Check It Out

In Prepare for the Worst, Plan for the Best: Disaster Preparedness and Recovery for Small Businesses (Wiley, second edition 2008), I wrote (p. 118) that even the most experienced airplane pilots need checklists in case of an emergency because under stress, they can simply overlook a small, but important, detail. I wrote this in the context of advising codified procedures for your business to provide consistent, reproducible results. This is particularly important to reduce the risk for error when responding to a disruption as stress levels will be high. Harvard Medical School professor and surgeon Dr. Atul Gawande addresses this concept in his book, The Checklist Manifesto: How to Get Things Right. Dr. Gawande describes how the use of a basic five-item checklist in the operating room dramatically reduces the incidence of post-operative infections, which kill close to 100,000 Americans each year. Marshaling examples from other industries, the book makes an impressive case that the incidence of even fatal errors can be reduced with a few tick marks listing critical procedures on a single piece of paper. What I particularly like about this approach is its simplicity; in addition to reducing errors, this systems approach can be the basis of your business operations manual.

A Timely Reminder

The American Public Health Association reminds us that Daylight Savings Time in the spring and fall reminds us to check our stocks to ensure that we have fresh, usable batteries, that our non-perishable food has not passed its shelf expiry and that our emergency stock kit is complete and current. I also use the occasion of moving the clocks forwards or backwards one hour to check the batteries in all smoke detectors and carbon monoxide alarms, both at home and at work.  I apologize for the tardy posting; I just started an entrepreneurial training program with the Kauffman Foundation. It is a great learning experience, but my group is doing the ten-week program in three and one-half weeks – in addition to full-time work! But the reminder is perhaps better late than never.

Difficult to Manage

I had occasion to hear the very thoughtful words of Kenneth Knight, the National Intelligence Officer for Warning. He oversees teams of analysts to brief the President to “avoid surprises”. He spoke about the challenge of overcoming cognitive bias, or seeing the world through the filter through which you have become accustomed. This is hard for anyone, but particularly for intelligence officers, to go against their own analytic frameworks that have served them well in the past. To try to compensate for this risk, that the view of the intelligence agencies leaves the country vulnerable to their own blindspots, he challenges his assumptions, but always know that he is working against the tyranny of time.

This insight is applicable to small businesses as well. I had the experience of working in New Orleans post-Katrina where hurricane recovery was understandably the top concern. But the more immediate threat to one small business served by the local Small Business Development Center was a fire. The proprietor had intended to back up his data in advance of June 1, the start of the new hurricane season, but time was not on his side. His facility burned to the ground before he could prepare for the hurricanes. Another example was shared with me by the SBDC in New Orleans of a commercial shrimp facility that had to discard $500,000 worth of their catch due to spoilage when a power outage disrupted their electrical supply. Even in the Gulf Coast, a fire or a power outage is the more statistically significant risk than a hurricane. Similarly for California, a seismically active area where, thankfully, there has not been a major earthquake. But every year, southern California experiences an outbreak of fires. Sometime we have to change our frame of reference to better perceive the more immediate threat – a challenge for small business owners and national intelligence authorities alike.

How Much Data Storage Is Too Much?

The lifecycle of information management refers to the determination of which information and data your small business must preserve and protect and over what period of time. It is not productive for any small business to secure and back up information that has become obsolete. (It also raises the risk of human error, as your employees may inadvertently work with files that have aged out of use!) This requires some discipline for properly disposing of out-of-date electronic files. As you develop a strategy for lifecycle information management, here are some of the issues you should consider:

Liability management. The more sensitive customer data you store, the greater your liability for a breach of data. The news media report that computer hackers may have accessed up to 100 million customer records of Heartland Payment Systems, a credit card processor. They are not the only payment processors to report possible data breaches; RBS Worldpay and CheckFree have also been exposed, as has Monster.com, an employment site. These breaches are costly: $202 per compromised customer file, according to the Ponemon Institute, an organization that researches and consults on privacy and information security matters. What accounts for this cost? Customer attrition is one source of loss, as Ponemon found that health care businesses lost 6.5% of customers and financial businesses lost 5.5% of customers after data breaches. In addition, after a data breach, the affected company must undertake expensive security and legal procedures to deal with the intrusion and offer, at its expense, credit monitoring services to the customers whose data may have been compromised. In some states, there is a legal requirement to offer such a remedy; in all cases, it is a good business practice.

