Archive for February, 2009

The Clock is Ticking

Friday, February 27th, 2009
No time like the present

No time like the present

USA Today reported this month that close to $4.0 billion in federal government rebuilding aid committed in response to Hurricanes Katrina and Rita has not been spent more than three years after the disaster. The result is that thousands of projects across the Gulf Coast remain incomplete. The aid, part of a massive recovery effort funded by the Federal Emergency Management Agency, was intended to repair or replace public works destroyed by the hurricanes. Congress has called FEMA to account for the unspent funds, but the lesson bears repeating: don’t depend on the government for disaster aid. You will be disappointed. Focus your efforts on what is within the scope of your control, such as savings and insurance.

Sharp Increase in Default Rate on SBA Loans

Thursday, February 26th, 2009
Maybe not the right solution

Not always the best solution

The Coleman Report, which provides lenders with small business data and Small Business Administration news, found that 11.9% of the SBA’s loans in the 2008 fiscal year went into default. The failure rate was determined by dividing the number of loans liquidated or charged off last year by the total number of loans made through the SBA lending programs. This is a different methodology than that used by the SBA, which measures only the dollar volume of loans charged off or liquidated, resulting in the appearance of a lower default rate at 5%. Both methods of computing failure rates show sharp increases over the previous year. In the 2008 fiscal year ended September 30, the SBA’s 7(a) and 504 programs approved 78,324 loans, totaling $18.2 billion. The performance for small business loans in the franchising industry deteriorated with franchisee defaults on SBA-guaranteed loans increasing 52% in the fiscal year 2008 as compared with 2007, according to the Wall Street Journal. The franchise industry attributed this poor performance to resales of franchises in which small business owners paid goodwill over and above the franchise fee to acquire a franchise from an existing operator rather than purchasing the a new franchise at cost directly from the company.

While this report did not specifically address the SBA’s disaster loans, the default rates suggest an interesting parallel. I generally recommend that small business owners carefully consider the alternatives before taking on an SBA disaster loan. While the interest rates and payment terms may be attractive, the small business owner has to pledge collateral and provide personal guarantees. Disaster recovery is typically a much longer process than one imagines and the recovery does not always follow a linear path. I would be reluctant to take on debt given the uncertainty about cash flows, the timely payment of insurance claims, the disbursement of disaster aid or the resumption of normal commercial activity in the aftermath of a major disaster. What the Coleman Report alludes to is an economic disaster in which small business owners assumed comparable risks. Unfortunately, the soaring default rates justify the caution lenders have in extending more credit to their small business loan portfolios, thereby making it more difficult for healthy, viable businesses to access the capital they need.

Use Daylight Savings Time to Update Your Fire Safety Plan

Wednesday, February 25th, 2009
Fires spread quickly, be prepared

Fires spread quickly, be prepared

Early yesterday morning a fire started on the second floor of an apartment building in Manhattan’s Chinatown neighborhood. The fire killed one resident and caused serious injuries to four others, when they jumped from the fifth and sixth floors of the building. Eight firefighters were also injured. Fires are actually the most common demand on the resources of the local chapters of the American Red Cross. Each year in the U.S., fires kills more than 4,000 people and injure more than 25,000. Many of these fires could be prevented. Fires cause close to $9 billion in annual property losses. Daylight Savings Time begins at 2:00 a.m. on March 8; use this occasion to put new batteries in your smoke alarms at both your place of work and your home and review your fire safety plan with your employees and your families.

E-Mail Service Outage

Tuesday, February 24th, 2009
We often don't realize how critical e-mail is, until we lose access

We often don't realize how critical e-mail is, until we lose access

Last night, many users lost access to Gmail, the popular e-mail service offered by Google. According to Google, the problem is now fixed, but it is unclear what gave rise to the problem and if it will recur (this is not the first service outage for Gmail.)

For small businesses, redundancy is critical and as Gmail is free, it makes sense to use another free email service to send out important messages when the primary service is disrupted. I would be more likely to use such a free service as my secondary channel of communication, since many services will block such messages as likely spam. And then, of course, I have a third free e-mail service, as contingency for contingency!

