What Website Owners Need to Know About Cyberattacks In 2018

What Website Owners Need to Know About Cyberattacks In 2018

 

 

Imagine if one in every 15 websites you visited was secretly taken over by cybercriminals trying to steal your credit card information or other personal data. Now imagine if that website was your website, and you had no idea it was harming your visitors. This is the reality for many website owners, and now more than ever, they need to be on alert for cyber attacks in 2018.

In Q3 2017, alarming cybercrime trends have been discovered that will likely affect websites for months to come. The most worrying trend for website owners: cybercriminals are increasingly using malware, or software that is used for malicious purposes, to take advantage of website visitors. In fact, nearly 15 percent of malware attacks targeted website visitors with the goal of exploiting them for sensitive data, website traffic, and other assets or resources. That’s not all: cybercriminals attempted to compromise more websites in Q3 2017 than in the previous quarter, increasing their attempted attacks by 16 percent.

The frequency of these attacks means that your website – and your visitors – could be impacted at any time. Without proper website security in place, your website is likely to experience a cyber attack and suffer the consequences.

Using data, we’ll reveal how cybercriminals are able to exploit website visitors, what they gain from targeting visitors, and how you can put a stop to it in 2018 and beyond.

How are cybercriminals taking advantage of website visitors?

Stealthy cybercriminals prefer types of malware that can enter a website and cause damage quietly, as cyber attacks are typically more effective when both website owners and visitors are unaware the attack is happening. It’s for this reason that backdoor files were often used to execute visitor attacks in Q3 2017.

Backdoor Files

Backdoor files allow cybercriminals to gain administrative access to a site without the knowledge of the website owner. As the name suggests, you can literally think of it like the backdoor to a house that someone uses to enter and leave without being noticed. More specifically, backdoor files are uniquely encoded files that are difficult to detect. Cybercriminals can encrypt their backdoor files with a decoding key that only they possess, meaning, no one else has access to their malicious file. In Q2 2017, backdoors accounted for 23 percent of malware files. Because malware is becoming increasingly complex and easily hidden, backdoor files pose a large threat to website owners. Once a backdoor file is left on a website, cybercriminals can use it to return to the website at their leisure to cause more damage.

Once malware successfully infects a site, it can be used to deploy visitor attacks.

Visitor Attacks

Visitor attacks are attacks that occur on a website with the goal of exploiting the website’s visitors. These attacks can target sensitive customer data, steal website traffic, or spread malicious content.

In Q3 2017, visitor attacks accounted for 26 percent of malicious files cleaned, which means that if an attack occurs on your website, it’s likely targeting your visitors.

The most frequent visitor attacks in Q3 fell into one of four categories: SEO (search engine optimization) spam, redirects, defacements, and phishing kits. Below is a breakdown of what these attacks are and how they can harm website visitors.

SEO Spam

SEO (search engine optimization) spam takes advantage of the way keywords are used to influence how well a website ranks in search results. For those unfamiliar with SEO, a website has a better chance of ranking for a certain keyword if that keyword is used on the website. By injecting unrelated keywords into a victim’s website, cybercriminals can attempt to force a website to rank for those unrelated keywords instead. SEO spam is a top objective for cybercriminals, as the number of SEO spam files removed from websites increased 10 percent from Q2 to Q3 2017. SEO spam can add keywords directly onto to the pages of the website or inject them into the website’s code. The result: the attacker’s website sees higher traffic and improved rankings in search engine results, while the victim’s website loses traffic due to lower rankings and confused visitors.

SEO spam is classified as a visitor attack because it tricks visitors into viewing irrelevant content on the intended website. For example, if your visitors came to your blog looking for your latest recipe but found a post about prescription drugs instead, they’ll likely leave confused and unsure of whether your website is trustworthy. These irrelevant keywords can also devastate your website’s rankings in search results and draw traffic away from your website by directing your visitors to a different, malicious website.

Phishing Kits

Phishing kits are illegitimate replicas of popular websites like Google, Netflix, or various online banking applications that seek to steal sensitive information. Over 300 different organizations were targeted by 29,000 phishing kits in 2016, allowing cybercriminals to imitate several reputable websites. For example, if a visitor tries to complete a purchase on your site using PayPal but is unknowingly taken to a phishing site that looks like PayPal, that customer has just handed over their payment information to a cybercriminal. If they never receive the order that they paid for and discover that their information was stolen, you’ve not only lost a sale but likely a customer as well.

Redirects

Website redirect attacks occur when visitors arrive on your site and are instead redirected to a phishing or malware-infected website. These attacks account for 8 percent of malware files. Redirects are often part of an SEO spam attack or a phishing scheme, causing a loss website traffic and a decrease in trust from your visitors.

Defacements

Defacements change the appearance of your website when a cybercriminal replaces your website’s content with their own. You can think of it like digital graffiti on the homepage of your website. This content often includes an ideological or political message that could be off-putting to your customers. A defacement can render your website unusable, meaning you will lose leads, sales, and traffic. And when your website is restored, you can expect those numbers to stay low as visitors decide whether they still trust your website. Perhaps the most well-known type of malware, defacements accounted for 15 percent of malware files detected in Q3 2017.

Why are these cyber attacks happening?

While cybercriminals continue to increase their efforts and develop new types of malware, website owners largely continue to operate under a false sense of security. 13,000 website owners were surveyed to find out who they believe is responsible for their website security, and the responses were alarming. Of the surveyed website owners, 70 percent either believed their website was protected by their web host, or simply couldn’t answer the question.

It’s a common misconception that hosting providers offer security for each website they host. However, your web host only protects the server your website is hosted on, not the website itself. Think of it like securing an apartment building. Property management takes responsibility for securing the building, but each tenant must lock the door to their own apartment.

Another common website security misstep is relying on search engines for malware warnings. Popular search engines do their part to help create a safe internet by looking for websites with malware. To protect visitors, search engines will place a warning on a malware-infected site indicating that the site may be compromised. Search engines might even de-index the website if the infection isn’t resolved in a timely manner, meaning it will be removed from the search results. This process is known as “blacklisting,” and all too often – or perhaps not often enough – this is how website owners discover they have malware. Blacklisting can have a devastating effect on a website, causing a loss of traffic, trust, and revenue. For this reason, search engines err on the side of caution and only flag websites when malware is definitely identified. However, only 21 percent of infected websites are blacklisted, meaning that unflagged websites might still be infected with malware.

Fortunately, there are much more effective ways to secure your website.

Protect your website and your visitors in 2018 and beyond

Now that you’re aware of some of the ways malware can exploit your website and visitors this year, you should reinforce your website’s security. Here are a few simple best practices that can be implemented right away:

  • Use strong, unique passwords on all your website applications to prevent cybercriminals from guessing your password.
  • Update your applications and add-ons as soon as security patches become available and remove anything you’re not using anymore to help prevent vulnerabilities.
  • Maintain offsite backups of all website content so you can restore a clean copy of your website in the event that a cyber attack happens.

