Rachael is UX Manager and co-leads the accessibility team. Rachael advocates for users while keeping client needs in the forefront of her mind.
After a three-year hiatus, the Guac Off has finally, and gloriously, returned to Sandstorm®!
We were a much smaller company when the Guac Off was created; we held the first one at my house on a Saturday and everyone attended with their families. As Sandstorm grew bigger and bigger, it became harder to find a day and time when everyone could attend. Eventually, the event dropped off the calendar, but it was never forgotten.
I really wanted to bring back this fun event, but knew that we had to change it up to make it happen. Every month we have a “You Rock” meeting where the whole company gathers to celebrate our awesomeness, have lunch together, and talk about our growth. Usually we have pizza, but this time we had Chipotle and all of our secret guacamole recipes.
Ten Sandstormers brought their guacamole to the table. Many were delicious, and a few boozy options raised some eyebrows, but in the end, there was one clear winner. Congratulations to Megan Culligan, who was crowned our new “el Champion” on Tuesday! She won in a landslide with her very tasty mango guacamole.
In true Sandstorm fashion, we’ve posted pictures and a quick victory speech from our champion on our Facebook page.
The revival of the Guac Off proves that it’s never too late to come back to a good idea and refresh it. If you need help bringing your ideas back to glory, let us know.
Personalization is the best way to engage your users in a conversation, and it’s increasingly something that they expect from your website. Almost 75% of users prefer to do business with organizations that use personalization to make their experience more relevant; the same percentage of users get frustrated with websites when content has nothing to do with their interests.
I recently partnered with .orgCommunity to help associations better understand how to leverage website personalization. In the webinar Spectrum of Personalization, you’ll see 5 examples of personalization in action, from simple to complex, and take away some tips to help you get started today.
Get inspired! Watch our webinar below.
Understand critical factors, trends and relationships affecting your business and how to effectively pivot in order to achieve your business goals. Using your business goals, target metrics, and other drivers defined in our marketing workshop, we determine the appropriate analysis to help you understand what is happening with your business.
For example: Is there a seasonality to purchasing certain products? Is geography related to purchases? Do generational cohorts (e.g., millennials, Gen Xers, etc.) affect my business? Why is this happening? What is the relationship of X & Y? Does X cause Y?
We can help you understand the data available, plan for the analysis and conduct the analysis to help you answer key business questions.
Through statistical analysis and a personalization strategy, we can help connect you with the right audience by delivering the right message through the right channel on the right device at the right time, by offering a customized user experience based on demographics, geography, behavior, context, and other knowledge of the consumer. This ties your business goals and positioning to your online experience, with a roadmap around analytics, optimization, and personalization to maximize conversion rates.
I just got back from a fun conversation with Kristi Ross and Tony Battista at Tastytrade for their show Bootstrapping in America. It was an honor to be asked to share my experience as an entrepreneur with a CEO I admire.
And it’s that passion for new ideas and perspectives that’s helped us find inspiration in the unexpected for our clients. Just one example that came to mind during my talk with Kristi and Tony was how we found inspiration for a community bank in 1871, the Chicago incubator.
Hear more about Sandstorm’s beginnings, how our culture helped differentiate us, and how we differentiate our clients. Check out our episode of Bootstrapping in America.
At Sandstorm®, we thrive on designing and developing exciting new websites. But we also know how important a great event can be. That’s why we couldn’t have asked for a better opportunity in creating a site for ACG.
The Association for Corporate Growth (ACG) is the global community for business leaders focused on driving middle market growth through mergers and acquisitions. As a chapter-led organization, ACG is heavily focused on events, holding over 1,200 around the world each year for industry professionals and the association’s 14,500 members to network.
In order to drive their own growth, ACG turned to us to design and develop a website platform that provided individual sites for the global organization as well as its 58 chapters. Each site not only needed to be mobile friendly and visually appealing, it needed to be user friendly and easy to manage for each chapter, an objective we were able to achieve as a result of several efforts:
- Attending ACG’s annual event and conducting stakeholder interviews to hear directly from leaders and members what they needed from the new website
- By integrating the Drupal 8 content management system (CMS) with the netFORUM association management system (AMS)
- Conducting a usability study on the new design to ensure it was intuitive and easy to use
- Building a collaborative space for chapters and committees to digitally communicate and share essential documentation
We’re honored to help ACG continue driving middle market growth around the world. Check out the new ACG website for yourself.
I wrote my first song at the age of two; it was called “I Can Do It By Myself.” Unfortunately, that became my mantra for longer than I’d like to admit, and it wasn’t until my twenties that I discovered the profound impact mentoring could have in my career and personal life. Since then, I’ve been incredibly lucky to meet men and women with the passion to guide me through my exploration of the world. And I’m especially grateful to work alongside so many of them every day.
