18 Overlooked Steps to Small Business Excellence
An Operator’s Manifesto
We’ve never been in this position before. Tradition-shattering technological and economic trends are reshaping the playing field and redefining the stakes for small businesses. Conventional business strategies are not going to cut it. Practices that worked well for decades will not be enough to take your business to the next level in the coming years. The business that depends on you today is, positively, not your father’s business.
In your father’s business, victors won by concentrating their effort on new business development, customer service, and team culture building. Winners succeeded by applying the wisdom offered in the classic lineup of outstanding business and leadership books.
As Darren Hardy’s The Entrepreneur Roller Coaster asserts,
“Like it or not, the one thing that matters most in determining whether your business succeeds or fails miserably is sales…The person who knows how to get, keep, and cultivate a customer gets paid the most. Period.”
These conventional maxims are so tried, true, and cherished that they could pass for business commandments for those looking for an edge. Now, they’re required table stakes. As Marshall Goldsmith so aptly reminds us: “What Got You Here Won’t Get You There.” Without question, the game has changed.
Therefore, we’ll leave the topics of business development, customer service, and team culture building to the many legendary books on the subjects. We’ll chalk these essentials up as a given and look to more overlooked opportunities for improvement.
The purpose of this manifesto is to address two neglected fields that are no longer afterthoughts or “nice-to-haves” for a small business operator.
In today’s reality, you are required to address your strategy around:
1) Personal technology productivity, and
2) Personal cybersecurity.
Note the implication of the word personal in a business context. In decades past, it was common for business operators to take for granted the “fine line” between business and family. Thanks in part to the explosion of mobile technology mixed with the growing demands to stay competitive as a small company, that line has been obliterated.
For a small business operator, it’s become impossible to tell where your professional life ends, and your personal life begins.
Personal happiness and professional fulfillment are mutually inclusive; one cannot occur without the other. Instead of retreating to hopes that the “fine line” will maintain itself, you must proactively accept and address the reality that, as George Costanza said, “worlds have collided.”
As a consequence, contrary to conventional advice, you can’t possibly delegate or outsource the steps in this manifesto. It’s your game to win.
Why This Manifesto
These 18 steps are personal. Many excellent books exist on topics spanning business strategy, marketing, sales, pricing, IT, and corporate finance. Rarely though, do they venture into the personal realm — the nitty-gritty sweet spot connecting work and life.
This gap has left operators in today’s small businesses (30 million active in the U.S., give or take) with a problem. How do you marry mass-market business strategies with personal day-to-day advice in a way that serves your unique needs as a small business operator?
Bottom line: you are different. But you’re not alone. Businesses with less than 50 employees employ over 40% of our country’s private workforce, and businesses with less than 500 represent a whopping 77% of our nation’s jobs.
I wrote this post after working with hundreds of business operators as a financial analyst, financial planner, family office manager, accountant, and small business management consultant. Over the years, I’ve noticed that many operators — regardless of industry — face many of the same threats, concerns, and opportunities.
These 18 steps aim to make your legacy as memorable as it can be.
Think about the reason you’re in business. What is your passion? My guess is that your love is not fighting the mundane, daily battles in your business, but rather creating and spreading your product or service. To focus your efforts on your single most valuable asset, your creativity, you need to address upfront the activities that will — sooner or later — slow you down.
For the right mindset, consider the bamboo plant. The fastest-growing plant in the world, bamboo can grow up to 35 inches in a single day. How is this possible? In its early stages, it takes the time necessary to develop an extensive root system, hardly showing life above the surface. After completing this phase — which, in the plant’s case can take years — the bamboo chute is set for takeoff and can thrive continually without the need to divert resources to its root system.
Our goal is to borrow this philosophy to develop your root system so that you can focus on rapid growth.
Why the Urgency?
In a word: technology. Moore’s law refers to the idea that computing power doubles roughly every year. That type of growth is exponential, not linear.
Underscoring the urgency, here are a few assumptions from technology research firm Gartner’s Top 10 Strategic Technology Trends for 2019[i]:
“By 2021, organizations that bypass privacy requirements and are caught lacking in privacy protection will pay 100% more in compliance cost than competitors that adhere to best practices.”
“By 2022, at least 40% of new application development projects will have artificial intelligence co-developers on the team.”
“By 2023, 20% of organizations will be budgeting for quantum computing projects, compared to less than 1% in 2018.”
These assumptions have implications that can affect your business faster than you might think. What’s worse, small companies have traditionally been slower to adapt than big companies.
According to technology data company, IDG in its 2018 Cloud Computing Survey, large enterprises (> 1000 employees) are dedicating nearly 25% more relative dollars to cloud computing compared to smaller organizations (< 1000 employees).[ii] Not to mention, these numbers skew much further the smaller the organization gets. If your business has less than 50 employees, the gap is staggering.
For an eye-opening exercise, grab your prior year Profit and Loss (P&L) statement and review your total technology expenditures. It might not take long for you to feel the urgency.
Your enterprise competitors are well aware of their — albeit temporary — competitive advantage. Their game plan to exploit their head-start might look familiar:
1. Use a deep budget to buy productive technology.
2. Use cost savings to increase market share by offering lower prices to your customers.
3. Use cost savings to offer higher wages to your employees.
4. Increase market share by acquiring smaller competitors.
5. Repeat.
No wonder Deloitte’s M&A trends 2019 survey found that merger and acquisition activity shows “no signs of slowing down,” with 79% of respondents expecting the number of deals they close in the next 12 months to increase.[iii]
In not-so-subtle fashion, respondents cited the following three aspects as the most critical drivers of their corporate M&A strategy:
1. Acquire technology
2. Expand products and services
3. Expand customer base in existing geographic markets
Large competitors are coming for you, one acquisition at a time — and they call it “economies of scale.” Sadly, you might have already noticed this cycle in one form or another. They want your customers, they want your employees, and they even want you.