While everyday best practices are a great first step to securing your site, to combat threats effectively you’ll need to install a website scanner that looks for and removes known malware every day. You’ll be alerted when malicious or suspicious threats are identified, allowing you to resolve issues immediately and reduce the risk to your site and its visitors.

You’ll also save money by:

  • Not needing to hire an expert to remove malware manually.
  • Preventing costly downtime caused by cyber attacks. Website downtime can cost small businesses as much as $427 per minute.
  • Retaining customers and visitors. Recent data shows that 65% of customers who have had their data compromised refuse to return to the website that was responsible or simply stopped shopping online altogether.

With your website running safely and efficiently, you’ll be able to invest your time and money back into your business.

By taking proactive measures to protect your website, you can stay ahead of busy cybercriminals, cyber attacks and new trends in malware.

SSL does not make a site secure!

SSL does not make a site secure!

 

A Brief Overview

If a website wants to set up and use SSL/TLS, they need to obtain a certificate. A trusted party, called a Certificate Authority (CA), issues a certificate to a website bearing its domain name. When you type the address of that website into your browser, as part of the connection process, the website provides its certificate. Your browser checks that the certificate provided has the same name as the site you’re trying to connect to, that the certificate was issued by a trusted CA and that the certificate has not expired. When you connect to my blog, I provide your browser with my certificate.  You can manually inspect the certificate, if you like, by clicking the padlock icon in the address bar, clicking Connection and then Certificate Information (Google Chrome).
Certificate Info

Certificate for scotthelme.co.uk

Once your browser has verified that the certificate is indeed for my blog, that the certificate is valid and has been issued by a trusted CA, the connection continues. The browser and server exchange details necessary to setup a secure communications channel with each other and once completed, the site loads. This all takes places in a few hundred milliseconds and on modern servers doesn’t add a noticeable delay to the site load time. So, at this point in time, the user has loaded up my blog homepage and they have a green https in the address bar because we’re using a secure connection, so what’s the problem?

 

SSL/TLS Only Ensures A Secure Connection

Once connected to my blog using https, you can be sure that you’re connecting to the genuine site, that no one is reading our communications and that no one is tampering with them. That’s it. Whilst that might sound like all we need, no one can see your username and password when you login for example, there’s so much more to a secure site than that.

Anyone Can Get A Certificate

One of the first steps to setting up https for a website is getting a certificate from a CA. The CA proves your ownership of the domain, generally by sending an email to an address like webmaster@scotthelme.co.uk, and that satisfies their requirement that you own or administer the domain name in question. That’s all there is to it. Going back to the 3 basic purposes of the certificate, we have authentication, privacy and integrity. The CA has proven my identity and I can now use the certificate that has been issued to provide authenticity, privacy and integrity to communications going to and from my server by encrypting it. To try and explain this a bit more clearly, let’s say I purchased the domain nastyhackers.com and setup a website. The sole purpose of this site is to trick people into signing up so I can steal their details. I approach the CA, who verifies my ownership of the domain and then issues my certificate. Now nastyhackers.com is up and running with https, so this site is secure, right? Wrong! All we can say is that our communications with the site are secure. This website is most definitely not a secure site because they’re stealing all of our personal data behind the scenes

StartSSL certificates are free

Encryption In Transit vs. Encryption At Rest

SSL/TLS provides what is referred to as ‘encryption in transit’. Whilst our data is in transit across the web, it’s in an encrypted format so that no one can read it or tamper with it. The browser and server decrypt the data at each end so they can process it and act on it. The browser decrypts the data and renders a webpage and the server might decrypt the data and receive a new request or verify your login credentials. If you’re signing up to a new website that uses https, as all of your details traverse the web, they’re encrypted. This prevents anyone with access to that connection from stealing your private and sensitive data. As the server receives your data, it decrypts it and then most likely stores it in a database so it can remember who you are in the future. Unfortunately, SSL/TLS doesn’t give us any assurances about how or where that data is stored. The server could decrypt the incoming information and store your username and password in the database in plain text, without encrypting or hashing it. Information like this should be encrypted in a database, known as ‘encryption at rest’. The data is encrypted whilst it isn’t moving anywhere. A lot of the hacks and breaches we see in the news involve hackers gaining access to these databases that can store usernames, passwords, addresses or even credit card data for hundreds of millions of people. Our information may make it to the server securely, thanks to SSL/TLS, but if the server doesn’t store and handle that data securely, are we browsing a ‘secure site’? The answer that I’m hoping we’re starting to pick up on, is no. SSL/TLS does not give us an indication about the internal security policies of the organisation in question.

Data needs to be protected whilst being stored too

Getting It Wrong

SSL and TLS are both very complex protocols with a myriad of configurations, versions and features. SSLv1 was never publicly released so we first saw SSLv2 in the wild in 1995. SSLv2 was quickly discovered to contain some serious security flaws and SSLv3 superseded it in 1996. From here, through into the new millennium, we saw the introduction of TLSv1, TLSv1.1 and the latest incarnation, TLSv1.2, come into existence. Unfortunately, unless you start digging up information when you see https in the address bar, you won’t know which protocol you’re using to connect to the site. As technology moves forwards, websites may fail to add support for newer, more secure protocols and even neglect to remove the older, insecure ones. This results in the very real possibility of users being subjected to a protocol downgrade attack. This is where an attacker can simulate failure scenarios when your browser tries to connect using the newer, more secure protocols. This results in your browser attempting to renegotiate using an older, less secure protocol. Whilst the most modern and up to date browsers will prevent you falling all the way back to SSLv2, you could still find yourself using a protocol almost 2 decades old in SSLv3.

Getting it wrong

Mitigating Vulnerabilities

As with any security protocol, there is always someone looking to break it. Several attacks against SSL/TLS have surfaced in recent years, namely BEAST, CRIME and BREACH. These could all result, in one way or another, the data you send over a secure connection not being so secure. Whilst these vulnerabilities can be countered to a satisfactory standard on the server side, or by updating to the latest browser in some cases, this does not mean that you’re safe. Even if you pay close attention to keeping your software up to date, you have no information on whether or not a site has taken measures to patch these flaws. You still get your green https in the address bar and continue on because all appear to be safe.

Sites need to patch vulnerabilities in protocols.

Malicious Content

Just because you’re loading a page over a secure connection, you still don’t have any information about what is being delivered over that connection. Browsing a site using https will not prevent things like drive-by downloads, XSS vulnerabilities or CSRF attacks from taking place. You can be sure that these types of malicious content were not injected to your traffic in transit, and that they did originate from the host, but that doesn’t offer any protection to the user and their browser. Just because a site is delivering its content securely, it does not mean that the content itself is safe.

