reason. Traditionally a downturn in the economy means cutting marketing budgets. And this time, according to a recent survey by MarketingProfs, the financial crisis is causing immediate 2008 budget cuts and already affecting the 2009 budgets of its members surveyed.

But some of the biggest names in branding, (including Procter and Gamble, who survived the crash of the 1930s) are suggesting we do just the opposite. As the shock wears off, a voice of reason is emerging that encourages companies to stay on track, but use dollars carefully. For some companies, this includes increasing, or at least maintaining, online marketing budgets. (In the interest of full disclosure, I should say that as a writer I depend on healthy marketing budgets for my own livelihood. I offer this information based on what experts and surveys suggest the current trends are.)

At the recent annual Association of National Advertisers conference, Stuart Elliott at the New York Times listened in on presentations by head marketers for companies like Hewlett-Packard, Coca-Cola, and General Mills. Here’s what they had to say:

“It’s incredibly important to be risk-takers in the economic climate we’re in,” said Michael Mendenhall, senior vice president and chief marketing officer at Hewlett-Packard, when “people have a tendency to pull back.”

“In economic times like these, you don’t hunker down and go in the bunker,” he added.

Companies such as Coca-Cola, reported to have the strongest brand recognition in the world, aren’t backing down either. Joseph V. Tripodi, chief marketing and commercial officer said,

“Don’t go to the ledge. Don’t let the urgent overwhelm the important.”
“It’s very easy now to panic, and we cannot panic,” he added. “Invest in your brands now, especially in these dry times. The easiest thing is to shut down, and that’s the worst thing.”

Brand recognition is one thing, but getting consumers to buy is another. General Mills is fending off the economic downturn with a new “Home is calling” campaign.

“Right now, given where America is, people need to go back to the comfort of home,” said Mark Addicks, senior vice president and chief marketing officer at General Mills. So a new campaign for the company’s Pillsbury brand will carry the theme “Home is calling.”

And if General Mills is right—and I have a sneaking suspicion they are—people are going to be reaching out for more ways to access information about our products and services from home or office. “Home is calling” may sound corny, but if you were a grown up in the nineties, you’ll remember the undying DIY movement was sparked by the backlash against the excesses of the 1980s and gave us cocooning and internet shopping. I don’t know about you, but the feelings “coming home” evoke in me, especially when thinking of our troops overseas, makes me want hot flaky biscuits.

Whether your company intends to decrease spending or not, before you slash and burn across the board, you may want to consider preserving your web marketing budget or even moving more money into it. Web-based marketing can give you more for your dollar, and give nervous CEOs and CFOs measurable results as opposed to the sometimes ambiguous results from other marketing avenues. At the same time the MarketingProfs survey showed a decrease in both 2008 and 2009 budgets, 60% said they would be increasing their online budgets with 85% reducing their use of traditional marketing vehicles.

In a just-released survey from eMetrics Marketing Optimization Summit more than 64% of respondents say the current economy probably won’t affect their overall marketing budgets, but most report plans to increase or maintain their budgets for Email (83.6%), Online Advertising (77.2%), Keyword Search Campaigns (75.5%), Social Media (61.8%), and Video Advertising (38.2%). eMetrics’ analysis states,

“34.5% of respondents’ marketing budgets are negatively impacted by the economy but only 10-15% of respondents are cutting budgets on online channels. This would suggest that confidence in online marketing effectiveness continues to grow.”

According to the survey web analytics have become increasingly important to senior management.

“Web analytics helps us maximize the effectiveness of our shrinking marketing dollars by pointing out our strengths and weaknesses and providing an actionable roadmap to our most impactful ROI channels online. Tough times really do call for tough measures.”

You can download the entire survey results from the eMetrics web site.

However, if you don’t have a strong web presence yet, all the analytics and optimization in the world will not meet your customers where they are. So perhaps the best advice I’ve seen in the past few weeks on how to stay afloat in tough times came from Erik Sorenson, CEO of Vault.com, Inc., at the CNBC Executive Careers blog:

“If you are web-based and need traffic, power up your search engine marketing. If you’re brick and mortar and need traffic, focus on outdoor or radio advertising, or whatever provides the best value for your dollar. And if brand awareness is the goal, concentrate on those channels that work best and cut the rest if necessary to gain efficiency.