Not the Right Way to Use E-Mail

Thursday, February 19th, 2009
Looks Innocent Enough

Looks Innocent Enough

You package a great deal of sensitive information about yourself in one bundle when you apply for a mortgage. And that information is re-transmitted whenever a mortgage broker works on your behalf or when your mortgage is sold and re-sold again in secondary markets. You would hope that financial institutions would handle such private information in the appropriate manner, but your hope might be misplaced. Wolters Kluwer Financial Services surveyed executives from 350 odd banks, credits unions and mortgage companies as to how they transmit financial data. (This particular company sells secure document delivery software to financial institutions.) Almost two-thirds of those surveyed use traditional e-mail services rather than secure encrypted online delivery technologies, thereby exposing mortgage applicants to greater risk for identity theft and other forms of financial fraud. You must never transmit sensitive information by e-mail. Automated algorithms, known as “bots” routinely hack into e-mail messages searching for 16-digit and 9-digit numerical sequences in the hope of finding valid credit card and social security numbers. The damage to your credit rating and reputation can be devastating.

I had this experience in the aftermath of 9-11 when a non-profit organization based in Lower Manhattan, which had the contract for processing certain disaster relief programs, transmitted my social security number in an e-mail message to a government agency. I learned of this when the recipient forwarded the e-mail message to me and I traced the thread of attachments. I brought this to the attention of the relevant federal government agency (which funded this particular disaster relief program) to no avail. I had hoped that the federal government would sanction or terminate contracts with providers that fail to handle sensitive information in a responsible manner. It is bad enough to experience a major disaster, but when the agencies paid to “help” you act recklessly and expose you to greater losses, that is inexcusable. To end the story, I received the letter from the federal government agency in question who punted the matter to the New York City agency coordinating disaster relief efforts which, in turn, wrote to me assuring me that the matter was under investigation. That was six years ago. I am still waiting for the results of this investigation which were promised to me.

Your customers won’t likely be as forgiving of irresponsible data handling practices. We are small businesses, not large, indifferent bureaucracies. So never transmit sensitive financial information via e-mail. Use a secure, encrypted online service instead.

Seeing the Forest for the Trees

Wednesday, February 18th, 2009
Seeing the Forest for the Trees

Seeing the Forest for the Trees

I enjoy reading materials from a wide variety of sources, as this practice stimulates creativity. When I read the story in USA Today about the high turnover rate among nursing staff and attempts to remedy that problem with residency programs and careful mentoring, I thought of the quality control issues implied for hospital patients with such turnover. Then I tried, without success, to find comparable figures for the small business sector. But certainly the message is clear: higher staff turnover correlates with higher quality control problems which, in turn, imply something about the organization’s management practices. These management practices, and the staff turnover they cause, can increase the susceptibility of your small business to human error, the most frequent cause of disasters. Develop more enlightened management practices, retain experienced and valuable staff and your business will become more secure and more resilient. So, let us in the small business sector all learn from the mistakes of the hospitals and consider what we can do to improve our working environments.

Global Virus Spread

Tuesday, February 17th, 2009
Globally Connected, in the Worst Way

Globally Connected, in the Worst Way

More than one million, and possibly as many as ten million, personal computers have been infected with the Conficker virus. The virus has claimed victims from the German military, computer networks in the British and French Air Forces and teaching hospitals in England. Conficker is particularly virulent because once it spreads it disables infected computers from being cleaned out, while searching nearby serves to break passwords and spread to any shared drives. It also replicates itself, like a DNA strand, onto any hardware device connected to a USB port, such as digital cameras, music players or key drives. When those infected devices are then connected to another computer, they infect that machine and so the virus spreads. This is apparently the means by which the computer networks of the French Navy were infected.

What makes Conficker so devastating is that on a daily basis, each computer infected with Conficker attempts to connect to 250 Internet domains for further instructions on destructive activities to carry out. Each day these 250 domains change, confounding efforts of security experts to shut them down. In effect, Conficker has created a massive botnet that could orchestrate spam attacks or cyber extortion or cyber militia attacks.

Generally, it is a bad idea to use external devices such as key drives for data storage; such devices can be lost or stolen. Now add another reason to the list: they can be used to transmit lethal viruses from one computer to another. Some businesses have their IT staff disable USB ports to prevent employees from using key drives. This may be an idea that small business owners should consider out of an abundance of caution.