Malicious content can still be injected into traffic.

HTTPS On Sensitive Pages Is Not Enough

In previous blogs I’ve covered topics like session hijacking and code injection. When you first login to a site, hopefully using https, the server sends back a cookie. Once you’ve proven who you are with your username and password, the unique cookie is then used to identify you so that you don’t have to keep sending your username and password. It’s how the site remembers who you are and that you’re logged in. The only problem with a lot of sites is that after you’ve logged in, you will continue to browse the site using http. According to most of the advice online, we only need to check for https when we’re submitting sensitive information, but unfortunately, you’re now sending your cookie over an insecure connection which could result in an attacker stealing it. As the cookie is your proof of identity, the attacker can present the cookie to the website which has no reason to suspect that the attacker is actually impersonating you and will hand over your data. Once you’ve logged in to any website you need to continue to use https until you logout or you close the tab/browser. If you stop using https any point before that, it’s almost as bad as sending your username and password over HTTP.

Cookies over HTTP

Secure Communications, Not A Secure App

These false assurances not only present problems to users, but can also present a problem to sites too. Just because you have secure communications, it doesn’t mean that your app is secure.

Secure website?

Obviously the above image is a mockup for demonstration purposes, otherwise, I’d be living in my beach hut in Barbados by now, but you can see how the perfectly secure connection we’re using is offering us absolutely no security from the problem we see here. SSL protects us against such a limited subset of the risks we face online that labelling a site as ‘secure’ just because it has SSL is fundamentally wrong.

We need HSTS

I go into a lot more detail on HSTS in my previous blog, but this little response header is a crucial part of a proper SSL/TLS implementation. In essence, HSTS is an HTTP response header that you can set on your site to instruct browsers that you only ever want to use HTTPS from now on. If a user types a URL without the protocol specified, the browser will default to HTTP. Much like clicking a link with HTTP specified in the protocol, your first attempt at communications will be over HTTP, even if all the host does is respond with a 301/302 to HTTPS. That initial request leaves you open to attacks like those carried out with SSLstrip. The HSTS header will tell the browser to use HTTPS for the host no matter what. Even if you explicitly type http:// or click on a link that specifies Http://, the browser will send the request over https:// instead. The best possible SSL/TLS implementation is still lacking if you don’t issue a HSTS header.

HSTS enforces HTTPS

 

SSL All The Things!!!

It’s not that I’m complaining about Google’s recent change to nudge sites towards using SSL, but it does bring up a few problems. There are a lot of sites out there that are going to run terrible SSL/TLS setups. Poor protocols, even worse ciphers suites and maybe even Heartbleed or CCS Injection vulnerable. None of these issues will stop users getting that little green padlock in their browser or stop the site getting a boost in SERPs, yet none of them are ideal. Users will happily continue on thinking they’re now using a secure site when in reality it might not be much better than it was before. That said, I suppose the first large step is to get sites to actually implement SSL/TLS if they previously didn’t. A lot of sites will get the implementation right and at least we’re moving in generally the right direction. It’s a tough call, but I think in the long run we will be better off for it.

Educating The Consumer

As more and more of our everyday lives becomes intertwined with the web, I think we need to develop our understanding of it, but more importantly, our understanding of how to use it securely. There’s little point filling out a form and submitting all of our details via https and thinking we’re secure if the data is then stored in a database without encryption and an open port facing the web. Much like there is no point signing in using a secure form only to revert back to http afterwards. Whilst it may seem like I’m nitpicking at the advice that’s being given online, I genuinely believe that we need to make a distinction between a secure connection and a secure site. Until we do, the average end user isn’t going to expect or demand more of sites that they provide their sensitive data to.

Conclusion

At present, it seems that a lot of websites and government organisations are pushing out the idea that a site using https is a secure site and not simply a secure connection. Implementing SSL/TLS is just one of many steps that need to be taken to ensure a website is secure and this needs to be reflected more accurately in the information provided to the end user. No more ‘this site is secure, check for https in the address bar’ type messages. Users should always check for https in the address bar, but not be given over exaggerated information on how secure the site is pure because they use SSL/TLS. With Google’s recent announcement of a boost in ranking for the use of SSL, I think this problem is probably going to get worse before it gets better.

Is Social Media a “Pay to Play” in 2018?

Is Social Media a “Pay to Play” in 2018?

 

Remember MySpace?

It was one of the first social media platforms that revolutionized how people interact online.

In those days and even in the early days of Facebook, people were still trying to get comfortable with online “friendships.”

Some people didn’t join until a significant portion of humanity had already signed up. And even then, they were a bit hesitant.

Now, however, people are acquainted with social media, how it works, and why it’s fun. They trust it and they enjoy it. Therefore, they use it.

And in the days of social media discovery, everyone sort of wondered, “How are these platforms making money?”

Well, now we have the answer.

In a word, advertisements.

The more people that these platforms have access to, the more money they make from businesses wanting to sell those people their products.

And today, 62% of people living in North America have a Facebook account.

 

Since Facebook sells all of that user data to advertisers, they make a lot of money.

Unfortunately, that also means that growing an organic audience on social media platforms is only becoming more difficult.

Because Facebook, Linkedin, Pinterest, and Instagram want you to pay them money to reach your audience.

They don’t want you to be able to do that for free. At least, not easily.

While social media platforms might look like a simple and fun idea on the outside, the reality is that each one is a business.

Still, though, paying to play is well worth your time.

Not only does a massive portion of the human race use social media, but they use it regularly.

Over 75% of Facebook and Instagram users visit the platform at least once per day.

 

 

 

 

 

 

 

 

 

 

 

 

And that means if you advertise on the platforms, people will see you.

Social media is attracting people like crazy, and it doesn’t seem to be going anywhere anytime soon.

For that reason, many marketers and advertisers are still using the platforms to spread their products and message, despite the “pay-to-play” models.

Just take Facebook, for instance. 93% of social media advertisers use Facebook Ads.

 

 

However, even the massive number of marketers and advertisers who use social media to sponsor their businesses struggle to quantitatively measure their effectiveness.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

And that’s a damaging truth.

Not just to your spirit, but to your pocketbook. Maybe if you’re only trying to grow an organic following on social media, then it isn’t as detrimental.

After all, you’ll probably invest less money while trying to grow an organic following.

However, social media platforms are intentionally trying to get you to pay.

So first, I’ll discuss why and how that’s happening on social media platforms and then lay out some strategies to help you get the most bang for your buck on your advertising efforts.

Why social media is “pay-to-play”

It used to be that you could grow a social media following with some creativity and determination.

Now, however, you also need dollar bills.