Take a look at which companies are branding and marketing themselves when you’re surfing the Internet, watching TV, or reading the paper. They are working to drive whatever revenue is out there now and they’re positioning for the recovery. Think of it as accelerating through the turn.”

Yahoo Pipes offers access to the data and information constantly streaming along the Internet in an accessible way to web programmers and non-programmers. The user interface involves dragging and dropping boxes and connectors, then clicking choices from a drop-down list.

I really do feel like I’m riding on a river of information most days, and have adopted a more serendipitous, free-flowing sense of when I’ll get the next bit of information that’s useful to me. But with content aggregation and the power of the filtering mechanisms, the river becomes a stream becomes a pipe with customized clear drinking water in a manageable fountain spray rather than a fire hose. But if you do want to drink from the Social Media Firehose, I recommend that Pipe. It uses data from all the big name social media sites, including Flickr, Twitter, Friendfeed, and Digg.  The beauty of these pipes is that you can build on what others have created. Unfortunately, with a product name like iMIS and a company name like ASI, I’d prefer to filter the list of results by English language content only, but that filter isn’t available on the content from those feeds apparently.

Corvida on the Read Write Web has done an excellent job of gathering and categorizing the most popular Yahoo Pipes and giving explanations of each in The Ultimate Yahoo! Pipes Creations List. She lists three categories for these pipes: Social Submission and Aggregation Yahoo Pipes, Pricing Alert Yahoo Pipes - Catch That Deal! and Media Yahoo Pipes.

If you’ve ever been frustrated with the way that Joomla handles feeds, you might do what the Kingman Bicycle Outfitters webmaster did - created a Yahoo Pipes badge of cycling news feeds.

Or if you’re the site designer for the Calistoga Inn and you want to show pictures of the lovely area surrounding your Inn, you’d create a Yahoo Pipe badge that shows photos on a map.

Now, one immediate caveat to the Yahoo Pipes service is that it does not have a Service Level Agreement so access could disappear one day. I’m not sure what you’d do to substitute a custom-built pipe. Grazr offers custom-built feed processing tools and a similar “badge” for inserting content from feeds on your website. But it would appear that all the excitement and energy surrounds Yahoo Pipes. What are other great examples you’ve seen lately?

This is a non-partisan post. OK, maybe just a tinge of partisanship, but let’s keep it professional.

The Web Marketing Association judges have reviewed and voted for which presidential hopeful has the better website. Senator Obama’s website has won by a landslide. We can dissect this evaluation in a moment, but the real question is, “So what?”

The Internet, which has been changing everything, has been playing an ever-increasing role in election strategy at all levels of government. For the presidential election, both candidates are using the Internet to help their campaigns woo volunteers and campaign contributions. So the implication of who has the better website translates directly into who might be able to build a more effective base of activist supporters and who can use the Internet to shake coins out of prospective contributors’ pockets. Election strategists take note.

During the first week of October 2008, 110 Internet website experts who serve as WebAward judges reviewed both www.johnmccain.com and www.barackobama.com using the same criteria used in the annual WebAwards program (for which Duo clients won 5 awards). The sites were judged side by side on seven criteria of a successful Website.  Here is their evaluation:

Design - Asked “which website has the most pleasing design?” WebAward judges selected the Obama site 4 to 1 over the McCain website. 84.5% of them voted for Senator Obama’s website and 15.5% selected Senator McCain’s website as better looking.

Innovation - Website innovation also went in favor of Barack Obama. By the same margin as design, the vast majority of WebAward judges (82.4%) thought the Obama website seems more innovative, while only 17.6% favored McCain’s.