Now for the great news. Recent advances are empowering small businesses even more than they are threatening them. The glass is more than half full. While it’s easy to paint “Corporate America” as the deep-pocketed enemy set on destroying your business and absorbing it entirely, the tide is turning.
Due in large part to the explosion of software-as-a-service (Saas) applications, enterprise-grade cloud technology is available to small businesses at a fraction of the cost compared to a decade ago.
According to the U.S. Bureau of Labor Statistics, prices for information technology, hardware and services decreased over 40% between 2006 and 2019.[iv] This fact alone keeps the unprepared corporate executive up at night.
So, while the aggressive corporate scale strategy is an unmistakable battle cry, the difference now is that we, as small companies, have the tools to fight back.
Everything Changes
As you step into this new era, your first step is to recognize and accept your competitor’s strategy. Then, take every action you can to neutralize it. Elite athletes take care to master the little things, down to the type of shoelaces they wear. You must adopt the same mindset if you want to become a world-class business operator. In this highly competitive environment, you need to master every last detail to succeed.
We’re entering an arena that looks drastically different than the past. Shunryu Suzuki, Zen Master and author of the spiritual classic Zen Mind, Beginner’s Mind [v] explained it best.
One night in February of 1968, Shunryu was asked by one of his students if he could reduce all the teachings of Buddhism to just a single phrase.
Shunryu looked at the student and spoke:
“Everything changes.”
Step 1: Commit to harmony in your personal life first.
As we go along, it’ll be helpful to think of your family household as the parent company of your business. A subsidiary requires harmony within the parent company.
Because we’re here to discuss your personal technology strategy, these steps are meant to create more time so that you can — directly or indirectly — improve your relationships. To be world-class, the entity and order in which these improvements occur at any given time is not the point.
Time saved at the subsidiary level is time saved at the parent company. Less time performing administrative tasks, either at the office or home, means more time making memories with loved ones. More time making memories means a healthier and happier parent company. Happy families make you and your business more human.
Therefore, your commitment to your personal life is the single most significant edge you can garner, the ultimate win-win opportunity.
For a stark example, consider the ramifications of Tiger Woods’ personal life on his professional performance. A direct side effect of a lacking commitment to personal harmony, Tiger Woods sacrificed over a decade of his career before winning another Major championship.
Remember, improving profits in business is always good, all else being equal. But it’s only a smaller means to a much greater end. Our life’s purpose transcends business profitability, and a profitable business is only one piece of the puzzle that gets us there.
Step 2: Plan a one-time personal retreat to execute the time-scaling and time-compounding steps to follow in this manifesto.
Our purpose here is to spend more time being creative. The defining element of the steps in this post is that they are automatic. Their input effort is nonrecurring, but their output is recurring.
The word “scale” — as in “scale the business” — is not yet included in the Merriam-Webster Dictionary. However, Merriam-Webster did feature it in a fascinating Words We’re Watching segment.[vi] In it, they suggested what a definition might look like:
‘Scale’ is increasingly being used as shorthand for ‘scale up’ (“to grow or expand in a proportional and usually profitable way”) and as a noun that means “proportional growth especially of production or profit” and/or “a large market position.”
Scaling growth and profits is the pinnacle for any business, and this type of scaling is exactly what you’ll be working on in your creative efforts.
Your pursuit of scale is the very reason we’re trying to neutralize the daily battles in your future. The end goal is to spend less time putting out fires and more time creating. This end goal is the precursor to scale.
When we forget this point, the concept of scale leads to idealism. In reality, “scale” is an outcome (think “achieving scale”), and not a cause of success. The accepted definition focuses on growing revenue and cutting costs. Hence, the variable is money.
However, there is a much easier way to harness the underlying force. The secret to taking advantage of economies of scale in your life is simple: change the variable.
Before you can grow production and profits, you must first grow time. We will call this concept time-scale.
Time-scaling: performing one-time actions that provide recurring and sustainable time-savings.
This point is the very essence of scale: investing time (a finite resource) just once that continues to save you (i.e., make you) more time long into the future.
Replacing the word “time” with the word “money” in the previous sentence also transforms it into the famous principle of compound interest.
Time-compounding: the hypothesis that states that performing time-scaling activities has a non-linear, exponential impact on time-savings. Every additional time-saving creates more opportunity to develop additional time-savings with multiplicative, nonlinear effects.
If Benjamin Franklin coined the phrase “time is money,” the logical next step is to apply simple algebra to the maxims of scaling and compounding. We do this by substituting money with time.
If:
Scaling = Increasing money saved as a result of an increased level of production.
And:
Time = money
Then:
Time-scaling = Increasing time saved as a result of an increased level of time-saving activities performed.
Applying this algebra to the principle of compound interest, we arrive at the following truth:
If:
Compound interest = money accumulated on the initial principal + additional interest on the interest earned in previous periods.
And:
Time = money
Then:
Compound time = time accumulated on the initial time investment + additional time savings created from the original technique’s impact on your ability to employ additional time-saving techniques.
These proofs show that the principles of economies of scale and compound interest are just as magical when applied to time as with money. Once internalized, commit a substantial chunk of uninterrupted time to activities that create timescale.
This manifesto is designed to give you a sampler to begin exploiting these time-scaling and time-compounding equations upfront so that you are best positioned to harness economies of scale and compound interest with your fullest, ongoing potential.
Since technology makes things more accessible, it’s a natural starting point to get the ball rolling.
Personal Technology Strategy
The quality of your technology infrastructure is as crucial to your success in business as the elite Olympic sprinter’s shoes are for her best achievement.
