How not to run a business (Part 7.1): Learn by Example
The above is a real customer call between Ryan Block and a Comcast customer retention representative. Keep in mind that Ryan Block’s significant other had previously been on the phone for 10 minutes prior to this conversation, who then got frustrated and handed Ryan the phone. In Ryan’s quest to cancel service, the 8m 14s conversation that ensues is an amazing listen.
To Comcast’s credit, they have issued an apology to Ryan. However, the above may indicate a newly emerging industry trend that may need to be identified within your own organization. Heavy handed tactics only lead to bad customer PR and, again, the above is a prime example of ‘What Not To Do’.
In the spirit of this series of articles, this call is also a prime example of how not to run customer service within your business. Let’s explore.
Do not allow your telephone representatives to run amok
Record all your customer facing calls and review these calls daily, preferably with the representatives in question. After listening to a call of this nature, the supervisor should have pulled this representative aside and called out this insane performance. This representative should have been immediately pulled from the phones and sent back to remedial training on how to work with customers. If this behavior continues, further disciplinary action should be taken.
What’s not completely clear is how much of this agent’s behavior and line of questioning was of his own volition and how much was a managerial and/or company mandate within his local organization or Comcast as a whole. It’s clear that Ryan seems to think this behavior is not by this agent’s own accord. He believes it to be wider problem within Comcast and this ARS technica article shows that this may be true.
Do not teach or reward your representatives’ bad behaviors
No matter where this type of behavior spawned, it is not welcome in any organization. If a customer calls to request service closure, it’s fine to ask a few questions to understand the nature of the request. However, if the customer declines to answer reason type questions, simply make a note of that in your records. Then, promptly accept and follow through with the request. Representatives are not there to argue, banter, delay or in any way hold the customer hostage by not following through with the service closure request.
If your representatives refuse to follow through with the request for closure, this is tantamount to extortion. Refusing to stop service may also be illegal and may also be considered in breach of your contract. If the customer has followed all contractual obligations to you for notifications and payments and your representative will simply not stop service, you should also expect a call from a lawyer.
Do not expect your customer retention team to act like this representative
This call underlines a lot of things all at once. Once thing it clearly underlines is this conversation method is not the path to customer retention or customer satisfaction. Customer retention is about offering a deal or set of deals to keep the person as a customer. Customer satisfaction is earned supporting requests, if possible, timely. When the customer declines all offered deals, there is nothing else with which you can barter. Your retention team’s job is done. At that point, the service closure should proceed unhindered per the customer’s request.
In a memo that was leaked via The Consumerist, Comcast Chief Operating Officer Dave Watson writes:
“[I]t was painful to listen to this call, and I am not surprised that we have been criticized for it. Respecting our customers is fundamental, and we fell short in this instance. I know these Retention calls are tough, and I have tremendous admiration for our Retention professionals, who make it easy for customers to choose to stay with Comcast.”
Though he also admits:
“The agent on this call did a lot of what we trained him and paid him — and thousands of other Retention agents — to do.”
Of this behavior, ARS Technica writes:
“Comcast employees have financial incentives to act the way the agent on the call did. An anonymous reddit user who claimed to be a Comcast employee wrote that “these guys fight tooth and nail to keep every customer because if they don’t meet their numbers they don’t get paid.”
Bottom line, do not pay your representatives to act in this way.
Do not allow your representatives to bring bad PR to your company
Another thing this call underlines is just how badly a call like this can backfire on your organization. With call recording technologies, internet sharing sites and viral media, your organization can now suffer a swift backlash. If you’re trying to keep your brand relevant, popular and selling, such bad public relations can easily bring your brand down and, along with it, bad press and legal ramifications.
Do not underestimate the power of social media
Social media is the new billboard and can make or break the reputation of your business. It only takes a one or two viral backlash campaigns and your company’s reputation is tarnished for at least a year. It will take that amount of time to rebuild your company’s brand, quality and reputation. In other words, don’t expect to get any J.D. Power awards after such a negative media event. Just as one bad email campaign to the wrong set of email addresses can tarnish your marketing reputation, one bad customer service experience posted to social media can tarnish your customer service reputation and with it, your brand, products and services.
Social media is a great white shark and those teeth hurt a lot when they bite you unexpectedly.
← Part 7 | Chapter Index | Part 8 →
Adobe Creative Cloud: Adobe’s Stupid Mistake
In the process of upgrading to Adobe’s Creative Suite 6 (CS6) software package, I spoke with an Adobe representative who then tried to up-sell me into their monthly software plan labeled Adobe Creative Cloud. The representative also told me there would not be a CS7 or CS8 version released ever with the introduction of Adobe Creative Cloud. Let’s explore why offering only Adobe’s Cloud will ultimately become a huge blunder.
Adobe’s software has always been purchased!
The business model for Adobe software has always been to purchase the software and upgrade later by paying an upgrade fee. It’s a model that has fully worked for all of their versions up to CS6. This has been the software purchase model for years and years (not even just from Adobe). Yes, while it is how we have always purchased Adobe software packages, it is also how we have purchased software from every other software developer. In fact, for sellers other than Adobe, it’s still how we buy software. Basically, nearly every other software package out there is a one-time payment to own the version you are buying. So, what’s changed?
Adobe’s Clouded Mind
Adobe has now made the decision that they are no longer ‘selling’ software. They are now ‘renting’ it to you in exchange for a monthly or yearly fee. Clearly, this is an entirely different business model from their original purchasing model. This is not the software purchasing model we have come to know, understand and agree to. But, someone who thinks they are brilliant at Adobe has decided the old model is no longer valid and they are now wanting us to buy this purchase model. Because they have done away with purchased software, they are now forcing YOU to ‘rent’ their software through the cloud. No longer can you just ‘buy’ it.
The pricing model is currently $600 yearly or $50 monthly for their service. But, you have no guarantees that they won’t double or triple these prices in two or three years. Once your plan ends, they can charge you whatever they want and your software is invalidated if you don’t agree. You don’t get to keep your software that you’ve purchased during the plan. The money you’ve spent is entirely lost. However, when you previously bought the software, you own that software to use forever no matter what pricing they use later. When purchased outright, the software is on your system and can be used forever without further involvement of Adobe. This permanency in ownership is just as it should be with software.
The Mistake
Whomever at Adobe that made this decision must have done so without consulting us, the software buyers, because why would anyone want to rent software forever? Software that you cannot keep or use after you shut the plan off. It’s an entirely different business model and an entirely different way to manage software. I don’t want to use cloud based Adobe software. I want the software installed on my system to use for as long as I want. I want to be able to move around and not be dependent on a 24/7 always-on Internet connection. If I’m offline, I still want to be able to edit and create work.
If you’re already using this service, you know that the software requires checking in every 30 days for monthly subscriptions and every 99 days for yearly subscriptions. This is not what I want. I want software that works infinitely offline. I don’t want anything ‘checking home to mothership’ ever. If I need to get a new version, just notify me of it and, if there’s a fee I’ll pay and download it. This is the tried-and-true model. Why abandon it?
Throwing out the baby with the bathwater?
Seriously, why would any top level executive dump a fully functional business model that has sustained an entire company for years in exchange for an extremely risky new business model that may not be adopted by buyers? Why wouldn’t you want to carry both models? Clearly, there are those of us out here who still want to ‘buy’ software, not ‘rent’.