Content - In terms of having the most appealing content, judges again selected the Obama website over John McCain ’s website, although by a narrower margin than the first two criteria. 71.6% of the WebAward judges felt barackobama.com has more appealing content for visitors compared to 28.4% for johnmccain.com. WebAward judges also found that the Obama website is more effective for telling the candidate’s story and attracting contributions and voters to its cause (72.2% Obama vs 27.8% McCain).

Ease of use - Senator Obama’s website was seen as easier to use by the WebAward judges than Senator McCain’s. 73.8% selected barackobama.com as easier to use compared to 26.2% of WebAward judges who felt johnmccain.com was easier.

Copywriting - It is obvious that both campaigns have excellent writers on staff. Neither websites have any of the editing issues some large organizations can experience. However, the WebAward judges gave the advantage to the Obama site (70.1% over the McCain site 29.9%).

Interactivity - Interactivity makes a website more than just an online billboard and both candidates were effective in giving visitors to their websites plenty to see and do. Nevertheless, once again the WebAward judges gave the edge regarding interactivity to the Obama website (75.2%) over the McCain website (24.8%).

Technology - Use of technology is evident in both candidates’ websites, however, the clear favorite for the WebAward judges was barackobama.com winning 82.4% of the votes compared to johnmccain.com with only 17.6% of the votes.

“On what are you working?” might be the more grammatically correct phrasing of this question, or perhaps the slightly awkward, “What work are you doing?” But the point is, you can let your coworkers and colleagues know your status updates internally only using Yammer, much like Twitter but with a co-worker limitation on conversations.

Sign up with an email address that matches your company’s domain name, and then answer any one of these work-related questions in 140 characters or less, and you are experiencing Yammer, the winner of the Techcrunch 50 and its $50,000 prize.

Yammer (www.yammer.com) lets you share status updates with users internal to your company only. With an iPhone application, a BlackBerry application, and a Desktop application, Yammer can be everywhere employees go to get their work done.

Yammer screenshot from their video demo

One nice feature lets you put a pound sign next to a word in an update, (like #newspace) then Yammer collects the status update and groups updates about that project, much like Twemes do for the Twitter site. Check out twemes.com/wc08 for examples from a recent Web Content 2008 conference. Yammer’s tag implementation lets you follow the aggregation of the updates as well, which makes following project statuses as easy as following people’s statuses. Nice.

For those of us who have been on Twitter for a while, a company directory limitation to followers “feels” a little awkward. It’s as if we need lifestreaming and workstreaming, but having to follow two streams depending on your current focus seems like splitting attention too finely.

Anne Zelenka defines workstreaming well in a  WebWorkerDaily post, “Workstreaming: The New Face Time.” She says “Workstreaming is related to lifestreaming, producing an RSS feed of all the bits and pieces of your online self in date-time order. But lifestreaming incorporates everything from the personal to the professional to the trivial, while workstreaming is only about showing what you’ve just accomplished, what you’re working on now, and what you’re planning to do in the future.”

An alternative to Yammer may be a separate, work-related-only Twitter account, with limitations on who can follow that account.

You could look at Yammer as a microblogging tool, an internal instant messaging tool, a project status tool, or a people status tool. Overall I would call it the next generation collaboration tool for the enterprise.

Well-written content adds value to any website. Whether for business or personal use, a website should provide information that increases the knowledge store of the World Wide Web. A key benefit of expanding your website content is that it provides more terms for search engines to index. An additional plus is that websites that update more frequently often earn a higher rank due to their activity.

How does content get on your website? There are three simple methods:

• Write it yourself.
• Hire the services of other writers.
• Aggregate content from outside sources.

(Okay, there is a legendary fourth, which is to let a room full of monkeys loose on various computers and see if they can type the collected works of Shakespeare. But only the above three are practical.)

My post on the benefits of cloud computing is an example of the third option, exercised by the Cloud Computing Journal, an online magazine published by SYS-CoN Media that uses all three methods to increase their content base. What struck me about their method of content aggregation is that within minutes of posting the article, Jeremy Geelan, Sr. Vice-President of SYS-CON Media & Events, sent me an email requesting permission to reprint it, offering full credit and a bio.