And the more you have, the better you’ll be able to reach your audience.

That is, of course, on purpose.

Social media sites want you to pay to reach your ideal market. They don’t want you to able to reach it for free, and they definitely don’t want you to be able to go viral without paying for it.

Over the years, that truth is only becoming more prevalent.

As social media platforms establish themselves, they can require businesses pay more to reach their target markets.

And they are doing so. Vehemently.

In fact, on average, brands only reach 6% of their fans without using paid advertisements.

Clearly, that isn’t very promising.

Additionally, average Facebook engagement is on a downhill slope.

 

In other words, not only is it difficult to reach your ideal audience, but it’s almost impossible to get them to engage.

The answer, of course, is to run paid advertisements.

As Facebook’s stock price has increased, the average organic reach of business pages has decreased.

 

 

Why is that?

Because, again, Facebook doesn’t want you to build a following for free. They want you to pay for it.

Just consider this promote button that they constantly encourage businesses to click.

 

 

If you have a Facebook page, you know exactly what I’m talking about.

You probably even receive occasional notifications telling you to boost your post for $5 or $10.

That is a great way for Facebook to make money. But it might not be a great way for you to make money.

And that boost button becomes even more tempting when you find out that Facebook won’t even show your post to all of your current followers.

Just consider this post. My page has almost 920,000 followers, but Facebook has only shown the post to about 15,000 people.

 

 

Is that just because only some people have been on Facebook at the time of the post?

No. No, it isn’t.

It’s actually because Facebook intentionally restricts how many people a page can reach with their posts organically. They want you to click that boost button, and they want you to do it as often as possible.

The more you do, the more money they make.

That is, of course, only one example of the increasingly expensive social media climate that advertisers find themselves in.

So what can you do to get the most bang for your buck this year?

Specifically, five things. Here’s what they are.

1. Understand your advertising goals

Since every advertisement is going to cost you cold, hard cash, you shouldn’t run one unless you’ve first determined what the goal of the advertisement is.

If you don’t know, then it’s probably best for your bank account to forego paying for an ad.

The process doesn’t need to be complicated, though.

Just start by taking a look at your funnel, from awareness to consideration to transaction.

 

Then ask yourself where the advertisement falls within that funnel. What is the end goal of the ad?

Traffic? Conversions? Brand awareness?

The goal of your ad should directly impact the copy, image, and message that you send. If you don’t have a direct goal for your advertisement, then you shouldn’t run the ad in the first place.

Especially since an unsuccessful ad will cost you loads of money and time.

Naturally, there are a variety of different goals you can choose from.

This ad, for instance.

 

Is trying to do something far different than this ad.

One is trying to build brand awareness and strengthen Buffer’s brand image, while the other is trying to actually sell Buffer’s SaaS product.

One is top-of-funnel and the other is bottom-of-funnel.

Sometimes, you’ll want to run ads to a piece of content you created on your website.

Other times, you’ll want to simply sell your product.

Which goal you choose for your advertising campaign will also impact the audience you target.

If you’re trying to build brand awareness, then you might try to target people who’ve never heard of your business.

But if you’re trying to generate conversions, then it’s probably a better idea to run ads to people who already know about you and have indicated that they are interested in buying.

One thing’s for sure, though. If you don’t know what the goal of your advertisement is, then you don’t really have an advertisement at all.

Start with deciding a goal for your advertisement and don’t run the ad before you’ve determined it.

2. Choose the right social media platform

Each social media platform is different.

Some social media platforms are great for B2B advertising while others are great for B2C advertising. Still, some work for both.

Not only that, but each platform also offers different advertising options.

On Facebook, you can target custom and lookalike audiences, which we’ll talk more about it in a bit.

And on LinkedIn, you can target matched audiences.

With Pinterest, you can use Shoppable Pins.

Above all, though, Facebook shines through as the preferred option for marketers and advertisers everywhere.

In fact, 95% of marketers said that Facebook produces the best ROI for their advertisements.

 

 

 

 

 

 

 

 

As you can see, Twitter, Instagram, and LinkedIn fall into second, third, and fourth place.

If you’re looking to advertise on social media, then you should at least consider those top four platforms.

Still, one platform will work better for B2B while another works better for B2C. And one will work better for SaaS while another works better for physical products.

How can you decide which platforms to use and which to ignore for the sake of your business and your ROI?

Well, if you’re marketing for a B2B company, then LinkedIn, Twitter, and YouTube should stand at the top of your marketing list.

 

However, keep in mind that, on LinkedIn, you can’t do a very good job of selling your actual products.

For generating leads, the platform is remarkable. But for generating conversions, not so much.

Twitter is great for quick advertisements that drive leads and conversions. And YouTube is perhaps the best platform for building a meaningful connection with your audience since it’s based in video content.

Here’s a quick overview of each social media platform and their specialities.

 

 

In particular, you’ll notice:

Pinterest is great if you have a female audience, Twitter has the largest penetration in the U.S., Facebook is mostly on mobile, Instagram is all about images, Google+ has 300 million active users, and LinkedIn is B2B oriented.

Those unique differences should impact the place you advertise and the advertisements you use.

And each one will cost you money because each social media platform is a business.

So you need to choose the platform that will provide you with the best ROI. That way, you’re not wasting your hard-earned cash on a platform that simply doesn’t work with your business.

3. Target custom and lookalike audiences

Here’s what you don’t want to do.

You don’t want to pay for advertisements, run them for weeks on end, and receive little-to-no attention.

Unfortunately, that’s often what happens when marketers run advertisements without taking the necessary precautions. Or at least, having the necessary knowledge.

Take, for instance, the audience you choose to target.

You can target everyone in the social media world with the right interests. Or, you can target people who are similar to your current successful audiences.

In most cases, the latter option is far more effective.

Fortunately, most social media platforms offer a variation of what Facebook calls custom and lookalike audiences.

 

 

LinkedIn calls it matched audiences and Twitter calls it tailored audiences.

But the feature is largely the same across the board.

So what exactly does the feature do?

Well, it allows you to target audiences that are similar to your current successful audiences.

Imagine, for example, that you have an email list that is incredibly successful. Your open rate, click-through rate, and engagement rate are remarkable for your industry.

With customer and lookalike audiences, you can leverage that email list.

The feature allows you to do one of two things.

  • Target your email list or some other predetermined audience.
  • Target an audience that is similar to your email list or other predetermined audience.

The benefits of those features are obvious.

If you have an audience that is already successful, then targeting those same people or people with a similar attitude and demographic is likely to pull results.

In the case of Facebook lookalike audiences, advertisers experience higher-quality and scale than other advertising options.

 

 

However, using the feature for one of your social media campaigns will usually require you to install a tracking pixel on your website.

This is what that looks like on Facebook.

