Leadership Quote: Today is only one day…

This month’s leadership quote:

“Today, is only one day, in all the days that will ever be. But, what will happen in all the other days that ever come, can depend on what you do today.”

–Ernest Hemingway

 

Are You a CEO or President of a Privately Held Business? If you are also a lifetime learner, and want to learn more about Vistage, click here.

 

You can read more of my blogs and leadership quotes here.

Taxes, trade and tariffs translate to trouble

One of the top five concerns noted in Vistage’s recent report Decision Factors H2 2018, is taxes, trade and tariffs.

The new tax law has created as much uncertainty as opportunity for SMBs. Certain changes — such as the revised Section 179 deduction and 20% pass-through income deduction — are expected to benefit many companies. However, other revisions to the tax law — such as limitations to net business loss deductions — may create new costs. At the same time, new trade policies and tariffs (e.g., steel and aluminum tariffs) are driving up material costs and heightening financial risks for businesses.

Joe Gavin, Vistage chief research officer, offers these suggestions:

Hire a CPA you can trust – Your accountant should be willing to sit down with you and explain how they’re planning to calculate your income as a result of the tax law. For example, a great CPA will show you what your taxable income looks like under the old rules compared to the new rules and walk you through multiple options for filing. Your accountant should also ensure that your business is taking full advantage of the new tax rules while mitigating new risks.

Take a critical eye to your supply chain – Mark Emmer, business strategist, sees the new tariffs as a “wake-up call” for many businesses. “Companies need to carefully consider what concentration risk they have in their supply chain,” says Emmer, “and perhaps think about alternatives or contingencies with suppliers in other regions.”

Educate yourself – As a starting point, download  Top 8 things small and midsize businesses need to know about tax reform.

Consider trade risks when making decisions – If you’re in manufacturing or do anything that involves any international partners, you have to understand what the risks are and factor them into your decisions — knowing that this could swing 100 points in either direction. It is a factor to consider for the first time in decades.

Are You a CEO or President of a Privately Held Business? If you are also a lifetime learner, and want to learn more about Vistage, click here.

You can read more of my blogs and leadership quotes here.

 

Cyberattacks are the Silent Killers of SMBs

One of the top five concerns noted in Vistage’s recent report Decision Factors H2 2018, is cybersecurity.

If you have employees, customers or financial data, you are a target for a cyberattack. Cyber criminals are aggressively targeting small and midsize businesses (SMBs), and cyberattacks are increasing in complexity, frequency and severity. For many SMBs, those attacks are leading to loss of data, cash, customer records, employee information, leadership credibility, and employee and customer trust.

Yet many SMBs still haven’t taken the proper precautions to protect themselves.

Cybersecurity is a silent killer, it can shut you down like nothing else, says Joe Gavin, Vistage chief research officer. Here are his suggested actions to protect your business:

  • Assess the strength of your cybersecurity – To gauge the strength of your cybersecurity, use a reputable tool — such as the Cybersecurity Framework offered by the National Institute of Standards and Technology.
  • Create a layered defense – A comprehensive cybersecurity plan has three core components: people, process and technology.
  • Call on a cybersecurity expert – Just as you may have an outside legal counsel or CPA, consider engaging a cybersecurity professional for additional support.

With this last recommendation in mind, I called on cybersecurity expert, Michael Davis, CTO of Countertack, to share his thoughts on this important subject. The following remarks are his.

You are the target. SMBs lack the defenses of larger organizations as the Decision Factor’s H2 2018 report identified. SMBs have smaller budgets, less security talent, and usually a lack of consistent risk management which makes for an easy and unsuspecting target.

Imagine walking in to the office Friday morning and your controller running up to you saying that all the money in the payroll account just vanished and the bank doesn’t know where it went. This attack, named an account takeover, is a type of fraud perpetrated by cybercriminals using multiple pieces of malware and human social engineering to steal money. Attackers infect your computers, watch and monitor your business processes and access your bank accounts, and then pounce at the proper opportunity to get the most money in one “smash and grab” job. In many cases, your business is let holding the bag and not getting any money returned from the bank, insurance, or 3rd parties. Very rarely is any money ever recovered.

As Joe Gavin, Vistage chief research officer mentions, layered defenses are a must to protect your business, but what layers do you pick? How do you know choosing solution X vs Y is really going to help you? There are so many variables to protecting yourself from a cyber-attack and the attacks are constantly adapting, it can be difficult even for seasoned IT security experts to pick the right options. And while starting with a risk assessment from NIST or CSF is a great option, you may not have the budget or ability to perform the process without an external IT security expert.

So, what can you do now? Today? These are my straightforward must dos for protecting your business:

Use the cloud as much as you can.

An IT security expert saying to use the cloud? I thought the cloud was “insecure”? No, majority of cloud providers, especially Tier 1 and Tier 2 providers like Microsoft, Rackspace, and Amazon are doing security better than your business could ever do it even if you hired 10 people today. Leverage their investments in IT security to protect yourself.