Olympic teams are made up of some of the world’s most exceptional human beings. Even with extraordinary talent, though, all world-class teams share one specific characteristic: attention to, and obsession over, details. They respect the little things. It begs the question, could this be what led to their success in the first place? Either way, we can all learn something from these rituals and mindsets. In the world’s most competitive arenas, every detail matters.
In the small business arena, an operator’s technology system represents an unchartered oasis of these details — just waiting for enhancement. Business operators are more likely to succeed when they view technology — and technology enhancement in particular — as part of a grand strategy rather than merely a “nice to have.” Too many offices treat technology like they would a utility bill, a fixed cost of doing business. There’s not much you can do to improve the process, they think.
Many operators perceive technology as an afterthought medium whose sole purpose is enabling team members to complete their work. Technology too often gets lumped in with utilities, literally, on the profit and loss statement. And, when it comes to “utilities,” there’s not a great deal of strategizing that goes into the power, cable, and water bills at your office.
In contrast, there’s a reason why world-class companies have a Chief Technology Officer on their team right next to the CFO, COO, CMO, and CEO. In many cases, an influential CTO is the single most critical, non-outsourceable function outside of CEO, and an essential requirement for venture capital funding consideration at software companies.
The most innovative and impactful businesses of all sizes have realized that technology is a discipline in its own right (not a mere utility). Therefore, the effective use of technology requires time spent on a strategy for deploying it competitively.
Hardware
In 2011, Marc Andreeson, famed venture capitalist and founder of the first web browser Netscape was quoted in the Wall Street Journal, stating “we are in the middle of a dramatic and broad technological and economic shift in which software companies are poised to take over large swathes of the economy.” It’s no wonder the article was titled Why Software is Eating the World.[vii] To combat the shift, we need to be proactive with a plan to operate more like a software company.
The plan does not require adding expensive software developers to the payroll. We can borrow the best practices of software companies and leave the most technical aspects to the experts. Well-thought-out hardware configurations and trusted partnerships with cloud software vendors make up your broadest imperatives. And your secret sauce is an open mindset and company culture hungry for technology adoption.
For your business to operate more like a software company, you first need to have the right hardware arrangements. Install these tactics for your specific set-up. To multiply the effects, consider putting them in place for all employees that spend the majority of their time performing knowledge work on a computer.
Step 3: Increase Productivity Instantly by Using Multiple Computer Screens
Major studies rank multi-screen configurations (right up there with drinking caffeinated coffee) as one of the only instant productivity-enhancing maneuvers on the map. A 2004 University of Utah study showed that the addition of a second monitor improved productivity by 29 percent.[viii]
“Respondents got on task quicker, did the work faster, and got more of the work done with fewer errors in multi-screen configurations than with a single screen.”
More convincingly, in the 2006 CNN Money article How I Work: Bill Gates, the business legend is quoted and pictured in front of his three computer screens.[ix] “
“On my desk I have three screens, synchronized to form a single desktop. I can drag items from one screen to the next. Once you have that large display area, you’ll never go back, because it has a direct impact on productivity.”
Given Gates’ technology lore, that’s evidence enough.
On a quick side note from this article, Gates also quotes,
“We’re finally getting close to what I call the digital workstyle…Paper is no longer a big part of my day.”
If we strive for elite performance, we can increase our odds by emulating elite performers. Depending on your line of work, three may be overkill — but two computer screens is always a requirement. Listen to your eyes and go with 23” or 24” screens.
Step 4: Increase your speed of thought and performance by increasing your computing power.
Let’s talk about power. Multiple screens means more tasks and productivity, and more productivity requires more power from your computer. From a return on investment perspective, investing in computing power is the holy grail. A powerful computer is not a luxury good. We are talking about the centerpiece of your strategy that makes everything else easier.
Computer hardware costs have come down drastically, so opt for more power. You’ll always want to upgrade your processor to at least the 2nd or 3rd best business-class processor available at your computer vendor. The processor, or central processing unit (CPU), is the computer’s “brain.” The CPU is responsible for carrying out all the instructions you give it. When you’re using a computer, it’s effectively an extension of your brain. So you want it to act fast and be capable of handling a lot of information.
Aim for the mindset of the wood craftsman who takes pride in their top-of-the-line Tungsten Carbide-Tipped Steel Miter Saw. On the job site, they run it all day and then go home to the same model in the garage for side projects. Artisans are doers by nature and take pride in the quality and craftsmanship in their work. Power is an excellent ingredient for time-scaling; it facilitates work getting done faster. And, as many doers can attest, it makes it more fun.
Step 5: Run parallel hardware set-ups at your office and your home.
In David Allen’s 2002 manifesto Getting Things Done, he highlights the benefits of duplicating our office setting at home in a parallel set-up.
“…it’s critical that you have at least a satellite home system identical to the one in your office.”
For office workers, though, the “localized” nature of servers, hard drives, and on-site data storage has led to underwhelming enthusiasm for setting up identical home satellites (despite Allen’s excellent advice). Too many “home offices” morph into chaotic multi-purpose rooms with a computer for gaming, shopping, and general web-surfing.
Today’s elite business athletes are taking Allen’s advice. Cloud technology has emerged. It has made working across multiple devices and physical locations vastly more seamless than he could have imagined back in 2002. To take advantage of the opportunity, you need to have the right infrastructure in both places. You’ll want to get identical computers and identical screens in both settings. To remove friction, you need everything to be the same (down to the keyboard).
David Allen also refers to the idea of an “office space in transit.” Therefore, you’ll want a small, 13” laptop (for portable and remote work) that runs the same operating system and specifications as your office and satellite desktop computers.
On “removing friction,” let’s review the summary of a study on habit-forming by the Society for Personality and Social Psychology[x]:
“About 40 percent of people’s daily activities are performed each day in almost the same situations, studies show. Habits emerge through associative learning. ‘We find patterns of behavior that allow us to reach goals. We repeat what works, and when actions are repeated in a stable context, we form associations between cues and response,’ a researcher explains.”
