Having recently attended a seminar on data security, one of the key topics of discussion was the fact that instant messaging, social network sites, and even business networking sites can be a source for compromising business computers and networks.

So this leads one to ask, which predicate should prevail? Is marketing your company via potentially dangerous methods worth it? Another way to ask this is: What cost to bolster security is too much for utilizing these marketing avenues? As in real life, the murkier the neighborhood, the more likely you are to increase your own personal safety.

Examine any given Facebook or MySpace page and you are sure to see "apps", or small embedded programs that do specific things. Do you KNOW what data they are collecting about you when they load? Where is that data being recorded at? Is that "app" potentially dangerous? Both of these sites have been in the news for compromising user computers.

This is a real challenge - with the prevalence and proliferation of social networking sites, apps, plugins, and the like being used as 'business marketing' we have to ask - are companies inviting nefarious consequences into their network just to keep up with the Joneses? Small businesses probably cannot swing the $4-10k hardware appliance to monitor network traffic and potect them as most struggled to just keep anti-virus software updated a challenge. Oh, you'll probaly need an expert to operate that equipment in most cases (salary $45k+/-). The logical way to reduce the risk of being compromised and without the cost is to just NOT do that via company computers or devices. Suddently free marketing avenues aren't quite all that after all.

Its hard to convince people that something isn't good when millions are doing it. Keep in mind that that MAJORITY of those users are not concerned with security or protecting your data/network. ((Some may actually use social engineering to garner information!) Sooner or later you'll be invited to do something from some one's Facebook or MYSpace page - click this link, check this out, join my ____, or whatever. Stop and ask if that REALLY has a business need.

Security can get expensive very quickly - bouncing back from a security compromise can be VERY expensive but with some easy common rules of what is or is not accessed on your network, the costs can be minmized to a certain extent.

If you have more than 5 computers in your business - you SHOULD have a computer use policy. It should address the appropriateness of visiting certain sites or types of sites. That decision should be based on the level of security you can invest in. Good computing practices and policies can go a LONG way (but that is still no substitution for quality security hardware and software designed to protect your business).

Content Management Systems - Updates and Custom Features.

Disclaimer: snowball does not use any commercial (free or otherwise) CMS products. We use our custom truDepth CMS to allow customers full editing capabilities.

If the company you are using created your site using a CMS, ensure the software is updated!! This is something YOU should be doing and that is watching the CMS softare of choice's web site for update releases. So say your web firm is using Joomla, you should be monitoring the Joomla web site when new versions (or updates) are released. Drupal's site is here.

Responsible web firms should be updating the CMS verions as new ones are released. This is something that you should discuss with the firm of your choice.

Keep in mind that this needs to be done perpetually for the life-cycle of your web site. Is this a bad thing? I guess that depends on WHO is monitoring for the updates and is the web company being proactive about ensuring updates are performed at release date or are they being reactive waiting on you to request an update. This is probably something you should see in writting.

As for custom features, there are a LOT of possibilities. Joomla and Drupal both have extensive capabilities to be expanded via the use of modules. But even these modules will have their own set of restrictions. Some may be free, others may have a cost associated with them. Oh, they probably have specific licensing criteria too. Ask if your site uses any modules and if so, ask to see the license for each one. And again, find out if there are updates for each module.

We're waiting on an update.
Ever heard those words? No? Sometimes its just not so obvious. Are there delays when you request updates to your site? If you've ever had to ask for the same update for more than a week or so, do inquire as to why. Sometimes web companies are backedup with update requests and sometimes they are just waiting on a CMS or module update.

Depending on the type of custom feature you need, the web company can either make the code changes theirselves (fastest) OR they can request the module's working group to make the changes (most stable). However, there usually is a caveat with the web company making any code changes. In many cases, if they change the underlaying source code they may be required to release the code base to everyone. For example, if the make changes to the core Joomla code, they are NOT required to distribute the code (but they can), but a module license may require that any changes be sent back to the module's owner or working group. Thats why its important to read (and understand) those licenses!

So when you request changes or custom features be sure to ask if this change is just for you or if you will be paying for everyone in the world to have the same update.

These are just some of the 'cons' of using off the shelf CMS applications. There are benefits to using these types of CMSs, they can save development time and usually can be deployed very quickly. But sadly in too many cases companies shopping for web sites are not aware of these issues. Its complicated, its technical and can have broad reaching legal requirements.

Open source CMSs have come a long way and they provide a great way for companies to get on the web. They are used for a broad range of organizations from individuals to Fortune 500 to Federal sites. Just like many companies prefer to have their sites custom designed, many will choose an Open Source CMS. There is no right or wrong, it just boils down to the intimate needs of the customer. Your web firm should take time and explain EVERY detail to your satisfaction.