Archive for January, 2009

Category Number Seven?

Sunday, January 25th, 2009
Money Troubles?

Money Troubles?

In both the first and second editions of Prepare for the Worst, Plan for the Best: Disaster Preparedness and Recovery for Small Businesses (Wiley, second edition, 2008), we presented a framework for six categories of disaster from the high-frequency/low-severity category of human error all the way to the high-severity/low-frequency extreme of terrorism and sabotage. Ellen Heffes, the editor-in-chief of Financial Executive, had suggested to me that it might be appropriate to add a seventh category of financial disasters, owing to the meltdown of the capital and credit markets. Ellen had invited me to contribute a bylined article to the magazine (which will appear in the April 2009 issue) and certainly the credit crisis is at the top of every executive’s agenda. I would not change the framework of disaster categories that had been set forth, because we had explicitly defined disaster to mean an event that displaces your business and extends to longer and longer period of remote operations, based on its severity. The financial crisis would not qualify for our treatment, although I am certainly considering writing a book on finance for small businesses. However, I would be remiss not to mention it, because the financial and credit crisis is certainly creating stress for my business. Like many small business owners, I am caught between the proverbial rock and the hard place, trying to collect monies that I am owed from large corporations (that should have behaved more responsibly) while remaining current to obligations that my business has to small vendors. A recent article in the Wall Street Journal indicates that I am not alone. As I read the WSJ story of the small business in California that has no hope of collecting the $53,000 it is owed by Lehman Brothers, I thought of the futility of the current government focus on strong-arming banks to extend their loan portfolios. Is it time for a new book on small business finance?

Lessons Learned the Hard Way

Tuesday, January 20th, 2009
A Letter You Prefer Not to Receive

A Letter You Prefer Not to Receive

My earlier posting summarizing the lessons an attorney learned the hard way about identity fraud elicited strong response from readers, many of whom preferred to share their experiences by means other than direct posting. This attached image shows a scan of a letter one reader received from the Bank of New York Mellon, which is the custodial bank for his retirement savings account. As you can see, I have redacted the personal identifying information to make sure another misuse of private data does not occur. The letter advises that bank’s archive services vendor lost computer tapes containing personal client information when transporting them to an off-site storage facility. If you double-click on this image, you can read the letter for yourself. Obviously, this is a letter you prefer not to receive, but note that the bank acted proactively to offer free credit monitoring services to the clients who may have been affected, although they had no reason to believe that this information had been misused in any way. As the previous blog entry indicated, one unlucky attorney learned how important this service is. Should you find that any of your personal data may have been compromised, request that the vendor provide this service to you at his expense. And of course, should you ever experience a compromise of the security of your client data, offer to do the same for your clients.

In addition, Cliff Ennico, who is NOT the attorney whose advice I summarized in the earlier blog posting, offered some useful suggestions of his own for information you will need to have readily available in the event of an emergency. I have attached the link here.

Finally, I wanted to add a suggestion of my own. I had an issue with identity fraud when the previous tenant of an apartment I had purchased continuously updated her mail forwarding. By unhappy coincidence we shared the same last name, so that much of my mail was re-routed to her in another state. This mail included frequent flyer statements from the airlines on which I travel (which I now receive electronically rather than in paper form). As a “courtesy” to me, the airlines automatically updated the mail forwarding information with this woman’s address. I only learned of this matter when I called an airline to request frequent flyer awards and was told that they could only mail the tickets (back in the days of paper tickets) to the address on file for me, which was in Tennessee. When I protested that I lived in New York, not Tennessee, the whole issue of the improper mail forwarding came to light. The airline staff advised me to instruct them in writing not to automatically update my account address for mail forwarding unless I specifically request in writing that they do so. I did the same for some of the online and catalog merchants from which I often order products, as they also use mail update services as a “courtesy” to customers whose mail has been forwarded. It is a sad lesson, but vigilance pays.