As humans, we’re all fueled by inertia. Top performers in physical fitness gain an edge by laying out their workout clothes every night before they go to bed. Similarly, you can pre-arrange an optimal work environment. Then, in the moment of action, you’ll be more likely to do the hard thing.
Importantly, the computer in your home office should never be considered your family’s “home computer.” You can share an office, desk, and screens if you need to, but for both productivity and cybersecurity purposes, do not share your work machine with your family or your spouse for their work.
Here is a solution. Run two of the screens, the keyboard, mouse, printer, and other accessories through a USB universal docking station. Typically marketed for laptop computers, this solution also works well when sharing resources between multiple desktops or laptops, or both. All you need to do is plug the docking station USB cable into whichever computer you wish to operate at that time, and that computer will have control of all the screens and accessories. Now you can easily share a workspace without sharing computers or re-cabling accessories every time.
Our goal is to ruthlessly eliminate, in advance, any friction that could stand in the way of your best effort. With your baseline hardware in place, let’s put it to work.
Step 6: Write down a plan to transition to the cloud — that is, away from local applications to Software-as-a-Service (Saas) cloud-based software programs.
Cloud technology is a game-changing force that gives operators with a fast smartphone and powerful, parallel office set-ups the ability to become superhuman. Big companies with legacy technology and fixed assets are scrambling for an answer. Whether by luck or foresight, the business gods have dealt small business operators a straight flush.
Cloud computing refers to your ability to rent computer storage servers, software, and their associated maintenance services over the internet all for a low monthly fee (commonly known as SaaS — Software as a Service). Thanks to recent advancements in cloud computing technology, you now have access to highly secure data centers at companies like Microsoft and Google for a fraction of the cost of maintaining a data storage server at your office. This type of convenience and affordability was reserved only for big companies with large IT departments not long ago.
Research from a 2018 Harvard Business Review special on cloud computing says it all:
“…cloud computing is an unusual technology that appeals to smaller, younger firms. We believe its ability to provide high-powered computing without the overhead costs associated with in-house software and hardware provision has driven this. In this sense cloud computing has spread computing out to the masses, democratizing computing.”[xi]
This advancement is an extraordinary equalizer for small businesses, but we must choose to act on it.
Step 7: Confirm that you are running the latest operating system on your computers and smartphone.
The simplest way to get started taking advantage of cloud technology is to turn to the technology company you are already working with for your email services. Most likely, this means Microsoft or Google. Their cloud-based subscription services are known as Microsoft Office 365 and G Suite.
The primary difference between Office 365 and the previous versions of Microsoft Office is that Microsoft Office 365 contracts via a software-as-a-service (Saas) agreement rather than through a traditional application license. In the past, you bought new versions of Outlook, Word, Excel, and others for a fixed fee, and then bought again a few (or many) years later when you wished (or were required) to upgrade. In the case of Office 365, Microsoft ensures you always have the latest (and most powerful and secure) versions of every application running on your computer.
Microsoft, Google, and an army of third-party entrepreneurs (many times small businesses themselves) are continually adding new features and add-ins to enhance your team’s capabilities with your software and operating system. With the pace of technological change, consider it a requirement for productivity and security reasons that you run the latest version of any software you are using. You can bet your competition is.
Step 8: Use a cloud storage service like OneDrive or Google Drive in combination with your favorite software apps like Excel or Google Docs to synchronize your work for real-time access on all your computers and devices.
You’re probably already familiar with applications like Outlook, Word, and Excel. With Office 365 (Microsoft’s SaaS version), they still look and feel the same. And, you can still download them locally (i.e., on your actual computer or device). They are also available to access on Microsoft’s servers through your web browser. The benefit to working directly on Microsoft’s servers through a web browser (e.g., Google Chrome) is that multiple people on your team can work on a file together in real-time. The days of thumb drives or emailing versions back-and-forth are over. This benefit is a giant time-saver, and it has been the main point of success for Google Docs and Google Sheets.
When the Office apps are downloaded locally on your computer, though, many argue they have better functionality. The drawback with local apps is that you are now operating locally and lose the ability to collaborate on a document in real-time with someone else.
Now, we can communicate directly with the cloud servers and employ the rich functionality of programs like Microsoft Excel and Word.
Microsoft achieved this possibility by perfecting its version of Dropbox and Google Drive: Microsoft OneDrive. Like Dropbox and Google Drive, OneDrive is a leading file hosting and cloud storage service. The fact that OneDrive is owned and maintained by the same company that owns, supports, and upgrades programs like Excel and Word means it has the most robust integration with them. OneDrive is a part of the Office 365 suite. Making sure your software programs “play well together” is an integral part of the plan.
Therein lies the noteworthy feature: data synchronization.
For a technical overview, enterprise cloud management company, Informatica, says this is what we need to know about data synchronization:
“Often the very purpose of an application is to modify and update data. But when data is modified in an application, you must take care that those changes are communicated back to other systems that use that data.
Data synchronization provides a means of creating harmony and consistency among all the systems that have access to data.”[xii]
As for “systems,” think of your office, your home satellite office, your portable laptop, and your smartphone.
Here’s how it works. You might like storing your documents on your “Desktop” at work. Using Microsoft OneDrive, you can sync your Desktop (and your entire computer for that matter) with your OneDrive file storage in the cloud. Right away, every Word, Excel, and Powerpoint document you edit automatically saves in the cloud using a feature called AutoSave.
“My computer crashed, and I lost all my work” is an expression of days gone past. Because any location on your computer or smartphone’s hard drive is automatically backed up, synced and stored in the cloud in real-time, you are free to use your Excel and Word apps natively without having to run them through the web browser. For your team, this is important. If your company files are centralized and stored on Microsoft’s cloud servers, each person on your team can use their local, powerful Word, Excel or Powerpoint applications to edit the same document at the same time.