For example, renting a car for a day is fine, but the market still is a big enough place where you can also ‘buy’ cars. Why would you, as Adobe, decide to close down the entire ‘buy’ market in lieu of a ‘rent’ only market? Think about it, the cloud rental software is fully downloadable but hobbled to check in every 30 days. It’s like paying to use a never ending trial version. To carry both business models, it’s just semantics to set up the software to check in every 30 days, 99 days (as it does right now) or NEVER (to buy it outright.. which doesn’t exist). If I want to pay full price up front for a package, that’s my choice and I should have that choice available to me. If I choose not to rent, then that’s your loss when I choose not to rent. And believe, I won’t rent ANY software from any business.
But, Adobe has decided to throw the baby out with the bathwater. The model that they formerly and successfully used to sell their software they have entirely abandoned for this new ‘rental’ world. A world that is likely to not only backfire badly on Adobe, but likely to force them to completely rethink this idea. Some ideas need to die and rental software like this is one of those ideas that needs to go away as fast as possible. That someone thought it would be a great idea needs to be slapped sane.
Renting is not Acceptable
Rentable software is both a creepy ‘big brother’ privacy invading tactic (no thanks Adobe) and a crappy business model that, as I have already said, needs to die a horrific and fiery death. I understand why it exists (companies want residual income and to collect all sorts of creepy privacy metrics), but it’s not a model that I will ever endorse or use. Therefore, I do not accept this business model and thusly CS6 will be my LAST purchase from Adobe until this company comes to its senses.
If you agree with me on this, please leave a comment below. Adobe, if you’re reading, you need to wake up and realize that there are some of us out here who want to actually buy software, not rent it. We want to be able to use purchased software without having to check home to mothership ever (except for updates when I request it to check).
It always amazes me just how stupid some company executives can be. So long Adobe, it was nice knowing you. Don’t let the door hit you on the way out.
The H1-B dilemma
I have recently heard that a common question among Silicon Valley CEOs towards government is, when is the H1-B allotment going to increase? Let’s explore exactly what this question ultimately means.
Foreign vs US Workers
The H1-B visa is a type of work visa granted to a foreign national to work within the United States for a specified period of time, that eventually expires and will need to be renewed. Asking to have more of these granted per year says only one thing: These Silicon Valley CEOs believe they cannot find domestic US talent to fill positions. Either that, or they mistakenly believe it’s for cost cutting purposes.
My problem with this situation is that someone in each of those organizations is telling the CEO that they cannot hire locally. This is a load of rubbish and the current limit on the issuance of H1-B visas is in place for a reason. If you are a company doing business in the US, the point is to …
Hire Domestically
The foreign visa limits are there to prevent hiring foreign workers over local US citizens (and thus, keep those wages inside the US to help the economy). That’s the entire point. If the US government were okay with letting companies hire foreign workers willy nilly, then there would be no limits on H1-B visas nor would this visa likely even exist. Instead, it is there for a purpose and that purpose is to limit foreign workers to force hiring of US citizens. This is exactly as it should be.
If you think you need to hire foreign workers, feel free open a foreign office and hire all of the foreign workers there. Just keep them there and do not bring them onto US soil.
H1-B Workers
One of the other problems that I have with hiring H1-B workers is that most of these worker’s wages get sent back to the country where that worker calls home. Most of the money is not spent in the US. So, in general, H1-B workers do not, for the most part, help improve the US economy. But, they do help out their own country’s economy by sending much of their paycheck there. This is, if for no other reason, a big reason to hire US workers over any other type of worker. This all assumes that you value your US based business along with the US economy.
Again, if you really need to hire cheap labor, open an office in that region and hire to your heart’s content. As a CEO, nothing is stopping you (other than perhaps the board of directors) from making that decision. Asking the government to grant more allotment of H1-B’s is not the answer and never will be.
Lack of Talent
If anyone on your hiring team is telling you that there is lack of talent, the real lack of talent is actually in your hiring team. Meaning, when they’re not finding people it’s because they’re simply not trying. There are people all over the US who are talented and willing to work. Yes, you might have to pay them more in some cases, but if you want good talent, you pay for it.
Is hiring an H1-B worker actually cheaper? Not necessarily. If your company is choosing to sponsor a foreign worker (whether or not they plan to get a green card), your company is in for a large number of fairly pricey and somewhat time consuming legal proceedings at regular intervals. In other words, expect legal fees and lawyers to manage this process. So, what you’re not spending on that worker’s wage goes to your lawyer to keep that person legally in this country (and your business in compliance with the law). Worse, if that H1-B worker chooses to leave the country before your sponsorship is over, the legal fees you’ve spent are lost. If nothing else, the proceedings can interrupt both yours and that worker’s schedule to meet legal deadlines. Even worse, an H1-B holder can work at your company just up to the point of becoming a citizen, making your company foot all of the bills and then they jump ship leaving you without a worker and a set of legal bills you still need to pay. It happens. It’s not pretty. You can simply avoid this by hiring domestic US citizens.
Silly Valley
It’s called this for a reason. If Silicon Valley CEOs are claiming they need more H1-B visas, I call hogwash. There are plenty of talented US workers. The problem is not in the talent pool, it’s in the talent acquisition process. Either the job role is too overreaching, in which case you still won’t find someone or the job role is overly tiny, neither of which a foreign worker would turn down even when they’re not qualified. Considering the unemployment rate today, your hiring managers are not even trying. Meaning, because most hiring processes are severely broken, its difficult to find talent because it’s hard to spot talent. That’s why you have a 90 day new hire grace period. Put it to use. Hire people, take chances, let those go early who don’t work out. Many job description postings are looking for the swiss-army-knife of talent. For example, a guru in networking, databases, systems administration and software development all rolled into one. If your company is a startup, you might need someone like this because your staff is so small, but chances are you’re not able to hire H1-B staff that early in the company’s life.
Still, a swiss-army-knife of talent is hard to come by no matter the size of your business. Pick the role that you really need most and train the staff for the rest. Focus on the skills you find in your candidate rather than those that are not there. If you can find a database administrator separately from the systems administrator, hire two people. You still need to have the backup. If you place all of your eggs in one job role basket, when that person leaves (and they will because they’re in demand) you have a huge hole that’s, once again, hard to replace. Choose smaller more easily replaceable roles. You’ll also end up paying a high wage to the swiss-army-knife talent versus much less for the limited role talent.
Hiring Processes Broken?
Hiring managers can sometimes create some of the most difficult interview processes leaving would-be candidates unable to show they have talent because the hiring manager asked the wrong questions. Yet, given a chance, many people would not only do well, but they would excel at the job. Hiring managers don’t see the talent and then claim they can’t find talent. The HR people pass that feedback blindly along to the CEO who wholeheartedly believes he/she needs H1-B workers for all to be right with the world.
Nope. I completely advocate that you need to exhaust all of the talent pool in the US before you jump on the H1-B bandwagon. And no, hiring one Indian worker does not mean you need to hire more Indian workers no matter how convincing that first H1-B worker may have been. However, if you promote an H1-B worker to a managerial position, you need to expect them to reach out to their friends living in India and then want to hire their friends who will also require an H1-B. Your hiring handbook should be very clear on this point. You should only hire H1-B workers after you have exhausted all domestic US workers and this is as it should be.
The point is, your company doesn’t need H1-B workers. It just needs better processes to find citizens living in the US who are willing and able to work the role. If you still think you need H1-B workers, please re-read this article again and then comment on why you think so.
Rant Time: Google Wallet Verification
So, I know how much everyone love my rants. Well, here’s another one. This falls under personal security and internet security common sense. Today, let’s explore the safety of Google Wallet and it’s so-called verification system.