This was unexpected, but refreshing. Websites that aggregate content usually do so by programming a script to search the web for content and post it to their site verbatim. The intent of this method is to increase their indexed content and drive their search engine page rank, but all it does is create a mess of noise on the Internet. Articles about securing your java application and enjoying a java chip mocha frappuccino don’t usually belong on the same page, but they might if they share the word java.

Even if an automated script could request permission from content authors before copying it onto their site, it would be difficult to automate a filtering mechanism that also ensures the content is relevant. Alternatively, a human being can review all aggregated content and apply their own site’s editorial guidelines to add value before posting it live. This is what set my experience with SYS-CON apart from the rest:

They Credit Their Sources

By offering to post links back to Duo Consulting and my personal/professional blog, they already received top marks in my book. One of my friends complains that his photographs are all over the Internet without any credit back to the source. His website explicitly states that he allows anyone to use his images provided they acknowledge where they came from. A simple email request could avoid creating bad blood between your organization and theirs.

They Edit Content to Increase Value

Since posting my article to the Duo Consulting’s blog, it’s taken on a whole new life. The alternate version sports a spunky new title and tag line:

The Three Salient Features of Cloud Computing: Accessibility, Availability, and Scalability: Cloud computing provides tangible benefits, available to users on request

Also, my closing paragraph is now at the beginning, which gives additional weight to my all-time favorite lines:

“…the availability of our resources dictates our current needs…and our needs always expand beyond the capacity of our resources….”

In addition, Jeremy reviewed my blog’s About Tony Chung page and hand-crafted an author bio with a photo.

They Ask for Permission

I mentioned to Jeremy that I would be writing this article, and gave him my initial three-point skeleton. He wanted me to list this point at the top, because for them, there is no substitute for the personal touch when aggregating content. I chose instead to close with this point, because it is by far the most important concept in re-purposing content from outside sources.

Requesting permission to reproduce others’ ideas shows respect to the creator, elicits respect from the creator, and fosters a sense of community. This experience is what drove me to write this article, because the simple effort of ask me impressed me so much. According to Jeremy, this has been SYS-CON’s model for years, and will continue to be their model.

Content may be freely available on the web, but it is definitely not free.

The South By Southwest Interactive panel picker has done its duty and about 60 panels were announced last week, but one still caught my eye that did not get selected: Social Media for Luxury Brands and Brands With Issues. It looks like a very interesting discussion. One line from their abstract states what I would consider to be the crux of the issue of involvement in social media for luxury brands - “Some high-end brands fear getting their hands dirty by mixing with the masses.”

That’s no longer true for Cartier who overcame any supposed fear and got their hands dirty on MySpace last summer. I for one was surprised that Cartier has a MySpace presence. See and hear http://www.myspace.com/lovebycartier for the actual page and to view their 4048 friends.

The world’s most desirable luxury brands according to Forbes magazine include Gucci, Chanel, Calvin Klein, Louis Vuitton and Christian Dior. These are the brands that respondents to the survey would buy if money were no object. If you haven’t seen the site Brand Tags yet, check out the tags for Louis Vuitton (here’s a hint: expensive luxury bags are the top three tags).

One of Cartier’s stated goals with a MySpace campaign was to market to a younger crowd, but Cartier is not just after the teenyboppers instant messaging with their friends about their latest crush. MySpace says that fully 85% of their U.S.-based users are over 18 so Cartier’s definition of young may be 20-somethings.

According to the Forbes article, though, United Arab Emirates and Hong Kong are the world leaders in luxury goods consumption. So perhaps there’s a mismatch in the MySpace “walled garden” eyeball/audience tendency and the most likely luxury brand consumer.

No matter the analysis of effectiveness of reaching their target, the reality is that all brands are seeking the viral nature and virtual word-of-mouth marketing that social media offers. What brands do you wish were more “hip” online for you to share with others? Which brands have you tuned out on your favorite social media sites?

Duo Consulting has been working with Drupal (an open source content management system) for well over a year now, creating sites like the award-winning Chicago Public Schools Alumni site.