Having data protected in Office 365 from Microsoft for example, provides lower risk while giving your business a bunch of security capabilities you would have to manually build and manage without your IT team having to do much more than “set it up”. Normally, the additional security is “baked in” to the monthly costs you are already paying to use the provider’s services, meaning there are no additional costs except the one-time setup and configuration time to receive the security value I am referring to. Little to no ongoing maintenance or monitoring is required to get the security benefits from cloud providers.

Use Multi-Factor Authentication for everything

Attackers don’t want your laptops or servers, they want your data. Your files. Your Email. Access to these is all controlled by your identity – the username and password you haven’t changed in probably years.

Multi-factor authentication is now supported by the majority of applications and cloud providers. Multi-factor authentication provides a second mechanism to validate that you are who you say you are. “Google has not had any of its 85,000+ employees successfully phished on their work-related accounts since early 2017, when it began requiring all employees to use physical Security Keys in place of passwords and one-time codes” according to Brian Krebs, from Krebs on Security, one of the most well-known security journalists. (See https://krebsonsecurity.com/2018/07/google-security-keys-neutralized-employee-phishing/)

Google’s technology to replace passwords is obtainable by any and all SMBs, for a one-time payment of less than $50 per person. You can use SMS codes, physical keys, or even simple apps on your phone to provide multiple levels of authentication that can thwart phishing attacks, malware, and ultimately attackers getting access to your data.

Multi-Factor Authentication technology is cheap, easy to use, and the most effective defense against attackers we have today. Use it everywhere you can but especially with your email and cloud providers.

Start doing Security Awareness Training

Depending on what study or survey you want to pick, phishing is either the source of 95% of all SMB attacks or at least the #1 mechanism attackers use to get malware on your computers. Security awareness training is most important for SMBs compared to larger enterprises because you simply have less layers of defense when it comes to stopping an attacker. The first layer of any defense within an organization, large or small, are your people.

More training you say? But Mike, my people hate all the compliance training they have to do now so this won’t work. Long gone are the days of “compliance training” where employees were subjected to hours of boring PowerPoints telling them to “not click bad emails”. While that approach was somewhat effective, the new approaches to Security Awareness training are exciting, amazingly impactful, and actually pretty fun! Multiple vendors now offer “sitcoms” employees can watch that also train them on proper behavior and techniques to avoid getting infected. Two of my favorites are Mulberry from The Security Awareness Company and Restricted Intelligence. See their trailers at https://vimeo.com/6580874 and https://www.youtube.com/watch?v=8_aWktl_Oy8)

Costs are low, and include a full year of content and management of who takes what training etc. All delivered online with no setup costs.

Don’t “lie” on your Cyber Security Insurance application

Ah, insurance, it is being perceived by many SMBs as the solution to the cybersecurity problem. Why invest in security technologies, people, and processes when I can pay a fee per year and be covered if we are hacked? Sounds great but the truth is, the insurance companies are not paying. Put one little exaggerated truth on the form, and that is grounds for non-payment. Insurance companies have teams of people making you prove all the processes and controls you said you had when you filled out the form were working when the hack occurred. If they didn’t work, even for just 1 day, no coverage.

Should you not have insurance than? No.  It is a great way to reduce risk if, and only if, you are 100% honest with the survey’s and applications. Your premiums will not be cheap because you are investing in reducing your risk. You might not even get approved until you do the minimum required and you better make sure that whatever you agree to do on a consistent basis you actually are doing – otherwise you will be left wit the entire burden of the costs to cleanup the hack, the stolen money, and in some cases reputational damage in the eyes of your customers.

Don’t mess around with this, do it right or tell the provider you aren’t and pay the premiums.

Michael A. Davis is the CTO of GoSecure CounterTack, an Internal Managed Security Services company that provides outsourced security services. Learn more at http://www.gosecure.net

Are You a CEO or President of a Privately Held Business? If you are also a lifetime learner, and want to learn more about Vistage, click here.

You can read more of my blogs and leadership quotes here.

Talent shortage goes critical

One of the top 5 concerns noted in Vistage’s recent report Decision Factors H2 2018, is talent shortages.

The unemployment rate at 3.9% is near an 18 year low. Last week, the DOL announced the number of Americans applying for unemployment fell to a near 49 year low. By measure of most economists, we are at full employment; some say we are past that. Additionally, there is a growing mismatch between skills desired and skills available. In short, demand exceeds supply on several levels.

Joe Gavin, Vistage chief research officer, offers these suggestions gleaned from experts he interviewed:

Change how you retain talent – Quoting Fabiola Brumley, Southeast regional executive at Bank of America Merrill Lynch, “To hold on to your best people, try supplementing employee benefits with non-traditional benefits, such as financial counseling or a reward system that recognizes high performers. Additionally, Joseph Quinlan stresses that companies should be “much more flexible — not just for millennials, but for the aging cohort as well. There are a lot of folks who are ‘retiring’ who really want to keep one foot in the door, and companies should think about how they utilize that talent.”