What is Google Wallet?
Basically, it’s another type of payment system like Paypal or Amazon checkout. Effectively, it’s a way to pay for things or send money on the Internet using Google. That’s about as simple as it gets. Who uses it? I certainly don’t nor will I ever if Google doesn’t change its ways.
Verification of Identity
Like most other payment systems, they want to know who you are. Or, at least, that the person who is wanting to use the payment system owns the card or bank accounts added into their system. However, each one of these payment systems usually does verification in similar ways. For example, Paypal verifies you by requiring you to add a checking account (i.e., routing and account info) and then adding a small amount of money to your checking account. Later, you enter those two tiny amounts of money into their verification panel and you’re all set. That’s pretty much it for Paypal. This is similar to other financial institutions like E-Trade.
Google’s Verification = Stupid
And I thought Paypal’s verification was stupid. Leave it to Google to diverge and make it even more difficult. In the verification form, Google requires you to enter your social security number, your birth date, your home address, your phone number and various other information that could easily lead to identity theft. Then they require that you submit it. Information, I might incidentally add, that is not required for you to use an established credit card or bank account for payment. After all, banks are already required to identify you before opening an account. This is the whole reason why Paypal’s verification system is enough. Paypal merely hangs onto the coattails of the bank that has already previously verified your identity when you opened the account. I digress.
When their entry form doesn’t work, they require you to attach a PDF document of a government issued identification card. Not only is that stupidly manual, who the hell know what Google is going to do with that PDF file once you send it to them? Why would you want to do this anyway? Seriously, you’re not opening a bank account with Google. You’re not getting anything out of it by sending this to Google. And, you’re opening yourself up to huge personal risk by leaving PDF documents of your identification cards floating around on the Internet for hackers to find. Seriously, what is Google thinking here?
For me, that’s a big red flag and a BIG FAT NO to Google. I have no intention of providing any physical paperwork to a private corporation. If you can’t figure out proper method to identify the user electronically, that’s not my problem.
Legal Compliance?
I know that Google claims that this is all in the name of Federal compliance, but I’m quite sure the compliance laws don’t require you to verify a user using any specific implementation techniques. Clearly, Paypal is able to comply with these laws without requiring a PDF version of physical government issued identification. The reality is that Google also does not need a copy of this. That they claim that this is required to fulfill legal obligations is smoke and mirrors.
No, it’s quite clear, Google’s verification system is broken and completely unnecessary. They can certainly comply with all identity verification laws without resorting to asking for a copy of your identification be submitted to them in PDF or any other format.
Merchant Requirements
In fact, while credit card issuers like Visa and Mastercard don’t forbid asking for identification when using a credit card, the merchant must still accept the card for payment as long as it’s properly signed without seeing an ID. Because Google wallet requires actually seeing your identification before using some services with your credit card, this violates card issuer rules regarding the requirement for seeing identification before purchases. On the other hand, unlike a retailer who has the physical card in hand, Google cannot see your card and whether it’s signed. But, the spirit of this rule remains. Using a method of charging a small charge to the card and asking you to check the statement, then supply that dollar amount should be enough to verify that you own that card and that you have access to statements… just like Paypal and E-Trade.
Because a lot of statements have now become e-statements online, the small charge method doesn’t necessarily verify your physical address. Though, if they need to verify your physical address, they can simply send a postcard with a code. Then, have you enter that code into a verification panel once you receive it. In fact, this is really the only method that will verify your physical address is valid.
Google Wallet’s Usefulness?
With all of that said, Google has failed to make any traction towards becoming a defacto wallet. In fact, there are so few merchants that actually use Google Wallet, it’s probably safer not to verify with Google. Being as unused as it is around the Internet and seeing as Paypal is the primary method of paying for things today, it’s too much of a personal risk to submit PDFs of your passport or drivers license to a random corporation. You have no idea where that PDF might end up. Though, it will likely end up on Google drive because Google likely requires its employees to eat Google’s own dogfood (i.e., uses its own services).
And since the risk of using Google drive is as yet unknown with all of the Facebook-like features that Google has added (and continues to add), it wouldn’t surprise me to find Google internal documents accidentally shared through a Google employee’s personal account via Google+. This would obviously be bad for Google, but it wouldn’t surprise me. That’s why you don’t upload PDF files to corporations like Google. In fact, I wouldn’t share PDF files of that type on any network drive unless it’s encrypted and passworded. Better, don’t put it there in the first place.
Companies requiring copy of a personal ID
Personally, I won’t do this type of ‘give me a copy’ verification for any company unless I’m opening a bank account, credit card or need to provide it for some specific financial transaction. Even then, I will only transact that business in person and allow the person long enough time to see the documents to get what they need from it. And no, they are not allowed to photocopy it unless there’s some specific requirement.
I especially won’t do this with companies as big as Google or Microsoft when no transaction is involved. As companies grow larger and larger, employees get more and more careless in document handling. Asking for photocopies of identification cards, social security cards, credit card faces or any other issued card is not cool and I have no intention of ever providing that to a company for any identification purposes unless I’m actually performing a transaction. I won’t do it for ‘just in case’ services that I may never use. Doing so stupidly leaves a financial time bomb out there ready to be exploited.
The most they need is the number off of the face. If a company cannot make do with what’s printed on the face of the card (by being typed in), they get nothing. Just like giving your check routing information to a company such as Paypal is like writing a blank check, giving copies of physical documents to corporations is tantamount to identity theft. I simply don’t trust corporations with access to copies of my physical documents.
Though, were Google to set up a storefront and I could walk in and hand my card to someone to visually inspect and then maybe have them swipe it (although, I’d prefer not), I’d be somewhat okay with that. But, knowing a PDF file is floating around on the internet somewhere with a copy of my physical card, that’s not in any way cool. I will never do that for any corporation sight unseen no matter who they are. Since there’s no way to transact business with Google in person, there’s no way I’ll ever verify my identity for Google Wallet.
Personalized Search: Where is it?
For all of the innovation hubbub involving search technologies back in the early 2000s, one thing that has still not materialized is personalized search. What is personalized search? Let’s explore.
Generalized Searching
Today, when you go to Google or Bing and you type in search keywords, you’re likely to get the same search results that everyone else sees when typing in those same keywords. But, this is approach today is asinine, antiquated and stupid. While it may have been okay back in the early 2000s when search was new and the database was smaller, with the larger amount of listings, personalized search is long overdue.
When Google introduced Gmail, I thought they might be onto something when they were discussing personalized ads in Gmail. Unfortunately, Gmail is pretty much where all of that innovation ended. Nothing different materialized in Google’s main search product. And worse, it’s now 2014 and we still don’t have anything different.
Personalized Search
Since nearly every search engine requires a login and password, it’s no big leap to offer ways of storing search preferences right into each user’s profile. As you search for things, the system will learn of your likes, preferences and click habits. Even better, add thumbs up and thumbs down on listings to move them up and down in your own personal search rankings. If I don’t ever plan to use Reddit, then I can lower its search rankings in my preferences. If I heavily use Twitter, I raise search rankings involving Twitter when they are ranked lower.
But, my preferences are my own. With the sites I like and the sites I dislike, I should be able to tailor my search results to fit my needs. If I decide to start using Reddit later, I can re-rank these listings higher again. These are all my choices and affect my own personalized search results.
As a side effect of personalized results, it also forces everyone to sign into Google or Bing to gain the benefits of personalized search. That’s definitely a benefit to these search engines.