It gets even better for you. When you synchronize your office computer, home computer, laptop, and smartphone with Microsoft OneDrive, they effectively become the same machine. They are separate vessels carrying the same brain. What you see when you log in at home will look identical to what you saw when you left your office. The desktop icons will be in the same location, and the Excel or Word document will be up-to-date with your latest work.
It’s as if you unhooked your entire computing setup at work, brought it all home, and reconfigured it — every day. Parallel configuration is the essence of removing friction.
Your smartphone has “local applications,” too. As you know, they commonly go by the much-less-nerdy name: Apps. “There’s an App for that.” We have Apps on our computers and Apps on our phones. We have web-browsers on our computers and web-browsers on our phones. The time has come to get serious about using the computer applications we know and love — Word and Excel — on our phone.
Quick side note: Also download the Outlook app and use this for email. If you use Gmail, download and use the Gmail app. Don’t use the Apple Mail app for iPhone or any other email client to run your email. As a rule of thumb, for both security and functionality purposes, you should always use the App created by the company that offers the technology you are using (e.g., Outlook or Gmail). For example, both the Search and Calendar functions are vastly more functional in the Outlook or Gmail apps than the Apple Mail app.
Now, once you have a Microsoft Office 365 account established, download the OneDrive, Excel, Word, and Outlook (or G Suite equivalent) Apps on your phone right away. Once you sign in, your OneDrive storage system will automatically link to them, and you can access your stored files directly from within the Word and Excel apps. Now you can edit all the documents you were working on at the office, at home, and on your laptop — at all times, directly from your phone.
There is something magical about typing your thoughts onto a document within the Word app on your phone and seeing it seamlessly and instantly update and save on your desktop computer in front of you. It just works.
Step 9: Use the convenience of data synchronization to start a journal in Excel or Google Sheets of every “aha moment” that presents itself.
In the spirit and promotion of your creativity, here’s a suggested experiment:
1. Move the Excel or Google Sheets app to the home screen of your smartphone (make it easy to access).
2. Create a file on your computer’s Desktop titled “Ideas.”
3. Open the file on your smartphone app.
4. Under Recent, select the ellipses (“…”), and select “Pin to Top” (make it easy to access).
Every time you garner a creative idea or “aha” moment of any magnitude, open the app on your phone and put it on Row 1.
On your next lightbulb experience, enter it on Row 2, and on and on. You will be surprised how quickly the habit will form and how quickly you move down the Rows as the days and weeks go on.
Next, after several days, weeks or months, sit down at your computer and review the list for trends. You’ll see themes emerge. Use the second column in the Excel file to assign a Category to each idea.
Over time, these categories will shift and evolve. There’s no right or wrong and no deadline of any kind. The whole point is to experiment using a left-brain methodology to analyze how your creative side might build on itself.
This method is an example of how you can use technology to improve your odds of realizing a valuable, creative idea. We want to at least keep open the possibility of a positive extreme event. Like Lloyd Christmas said, “so you’re telling me there’s a chance.”
In the next section, we’ll discuss how to minimize the chance of a negative extreme event. After all, no amount of time-scaling or time-compounding will help you if your business can’t live to fight another day.
Cybersecurity
“It was just before noon in Moscow on March 10, 2016, when the first volley of malicious messages hit the Hillary Clinton campaign.”
This opening line from the 2017 Associated Press release Inside story: How Russians hacked the Democrats’ emails[xiii] reminds us just how impactful cybercrime can be. If it can happen to the Clinton campaign, it can happen to you. 65% of business operators admit they have been the victim of a cyberattack.[xiv]
The Clinton campaign’s catastrophic experience gives us a valuable look into the scheme used by the attackers: social engineering.
In his manifesto Cyber Smart: Five Habits to Protect Your Family, Money, and Identity from Cyber Criminals, author Bart McDonough describes the concept as follows:
“Social engineering is a broad attack method used in more than 66 percent of all cyber attack approaches…with social engineering, a bad actor manipulates a victim into giving them access to privileged information.”
Insurance giant Willis Towers Watson further confirmed the significance of social engineering in an analysis of its claims data. The company found 90% of all its cyber claims are the result of some type of human error or behavior.[xv]
The takeaway: cyber risks have a lot more to do with you and your people than with your technology.
“Phishing” is the most exploited method of social engineering. In it’s most common form, email phishing, criminals send you a bogus email with a malicious link or file attachment.
While the criminals deployed a strategic and complex social engineering attack on the Clinton campaign, it turned out to be a simple email phishing attack that cracked their target. In short, Russian hackers were able to compromise campaign chairman John Podesta’s personal Gmail account. This step enabled a chain reaction of capabilities that led to the revealing of tens of thousands of sensitive emails.
Safety in the Cloud
In the past, the traditional “hacker” found and exploited weak links in a company’s IT infrastructure, particularly its network and firewall configuration. Today’s more typical “social engineers” have discovered that the company’s own employees are the weak links. The wide-spread adoption of cloud technology is the main reason.
Cloud technology reduces the traditional risk of attack on IT infrastructure (“technology risks”) and increases the risk of exposure to social engineering attacks (“people risks”).
In the days of on-site file storage via local servers, “people risks” were minimal because data was stored on-site at your office behind a local firewall. On the other hand, “technology risks” were more significant because the responsibility to continually administer, update and monitor on-site data storage hardware and software fell squarely on the business’s internal staff or its local outsourced IT vendor. One misstep or oversight by the small business IT network administrator would be all it would take for a skilled cybercriminal to uncover a weak link.
Cloud infrastructure transfers this burden. If you’re using Office 365 (with OneDrive storage) or G Suite (with Google Drive storage), your data and emails are stored off-site in the world’s most sophisticated data centers. These data centers are maintained 24/7/365 by world-class computer engineers.