Emotions and Redundancy

Tuesday, January 20th, 2009
Aircraft Lifted Onto the Barge

Aircraft Lifted Onto the Barge

Following an earlier blog entry, over the weekend, the aircraft for USAirways Flight 1549 was lifted by cranes from the Hudson River where it had submerged and was then placed on a barge for subsequent transport to an area better suited for a long-term investigation. You will note that it is directly adjacent to the World Trade Center site, in the residential community of Battery Park City, where I lived on and after 9-11-01. I am viewing these events from a different vantage point, from directly on the Hudson River on the New Jersey waterfront exactly opposite of where I used to live. The emergency workers have been on duty round the clock, with police boats, helicopters and the Coast Guard maintaining a visible presence. While this accident was thankfully unrelated to the events of 9-11-01, for the residents of this neighborhood, the presence of emergency workers has a certain emotional resonance and frankly, I am glad I am more removed from the scene of the action this time. I had written earlier about dealing with emotions following a disaster, so just knowing that the sight of the police boats and Coast Guard craft were likely to provoke a response from me gave me the ability to mute that response. This is an important insight for anyone who has worked through a major disaster and thankfully, this one ended with no loss of human life.

Drawing on another theme of our preparedness messages, the role of redundant systems is critical. Although the investigation into the cause of the emergency landing of US Airways Flight 1549 has just begun, investigators have already revealed that both engines of the aircraft failed simultaneously. When I lived in Zurich, Switzerland, I would often take short, over-land so-called “City Hopper” flights to London or elsewhere for business. Those aircraft were equipped with four engines, consistent with European safety regulations, rendering negiligible the risk of simultaneous engine failure for all. That safety standard exists in the U.S. only for military aircraft and of course, for cargo aircraft, the redundancy required to mitigate the risk of equipment failure is still lower. As small business owners, the lessons we can draw from this accident include (1) the importance of redundancy to mitigate the risk of equipment failure, (2) the critical importance of employee training as demonstrated by the flawless performance of the airplane pilot and (3) the issues surrounding emotional responses post-disaster.

An Attorney’s Advice – No Charge

Monday, January 19th, 2009

An attorney friend of mine recently had a horrible experience following the theft of his wallet. He sent me the following advice with the request that I post it for you. To minimize your potential losses from credit theft, he recommends the following:

“1. Do not sign the back of your credit cards. Instead, put “photo identification required.”

2. When you are writing checks to pay on your credit card accounts, do not put the complete account number on the “memo” line. Write only the last four numbers. The credit card company knows the rest of the number, and anyone who might be handling your check as it passes through all the check processing channels should not have access to it.

3. Put your work phone number on your checks instead of your home number. If you have a post office box use that instead of your home address. If you do not have a post office box, use your work address.  Never have your social security number printed on your checks. You can add it if it is necessary. But if you have It printed, anyone can access it.

4. Place the contents of your wallet on a photocopy machine. Do both sides of each license, credit card, each piece of identification in your wallet. You will know what you had in your wallet and all of the account numbers and phone numbers to call and cancel. Keep the photocopy in a safe place. I also carry a photocopy of my passport when I travel either here or abroad. We’ve all heard horror stories about fraud that’s committed on us in stealing a name, address, social security number, credit cards. Unfortunately, I, an attorney, have firsthand knowledge because my wallet was stolen last month. Within a week, the thieve(s) ordered an expensive monthly cell phone package, applied for a Visa credit card, had a credit line approved to buy a Gateway computer, received a PIN number from the Department of Motor Vehicles to change my driving record information online, and more.

5. We have been told we should cancel our credit cards immediately. But the key is having the toll free numbers and your card numbers handy so you know whom to call. Keep those where you can find them.