Why personalized search?
Generalized searching, unfortunately, yields results based on someone else’s likes, dislikes, payola or other criteria. I want to tailor my own results to fit my search needs. So, if I’m searching for a specific product and I use Amazon frequently, Amazon’s listings will always be the first to show at the top. Why show me Newegg or J&R Music listings if I have no intention of going there to buy? It’s a waste of the search engine time and mine.
It’s quite clear that personalized search’s time has come and it’s something Google needs to embrace. That is, rather than the next ‘WheatToast’ version of Android (or whatever clever food name they happen to use). Google has clearly been ignoring search improvements and the lack of innovation in this area clearly shows how out of touch both Google and Bing are.
As the size of search databases grow, individuals need better innovative tools to tame and distill the millions of listings into smaller more personal and useful listings. Personalized search must become the next innovation in search.
What will this break?
Search Engine Optimization. I know I know, I can hear a lot of SEO advocates groaning about how bad this will be for SEO. Note that SEO would only be impacted by each user who tweaks personal search rankings. For users who don’t do this, normal SEO rules apply. Though, I don’t personally care about how high some company is ranked in my personal search list. What I care about is the quality of the listings. In fact, in a lot of cases, SEO won’t even be affected in my own results. If I have made no preferences involving some keywords, the generalized rules still apply. So, if none of my sites that I ranked higher are in the listing, the generalized results will be shown to me and standard SEO won’t be impacted. It’s only after the first generalized results list that I can tweak the listings to my own preference.
After that, SEO may be impacted by my own personal preferences. But hey, that’s my choice. That’s the point to personalized search results. If I value one company over another, that’s my preference. I have the right to make that preference. That some third party wants their listing at the top of my search results is not my problem. You can use a paid listing for that. That’s the point in paying for a listing. The organic results are my own and I should be able to rearrange, tailor and shuffle them to my own personal likes. There is no other way to tame the mounds of links that get thrown at users during generalized search… results that are only to grow larger and larger.
So, to those people relying on SEO, I say, “too bad”. Learn to pay for listings if you want to be at the top of my personalized search results or, alternatively, give me a reason to rank you higher. That is, whenever we finally get personalized search.
Huffpost: Facebook is not a verification system
The Huffington Post recently put up a ‘warning’ that in order to ensure ‘civil discussion’ on their own site discussion areas, they would need to verify my account. Then, they proceed to put up a ‘Connect to Facebook’ button. Note they do not allow any other ‘verification’ method than Facebook. Let’s explore why this is not appropriate.
Facebook is a social media site
Facebook is not a verification system. This system is probably the LEAST trusted site on the internet for privacy, accuracy of personal data or for any other verification purpose. Nonetheless, that Huffington Post is now requiring connection to Facebook to post comments on the Huffington Post site is clearly without rational thought. But, it does have an alternative agenda.
Huffington Post is a news media site. It has nothing to do with Facebook and, more specifically, nothing to do with my Facebook account. Sorry Huffington Post / HuffPost, not gonna happen. You can go wallow in your own stupidity. This requirement is not only insane, but stupid decisions like this can easily to lead to your own demise.
Verification Systems
If you own a site contemplating verifying a user, don’t tie it to Facebook. Email verification is the only level of verification that you need to verify an account. Connecting to someone’s Facebook account in no way guarantees civil discussion. Connecting to Facebook is a privilege, not a right. The only thing connecting to Facebook guarantees is that Huffington Post can randomly place garbage onto that Facebook user’s wall.
HuffPost Agenda: Calling a rose, a rose
Though this situation is not rosy, it also has nothing to do with verification and everything to do with Huffington Post’s own propagandizing self-promotion agenda, that and gaining access to private pieces of your Facebook profile. It has nothing to do with verifying a user. As a large respected journalism site, if you’re going to require something like this, then call it for what it is. You plan on using these Facebook connections for your own advertising purposes. Don’t lie to us and hide it behind some fake verification process.
This is nothing more than a real-estate grab. Huffington Post is merely grabbing Facebook accounts to use for their own advertising purposes. It has nothing whatever to do with civil discussions or user accountability. No, let’s just call a rose, a rose. It is not anything other than that. Until Huffington Post does the ‘right thing’ and states the real reason why it needs all of those Facebook account connections, I can no longer trust the Huffington Post.
Bye HuffPost!
How not to run a business (Part 7): Communication
Internal business communication is a problem in any company, especially as a company grows. When you have a 10 person team, it’s easy for everyone to know what everyone else is doing. When you’re a 500 person team, that challenge becomes quite a bit harder. How do you solve this problem for a 500 person company? Let’s explore.
Don’t expect all team members to know everything that’s going on
Foster a company that values communication, knowledge, excellence and teamwork. One of the biggest problems facing any company is that people, in their zeal to get things done rapidly, gloss over explanations about critical points. In email, it’s really apparent when you get that miles-long email thread that effectively tells you, “Read the below 50 reply thread and figure out what’s going on”. You do this only to realize that no relevant customer information, times and/or dates of the ‘problem’ are even described in that thread. Worse, you’ve spent 15 minutes reading it twice. It’s no wonder things don’t get done quickly and that customers complain of slowness.
Team members should provide ALL necessary information to everyone properly for expediency. It is the originating employee’s responsibility is to describe all necessary information that identifies the customer in your company’s system. Without this basic information, someone will eventually have to stop and determine this. To solve this problem effectively, require the use of a ticketing system to track problems and make the ticketing system require input fields that force the employee reporting the problem to fill in all details properly. This completely avoids that 50 reply long thread where not one person defines the most basic things needed.
Wasting time on deciphering a miles long email thread is pointless. It’s much more useful to get to the heart of the problem immediately. Use ticketing systems to manage these communication problems. Email is for quick questions and small discussions. Ticketing systems are for resolving problems. Use the right tool for the right reason.
Don’t let your employees post internal company information to internet sites
Internal information flow is for employee use only. Twitter, Reddit, Quora or even your own external blog or discussion forums are not the place for employee communication. Hire people to manage external facing customer information. Saying or doing the wrong thing on public facing media, especially when you become a public company, can hurt your company and can become a permanent part of Google’s search database for years.
Your corporate communication’s team (you do have one, right?) should strictly control public messaging. On the other hand, employees posting their own personal views of non-company related matters is not to be restricted when not on the clock and when using personal assets and networks. As long as their posts have nothing whatever to do with company business, there should be no restrictions on use of employee after-hour use of social media.
Tweeting personal things while on-the-clock and using company equipment, should be frowned upon if for no other reason than it is reducing work productivity. If the employee does personal things during their break or lunch hour, it should not be restricted if performed from personal devices outside of company networks and not involving company business.
On the other hand, posting public communication involving the company or the company’s products on company time should be handled by the corporate communication team or by their approval. Saying the wrong thing on the wrong venue can cause irreparable damage to your company’s credibility or lose critical deals.
Don’t read every employee email or store them forever
While you can likely do this through auditing, it opens your business up to some legal issues. If the person reading another employee’s email becomes aware of something illicit that your team may or may not know about, it could lead to issues involving the company becoming an accomplice in whatever the act may have been. Not having the knowledge, it’s much easier to deny involvement and that the employee was acting on their own. That may or may not help your case, but it may prevent other personal lawsuits from arising.