 

 

ortunately, that’s quite simple and anyone can do it.

Most social media platforms will walk you through the steps to do so, and all you have to do is follow.

Once you’ve installed the pixel, that social media platform will receive data from your website to understand how your ad is performing.

How many people visit your website? How many people convert? Or how many people abandon their shopping cart?

That’s all available information if you install the required pixel.

Then you’ll be able to use custom and lookalike audiences, giving your advertisements the best bang for your marketing buck.

4. Run retargeting ads

Similar to customer and lookalike audiences are retargeting ads.

These allow marketers to show advertisements to people who have taken (or not taken) certain actions on their website.

Again, you only have access to retargeting ads if you install the corresponding social media pixel on your website.

Most social media websites, though, will allow you to run retargeting ads with ease.

Here’s how they work.

Someone visits your site, and the social media pixel tracks their actions. Let’s pretend, for instance, that they put an item in their shopping cart, but leave before buying.

Then, when they go on Facebook, they see an advertisement that targets them with the exact item they added to their cart, maybe offering an additional discount as an incentive.

 

 

For obvious reasons, retargeting ads are more successful than their less-targeted counterparts.

But just how successful are retargeting ads?

Well, on average, they receive three times more clicks, and they are four times more likely to convert new customers.

Here’s what a retargeting ad sometimes looks like. The person visits the website and then they see a sidebar ad on Facebook of the exact same item.

 

 

The other regard in which retargeting ads help your marketing success is across different devices.

In today’s world, people use multiple devices. They view your website on their laptop and then Facebook on mobile.

As you can see in the chart below, the device percentages are almost evenly split.

 

 

With retargeting ads and a social media pixel, the ads don’t depend on cookies, which are device specific. But they often identify the actual user.

That means even though the person visited your website on their laptop and then Facebook on their phone, the pixel sees the person instead of the different devices.

Clearly, that’s a win for your marketing strategy.

Here’s a retargeting ad, for instance, in which J. Crew Factory offers a discount for a user who abandoned their cart.

 

 

 

 

 

 

 

 

 

And another example.

 

 

 

 

 

 

 

 

 

And one more.

 

 

 

 

 

 

 

Do that and you’re sure to get more bang for your buck out of your advertising dollars.

Retargeting ads are less risky than most other advertisements because they target people that, you know, are already interested in your product.

You just have to give them a little push before they buy.

Conclusion

As time goes on, social media is only going to get more expensive.

Each platform is trying to run a business, which means that they are trying to make money.

You are their customer.

And your customer is their product. Fortunately, the story isn’t all bad.

Social media is remarkable at finding and targeting your audience.

Even though you now have to “pay to play,” as long as you use your dollars wisely, you can use social media to advertise your products and grow your business.

The four things you want to focus on are understanding your advertising goals, choosing the right social media platform, targeting custom and lookalike audiences, and running retargeting ads.

Then, and only then, will you get the best bang for your buck in the expensive social media climate you find yourself in.

Is Your Spa Website Losing Potential Clients? 5 Questions to Ask

Is Your Spa Website Losing Potential Clients? 5 Questions to Ask

 

Fresh new marketing initiatives and new targets for sales have likely been discussed, but what about making ‘digital’ a real focus for your business in 2018?

Here are 5 reasons we think you would invest in a new website in 2018, and why it’s the first step towards really getting serious about making digital part of your marketing efforts for the new year. Let’s dive in…

1) Your website offers a poor experience to users on the move

 

Mobile internet browsing is huge. In 2008 a marketing analyst Mary Meeker predicted that in 2014 mobile access to the internet would overtake desktop usage. She was right, with the tipping point actually occurring in late 2013. In July 2015 another report was conducted, concluding that time spent browsing the internet on mobile devices clocks in at 4.3 hours per day (on average) compared with 2.8 hours on desktop devices¹

Of course, we’re now in 2018, so it’s absolutely critical that your website’s mobile experience is top notch.

The stats above just show that we’re consuming websites on the move as well as when the feeling takes us, by impulsively searching for services we require or products we might need, such as during an ad break whilst sitting on the sofa watching TV.

Why is this a reason to invest in a new website?

As a business you can’t ignore the change in the way people are consuming websites. You need to ensure that your website looks fantastic and offers a flawless user experience (UX) on mobile devices (as well as desktop ones too). Otherwise you’re going to lose potential business – no question about it.

If your website was redesigned more than a year ago it’s also worth noting that Google has started to roll out its “Mobile First Index”. Because most people are now browsing the web from their phones, Google is starting to determine where your site ranks based on how your website renders on mobile, rather than on desktop. Here’s some more information on this if you want to read more.

Even if your current website is responsive and adjusts when viewed on a range of different devices, if it was created even back in early 2017, chances are there are improvements that can be made now we know more about how users interact with responsive websites.

We see 2018 as the perfect time to redesign your website to put mobile users first.

2) The content on your website isn’t communicating the right message anymore

 

 

Content – often left as the last piece of the puzzle in a web design project – is actually one of the most important elements of your website. Why?

Because words go a long way in converting your website visitors into customers and clients. Pair up awesome design with great content and you’re on to a winning combination.

So, what’s the problem with content on many business websites?

  • It’s not regularly fine-tuned and updated, so it makes your website appear extremely stagnant, and can even make your business project a totally different message to the one you intended.
  • It’s written like a series of statements and facts. E.g. “We were founded in 2009 and offer web design services to small businesses”. Rather than in a way that addresses the problems your clients are facing and how you can solve them to make your client’s life easier.

Why is this a reason to invest in a new website?

Content is still king online, more so in 2018 than at any other time, so having a website that makes it super-easy for you to effortlessly add new content is essential if you want your website to be a success this year.

A website redesign is also the perfect time to re-evaluate your message and re-work your content to make sure it’s resonating with your target audience(s). Our top tip would be to also ensure that if you do redesign your website this year, make sure you pick an easy to use CMS (Content Management System) and put a lot of work in to fine tuning your content and making sure it’s of high value to your prospects.

3) Your visitors can’t easily find what they need or complete an action on your website

 

The ideal client you want to appeal to may have changed over time in your business, so there’s a good chance your website is outdated in this respect too.

Can visitors find valuable information on your website? Information that’s valuable enough and compelling enough for them to make contact?

You might also have a few different types of user visiting your website, each type looking for something different. Does your current website cater for all their individual needs?

Why is this a reason to invest in a new website?

It’s a valid reason because if your visitors can’t find what they need, or carry out tasks they want to complete on your website, then it’s ineffective and a complete waste.

Our top tip here to avoid this with any website redesign you carry out in 2018 would be to create “user stories” or “user personas”.

This is where you give your customer type one a name (e.g. Customer #1: John) and create a persona for him, and list tasks he’d likely be looking to carry out or information he’d be wanting to access on your website.