Mentorship is an essential part of our culture at Sandstorm®. As our founder and CEO Sandy Marsico recently shared with ABC News, having a great mentor was essential to her success, which is why learning and sharing is one of our three core values. Our amazing directors not only share their decades of expertise with fellow Sandstormers, they’re active in the community, educating and inspiring the next generation of developers, designers, and strategists, too.
I’ve benefitted immensely from our creative directors’ mentorship—shout out to John and Janna for anything I missed during our company You Rocks. And it got me thinking about how mentorship has helped other Sandstormers in their careers and personal lives.
Learning From the Best
As a budding copywriter, Creative Director John Rausch was fortunate to be mentored by the creative genius who wrote the immortal "Two all-beef patties, special sauce, lettuce, cheese, pickles, onions on a sesame seed bun" jingle for the Big Mac. “In the years I worked for him, I learned a lifetime's worth of insights into developing impactful creative work,” John shared. “But perhaps the most significant thing he taught me was the importance of paying it forward—sharing my own passion and acumen with the creative professionals who would come to work for me.”
Finding Solutions Through Empathy
As a resident assistant at Central Michigan University, Strategist Megan Durst found a mentor in her resident director. “He taught me a lot about understanding people’s motivation,” she said. “It really helped me empathize with my students and help them find solutions to their problems. Not only have those skills been critical in my personal life, they’ve been equally essential in my career as well.”
Teaching the Next Generation
Executive Creative Director Janna Fiester’s undergrad professor has remained a mentor ever since her time at Ball State. Her professor even encouraged Janna to earn an MFA and become a professor herself, which she did. It was during her time as a professor at UIC that Janna began mentoring students of her own. “Now one of my mentees is also a client. She still calls me her mentor and a strong influence to choosing design as a career.”
Amanda, our Director of Business Integration, found an amazing mentor in her volleyball coach—even getting the opportunity to coach alongside him when her daughter reached high school. “He gave me great advice throughout my entire life: in business, coaching, and in my personal life. He truly cared about me and making sure I was successful. He's had such a profound impact on my life and always went out of his way to help me, even without asking.”
Friends in High Places
Front-End Developer Joe Ruel was fresh out of college when he met one of his mentors. As Joe recalls, “My mentor guided me through many aspects of development and helped me find my passion in front-end development.” Though his mentor moved onto another company, they kept in touch. Over the next year, Joe heard so much about his mentor’s new company that he applied for a position there. Sandstorm Senior Front-End Developer Jeff Umbricht continues to be a guiding influence in Joe’s life, and was quick to note that Joe got the job on the strength of his considerable skills alone.
How has mentorship impacted your life? We’d love to hear your story in the comments.
I really enjoyed attending .orgCommunity’s Disruption + Innovation conference this month! The .orgCommunity is an amazing resource for senior executives to lead their associations through innovation, and the event certainly delivered on that mission. Speakers and facilitators from across a wide variety of industries shared their insights on redefining digital publishing, generating new streams of revenue, and much more. These were my biggest takeaways:
- Adopt a disruption mindset. Act like a digital disrupter.
- Rethink the entire business, not just the technology.
- Get inspired outside your industry. Did you know: Ugg boots were created by surfers.
- Your goal is to create value—for every association.
- The membership subscription model is over. You need to think about other ways to earn revenue.
- Collaborate more, collaborate differently. Consider strategic partnerships and mergers.
So it’s with great pleasure that I can finally announce my position as a part of .orgCommunity’s advisory board! With almost two decades of experience working with associations of all sizes—including the National Association of REALTORS, American Medical Association, Rotary, and more—it’s an honor to share my experience with executives and help them utilize emerging technologies and techniques.
I look forward to sharing my expertise with the .orgCommunity while continuing to help our many association clients prepare for their future success.
Over the years, Sandstorm® has built websites on content management systems (CMS) using a variety of programming languages: Python, .NET, and PHP to name just a few. These programming languages support CMSs like Django, Kentico, and Joomla, respectively. Two of the most popular CMSs are Drupal and WordPress, built on PHP.
A common question we hear from clients is whether they should use Drupal or WordPress. While there’s no right answer, there is an answer that’s right for you. Each one has its place, so we've laid out where you can gain the most benefit from each CMS.
The Benefits of Drupal
Speed and Performance
When it comes to a scalable CMS that can support high-volume traffic and vast libraries of content, Drupal beats out WordPress. Not only does Drupal offer better performance out of the box—including default cache features that help pages load faster—it’s more robust for handling complex projects with lots of functionality.
Drupal is favored by many top companies and government agencies, including whitehouse.gov, for its enterprise-level security. Drupal has a very active security team with a stringent review process for plugins and a robust permissions layer that provides nuanced limitations for user access.