Additionally, if you are reading employee email, that means it’s stored some place. Because it’s stored, it may fall under other problem areas like email retention. That doesn’t mean you shouldn’t archive all emails sent by your employees, but keeping the emails stored too long is probably just as bad as reading them, in terms of legal problems. However, you may need to know if an ex-employee made sales promises to a customer that may not have been documented anywhere else. However, when you have emails stored, they can be subpoenaed during discovery of a legal proceeding. If you purge them after required legal retention periods, they’re not there to be discovered. At the same time, you may lose some historical information about your company. You have to make the call where to draw the retention line.
If you intend to keep backups of email, you should really only keep them for as long as the law allows, then purge them irrevocably from disk and all backups. Not having the information around can save your company from legal issues if an employee did something not sanctioned by the company.
Don’t use Google Apps, Postini, Appriver or other third party email servers without knowing how they work
If you outsource your company’s email system to a third party, you could open yourself up to lawsuits, loss of trade secrets or spying. You should always read that third party’s contract terms very carefully and ask for revisions for items which you don’t agree. If that third party reserves the right to archive, store and possibly even read those emails, this could open your company up to not only lawsuit discovery, it could lead your company to lost company secrets, lost company contracts, lost revenue, hacked email or lost customers.
A third party does have the responsibility to maintain some levels of privacy over contracted services, but you can’t control who that third party hires. If they happen to hire a person or contractor of malicious intent, you’re vulnerable. Simply using a third party, you’re at risk. In other words, that third party could end up hiring your competitor to provide some fundamental service that is conflict of interest to your business. Also, email hosting providers selling services to large corporate entities are prime targets for an attack. Beware of these risks involving third party providers. While using such a third party service may appear less expensive, you have to understand the hidden costs of running your business through any third party service. Only you can weigh those risk-benefits.
Even more, you’re also at the mercy of that third party’s security processes. If their process is not as stringent as yours, your company secrets could be at risk. If you don’t know the level of security that that third party provider offers, you could be a world of hurt if their email server is compromised and a bunch of your private company email appears on internet forums or on CNN.
Don’t pass trade secrets or confidential company information in plain text email
While you can’t rule out a corporate mole within your own organization, it’s far far easier to lose your trade secrets through email communication than through any other medium. If that communication uses a third party, you’re really at risk since few companies require encrypted email. If you choose to use email communication through a third party cloud provider, you should require that each employee send and use encrypted communications when discussing trade secrets, large customer deals, financial information or even discussing customer lists.
Setting up GPG, while not necessarily trivial, is one way to combat sending such easily viewed emails. Even the simple act of someone reading an email at home on their iPhone will transfer that email data across the internet in a visible plain text which can be read by anyone along the way. Email encryption prevents prying eyes other than to the recipient it was intended. Not all email communication requires encryption, but for those that do, encryption can be the difference between a lost deal and winning that deal.
The bigger your company gets, the more targeted it will be for espionage.
Don’t rely on chat systems to take the place of email
Chat systems are fleeting. These messages are easily lost. If you need records to be stored for your employee’s time use, then you should require email or ticketing to manage this. Chat is not always productive, but can be helpful to get answers to questions rapidly. But, don’t have your employee rely on chat to execute sensitive system procedures, especially if your company is using AOL, YMessenger or any other third party hosted chat system. Instead, for new procedures, use a local phone conference system. Voice chat is much more interactive, less error prone and, when combined with screen sharing, can provide much better methods of disseminating information and communication. Once the process has been nailed down, place it into an onsite Wiki that can be reviewed as a knowledgebase. Use a chat system for what it’s best at doing, writing quick small fleeting messages.
Don’t rely on third party services to run your entire communication business
If you can afford it, you should build and operate your own corporate communication systems behind your own corporate network infrastructure. If you farm out any part of your corporate communications to a third party provider, your communication is at risk. Risk from theft, from espionage, from hacking and from data retention that’s all out of your control. Instead, to control all of your communications (both internal and external), you will want to own all communication systems including ticketing, email and chat services. While you can’t own mobile device networks, you can own when and how they are to be used for communication.
Don’t forget to encourage employees to communicate regularly
While meetings are great ways at getting a lot of people on the same page at once, those that aren’t in the room during that meeting won’t have any clue. It’s also easy to forget who attended a meeting after the meeting convenes, so always make sure to encourage people who attended the meeting to communicate to those who didn’t attend and to whomever needs to know.
Also, require someone to keep meeting notes at all meetings and post the notes to a common department page after the meeting concludes. Better, require recording of meetings and store the meeting recordings as mp3 files for easy access and download. This not only allows those not in attendance to catch up on what was said, it also keeps those who were in attendance from claiming something was or wasn’t said. Basically, recordings keep everyone honest and informed. Remember to apply data retention policies to all archived meeting recordings.
Don’t tolerate employees who claim ignorance on what they have previously said
For any manager, director, VP or regular employee, honesty is the best policy. Keeping your employees honest keeps the company functioning correctly. However, any employee that regularly uses the ‘I never said that’ defense, usually indicates that they did say that at some point. Employees should not be allowed to get away with that defense, especially when it is found via email (or through recordings) that they did say whatever they claim they didn’t.
Employees using that defense more than twice and who have been found to have said it, should be officially written up and placed on a performance plan. Any further transgressions should be met with swift removal from the position. Honest communication is the key. Anyone intentionally sabotaging that goal by using this defense, should be swiftly stopped and/or removed. Fewer things make a company more communicably dysfunctional and time wasting than having to deal with unnecessary diversions (e.g. having to prove someone else wrong).
Instead, employees should always focus on the business at hand, not on doing historical research projects to find out what someone may or may not have said.
Don’t encourage employees to keep other employees in the dark
Barring salary and compensation details and upcoming earnings information, there are very few business topics that cannot be communicated to any employee in the company. Granted, some information may not be necessary for a specific person’s job role. There is no reason, though, that a person who manages IT couldn’t know the DSO number of a collections associate in Finance. This is not secret information. It may not be necessary information for that IT person’s job, but it should not be in any way a secret. Not passing unnecessary information is considered okay, but if someone asks it’s not a secret.
In the spirit of this section, all critical business information needs to be sent to everyone who needs to know. Example, when sales deals are closing, sales employees need to disclose all promises made to the customer and that information needs to be disseminated to all employees potentially impacted by those promises. Passing the information is not necessarily in place to prevent the deal from happening, but to allow anyone with extenuating information to inform the sales person of those business constraints impacting those promises. In other words, sales people need a technical conscience. The only way to manage this is to involve a technical person to help reign in the sales person and set proper expectations. Barring the use of a technical person in every sales deal, then the promises need to be disseminated to the technical teams to ensure the deal can be closed without problems.
If special provisions are needed for some promises, then the prospect needs to be informed of when those special provisions may become available. The last thing you want your sales person doing is making a promise without telling anyone. That’s the quickest way to not only lose the deal, but also to face refunds months later when the promises cannot be kept (and the sales person has spent their commission check after having left the company).
Communication Reality
Checks and balances can only be performed with proper communication to all teams and by also not keeping employees in the dark. If you find your sales team making promises without informing people timely, this person should be reprimanded and written up. Further transgressions should be met by leading them to them the exit door.
Communication is always a challenge and keeping the communication flowing is the only way to ensure smooth business operations. It’s when communication stops, lags or is held back until it’s too late that it becomes a business continuity problem. As a company grows larger and larger, communication will suffer. When a company becomes divided by geographic boundaries, communication becomes not only worse, but compartmentalized. What one office may know, another won’t. That’s a recipe for problems all around. Unfortunately, that’s also the problem that most very large companies like AT&T and Verizon face today. With 10000 or more employees, communication between all of these employees will greatly suffer and is one of the reasons that ticketing and process flows become the single most important communication tool in a super sized company.