Often, once you’ve got all your personas mapped out (you might have three or four) you’ll get a lightbulb moment, giving you clarity on how to structure your new website and what kind of content you need to include to ensure visitors convert into clients / customers.

4) You aren’t using video on your website (and on other channels too)

 

You’re bound to have noticed that video played a big part in 2017 when it came to inbound marketing strategies.

According to an awesome infographic from HubSpot ², Groupon Works has concluded that by 2017 video will take up 69% of all consumer web traffic (the equivalent of 4x as much as web browsing and time spent emailing) ³.

Creating high valuable, useful, entertaining videos and publishing them on YouTube and other social media channels is a great way to generate web traffic, especially as filming and recording is easier now than ever.

Why is this a reason to invest in a new website?

Video usage will only increase in 2018 as our attention spans get shorter and we demand more information quickly, so embracing video is a no brainer if you want to get serious about inbound marketing.

Including video in a big way on your website is also increasingly popular now. Why? It’s just so engaging if done correctly. The way in which you use video on your website will differ depending on the type of business you’re in. Are you selling a product or service? Try having an explainer video created for your new website, and then integrate it front and center on the homepage. I’d be willing to bet you’ll see an increase in conversions.

5) You don’t have a clear ‘digital strategy’

 

Having a ‘digital strategy’ in 2018 is going to be imperative. If you don’t have one now you need to work on putting one in place, and your new website can be the centerpiece that brings it all together.

A digital strategy is really the process of specifying your businesses vision, goals, opportunities and related activities to maximize the business benefits of digital initiatives. It’s basically putting in place a digital plan to succeed online.

Let’s say you’re a florist. Your digital strategy might be made up of:

  • regular social media posts on your business Twitter / Facebook pages, sharing new products, bouquets, arrangements to encourage engagement and sharing among followers.
  • the creation of videos on your YouTube channel and website educating users about how to pick the right flowers for the right occasions.
  • publishing high value articles in the blog on your website to encourage sharing, distribution and as a result more traffic to your website.
  • weekly email newsletters to your customer list informing them of special offers and promotions and recycling content you’ve posted on your website.

As you can see it’s really all about content creation and distribution on different channels.

Why is this a reason to invest in a new website?

Because your new website will be the central hub where you are adding and publishing new content which can be shared across all the channels mentioned in the florist example above. All your digital activities should point people back to your website, which if finely tuned and professional in its appearance will convert those visitors into customers.

 

2018 is the right time

A new year is the perfect time to address the five issues we’ve mentioned above and your website should play a key role if you’re going to take digital seriously and want to see results. Far too many businesses sit back and leave their website to get outdated. If you utilize it and integrate the points mentioned in this article you can drastically improve the return you’ll get on your investment of a website redesign. So to conclude, get serious about digital in 2018 and you can without doubt make 2018 your best year in business!

10 Key Strategies to Boost Your Spa Search Rankings

10 Key Strategies to Boost Your Spa Search Rankings

 

For the traditional brick-and-mortar establishments looking to stay relevant in this day and age, online visibility matters more than ever.

This is even more so when you consider the fact that physical business establishments lack the versatility of businesses with no physical addresses but a strong online presence.

While visibility is important for every kind of business regardless of whether it is purely virtual or has several physical locations, you will find that physical establishments, especially those that are not particularly widespread, wholly rely on local search rankings to stay on the map.

There are guidelines which, if you adhere to them, can work wonders for your local search visibility.

Are they different from what you’re already doing? 

If you’re not ranked high in your local SERPs (search engine result page) for relevant keywords in your location, then the answer is yes.

SEMrush Ranking Factors Study 2017

Please specify a valid domain, e.g., www.example.com

Dive into the study!

Here are 10 golden strategies to ensure that your business stays on top of Google, Bing, and other major search engines.

1. Update Your Business’ Information

One of the best ways to see just how visible your business is, is to conduct a search yourself. Then, here are some questions to ask!

What did you find when you searched for your keyword + location (Local 3-Pack vs. Organic Search)? 

Where is your business’s website ranked for your search in the 3-pack and Organic Search (i.e. 1stposition, 10thposition, 1stpage, 5thpage, etc.)?

 

Is all the information concerning your business aggregated in one result or spread across different pages? 

If you have a hard time finding basic information such as your physical address and other contact information, chances are everyone else is too.

Google’s latest update on its local SERPs has without a doubt made things a bit harder.

The modification of the “local 7-pack” view to the “local 3-pack” view translates to fewer opportunities to remain visible.

This means that to feature on the top tiers of the search rankings you must be at your absolute best. That means building a ton of citations, niche directory links, optimizing your Google My Business profile, and increasing your reviews on your GMB page is key!

2. Fill Out the Local Listings

Since listings can always be linked back to your website, they’re always a good way to bring in more traffic.

Furthermore, filling out listings, such as citations and niche directories improves your SEO significantly by creating an identity for your business at the top of every local search result.

If your information is restricted to directories that are based on your industry, creating a listing page would not be necessary as you could just claim the available listings.

For any citations or niche directories, make sure your information is filled out completely and everything is consistent across your business for each listing. For example, business name, address, phone number, website, description, etc.

You can use tools like WhiteSpark or BrightLocal to create, manage, and monitor your business’s and competitors’ citation listings on the web.

Don’t just be listed anywhere, build citations and niche directories that add value. There are a ton of directories and citations created every day. Your business should be listed in the ones that can actually send you referral traffic.

3. Create Some Buzz About Your Establishment

Now that people can find you, all that is left to do is to give them reasons to look for you.

Creating a blog gives you a platform where you can effectively communicate with your local community as the authoritative voice of the business.

It is a great way to create lasting impressions and bond with your customer base. This is where a lot of local businesses fail. They will have a SEO company blogging for them creating shallow content that won’t rank for visibility.

Google likes very detailed, informative, and insightful content. That is what the search engine likes to rank at the top, especially when indexing millions of websites that have similar content.

4. Get the Right Local Keywords and Make Good Use of Them

An integral part of making your business more visible online is using the right keywords. The Keyword Planner is an invaluable free tool for your business as it helps you narrow in on the right keywords to use in order to target your local customer base.

However, don’t rest on your laurels just yet because finding the right keywords is half the journey.

When it comes to local SEO rankings, quality will always trump quantity. As such, a short, effectively used keyword, even if it appears just a few times, will still get you the kind of visibility you need while saving you from over stuffing.

Think about it, how impressed would you be if you read a blog stuffed with nothing but keywords and a few sentences here and there? Not very, I presume.

Nevertheless, Google particularly hates keyword stuffing and has created algorithms such as Hummingbird and Rank Brain to better determine the intent of visitors searches to return the best search results.