Through its contractual Service Level Agreement, Microsoft financially guarantees 99.9% up-time for Office 365 services.[xvi] What’s more, services like Office 365 Advanced Threat Protection (ATP) provide an added layer of security monitoring against phishing and malware attacks by analyzing billions of emails daily.
That’s the good news. To this point, we’ve advocated for full adoption and embracement of cloud technology. We’ve discussed all the productivity-enhancing benefits of the technology, and even some of the superior security features. But remember, it was the cloud-based program Gmail that ultimately led to the exploitation of the 2016 Hillary campaign.
Cloud technology increases people risks and exposure to social engineering attacks. Common and exploitable cloud programs include Gmail, Outlook, Yahoo, Facebook, LinkedIn, OneDrive, Google Drive, Dropbox, and many more.
When you use these services “out of the box,” all a criminal needs to access all of your stored data and files from anywhere in the world is your Username and Password. Under the traditional means, staff had to be at the office or use a secure “virtual private network (VPN) to access, send, and receive messages and files. Cloud technology changed all that, and it made sending emails (and running your entire technology stack) from your remote laptop computer or smartphone as easy as sending a text message.
With such a juicy upside for criminals (i.e., access to all your files from anywhere in the world), it’s no wonder social engineering has become the most common attack method. A well-executed cyber-attack has the potential to be catastrophic to your finances, reputation, and, yes, your time. Therefore, we need to fortify your walls before we can continue working on the other productivity and time-saving steps in this manifesto.
Step 10: Enable two-factor authentication on every cloud-based business, financial, and social media account you can.
Two-factor authentication (2FA) is the most crucial step you can take to bolster your cybersecurity. It’s so simple, and yet still vastly under-utilized by small businesses, and everyone else for that matter. Authy, a leading 2FA app company, has this to say about 2FA:
“2FA is an extra layer of security used to make sure that people trying to gain access to an online account are who they say they are. First, a user will enter their username and a password. Then, instead of immediately gaining access, they will be required to provide another piece of information.”
In short, you (or anyone else) won’t be able to login to your Gmail, Outlook, Yahoo, Facebook, LinkedIn, OneDrive, Google Drive, or Dropbox account without also receiving a text on your smartphone (for example) that you must confirm.
Think about the implication of that extra step. Remember, cloud technology’s primary security concern is that a social engineer might obtain your username and password and gain access to all of your data and files. With 2FA enabled, they would need your username and password and your physical smartphone in-hand. It doesn’t take an advanced statistician to see that that extra layer dramatically reduces the likelihood of a breach.
Apps like Authy, Google Authenticator, and Microsoft Authenticator provide for 2FA through an app on your smartphone rather than a text message. These provide an additional benefit if a sophisticated criminal finds a way to intercept your text message via your cellular carrier. You can also use these authenticator apps in places where you don’t receive text messages (i.e., on a plane or overseas).
For now, you’ll at least want to get 2FA in place using SMS (i.e., text message) on your smartphone. Nearly every well-known company with a technology offering, app, or online access offers this feature. If you work with technology companies or banks that do not offer 2FA, consider switching vendors. At a minimum, you’ll want to install it on every technology and financial platform you can. Companies like Gmail, Outlook, Yahoo, Facebook, LinkedIn, OneDrive, Google Drive, or Dropbox are required. This step requires it on all social media accounts because of reputational risk. As a small business operator, crude content disseminated from your hacked Facebook account would not be good for anybody.
All you need to do is visit the Security or Privacy settings of each application and “Enable Two-factor authentication.” Most offer a “Remember this device” feature after the first confirmation. This step eliminates the inconvenience of receiving a text message at each sign-on by remembering that device’s IP address. Even with that box checked, a criminal attempting to break into your account would need to validate with a text message to your cell phone because he is using another IP address. Further, most companies will send you a complimentary email to let you know that someone tried to access the account from an unknown IP address. The whole arrangement puts you in control.
Step 11: Sign up for notifications at HaveIBeenPwned.com to receive an email if you have an account exposed in a data breach.
You’ve been pwned!
I received this email from the company Have I Been Pwned after hackers exposed one of my online accounts in a data breach. I signed up for the Have I Been Pwned service so that I’d be alerted if hackers ever exposed a company with whom I had ever created an online account. By the way, the computer-speak word “Pwn” was also featured on Merriam-Webster Dictionary’s “Word’s We’re Watching”:
‘Pwn’ is a lot like the sense of ‘own’ that means “to have power or mastery over (someone).” It has also been used to describe the act of gaining illegal access to something.
Yes, I was owned…or pwned. But, at least I was informed. The email I received let me know my account was among 137 million others breached on May 24, 2019, on Canva.com, a graphic-design tool website where I had been experimenting. Compromised data included Email addresses, Geographic locations, Names, Passwords, Usernames.
As a fair warning, this site will also alert of all past data breaches that exposed your account and the extent to which hackers disseminated exposed data for sale on the dark web. That said, it’s good to know. At least you can take action by closing old email accounts and updating your passwords.
Step 12: Review your online accounts and make sure you’re not using the same passwords.
If you find that your email account, username, and password has previously been exposed in a breach — as mine had been with Canva.com, you should immediately update your passwords.
Luckily, I did not use the same password for my email account or other applications that I used for my login credentials at Canva.com. The criminals have likely already tried to access my Gmail account using the hacked credentials.
Cybercriminals are well aware that it’s common for well-meaning people to use the same password for many services because it’s easy to remember. They write sophisticated programs where they can run, say, 137 million sets of usernames and passwords through countless iterations across many online sites until something “hits.”
Step 13: Sign up for a premium business account with a leading Password Manager for you and your staff.