However, that you may only have 50 employees doesn’t mean your communication can’t suffer. Every company can improve communication by using the right tools.
← Part 6 | ↓ Part 7.1 | Chapter Index | Part 8 →
Cinavia: Annoying? Yes. What is it?
If you’re into playing back movies on your PS3, you might have run into an annoying problem where your movie plays for about 20 minutes, then the audio suddenly drops out entirely with a warning message on the screen. This is Cinavia. Let’s explore.
What is Cinavia and how does it work?
Cinavia is an audio watermarking technology created by the company Verance where an audio subcode is embedded within digital audio soundtracks at humanly imperceptible levels, but at a level where a DSP or other included hardware chip can read and decode its presence. Don’t be fooled by the ad with smiling children on the Verance site, this has nothing to do with helping make audio better for the consumer. No, it is solely created for industry media protection.
This Cinavia watermark audio subcode seems to be embedded at a phase and frequency that can be easily isolated and extracted from an audio soundtrack, then processed and determined if it’s valid for the movie title being played back. Likely, it’s also an analog audio-based digital carrier subcode (like a modem tone) that contains data about the title being played.
How is Cinavia used in the film industry?
There are two types of known uses of Cinavia watermarking. The first use is to protect theatrical releases from being pirated. Because the audio watermarking is audible, but imperceptible, it will be picked up by microphones (strictly because of the Hz range where the subcode is embedded). Keep in mind that just because the subcode cannot be heard by human ears, it doesn’t mean it can’t be heard and decoded by a specialty hardware chip. So, if a theatrical release is CAMed (i.e. recorded from the screen), the Cinavia watermarking will also be recorded in the audio. After all, what is a movie without audio?
The second use is to protect Blu-ray copies of films from being pirated. For the same reason as theatrical releases, Blu-ray films are also embedded with a subcode. But, that subcode is different from theatrical films. For this reason, films destined for theatrical releases will never play in a consumer Blu-ray player ever (including players such as the PS3, PS4 or Xbox One). Commercial Blu-ray disks play because the audio track uses AACS with a key likely embedded within the subcode watermark. If the AACS key matches the value from the watermark, the check passes and the audio continues to play.
I have also read there is a third use emerging… to protect DVD releases. But, I have yet to confirm any DVDs currently using this technology. If you have run into any such releases, please leave a comment.
How would I be affected by this?
All consumer Blu-ray players manufactured after 2012-2013 are required to support Cinavia. If the Cinavia subcode is present, the player will blank the audio track if the AACS key is mismatched. This means hardware Blu-ray players from pretty much any manufacturer will be affected by Cinavia protection if the title supports it. CAM copies of theatrical releases will never play because the audio subcode is entirely different for theatrical films and the Blu-ray player will recognize that theatrical subcode and stop audio playback.
Not all movie titles use Cinavia to protect their content. Not all players support the Cinavia protections from all media types. For example, some Blu-ray players can play media from a variety of sources beside BD disks (e.g., USB drives, Network servers, etc). These alternative sources are not always under Cinavia protection even if the specific movie has an embedded subcode.
Since Sony is the biggest proponent and user of this technology, all Sony players, including the PS3 and PS4 along with their standalone Blu-ray players will not play back Cinavia protected material if it doesn’t continue to pass the subcode tests. For example, if you rip a Blu-ray disk protected by Cinavia and then burn it to a BD-rom disk, the movie will stop playing audio at around the 20 minute mark and display a warning. If you attempt to stop and start the movie, it will play audio again for a few seconds and then stop playing with a warning.
How can you remove Cinavia protection?
In short, it’s not as easy as that may sound. Once the Cinavia protection is detected on the media, the hardware activates and continues to look for the information it needs to make sure the content is ‘legitimate’.
With that said, there are ways of getting around this on certain devices. As I explained, some players don’t check for Cinavia for certain types of media (i.e., USB or Network streaming). Sony, however, does check for all media types. The PS3, though, doesn’t seem to check for Cinavia if the playback is through the optical output port (i.e., when playing back through an optical receiver). That would make sense, though, as it would be left up to the receiver to blank the audio based on Cinavia. Since most receivers probably don’t support Cinavia, there should be no issue with playback.
Other technical methods include garbling the audio somewhat or using variable speed on the audio. Neither of these two methods are really acceptable to the ears when watching a movie. We all want our movies to both look and sound correct.
How can I avoid this problem?
You can easily avoid this issue by using a a player that doesn’t support Cinavia protection. For example, Windows Media Player, VLC, etc. Most PC media players do not support Cinavia. Though, if you get a PC from Sony, expect the media player on any Sony product to support Cinavia (yes, even Windows Media Player might as Sony may have loaded a system-wide Cinavia plugin). If you buy a PC from any manufacturer other than Sony, you likely won’t be affected by Cinavia.
This problem almost solely exists on Blu-ray standalone players. So, if you avoid playing movies on such consumer hardware players, you can usually avoid the Cinavia issue entirely. Though, there are some commercial PC media players that do support Cinavia.
A possible real solution?
Another method which I have not seen explored, I have decided to propose here. With a film protected by Cinavia, the Cinavia subcode should exist both within silence as well as noisy portions likely at the same volume. First, extract a length of silence (that contains Cinavia subcode). Now, garble, stretch, warp and generally distort this subcode so that it cannot be recognized by a Cinavia decoder. Then duplicate the garbled ‘silence’ subcode to fill the length of the entire film. Extract the film’s audio soundtrack, mix in the new garbled full length subcode throughout the entire film. Note that remixing 7.1 or 5.1 track is a bit tricky, but it can be done. I would suggest inserting it on the subwoofer track or the center track, though it may be present on all of the tracks by design. After the audio track is remixed and remuxed into a resulting MP4 (or other format), the new garbled subcode should hopefully interfere just enough with the existing already-embedded subcode to prevent the Cinavia protection from getting a lock on the film’s original subcode.
The outcome of the garbled subcode could cause one of two things to happen. 1) The Cinavia detection is rendered useless and the Cinavia hardware ignores the subcode entirely or 2) The Cinavia detection realizes such tampering and shuts down the audio track immediately. While erroring on the side of fail is really a bad move in an industry already fraught with bad press around failed past media protection schemes, I would more likely suspect scenario number 1. But, it’s probably worth a test. No, I have not yet had time to test my theory.
While this doesn’t exactly remove Cinavia, it should hopefully render it useless. But, it won’t recover the lost audio portions being used by the Cinavia subcode.
How would I go about doing this?
I wouldn’t attempt doing the above suggestion manually on films as it takes a fair amount of time demuxing audio, creating the garbled audio subcode, remixing the new track and remuxing it into the video. But an application capable of ripping could easily handle this task during the rip and conversion process if provided with a length of garbled subcode.
[Updated: 2018-01-06]
Apparently, DVDFab seems to have a way to rip and disable Cinavia protections according to their literature. They have released the DVDFab DVD and Blu-ray Cinavia Removal tool. If you’re still having difficulties with Cinavia while watching your movies, it might be worth checking out this tool. Note, I have not personally used this tool, so I can’t vouch for its effectiveness. I am also not being sponsored by DVDFab in this article. I’m only pointing out this tool because I recently found it and because it seems to have a high rating. On the other hand, I do see some complaints that it doesn’t always recognize and remove Cinavia on some movies. So, caveat emptor. Even though it’s not an inexpensive product, it is on sale at the time of this update for whatever that’s worth.