WordPress, on the other hand, is a popular target for hackers whose malicious attacks often succeed due to fully coded plugins compromising security. Additionally, WordPress doesn’t provide the flexibility in tailored permissions that Drupal does.
When it comes to getting leads through web contact forms, WordPress requires third-party tools like Gravity Forms or JotForm, which will cost you extra.
With Drupal, web form functionalities are already built into the platform, so you don’t need external tools. Drupal can also enable rules and set up triggers so that when someone fills out a form on your website they receive an SMS message from your company, which helps with lead nurturing efforts and potential conversions.
The Benefits of WordPress
Ease of Use for Small Businesses
Since WordPress started primarily for less tech-savvy bloggers, small businesses with a junior development team benefit the most from the platform. Additionally, most writers and content managers have some experience with WordPress, so there's little need to train them on the platform.
Where It's a Toss Up
Drupal and WordPress users have created diverse global communities that offer international conferences like DrupalCon and WordCamp; local training events and Meetups; and active forums where users can ask questions and learn more about the platform. While the WordPress community is larger than Drupal’s, it’s uncommon that you would run into an issue with either platform that someone hasn’t encountered, and solved, before.
Search Engine Optimization
It doesn’t matter to Google which platform you use, and both platforms offer excellent plugins and modules to help you with your SEO, including Yoast for WordPress and Content Optimizer for Drupal.
At Sandstorm®, our experts have extensive experience developing, designing, and writing in Drupal, WordPress, and many other content management systems. We’d love to find the one that’s right for you.
Now more than ever, digital security is something that needs a thoughtful approach.
From Yahoo! to the DNC, large, high-profile security breaches are filling the news and making security a hot topic for everyday conversation. There are so many hacks that even data visualizers are struggling to make sense of them all. Which is why 2017 will be the year that companies finally realize the value and necessity of security for their digital properties.
Whether cause or effect, our increasing reliance on technology correlates with the spike in frequency, size, and severity of security breaches. At Sandstorm®, we're big fans of Steve Gibson and his podcast Security Now, where he talks about the race to keep up with new security threats. With each new security improvement developers release, hackers are ready to uncover weaknesses. Over the years, this has brought us to a place where both the threats—and the necessary defenses against those threats—have reached a level of complexity that can seem daunting.
From Convenience to Security
The complexity and automated nature of modern attacks has changed the industry’s view on the lengths hackers are willing to go to. Now, we have to assume that there is always someone looking to exploit opportunities and weaknesses.
While these are just a few examples of the risks and remediations that companies need to consider, they illustrate the many different attack vectors that developers need to address. The trick is to do the following:
- Define the requirements
- Identify the risks and determine the solutions
- Design a highly functional application that still puts the user first
Trend #1: Rise of the Botnets
Botnets are a major reason for the increase in security issues. As an industry, we’ve known for some time about the danger of improperly patched or unsecure computers and servers that get infected with malware. But in the last few years, risk has increased exponentially due to the prominence of the Internet of Things (IOT). We have an explosion of internet-connected devices (light bulbs, refrigerators, dishwashers, teddy bears) with many of them rushed to market without regard for security.
Night of the Living Malware
Malware programs target these vulnerable systems to create zombie armies of infected computers that work together to feed on sites. The most recent and well known is the Murai botnet, the code of which was released as open source and has since spawned a plethora of derivations. That's right; you heard me. They’re multiplying, evolving, and getting smarter like a creature out of a bad horror movie.
How bad is it? Projections as of 2016 suggested that 35% of all internet traffic consisted of malicious bots. That's a lot of zombies wandering around looking for your server's brains.
GhostBot in the Machine
Another recent example is GiftGhostBot. This attack came to light in March 2017. Bots are brute forcing the pages that allow customers to check the balance on their gift cards. These bots keep guessing gift card numbers (at an estimated rate of four billion requests per hour) until they get one that has a remaining balance. They can then use that gift code to steal from the gift card holder.
What makes this GiftGhostBot particularly sinister is its sophistication. First, the attack is distributed across multiple compromised devices, servers, and computers—which means there’s no way to track and block these requests by IP. Second, the bots have been set up to use over 740 different user agent profiles, meaning they masquerade as different browsers and operating systems to confuse attempts to filter out their traffic. Vendors might add CAPTCHAs or completely remove these pages to remediate the issue. This is just another example of the exponential scale and complexity of attacks that have shifted the conversation towards security.
What You Can Do
- Your best defense is keeping your systems up-to-date. Apply security updates to all technology in your ecosystem in a timely manner (including websites, servers, computers, employee mobile devices, etc.).
- Be sure to spend the time to review all new features and components of your digital products with an eye for potential vulnerabilities. Always overestimate the lengths someone would go.