In addition to using unique passwords for each website, you will also want to use strong passwords. Make sure you at least have a capital letter, 8+ characters, a number, and a special character.
With the vast amount of websites that require a username and password, maintaining strong and unique passwords on all of them requires a password manager software. Examples of these vendors include Dashlane, LastPass, 1Password, and others. These services can generate, store, and auto-populate extremely strong passwords for you, so you never have to remember a password. Here’s how LastPass describes their offering:
“The built-in password generator provides customized controls so you can create long, randomized passwords. LastPass makes it easy to generate a unique password for each account so you’re always protected against hacking… We’ve engineered LastPass with an uncompromising degree of security to keep all your information private, secure, and hidden (even from us).”
These services use world-class encryption techniques to safeguard your password vault. With a good password manager, you can access your passwords from multiple devices, and enabling two-factor authentication is a must. Password Managers boost security through strong and unique passwords and productivity through convenient recall and web-browser auto-fill functions.
Final note: Do not confuse this functionality with the password-saving features built right into your web browser or phone (e.g., iCloud Keychain). These automatically tie to the user logged into the device, so anyone who gains access to your device will be able to access all the websites for which you have saved the passwords in this way. Also, you won’t be able to use the saved passwords across multiple devices.
Step 14: Engage a qualified, reputable IT professional for a security and computing consultation — even if you’re happy with your current vendor.
It’s worth repeating that most important — bare minimum — steps that you need to take to strengthen your cybersecurity are 1) enabling two-factor authentication on all devices and 2) establishing strong and unique passwords for all accounts with the help of a password manager. If you accomplish these, you’ll be far ahead of where you were before.
Once you have these essentials in place, it’s time to call in a professional.
The steps in this manifesto are in no way meant to replace expert guidance. The purpose of each step is to save you time and help you understand where you may be lacking. The goal is to prepare you with insights about when to bring in a professional, what questions to ask, and how to assess their competency.
The first step is a consultation from one or several reputable companies specializing in managed IT services, support, and cybersecurity. You’ll want them to review your organization for cybersecurity concerns and also areas for productivity improvement.
Depending on your assessment of their performance, you’ll want to hire a company that you can trust on a monthly retainer. Again, it’s your responsibility to be at least technically prepared enough to be able to assess and compare their competency.
Your investment in a qualified IT specialist who is knowledgeable in cloud computing and cybersecurity could be the best investment your business can make. Even if you feel comfortable with your current partner, I encourage you to engage another external, one-time consultation if it’s been a while. Technology changes fast, and you will undoubtedly learn something new about the landscape. Bring your management team to reinforce the notion that technology is part of the company’s strategy. A secure culture starts at the top.
Step 15: Encrypt all your devices.
Your employees are probably all using their smartphones to send and receive company emails. If they lose their cell phone, a criminal could easily use their unlocked phone to send malware-infected emails to you and the rest of your staff. Do not take this risk. And, make sure all computers are set to lock and require a password after a period of inactivity.
Along these lines, there are many more everyday best practices you and your staff can put in place that will go a long way. To name a few:
o Use separate email accounts for various services. Don’t use the same email address for fantasy football, Pinterest, or Twitter that you use to for your online banking.
o When scanning documents at your office, have them sent to a folder in your secure storage and not directly to your employees’ email Inboxes. Remember, email is the first and most common target for criminals, so sending all scanned documents to that location is not the best choice.
o You’ll want to remove any unused apps, programs, browser-extensions, and email add-ins from all of your devices. These create vulnerabilities that can be exploited by criminals trying to access your system. Be selective about all programs and apps you download to your devices.
o Sign up for a PDF editor through Adobe or another vendor so that you can proactively delete Social Security Numbers and other sensitive information from PDF documents if you need to send them over email. These programs also make it easy to password-protect documents for an extra layer of security.
o Enable the BitLocker encryption setting on the Windows Professional operating system. BitLocker is a tool built directly into Windows that helps you encrypt your hard drive for enhanced security.
o Turn On “Use random hardware addresses” in your device’s wi-fi settings. As Microsoft highlights under its settings, using random hardware addresses makes it harder for people to track your location when you connect to different wi-fi networks.
o Turn on Erase Data on your smartphone or tablet so that it wipes the phone after a certain number of login attempts. If you have cloud backup enabled, you will be able to recover your contents. If you issue your employees phones through work, you can control this setting.
o Make sure you or your parents do not have any old email accounts without two-factor authentication (2FA) enabled.
o Talk about the importance of cybersecurity with staff, contractors, vendors, and family.
Step 16: Schedule a formal cybersecurity training for your staff.
Insurance company Nationwide found in the annual Business Operator Survey that nearly 1 in 3 companies with 11–50 employees do not offer any type of cybersecurity training.[xvii] Do not make this mistake. Remember, the biggest threat to your security does not live in your IT department. With today’s social engineering attack methods, the weak links are your employees themselves. Equip them with the knowledge, power, and tools they need to do their job productively and safely.
Now that we’ve taken action to bolster your cybersecurity, it’s time take a stand for a fundamental right: your privacy.
Your Privacy
A survey by market research firm Statista found that 76% of internet users surveyed were at least somewhat uncomfortable with companies being able to purchase data related to you for online advertising purposes.[xviii]
Following the infamous Facebook–Cambridge Analytica data scandal fallout in 2018, it’s clear the conversation on internet privacy and ethics will get a lot more complicated before it gets any more transparent.
In a 2018 keynote address calling for increased ethical values protecting individuals’ privacy, Microsoft CEO Satya Nadella reminded us about the reality of our landscape:
“…the world is becoming a computer. Computing is getting embedded in every person, place and thing, every walk of life in our homes, in our cars, and our works, in and out stadiums, entertainment centers, every industry from agriculture to precision medicine, from autonomous cars to autonomous drones, from personalized retailers to personalized banking, are all being transformed.”[xix]
Regardless of your comfort level or your position on the ethics of the matter, accepting the reality of the day will mean taking action.