Build a workforce within your community – If you can’t find people with the right skills, train people to develop those skills. Quinlan encourages companies to reach out to community colleges and mayor’s offices to develop vocational training programs and attract local talent. “You’ve got to be creative about creating a workforce that’s local to your environment or operation,” he says.

Rethink how you recruit – “It’s about rethinking human capital from 20,000 feet, deploying more resources to the HR function and making sure the entire management team is invested in the process,” says Marc Emmer, a business strategist and president of Optimize, Inc. Consider following what 20% of CEOs surveyed are doing and try artificial intelligence for talent management and hiring. Another consideration Emmer notes is the importance of a strong brand and strong offerings if you are going to attract millennials.

Substitute labor with technology – Explore whether technology can help you deal with a labor shortage by automating tasks or improving efficiency. Brumley offers the example of a landscaping company that might invest in equipment to reduce lawn mowing time from three hours to 45 minutes.

Develop a systematic framework for talent planning – Data from NCMM confirms that talent planning has a strong correlation with the growth and performance of a company. To that end, CEOs should use a talent-planning framework that meets four criteria:

  1. Align talent strategy with strategy.
  2. Build sufficient processes to ensure systematic talent-planning efforts.
  3. Lead by example and involve leadership in the process.
  4. Engage employees in talent-planning and ensure that they recognize the value of the process.

In addition to the suggestions offered above, I invite you to consider these innovative methods that are yielding results for CEOs:

  • Have you considered apprenticeships for professional roles?
    • Instead of competing with everyone else for talent with “5-10 years of experience”, what about offering a high energy, junior person a chance to learn? Perhaps pairing them up with grey haired talent that you are trying to retain? Many, perhaps most, experienced workers, including professionals, want to mentor junior employees. It’s their way of leaving a legacy.
  • What about non-traditional sources for finding talent?
    • Social purpose organizations, like Cara, offer job and life skill training to people convicted of non-violent crimes, thereby preparing them to re-enter the workforce. For those who want to try this carefully, Cara will even take on the risk of employment through their temporary agencies Cleanslate and Cara Connects. Vistage member, Maria Kim, CEO of Cara, shares more on the benefits of this opportunity in this book, In The Business of Change, by Elisa Birnbaum.

Are You a CEO or President of a Privately Held Business? If you are also a lifetime learner, and want to learn more about Vistage, click here.

You can read more of my blogs and leadership quotes here.

 

Cost pressures broadening and growing stronger

The #1 concern noted in Vistage’s recent report Decision Factors H2 2018, is rising costs.

As we near the end of the current economic cycle, for the first time, in a long time, in addition to a typical cyclical tightening, we are also experiencing inflation. Wages are rising, the Fed is raising short term rates, and commodity prices are rising. Add to that the tariffs and businesses are under cost pressure that has not been with us for a long time.

The resulting profit declines are a double-edged sword as the impact is on both you and your customers.

What to do?

Joe Gavin, Vistage chief research officer, offers these suggestions:

  • Raise your prices – 56% of Vistage members are already saying they have, or plan to raise prices. Now is the time to get ahead of the expected continued pressure on price.
  • Talk with customers about their long-term plans – A transparent conversation can lead to a strategic discussion of how you can best serve your customer in this environment.
  • Use technology to lower costs –  Whether its cloud computing, updating your ERP or CRM or even investing in robots and AR, the cost of these technologies is going down while the cost of labor is rising and the labor market is tightening.
  • Restructure your debt. If you haven’t yet restructured your debt, this is probably your last chance to do so at a decent price, says Joseph Quinlan Managing Director and Head of Market Strategy for U.S. Trust, BofA, Quinlan.

And one note of caution. What is happening to you, is also happening to your customers and suppliers. Be sure to monitor both to ensure you don’t extend credit unintentionally. For some insight into which segments of the economy, i.e. industries, to watch most closely, check out this blog from ITR Economics: Director’s Cut: Are Your Profits Following the Crowd?

 

Are You a CEO or President of a Privately Held Business? If you are also a lifetime learner, and want to learn more about Vistage, click here.

You can read more of my blogs and leadership quotes here.

 

Why Labor Day?

When the first nationally recognized Labor Day was celebrated in 1894, the day consisted of a street parade sending up a message of “the strength and esprit de corps of the trade and labor organizations” (in the words of the AFL). We have come a long way since then. Today most employers focus on offering opportunities and benefits to attract and retain talent; as a result, the need for unions has diminished and few remain.

Yet we still celebrate the day as a national holiday. Perhaps it is simply tradition, or the acknowledgment of the end of summer. Or a reminder to celebrate how far we have come as a nation of leaders and followers, where two-way communication has become much more the norm than work place “negotiations”.

So, as you enjoy your family barbecues, or however you celebrate the day, I encourage you to pause and ask yourself:

  • As a leader, what can I do tomorrow to let each member of my team know they are valued and are essential to our success?
  • As a follower, what I can do tomorrow to let my boss know what else I can do to add value to the success of our company?

Are You a CEO or President of a Privately Held Business? If you are also a lifetime learner, and want to learn more about Vistage, click here.

You can read more of my blogs and leadership quotes here.