6. File a police report immediately in the jurisdiction where your credit cards, etc., were stolen. This proves to credit providers you were diligent, and this is a first step toward an investigation (if there ever is one). But here’s what is perhaps most important of all (I never even thought to do this):

7. Call the three national credit reporting organizations Immediately to place a fraud alert on your name and also call the social security fraud line number. I had never heard of doing that until advised by a bank that called to tell me an application for credit was made over the Internet in my name. The alert means any company that checks your credit knows your information was stolen, and they have to contact you by phone to authorize new credit. By the time I had been advised to do this, almost two weeks after the theft, all the damage had been done. There are records of all the credit checks initiated by the thieves’ purchases, none of which I knew about before placing the alert. Since then, no additional damage has been done, and the thieves threw my wallet away this weekend (someone turned it in). It seems to have stopped them dead in their tracks. The following are the numbers you always need to contact when your wallet, credit cards or other personal identifying information been stolen:

  • Equifax: 800-525-6285
  • Experian (formerly TRW): 888-397-3742
  • Trans Union : 800-680-7289
  • Social Security Administration (fraud line):800-269-0271″

The Love of the Game

Friday, January 16th, 2009
Mike Eruzione, Captain of the 1980 U.S. Olympic Hockey Team

Mike Eruzione, Captain of the 1980 U.S. Olympic Hockey Team

I recently attended a customer appreciation event hosted by Cisco at the Sports Museum of America in Lower Manhattan. The panel discussion featured a number of executives of both Cisco and financial services companies that use Cisco networking solutions discussing the evolution of social media. The eye-opener for me was research cited by Carlos Dominguez, SVP of Cisco, who reported that the Butler Group found that time spent searching for information wastes 10% of an employee’s salary. In Prepare for the Worst, Plan for the Best: Disaster Preparedness and Recovery for Small Businesses (Wiley, second edition, 2008), I reported that putting in place a version control and file naming system saved me from wasting significant time in search and retrieval exercises. In fact, I put the system in place to mitigate against everyday disasters, such as human errors, but it had an immediate payoff in terms of improved efficiency.

Cisco and Social Networking

Cisco and Social Networking

The highlight of the evening was the keynote address from Mike Eruzione, the Captain of the 1980 U.S. Olympic Hockey Team, often referred to as the “miracle on ice”.  His optimism and enthusiasm were infectious. He drew many parallels between the economic and political climate in 1980 and the one we are experiencing today. His remarks focused on the miracle of teamwork, of which social networking is a part, which surely represents our more positive future to build from our current difficulties. He noted that in sports, as in business, everyone judges you on the result, whether it is a gold medal or a profitable quarter.

Cisco Reception

Social Networking

You are not evaluated on the effort you put into achieving that result. Eruzione was an inspiring speaker and what I most appreciated about his remarks was his love of the game; he loved the intrinsic rewards of playing hockey, he did not appear to be motivated by the extrinsic rewards of gold medals or fame. So it is with entrepreneurs; it is an inner-directed game for the sheer joy of it.

Water Landing Diverts Ground Traffic

Thursday, January 15th, 2009
USAirways Flight 1549 in the Hudson River as Seen from My Office

The View From My Office: USAirways Flight 1549 in the Hudson River

This is the view from my office window of USAirways Flight 1549 after all of the passengers were safely evacuated and the plane is almost completely submerged in the Hudson River. According to the Federal Aviation Administration, the flight, which had departed New York’s LaGuardia Airport on its way to Charlotte, was airborne less than three minutes. An emergency water landing was made after the pilot radioed air traffic controllers that he had experienced a bird strike.

All of the passengers were safely evacuated from the aircraft thanks in large measure to what was described as extraordinary skill and calm on the part of the pilot. As I write this blog posting, at 9:00 p.m., I can see rescue workers in police boats surrounding the location where the aircraft is submerged, as they perform ongoing work for the emergency investigation. I can also see emergency vehicles along the West Side Highway that extend from the area to as far north (at least as I can see) to 42nd Street, although the news media report that traffic has been halted from 79th Street.