Step 17: Review the Privacy setting in all your web browsers, social media applications, and email providers.
Here are a few practical reasons why this matters to you, courtesy of DuckDuckGo, an anti-tracking Internet search engine that emphasizes protecting searchers’ privacy:
1. Google and others use your data for ads that follow you around. According to Google Adwords, two million different websites and apps participate.
2. Your personal data remains with Google indefinitely, and it can be subpoenaed by lawyers in civil cases such as divorce. According to Google Request for User Information, Google answered over 100,000 of these requests in 2017 alone.
3. Retailers use your historical online data to charge “dynamic” prices. They use algorithms to try and determine the maximum they think they can get you, your staff, or your purchasing department to pay.
Take some time to think about how much you want your internet activity and preferences shared with others. To get you started navigating all the various Settings pages, here are a few quick tips:
o Turn off “Ad Personalization”
o Block “Third Party Cookies”
o Turn off Geotagging
o Turn off Photo tagging
o Turn off Your Information categories that Facebook uses to target ads to you.
o Select Do Not Track in Chrome
o Turn off Location Services
o Turn off Ads based on data from partners
o Turn off Ads based on activity on Facebook
o Turn off Ads that include your social actions
Step 18: Visit OptoutPrescreen.com to remove your name from lists supplied by credit reporting agencies to credit card and insurance companies for preapproval solicitations.
“You’ve been Preapproved!”
Yes, creepy and intrusive advertising techniques are nothing new. But breaches like that of consumer credit reporting agency Equifax in September 2017 have turned the business of annoying spam mail into a hotbed for identity theft. Following this incident, millions of social security numbers were exposed and dispersed into the “Dark web.”
Aside from being a general nuisance, these “preapproved” and “prescreened” offers from credit card and insurance companies containing your sensitive information can be intercepted in the mail or caught while in digital transit.
Luckily, we as consumers have the right to opt-out under the Fair Credit Reporting Act (FCRA). But the onus is on us to take action. Visit OptOutPrescreen.com to exercise your rights.
Here is a helpful description from the site’s Frequently Asked Questions:
Opting-Out refers to the process for removing your name from lists supplied by the Consumer Credit Reporting Companies, Equifax, Experian, Innovis and TransUnion, to be used for firm (preapproved / prescreened) offers of credit or insurance. Your rights as a consumer under the Fair Credit Reporting Act (FCRA) include the right to “Opt-Out” for 5 years or permanently.
If you choose permanent Opt-Out, you must “confirm” your request in writing by submitting a signed Permanent Opt-Out Election form. At the time that you submit your electronic request, you will receive a confirmation that you should print along with the Permanent Opt-Out Election Form. You may begin the permanent Opt-Out process on this secure website, however, in order to complete your request, you must return the signed Permanent Opt-Out Election form. The Permanent Opt-Out Election form will be provided to you after you initiate your request on this website. In the interim, we will complete a 5 year Opt-Out request on your behalf within 5 business days. We will make your request permanent when we receive your signed Permanent Opt-Out Election form.
Through this site, the Consumer Credit Reporting Companies are providing consumers with an easy and convenient way to initiate their right for permanent Opt-Out. This service is not intended for businesses or companies.
Conclusion
The steps in this Manifesto only scratch the surface in the quest for time-scaling and time-compounding excellence. I hope that these steps foster both a call to action and a modern mindset around practical productivity and cybersecurity strategy so that you can continue your journey as an elite small business operator.
Endnotes
[i] www.gartner.com/en
[ii] www.idg.com/tools-for-marketers/2018-cloud-computing-survey/
[iii] www2.deloitte.com/us/en/pages/mergers-and-acquisitions/articles/ma-trends-report.html
[iv] www.in2013dollars.com/Information-technology,-hardware-and-services/price-inflation
[v] Chadwick, David. Crooked Cucumber: the Life and Zen Teaching of Shunryu Suzuki. Broadway books, 2000.
[vi] www.merriam-webster.com/words-at-play/scale-the-business-meaning-origin
[vii]www.wsj.com/articles/SB10001424053111903480904576512250915629460
[viii] www.tech-news.com/imagesap/utahdisplaystudy.pdf
[ix]money.cnn.com/2006/03/30/news/newsmakers/gates_howiwork_fortune/
[x] www.sciencedaily.com/releases/2014/08/140808111931.htm
[xi] hbr.org/2018/08/research-cloud-computing-is-helping-smaller-newer-firms compete?es_ad=34899&es_sh=16c04f96ff060c309498555eb26989c4
[xii] www.informatica.com/services-and-training/glossary-of-terms/data-synchronization-definition.html
[xiii] www.apnews.com/dea73efc01594839957c3c9a6c962b8a
[xiv]www.insurancejournal.com/news/national/2019/08/09/535353.htm
[xv] www.willistowerswatson.com/en-GB/news/2017/03/when-it-comes-to-cyber-risk-businesses-are-missing-the-human-touch
[xvi] www.microsoft.com/en-us/microsoft-365/blog/2013/08/08/cloud-services-you-can-trust-office-365-availability/
[xvii]www.insurancebusinessmag.com/us/news/cyber/nationwide-remote-workers-are-the-biggest-cyber-blind-spots-for-small-businesses-174947.aspx
[xviii] www.statista.com/statistics/873789/internet-users-comfort-companies-purchasing-personal-data-online-ad-reasons/
[xix] cio.economictimes.indiatimes.com/news/digital-security/world-becoming-a-computer-privacy-is-a-human-right-nadella/64072494
© 2019 Craig Toberman, Partner at Toberman Becker Wealth in St. Louis