Indexing Files

Monday, February 16th, 2009

File Management SystemsFurther to my posting about the “Train the Trainer” program for the Louisiana Small Business Development Centers held in New Orleans two weeks ago, one of the counselors contacted me with a follow-up question concerning file management. I had talked about naming conventions for files, directories, etc. It is important that your small business establish such standards and processes which will serve you well even in normal operations. Imagine that an employee creates a file, a marketing document, for example. Then, several years later, after the employee has left your organization, another employee has to update the file for recent changes. Would the new employee have any idea of how to retrieve that file? Would you? Would you immediately know how the file would be named and where it would be stored? That is why file naming conventions are so important. Indeed, at the Louisiana “Train the Trainer” event, I referenced a recent research report of the Butler Group, which elicited laughter. The Butler Group found that 10% of payroll expense goes to searching for files and documents. Imagine that you are paying your employees to spend 10% of their time looking for files that they cannot retrieve right at their fingertips. Apparently, some of the LSDBC counselors had some recent experience in this area; hence, their laughter. If you can agree with your staff to standards as to how you will name files, and train new staff in these standards as they are hired, then you will right away recognize an immediate boost in productivity – 10% of payroll expense is significant. Now imagine what happens when you are not enjoying normal business operations, but your business has been disrupted in some way and you are operating remotely, for example. You will be under some pressure. Having employees spend 10% of their time looking for files in such an environment is a luxury you cannot afford. It will only increase your stress levels during a time that is already difficult for you. So establish some naming conventions now. There is no right answer as to how you do it; it just has to be a system that is simple and easy for you.

That brings us to the topic of version control, which is a convention for naming documents, usually with a suffix in the file name, to ensure that you have recent and older copies of a file. If you make a mistake, you can simply revert to the last saved version. Version control is a quality control system and can ensure that you and your employees are not working at cross-purposes with one another in overwriting obsolete documents, for example. You might name a file, for example “Marketing draft_V1_09Nov01” for example. Then you organize your files electronically to make certain that the most recent version appears at the top of the selection and that users have to check the document out to work on it, so two users cannot simultaneously make changes and overwrite one another. This is another great productivity tool so that you don’t have to reinvent the wheel every time you begin a new project.

Apple Spotlight is a great feature for indexing and I make extensive use of meta data. “Meta data” are data that describe data. For example, you could tag a document with key words to enable easy search and retrieval. Another example of meta data would be found when you select a file and click “Get info” and then the name of the author appears, the date that the file was created, etc. We have a policy of always filling in those fields with descriptive information to enable easy searches. Of course, be aware that meta data can be accessed in ways you did not intend! I once received a file from a law firm with a document for which they were charging premium prices to draft from a blank page. But the meta data in the file document information indicated that another attorney had drafted the document and named the bank for which it was intended! Apparently, the attorney assigned to work with me copied and pasted the document and represented it as an original work product! Amazing the things you learn when you bother to check the file information. That is how I found out which bank was working on a local community development fund, information that was probably intended to be confidential.

Deadliest Disaster in Australian History

Sunday, February 15th, 2009

One week ago, more than 400 fast-moving fires, some of which appear to have been set deliberately, moved through Victoria, Australia killing more than 180 people in the most fatal disaster in that country’s history. The fires destroyed more than 1,800 homes leaving more than 7,000 people homeless. More than 4,000 firefighters continue to fight nine fires still blazing in their area, with their ranks supplemented with firefighters flown in from both New Zealand and the United States. In an effort to count the casualties, a team of Indonesian experts who had helped to identify bodies after the Bali bombings and the 2005 tsunami has gone to Australia. The Australian Red Cross has launched a fundraising appeal to help the victims of the fires and has established a website where you can make a secure online donation with your credit card.

Home Based Offices

Sunday, February 15th, 2009
Home office

Home office

With the economy officially in recession, many people are working from home, either voluntarily or involuntarily. According to the Census Bureau, nearly half (49%) of all businesses in the U.S. are home-based. Add to that the number of displaced workers who are consulting from home, freelancing or using their home offices as a base from which to seek other employment and corporate employees who telecommute and you have a large home-based workforce.

If you operate your small business from home or you and/or your employees work from home occasionally, you need to be as vigilant about computer security as you would working from a traditional office. If you issue laptops to your employees, make sure that they understand that the laptops are for business use only. Do not allow your teenagers or others to use them as their most popular music and video download sites and social networking sites are often misused for mal-ware and other types of viruses. Exercise the same degree of caution with respect to passwords, VPN’s and other protocols as you would in the office.

Finally, be aware that your homeowner’s or tenant’s insurance almost certainly does not cover commercial activities performed inside the home. You can obtain a policy for a home-based business at very low cost, often offered as part of a membership benefit package in many small business associations, making the cost of joining well worth the membership dues.