It seems that someone finally may have implemented my idea above. Good on them if they did… it only took around 4 years.
How not to run a business (Part 8): Stock and Incentive edition
While it’s great that employers want to reward employees and give incentives to stay, there is the correct way and there is the wrong way. Let’s explore.
Don’t offer tiny stock grants with huge vesting schedules and cliffs
If you’re planning to offer a stock grants as ‘stay’ incentives, make it sizable. Stock programs with vesting schedules are a good thing, but not grants with tiny amounts of shares. First, it’s a waste of paperwork to give out less than $10k in equivalent shares (vested over 4 years) in company stock both for the HR team and for the receiving employee. You’ll have your team spending time on managing all of these tiny grants with no benefit to anyone. Second, most employees won’t hesitate to walk away from such grants before the vesting period ends which means even more paperwork to clean it up after the employee has left. Employees won’t wait 12 months just to get another $1-2k when they can likely pick up a 5-10% raise (and possibly even a sign-on bonus) by changing jobs.
If you want to give an incentive to employees so that they stay with your company, approve grant sizes that matter. More specifically, grant sizes that are higher than an equivalent raise. Make it worth your employee to want to worry about. For example, grant a size equivalent to 1 year of salary (at the then current stock price) with a 4 year vesting schedule. If an employee sees they’re going to get 1/4 of their salary each year for the next 4 years, that’s definitely an incentive to stay. If they don’t stay, you don’t pay. Assuming the employee is a high performer and highly valued, it is worth it when they do stay. That’s the entire point of the grant. However, issuing a grant that, at best, offers the employee $1-3k after taxes each year offers not even the best performer an incentive to stay. After all, you do want this employee to stay, right? Most great employees can easily make up such a tiny amount left behind by moving to a new job with a new company. Most people would have no problems walking away from a tiny dollar amount for a new job offer. Again, this leaves your existing employees to clean up the mess left over from the tiny little unvested grants. Note that it’s the same amount of paperwork whether you grant 1 share or thousands.
In other words, grant stock incentive sizes that make sense for all involved or choose a different incentive vehicle altogether. While you may think giving stock grants is a positive thing, employees generally don’t because of the downsides of vesting schedules and cliffs, the hassles of taxes (it will probably cost the employee more to hire a tax consultant than the bonus is worth) and when it’s too small it’s not worth the employee’s time. Be very careful when using this incentive vehicle.
Don’t send the wrong message to your employees by using the wrong incentives
In the case above with stock, you have to consider what such a small grant size says to the employee. If you give an employee a pittance grant, you’ve essentially just told them, “You’re worth $1-2k a year extra” (once they do the math). That, in many cases (especially in California), is less than the average raise. That doesn’t, in any way, impart confidence that the employee is valued… and that’s exactly what a pittance grant says. It’s definitely not the right message to send. Yes, extra money is always a good thing, but not when it’s wrapped (er.. trapped) in the wrong incentive vehicle or if it’s the wrong dollar amount.
Keep in mind that for the employee it’s all about when they actually see the money. Trapping the money behind vesting schedules and vesting cliffs is tantamount to dangling a carrot from a stick just out of reach (for a year) and then only giving them 1/4 of that carrot after chasing it for a year. If you expect the employee to wait a year to get 1/4 of a baby carrot, it better be a damned good tasting baby carrot (e.g., a substantial amount of money actually worth waiting for).
From a monetary perspective alone, $1-2k extra a year can be easily handed to the employee in many other ways. You can label the extra as a bonus, you can label it as a ‘great job’ thank you, you can hand them a live check with a personal thank you or you can buy them an iPad as a gift.
Each of these suggested alternative incentives sends the correct message. Handing someone an iPad is a whole lot more satisfying of a bonus than handing them the quagmire of pittance RSUs. In stock plans with long term vesting schedules, vesting cliffs, stock price uncertainties, waiting periods and tax disincentives, it’s a quagmire of a bonus system for the employee to navigate only to secure $1k. Don’t use stock grants to hand out $1-2k a year bonuses. Using this incentive vehicle sends the absolute wrong message to your employees, can damage employee self-worth and ultimately damage your reputation as a respectable company. Ultimately, if the employee is left with nothing for a year and then has to wait 4 years to ultimately get maybe $10k gross and suffer huge tax liabilities in the process, that’s the wrong message to send.
So, always use the correct incentive vehicles to send a positive message to your employees to keep them on board. Using the wrong vehicle in the wrong way not only plants the seed of dissatisfaction, it can lead to the employee walking away entirely.
Don’t flaunt your sales team’s wins to your non-sales employees
Your sales team is important to the success of your company. It’s also great that your sales team members, or at least some of them, are doing well to bring in those great deals. On the other hand, many companies make the mistake of continually rewarding the most outstanding sales team members with trips, gifts, dinners and other niceties. Keep this information firmly within your sales team. Do not share this information with non-sales departments.
It’s very easy for the other departments to see the sales team as being the team with all the special benefits. This can make the other teams seem as if they are being left out of the loop. Your operations team, for example, usually has staff working 24/7/365 to make sure things are working. Yet, your sales team is being flown around the globe on sales team kick-offs. This sends the wrong message to other teams. If you are going to give incentives to your sales teams, either keep it away from your other teams or figure out a way (i.e., via winning an internal lottery) to include other team members in these wins.
Again, it’s important to understand that the sales team, while important to new business and renewals, isn’t the only team keeping your business afloat. All teams need to be supported, given incentives and given the opportunity to participate in travel events when available.
Do allow employees to participate in company sponsored events
If your company is planning to do trade shows such as Dreamforce or possibly even creation of your own company annual event, allow and encourage employees from all departments to participate. Doing the same job day after day, month after month is hard to do year in and out. Breaking the monotony of the same ole same ole will help reinvigorate employees when they do get back to their job. Allowing employees to do something different for a couple of days does help re-energize people to do their best jobs. It also encourages employees to meet and work with other employees outside of their team that they otherwise would not. This allows for a much closer knit company, especially when the employee does end up working with that person they met earlier.
Don’t be ambiguous or vague about your incentive programs and make sure they are fair to all teams
If you plan to offer such incentives as RSUs, stock options, bonus plans, merit-based trips, etc, document them. Document exactly how they work, who is eligible and how each employee can become eligible. If your programs only include certain departments, make certain that when other departments become aware (and they will) that you offer compensating alternatives to those other departments.
For example, if your sales team members receive an end-of-year trip to the Bahamas for the best sales numbers, then your finance team should, likewise, be offered some kind of off-site vehicle for the finance team members who consecutively kept their DSOs down that year. Offering something to one team and not others clearly smacks of favoritism. When it is not documented clearly, this causes more friction between teams than it solves. Better, if teams are offered grand incentives, then use a lottery to allow other departments to participate in it. So, for each sales team member who wins a trip, they can bring a member from another team along and that person is determined via a lottery. Again, this should all be documented fully so there is no question about either individual or team incentive programs.
← Part 7 | Chapter Index | Part 9 →
Stung by the Target data breach? Here are some tips.
Unless you’ve been living in a cave, Target stores recently disclosed that it had potentially lost up to 40 million credit and debit card numbers when their point of sale systems became infected with malicious software. Let’s explore how to protect yourself from these situations.