Therefore, even if you stuff your content with keywords it won’t match what the user is searching for and your money or time spent won’t add value to your business.

5. Ensure Your Website is Compatible with All Devices

If you’re looking to reach a wider market, it is important that you ensure your website’s design is pervasive and suitable for use over all platforms.

Test your business’s website on a number of devices to see how smooth and responsive it is. Does it adjust to the size of each platform?

Pay special attention to mobile devices because more and more people are accessing the internet on the go.

Google is also relying on mobile website’s performance to determine overall rankings on all platforms.

For example, if your mobile website’s performance is poor, then this may affect your desktop performance as more users are searching on mobile compared to any other device.

6. Interact with Your Customers; Ask for Reviews 

Sites with more genuine reviews are typically considered before those with obviously spammed positive reviews.

Asking your customers to voice their opinions on sites such as Yelp and Google My Business might seem counter-intuitive at first but the higher your positive rating, the higher Google will rank your business in the local SERPs.

There are new tools, such as Birds Eye or Reviews that Matter, which allows you to ask customers for a review when they are in front of you, allowing them to leave a review in 1 minute from their phone.

This increases your chances of getting a review when asking someone by 40%!

Then continually monitor your reviews with Bright Local across all of your review platforms, so that you are able to respond to any negative reviews in a positive way. This is important for reputation management!

7. Make Good Use of Social Media

Does your business have a bigger following on one social media site than another? 

If so, ditch the poorly performing page and stick to where you’re most visible. Creating a social media page is an even better way to connect with your customers in a way that they can relate to.

8. Visual Content is Important

Having pictures of your business, whether it is the premises, the insignia or the various products you sell, could mean the difference when it comes to putting you ahead of your competitors.

Never underestimate the power of well-taken pictures.

9. Strictly Abide by Your Hours

Nothing is as frustrating for customers who decide to pop in at your establishment only to find that you’re closed early or not yet open, despite the hours indicated on your listings.

You can easily alter the opening and closing hours on your listing if you intend to change them.

10. Invest in a Mobile App

Last but certainly not least, get a mobile app for your business. It might not seem like such a necessity but according to statistical projections, businesses with perfectly functioning mobile apps are bound to be more prominent and have a more authoritative feel.

Conclusion

Staying visible online might seem like a daunting task if you’re not particularly well versed in its technical side. Most local business owners don’t have time to understand all of this anyway. The good news is that you don’t have to undertake all this alone.

Use these vital local SEO strategies and much more to ensure that local businesses such as yours stay on top of the search rankings.

5 Reasons a Spa Needs Content Marketing

5 Reasons a Spa Needs Content Marketing

 

Constantly clamoring to grab the attention of prospective customers, small businesses are competing with a lot of noise. To avoid getting skipped over or ignored, savvy digital marketers must craft messages that their target audience wants to see. When small businesses communicate with their customers by providing information instead of offering a sales pitch, the consumer will listen. The message and the brand are no longer an interruption, but a valued information provider.

There’s a name for this tricky tactic — it’s called content marketing. Content marketing means consistently creating and distributing information that is valuable and relevant to those people within a small business’s target audience. Ultimately, the goal is for your content to entice a consumer to do business with your company.

You might be thinking, “That’s not what I do — I’m not a writer!” But whether you sell gizmos, fix cars or build homes, content marketing for your company can help you attract and retain customers.

Here are some of the ways content marketing drives results for small businesses.

1. Boosts brand awareness.

Consistency is a key ingredient to a successful content marketing strategy. This means publishing fresh content at a regular frequency, creating many opportunities for a target market to see the company’s name. Your brand becomes familiar to them, and you’ll be top-of-mind the next time they need your services.

2. Builds an identity as a trusted expert.

If there are 50 attorneys in a town but the only one provides helpful information that educates the community about plumbing maintenance, problems, options and innovations, that brand will stand out as the expert. By doing this, a brand is demonstrating its expertise, so prospective customers need not question or research its know-how. Since this small business is helping consumers without getting paid for this advice, it will also earn a reputation for being trustworthy.

3. Encourages your client to take action.

When consumers need to spend money or make time for a service, it’s natural to procrastinate. However, once a consumer gets clear answers to his or her questions, or hears a story that he or she can relate to, that person could finally be motivated to make a purchase or schedule an appointment. Producing content that guides a consumer through the buyer’s journey (awareness, evaluation, and purchase) results in more sales.

4. Shareable content brings people in the door.

Creating a steady stream of fresh information on a variety of topics opens several avenues to drive traffic to a website — through search, social media, traditional media and more — which ultimately results in phone calls, orders or foot traffic. Marketing tactics that are already in place, such as pay-per-click advertising, digital banner ads, public relations efforts, social media accounts and search engine optimization don’t work as well without content to promote.

These vehicles need something to talk about and link to. Publishing new, relevant content gives people a reason to click. Covering unique, timely and seasonal topics will interest a broader audience and encourage repeat visitors. It also boosts ranking in search results, making it more likely that potential customers will find your small business before one of your competitors.

5. Keeps your website fresh.

Most consumers today rely on the web to find the information they need to make decisions. So, a website often will be a consumer’s first impression of that business. A stagnant, stale website is less interesting and less professional than one with updated content that changes regularly. Undecided consumers who are researching their options might check out a website and social media presence more than once. When they come back, seeing something new and relevant makes their visit a better experience — and shows that the brand is a professional organization.

Content that provides basic information is everywhere today. If you want your content marketing to be successful and work for your business, you need to go deeper than everyone else. Think about what the next step is after someone learns or completes the basic steps. Be specific and give the audience more than they can find anywhere else.

By focusing on your content, you’ll be ahead of your competition in terms of delivering the best content to your target audience. Next, promote that content as much as possible, track your results and identify where you can make improvements. As you learned above, you need to be adaptive if you want your content marketing investments to truly work for your business.

Content marketing is a long-term strategy. You can support it with short-term tactics to drive immediate results, but its power in growing a brand and business comes from its ability to generate long-term, sustainable, organic growth for your company. That means you need to make a commitment to publishing quality content on a consistent basis. Don’t give up. Persistence wins when it comes to content marketing.

10 Social Media Tips for a Spa

10 Social Media Tips for a Spa

 

Why use social media to grow your business? It’s where your customers are. There are nearly 2.5 billion social media users across the globe. And more than 50 percent of small business owners in the U.S. rely on social as their primary digital-marketing technique because of its effectiveness for finding and connecting with new customers. It also doesn’t cost an arm and leg to use like some traditional marketing methods.

If you haven’t already, it’s time to join the many small business owners who are using social to build awareness, drive sales, and gain new customers. This collection of social media tips for small business will have you well on your way to do just that.