- When in doubt, engage a knowledgeable specialist to help review your security configuration.
Trend #2: Are You a Robot? – Identifying Friend From Foe
If you’re thinking this is all about the rise of the machines, you might (or might not) be happy to hear that humans still play an important role in threatening your business’s security. While botnets have increased the quantity of attacks, the level of sophistication for attacks has also dramatically increased. In some areas, malicious entrepreneurs have even turned to crowdsourcing to enhance automated attacks. Take CAPTCHA as an example. When those annoying pictures were too much for some bots to circumvent, unscrupulous companies paid real people to fill them out. Bots passed the CAPTCHAs back to humans whose answers were fed back to the bots so they could proceed with their attack.
This resulted in concerns with the CAPTCHA as a solution for determining bot from human. While still used, it was understood that this solution is not 100% effective. Recently, however, Google updated their reCAPTCHA service with their new Invisible reCAPTCHA. Maybe you’ve seen this: It’s a simple checkbox that says “I am not a robot.” Because so much information on your behavior has been compiled by Google, it can compare your digital fingerprints and activity against its vast repository of analytics to determine if you’re a real person. Or that’s the theory anyway; the new service has just rolled out and we're excited to see how it matures.
Mollom is another service we recommend, specifically for Drupal projects. It takes form submissions on your site and checks the content to see if it looks like bot-generated content. If it does, the content is flagged. This technique analyzes content to protect against spam, relying on the consolidation of massive amounts of examples to understand how to proceed.
What You Can Do
- You can do is realize that identifying bots is not as straight-forward as it seems. They have gotten very good at pretending to look like real users performing real actions on your site.
- Shift your thinking to a place where you assume that hackers and spammers are probably smarter (or at least more persistent) than you. Look at each element of your digital products as a place where a bot might pretend to be a human and consider what they might be able to do.
- Layer different preventative techniques. Don't assume that one fix is enough and have a contingency plan for is a bot does get past your defenses.
Trend #3: Moving to SSL
Another major trend for 2017 will be the push for secure socket layer (SSL or HTTPS) traffic for everything. This has been an important shift for security in the last few years. Previously, SSL was only considered important for highly sensitive data, but a few things have pushed us into a world where regular HTTP traffic is considered unsecure.
Man in the Middle
First, a number of tools have come out that make watching the traffic of someone else on your network very easy to do. This allows a person to see the sites you are visiting and even steal your username and password. This is generally referred to as a man-in-the-middle attack resulting in session hijacking. Traffic over HTTPS helps to protect against that because your browser and the server are essentially communicating via a secret language that only they can understand.
Man on the Side
Second, browsers pulling in content over regular HTTP can't 100% confirm where the content they’re displaying came from. There have been a few complicated attacks over the past few years where malware was sent to site visitors instead of the assets they were expecting. This is generally referred to as a man-on-the-side attack. The attempted attack on GitHub in 2015 is an example of this. Moving towards HTTPS traffic gives the browser certainty that the content it received is the one it was expecting.
Pushing the Transition
If you’re thinking all of that sounds scary, you're not alone. Google agrees and has started to roll out changes to the Chrome browser—you've probably noticed that grayed out "not secure" message near the URL. Additionally, if you log in to a site over regular HTTP, you may also notice a red "not secure" message. This is meant to push websites towards SSL, and it’s only the start. Google has announced additional plans to clearly mark all traffic as not secure going forward.
What You Can Do
- Work with your hosting provider or website developer to purchase an SSL certificate from a reputable vendor.
- Have those same partners review your SSL configuration to confirm that you’re using strong protocols and ciphers that have not been deemed to be compromised.
- You may also need to review your site to confirm that you don't have any mixed content errors, which is when HTTPS pages are referencing insecure HTTP resources.
- While you're at it, complete a full review of your server configuration.
- A full penetration test or security scan may also be a good investment.
How Sandstorm Can Help
This is just the start of the conversation and we've only covered a few topics. Whether you’re moving your current website to SSL or want to ensure your new website is developed with the latest security in mind, we utilize the technology and techniques that make sure you’re protected.
At Sandstorm®, we know a thing or two about creating great user experiences. That’s why working with Raddon to develop their new website was such a perfect fit.
For Raddon, 2016 was a transitional year. Fiserv purchased the company, which gave Raddon the opportunity to create a new, visually appealing website that aligned with Fiserv’s look and feel.
With the launch, we were able to help Raddon:
- Build brand equity through beautiful web design that complements their parent company.
- Create a consistent experience for Raddon and Raddon Report visitors by combining the domains.
- Improve lead generation by implementing an e-commerce solution that makes it easier to purchase research reports and register for events.
We’re honored to help Raddon in their mission to improve financial performance through research and help financial institutions achieve sustainable growth. See the new Raddon website for yourself.