Knee-jerk Reactions
A lot of people who are not very tech savvy immediately jump the gun and presume all credit card systems are vulnerable and that carrying and using cash is safer. Unfortunately, this is an incorrect assumption to make. Cash, while useful, is not always safer to carry around. If you are carrying, for example, thousands of dollars on your person, when you get robbed or mugged, your money is gone and is not replaceable on top of whatever injuries you may have sustained when they robbed you.
You’re probably thinking, “How is anyone going to know I’m carrying it?” You have to open your wallet to buy things. People can easily peer in and see how many bills you have tucked in there. It’s very simple. They’re not going to mug you immediately following seeing the money. No, they’ll wait and do it a much more opportune time for them, but when you are most vulnerable (alone in a garage or someplace else similarly alone and dark). So, carrying loads of cash is not the answer. Money is also not replaceable when it’s stolen.
When and what happened in the breach?
Target confirmed that cards swiped through its terminals between November 27th and December 15th were likely exposed in the breach. However, Target hasn’t been forthcoming describing exactly how the breach was accomplished. But, what has been said is that the point of sale terminals appear to have become infected with malicious software. This would likely include both the customer card terminal reader and the register itself since both are connected together. It has also been stated that the hackers only received data contained on magnetic card stripe, which indicates that the malicious software only infected the actual card swiping hardware device.
However, if the entire register and card-reader terminal was infected with malicious code, it’s possible they also captured all input from these terminals which would include PIN codes and signature digital data. So, I’d suggest proceeding on the assumption that they did potentially obtain keyed-in data including PIN codes.
To be the absolute safest in your response to any breach announcement, always assume the worst to take the most appropriate action in anything dealing with credit or debit cards.
Who is Most Vulnerable?
Mastercard, Visa and Amex card holders or debit card holders which contain Visa or Mastercard logos are the most vulnerable card holder types in this breach. These cards can be used anywhere, especially at online sellers without signatures. So, it’s easiest to use these cards all over the Internet.
The least vulnerable cards are Target RED cards without Visa logos. These cards would actually protect you against use. Since these cards are only usable at Target and must be presented at the register to be swiped, they cannot be used at Target without creating a physical card. Because these cards do not look or feel like regular credit cards, they would be a bit harder to duplicate. Though, it’s not impossible. Because the non-Visa RED cards only work at Target, this means that the perpetrators would likely use the ‘low hanging fruit’ first. That is, the perpetrators would opt to use card numbers that can be used anywhere and can be used online without needing to print a card. Or, more specifically, Visa, Mastercard or Amex branded cards. Cards without logos, like Target’s RED cards can only be used at Target which limits where the card can be used.
The RED card can be used, however, at Target.com. This means they could use your RED card on a Target.com account.
What should I do?
If you have a credit or debit card bearing the Mastercard, Visa or Amex logos, you should flip the card over, call the number on the back and ask to have the card replaced. Don’t try to contact Target, don’t ask questions at Target, just have the card replaced immediately. Yes, I know this is the height of the holiday shopping season and may make it inconvenient for you, but just consider how much more inconvenient if the perpetrators max out your card and you have to clean up that mess in addition to not being able to shop? It’s always better to err on the side of caution and replace your card.
If you have a RED debit card, log into Target’s RED card management site and change your PIN. You can get to it from the main Target.com web site. Go ahead right now and do it. I’ll wait. You can finish reading the article when you get back.
So, now that you’re all done changing your PIN to your RED card, that’s really all you need to do. If the perpetrators obtained your RED debit card number, it cannot be used without the PIN code. By changing your PIN, you have now just protected your RED debit account from unauthorized use.
If you have a RED credit card without a Visa logo, assuming this card only requires a signature to purchase, then you are also vulnerable to easy purchases online at Target.com. Even with a non-logo Target credit card, there’s much less that can be done with it as it only works at Target. Still, I suggest you also visit the RED card management portal and choose to replace your RED credit card. There’s a link in the management site to do this. I suggest doing this online rather than trying to call the number on the back and waiting on hold. Due to the extremely high volume of calls that Target is experiencing at the moment, it’s really a whole lot faster to use their web management site. However, before you run off and request a replacement card, I suggest reading the rest of this article first.
If you own a Target Visa card, you should replace it immediately just as you would any Visa branded card.
Should I cancel my RED card?
The answer to this question is not as simple. If you use no other card than the RED debit card to make purchases at Target, you are actually more protected than any other card you can use. So, I wouldn’t recommending closing out your RED debit card if you want to continue shopping at Target. However, if you no longer wish to shop at Target after this breach, then I would suggest you close out all of your RED cards as you don’t want these cards hanging around unused.
If you own a Target Credit card and especially a Target Visa card, you might want to consider closing these cards and replacing them with a RED debit card instead. Debit cards are protected by PIN codes. Without the PIN, the card is useless. With a credit card, only a signature is required in-store. For web purchases, no verification is really required other than the security code on the back (and not always even at that). With debit cards, your PIN code protects you. With a credit card, very little protects you other than fraud liability coverage and even then you can still be held liable.
The Best Card To Use
The RED debit card is the safest card to carry into Target to shop. It’s safer than a Visa, Mastercard or Amex branded card because it can only be used at Target. It’s safer than carrying loads of cash. It also gives you a 5% discount off of purchases. You won’t even get that discount with cash. It requires a PIN code to use the card and PIN codes are relatively easy to change on the Target management site by the authorized user. It’s not so easy to change by a hacker. The one downside to using the Target RED debit card is that it requires giving Target ACH access to your bank account. But, if you set up a separate account strictly for shopping purposes as suggested in Randosity’s Don’t Trust Paypal article, you can even protect your bank account from unauthorized ACH access by Target.
How do I protect myself?
There are limits to what you can do to protect yourself against technology. We are all vulnerable to attacks every day when using our phones, our computers, at work, in our cars. Technology is everywhere and malicious code is being developed as you read this article. There is no protection against malicious code technologies. Most technologies are written for the greater good, such as checking you out at the store, helping run your phone, helping run bank ATMs, etc. These are all good uses of technologies. However, there are people who’s goal it is to disrupt these technologies for their own pleasure, for political reasons, for terror reasons or simply to disrupt the flow of society.
Basically, sh*t happens. You can’t predict it, you can’t manage it, you can’t really do much about it. This is why your bank cards have limited liabilities and why they allow you to change PIN codes and ask for replacement cards. The banks are well aware problems happen and they have safeguards in place to help prevent these problems.
However, only you can protect you. If you want to be the safest you can be, then monitor your transactions in your accounts closely. Also, choose technologies and technology strategies that help you safeguard your accounts. Don’t expect the banks to do this for you. However, some banks do offer limited monitoring services and will contact you when suspicious activities appear. But, it is up to you to make sure your account information is safe. Basically, if you don’t trust in the current payment technologies, you’ll be left behind. If you do trust the technologies, you have to take the good with the bad. Cash paper money won’t last forever. Eventually, it will be replaced with something else. But, these new payment technologies will continue onward.
For now, cash is one way to handle the technology issue, but it is not the best way. Of course, you could go back to using paper checks, but even checks are vulnerable to electronic attacks. While the paper check is an older concept, it still suffers from technology attacks because checks are scanned by computers and from there they become digitally vulnerable. It can also be difficult to buy things with cash or checks at online retailers unless they accept Paypal. The bottom line, if you choose not to participate in the new payment technologies, you will find it difficult and inconvenient to buy things, especially online. If you choose to embrace the newest payment technologies, you will need to also embrace the new security paradigm that goes along with these new technologies. Target has just unwittingly become a poster-child for these new paradigms.
Random Thoughts - Randocity! 
leave a comment