Social media for small business: 10 tips to set you up for success

1. Start with a plan

Just like a business needs a business plan, your social media actions need to be informed by a carefully crafted strategy. As we establish in our six-step guide to creating a social media marketing plan you must:

  1. Set social media goals and objectives. It’s important to go beyond vanity metrics such as likes and retweets and also focus on factors like leads generated, conversion rates, and web referrals. Use the S.M.A.R.T goal framework—goals that are specific, measurable, attainable, relevant, and timely—when establishing your social media goals.
  2. Conduct a social media audit. This means determining who is already connecting with you on social, which networks your target audience uses, and how your social media presence measures up against your competitors.
  3. Create or improve your existing accounts. After choosing which social networks are best suited for your small business, build up your social presence on each network, in accordance with your broader business goals and audience. If you already have existing social accounts, ensure they’re updated to reflect your brand values.
  4. Find inspiration. Look at what content those in your industry are already sharing, and use social listening to discover insights about appealing to prospects and setting yourself apart from your competition. It’s also advisable to look at industry leaders (Nike, Coca-Cola, Amazon, etc.) to see what they’re doing right and how to implement those tactics in your own strategy.
  5. Create a social media calendar. This is an essential part of your all-important content marketing plan. It should include the intended dates and times that you want to publish Facebook and Instagram posts and tweets, as well as any other social media content.
  6. Test, evaluate, and adjust your strategy. You should be constantly fine tuning your strategy based on performance metrics. Analyze things like number of clicks per post, the reach of your social campaigns, and the number of page visits resulting from social— then adjust and improve based on this data.

2. Decide which platforms are right for you

Not all social media platforms will be suitable for your business and the goals and objectives you’ve set. Below we offer a high-level look at the most popular platforms.

  • Facebook: The world’s most popular social media network with more than 2 billion users as of September 2017, it features the largest number of regular users, making it the most appealing network in terms of sheer reach.
  • Instagram: Instagram’s claim to fame is its visual-centric approach, where successful marketing is based in large part on the aesthetic appeal of the content you share. This platform also boasts the best engagement levels among all social networks at 59 percent, according to the 2016 Bloglovin’ Global Influencer Survey.
  • LinkedIn: The world’s largest social networking site for professionals with more than 467 million users.
  • Twitter: Twitter is renowned for its brevity thanks to the 280-character tweet limit.
  • Snapchat: A disappearing content platform that’s especially popular with younger demographics.
  • YouTube: An excellent resource for brands who have the resources to take advantage of the popularity of online videos.
  • Pinterest: What makes Pinterest unique is its users, who are searching to find ideas for all parts of their lives. This makes Pinterest ideal for driving action, such as a purchase or a visit to your website. With this information, you can begin the process of whittling down which social sites make the most sense for your business. It could end up being one, some, or all.

3. Know your audience

Determining the traits of your target audience is a critical component of market research. Without this information, you’ll have no idea how to appeal to them.
You need to know things like age, gender, location, pain points, goals, average income, etc.

One of the best ways to conduct successful market research is by creating audience personas for your customers. You can create an audience persona by:

  • Collecting demographic data from social media, surveys, focus groups, and customer interviews
  • Looking for trends within this data (behaviors, ages, occupations)
  • Establishing their pain points and goals
  • Turning these traits into representations of people, complete with names, job titles, career histories

4. Use social media to promote and sell your products or services

Using social for promotion isn’t as easy as simply tweeting about your brand every once in a while or using Facebook advertising. You need a strategy in place to optimize your results.

For starters, use the famous 80/20 rule (also known as the Pareto principle) of social curation: 80 percent of your social promotional and selling success (the event) comes from just 20 percent of the cause (your social curation). Therefore, your social content across all your channels should be no more than 20 percent promotional. The other 80 percent should be about your customers—engaging with them and sharing relevant content that they will find valuable.

Then, you must use each social channel according to its strengths.

For instance, if you’re selling T-shirts or jewelry, your best bet is using Instagram or Pinterest due to their image-centric nature. If you’re an apparel, beauty or jewelry retailer in the U.S., you now have the ability to tag your images in Instagram, so detailed product information, as well as a link back to your site, appears alongside the image.

Similarly, on Pinterest, small businesses can sell their products directly on the site, thanks to Buyable Pins, allowing customers to make a purchase in only a few clicks.

5. Incorporate images, videos, and graphics whenever you can

Use visual elements as much as you can, no matter what social platform you’re using. Sixty-seven percent of marketing decision makers say that they use visual content on social media for its engagement value, according to Lewis’ The State of Visual Communications in 2016.

Incorporating visuals—from static images to videos, GIFs, and memes—in your social media content is easy. Just make sure that whatever visual asset you’re using is relevant to your content and the audience.

6. Choose quality over quantity

It’s tempting to put your brand on as many social platforms as possible in an attempt to reach as large an audience as possible. But there’s no benefit to spreading yourself too thin.

When quantity increases, quality usually drops because you’re more focused on quotas: a certain number of tweets per week or a certain number of Facebook posts per month.

Instead, focus on quality over quantity. Go where your audience is and deliver them value. You’ll be rewarded for it.

If you’ve done your research and created audience personas, you should know which platform(s) your target customers prefer. Focus your efforts there, sharing quality content that solves their problems, makes their lives easier, entertains them, etc.

Remember the Pareto Principle: The majority of your social content shouldn’t be promoting yourself, it’s about adding value for the audience.

7. Use the right tools

Save time and effort by using the tools that make social media easier.

In 2017, the average daily time spent on social media by users was 135 minutes. Running a small business demands your time and attention in many other areas—you can’t afford to get sucked into social longer than you have to.

8. Monitor and respond to all social media conversations around your business

Social media can act as a stand in for the face-to-face conversation in today’s digital world. Responding directly to the audience allows you to humanize your brand. Fail to engage your audience and they might think you’re not invested in what they want. And that’s not good for your bottom line.

More than 80 percent of all customers expect a business to reply within 24 hours of a social media posting, according to Altitude Software’s 2016 The Omnichannel Evolution of the Customer Experience.

Social media engagement also offers an opportunity for you to demonstrate your brand’s unique personality.

Don’t hesitate to reply with a bit of humor, all the while showcasing your business’ expertise. Using photographs of you and your employees at work is also an effective way of connecting with the audience, as data shows that image-rich social content drastically increases engagement.

9. Schedule content to free up more time for engagement

Sharing relevant content is important, but it shouldn’t get in the way of the time you need to actively engage the audience.

10. Find inspiration from successful brands and those in your space

There’s no shame in using winning strategies on social that other brands have used to great effect. Taking inspiration from established brands on social media and experiment with some of their tactics on your own channels.

You can also monitor and take inspiration from what your competitors are doing. If you see a great idea, you can adapt it for your own campaigns.