While the emergency landing itself is extraordinary, the ground disruptions it caused are not, as New Yorkers are only too familiar with the need to make alternate commuting plans in the event of disruptions – irrespective of the cause. Whether it is a steam pipe explosion on 42nd Street or an emergency airplane landing in the Hudson River, commuting disruptions are everyday disasters for which our local small businesses must be prepared.

Do Nothing?

Tuesday, January 13th, 2009
Flood risks

Flood risks

I was recently interviewed by a newspaper journalist concerning the evacuations in the northwestern United States prompted by severe floods and avalanches. She asked me what small business owners should do to pack for such an evacuation. I answered “nothing”, which response surprised her. Actually, when an evacuation is called, you should not put yourself, your family or your employees in harm’s way by thinking of what to pack and where to go. This is true whether the evacuation order is caused by a flood, a civil emergency or some other type of disaster. Your data should be online, offsite and accessible from any remote location from which you may have to temporarily operate. Your evacuation plan should already be worked out. Your communications plan should include not only your employees and their families (and secondary, out-of-state contacts), but also customers, neighbors, vendors and other important partners. You should not delay an evacuation order to attempt in haste to determine what is critical to your business. Human safety is the most important factor. Always.

Do Not Reply to All

Monday, January 12th, 2009

You need not share everything onlineThe State Department suffered a recent embarrassment when it was disclosed that the main electronic communications system of the Department was nearly knocked out owing to what was, in effect, an internally originated denial of service attack. The root cause was traced to the practice of State Department employees selecting the “reply all” option to e-mail messages with very large distributions. This resulted in both an internal shutdown of sensitive electronic communications as well as needless abuse of the time of those who were copied on messages that they did not need to receive. We had addressed this topic, from the latter perspective, in both the earlier and current editions of Prepare for the Worst, Plan for the Best: Disaster Preparedness and Recovery for Small Businesses (Wiley, second edition, 2008). The recommendation put forward in that book was to reduce the “info-stress” caused by bombarding employees with unnecessary communications. Use some discretion in targeting your oral and written communications and watch productivity soar.

But the State Department’s mishap is useful in that it reinforces a lesson about organizing your critical communications: this “reply all” practice interrupted critical communications in normal operations. Imagine how much worse the consequences would have been if the Department had been operating in a disaster recovery mode. That is another reason why you must streamline your communications. This incident was a nuisance to the State Department; it could be devastating to a small business, with far fewer resources to waste. And taking the State Department’s lesson one step further: be careful about how you store your e-mails online with file attachments, particularly when multiple parties within the company are copied on the same message. This redundancy puts an additional burden on your human and IT resources. Consider alternatives, such as the use of a wiki, instead. This will streamline your communications and reduce the risk of further disruptions.

2008 Was the Second Worst Year for Catastrophes

Wednesday, January 7th, 2009

According to research soon to be published by my former employer, the Swiss Reinsurance Company, 2008 was the second worst year for catastrophes since 1970. Only 2005, the year in which Hurricane Katrina struck the Gulf Coast, was worse. Once again, the United States had the dubious distinction of being the site of four of the six costliest catastrophes in 2008.

Largest Insured Losses in 2008

Largest Insured Losses in 2008

Again, we see a divergence between the levels of insured losses and the numbers of human casualties, with countries in the developing world suffering greatly. In early May, Tropical Cyclone Nargis struck Myanmar, killing 138,400 people, setting off one of the largest humanitarian crises in recent memory. Later in May, a devastating earthquake measuring 7.9 on the moment magnitude scale shook China’s Sichuan region, killing 87,400 people and leaving over 10 million homeless. Most of the losses from these two events were not insured. Catastrophes cost insurers more than $50 billion in 2008, making it the second costliest year in insurance history. Of that sum, natural catastrophes accounted for $43 billion. However, the $50 billion in insured losses represents but a fraction of the total loss of $225 billion that catastrophes cost society in 2008, most of which was uninsured.