As part of our continued commitment to the overall Drupal effort, and the Chicago technical community specifically, Duo is helping to sponsor Drupal Camp Chicago, including sponsoring a student registration, as well as sending several of our own developers to participate.

Suggested session topics run through the life cycle of a Drupal application, from installation to performance tuning. It looks to be a good event for anyone interested in learning more about this CMS!

Web usability expert Jakob Nielson just released a new study that I think every marketing manager with a company website ought to pay attention to. It’s about your company’s About Us page.

The study, released last week, follows up on an earlier study done five years ago and looks at 63 websites from large, medium and small companies, government, and nonprofits. You can read the executive summary on Nielson’s Alertbox website or download the whole thing for a reasonable price (compared to most studies like this) if you want to see the dirt on the company sites with usability problems or see examples of good About Us pages. But here is some of what he says about putting your best face forward on these important pages, along with some of what I’ve seen of this in my own experience.

“On each site, we gave users one open-ended task: evaluate the organization. We also gave them several directed tasks, such as to find out who runs the organization, what community or social programs the organization contributes to, and when the organization was founded.”

There was some good news and some bad news on these tasks. First, usability for those pages had actually increased by (what Nielson calls) an acceptable 9% in five years, but the bad news was that when users were asked to find out what the organizations actually do success rates went down from 90% to 81% in the last five years. Apparently, a trend has emerged where marketing execs are more interested spewing “marketese and blah, blah” about what they do, than being clear.

I do a lot of research via company websites and I see this type of mistake a lot. They usually say something like, “We deliver you the most innovative solutions in multiple languages to give you improved outcomes and a more impactful position in a unique marketplace within all industries.”
What!? But what do you do? It kills all your credibility to be so vague that you appear to be trying to be all things to all people. Nielson has this to say about credibility:

“Trust and credibility are major issues on the Web, where even the biggest company exists as only a few words and pictures in a browser window. The most deceitful and unethical company can look as good as a company with a long history of community involvement and honest customer relationships. Explaining who you are and where you come from does matter, as do simple things like providing management biographies and photos.”

Nielson, gives some great free advice in his executive summary. For example he suggests web designers have a homepage link that simply says About Us or About Company Name since this is what most users are accustomed to. In his study users had trouble deciphering the meaning of nonstandard terms like  Info Center or other descriptors, so it’s best to use what is familiar, rather than trying to be different.

And it’s important to be sure the content on your About Us page says clearly who you are, becuase as Nielson says, this is pretty much the content you want all other content based upon, so it’s important to nail it down tight—without the marketese and blah, blah. He then goes on to recommend a hierarchical structure for the rest of your About Us information (more free advice):

“We recommend providing About Us information at 4 levels of detail:

• Tagline on the homepage: A few words or a brief sentence summarizing what the organization does.
• Summary: 1-2 paragraphs at the top of the main About Us page that offer a bit more detail about the organization’s goal and main accomplishments.
• Fact sheet: A section following the summary that elaborates on its key points and other essential facts about the organization.
• Detailed information: Subsidiary pages with more depth for people who want to learn more about the organization.

Nielson explains the effectiveness of this approach through a good example (Alcoa) and bad example (US General Services Administration).  Search these yourself and see if you don’t agree.

This is just an overview, so if you want to read the study information that supports these ideas, or you need some type of metrics to convince your boss, you might consider reading the entire report, but Nielson’s exec summary has even more valuable information than I can talk about here. So, I’ll leave you with Nielson’s bottom line on this:

“The Web is very depersonalized, but from our earliest usability studies, we’ve seen that users like getting a sense of the company behind the website.

Having a good About Us section facilitates this understanding. Clearly stating what you do helps customers understand your site as a whole. Of course, your overall site is what ultimately represents your organization to users. People look at product pages and read the site’s content when they’re evaluating an organization as a possible vendor, business partner, employer, investment, or (in the case of charities) donation recipient. Communication isn’t restricted to About Us. But dedicating an area to providing users with facts about your organization and its history and values helps pull all of the site’s content together.”