Marketing needs. Customer data may be a valuable asset for new product development, customer retention and customer acquisition. At the recent Information Security Best Practices Conference held at the Wharton School of Business of the University of Pennsylvania, marketing professors Eric Bradlow and Peter Fader discussed the conflicting needs of liability management versus marketing needs. As personally identifiable data are increasingly a liability for companies, Professors Bradlow and Faber recommend a “data minimization” strategy: keep the customer data your business needs for competitive advantage and purge all other data. Too many businesses, they believe, are data pack rats, storing information that serves no marketing purpose.

Legal and compliance requirements. Your business may be subject to certain legal or regulatory requirements for preserving data over a certain period of time. It is best to seek advice from legal counsel when developing your lifecycle information strategy.

Look carefully to see what is not obvious

I recently did a live radio interview with Tron Simpson of KCMN-AM in Colorado Springs, which took me back to my last visit to Colorado Springs a few months ago. The occasion was the annual small business awards luncheon hosted by the local Small Business Development Center. I was flattered to have been invited as the keynote speaker and after the luncheon, I led a three-hour workshop on small business disaster preparedness. I had been invited by Matt Barrett, the Director of the SBDC. Matt and Assistant Director Lisanne McNew were most gracious hosts. On my return home after the program, I had an experience that perfectly illustrates the concept of everyday disasters and the importance of having good processes in place.

My return flight departed Colorado Springs for Dallas-Fort Worth, where I had to make a connecting flight back to the New York City area. As we passed over Kansas, I heard a loud pop and the cabin rapidly lost pressure. Passengers became nauseated as we were jostled about in our seats like beans frying in a pan. Shortly thereafter, the pilot announced that we were returning to the airport in Denver where better aircraft maintenance facilities were available and, if necessary, alternate flight connections.  I had many hours in the airport terminal to make the acquaintance of my fellow passengers, as we had been instructed to remain in the gate area. Of course, everyone asked everyone else about the purpose of their travel and I mentioned my book and the event in Colorado Springs. Then one of the passengers who was seated next to the emergency exit door where the seal had broken (that was the “pop” we had heard) stated that he had suspected a problem as soon as he took his seat. He reported to the cabin crew that he could hear a hissing noise through the door. His concerns were dismissed. But as the aircraft pulled back from the jetway and towards the runway, the hissing sounds grew more ominous, particularly after takeoff as we gained altitude. In the context of the six disaster categories outlined in Prepare for the Worst, Plan for the Best, we all agreed that this was an example of equipment failure.

When I related the details to Stefan, he offered a different diagnosis. Stefan has a degree in Aerospace Engineering and he told me that aircraft always have multiple redundant systems to protect against the risk of a single failure. At least three things had to go wrong simultaneously with that flight in order to account for our experience. The risk of any single one occurring in isolation is small; the risk of all three striking simultaneously is negligible. Stefan diagnosed the problem as human error; the issue around the faulty seal should have set off an alarm in the cockpit. Perhaps the pilot was fatigued and did not notice. The pre-flight mechanical inspection should have surfaced the problem. It appeared that either the airline did not have proper procedures in place, which seems unlikely, or, more likely, the procedures were in place and they were not followed.

Garden of the Gods, Colorado Springs

By the way, in case you are wondering about the photographs that accompany this blog post, I took them at a local site in Colorado Springs, the Garden of the Gods. Matt was kind enough to show me this beautiful natural setting when he drove me back to the airport. Matt spotted a deer, which sought to hide itself behind the trees, while I did my best to get a picture. If you look at the “V” shape between the main branches of the tree trunk, you can see the deer’s eyes, ears and nose. Sometimes you have to look very carefully to see beyond the obvious.