Donald Hjelm – Enterprise Transparency

During the past few years, enterprises have been embracing transparency at all levels, from the C-suite down. However, despite taking important and, in some cases, impressive steps forward, many of these enterprises continue to face obstacles.

Why the roadblocks? Many enterprises are still talking about transparency, rather than exercising transparency. What is the difference? Enterprises that talk about transparency are obligated to continuously “push” transparency into their activities, functions, processes and policies — because they know if they stop, then eventually so does the transparency. This “applied transparency” is the kind that enterprises can rent, but never own.

However, leaders within enterprises that exercise transparency do not feel the need to “force feed” transparency to employees. This is because transparency is embedded within the fabric of their culture. They own it.  As such, they unleash transparency from within to qualitatively and quantitatively improve employee engagement, workflow management, communication and collaboration, customer support and development, program and project governance, and more.

Rather than confining key information (e.g. organizational goals, performance metrics, resource utilization plans, etc.) to a small circle of executives, transparent enterprises are marked by democratic information sharing. As such, these companies drive participation and engagement at all levels, leveraging 100 percent of their knowledge capital to make better decisions.

Instead of directing employees to perform tasks and then shielding them — either by design or default — from the effects of their efforts, transparent enterprises let employees see how their contribution fits the bigger picture. Why? Because they grasp that aligning input with impact is the smartest way to drive employee investment, which is not just the basis for growth: On a competitive landscape where talent is often more valuable the capital, it is critical for survival.

Transparent enterprises do not restrict innovation to the context of product, service or process development. Rather, much like transparency itself, they view innovation organically as well as functionally. To that end, they empower employees at all levels to innovate how the enterprise sells, markets, supports, develops, communicates and generates feedback.

Evolving into a transparent enterprise requires leaders to have knowledge and insight to make the right technology investments. More importantly, leaders must commit to changing their organizational structure from one that is hierarchical and centralized to one that is flatter and more democratic.

While there may be some growing pains associated with this shift, the effort is both worthwhile and necessary. In 2015, transparency is a “must” for an enterprise to achieve participation, alignment and awareness and to succeed as a democratic, forward-looking company.

Donald Hjelm – Bot Visits

A recent study found that not only do the number of bots (automated applications that crawl and scan websites) on the Internet outnumber human visitors, but smaller websites actually receive a disproportionately higher percentage of automated bot visitors — up to 80 percent of all traffic on sites with fewer than 1,000 visitors a day. Malicious bots probe sites for vulnerabilities, effectively automating web hacking.
The rise of automation has broadened the scope of attacks, making small businesses just as vulnerable as Home Depot or Target. Today, all online businesses are at risk. You don’t have to be a Fortune 500 company to protect your business and customers from malfeasance. The following are simple measures any business owner can take to thwart attacks and prevent breach.
Mind the gaps
Vulnerabilities are just that: exploitable weaknesses that allow attackers to penetrate systems. Fortunately, many of these vulnerabilities are well known and easy to patch. Specifically, there are two vulnerabilities all e-commerce business owners should be aware of: SQL and Cross Site Scripting (XXS).
Many sites, based on how their e-commerce application was built, are vulnerable to SQL injection attacks. Criminals probe web applications with SQL queries to try to extract information from the e-commerce database.
Cross Site Scripting attacks can occur when applications take untrusted data from users and send it to web browsers without properly validating or “treating” that data to ensure it isn’t malicious. XSS can be used to take over user accounts, change website content or redirect visitors to malicious websites without their knowledge.
Because attacks on these vulnerabilities are directed at web application, a web application firewall (WAF) very effective in preventing them.
Denial of service

Some criminals are taking a brute force approach and flooding websites with traffic to take them offline — called a distributed denial of service (DDoS) attack. For e-commerce sites, a DDoS attack has a direct impact on revenue. A single DDoS can cost more than $400,000, with some sources reporting costs of up to $40,000 per hour. With attacks ranging from mere hours to several days, no business can afford the risk of a DDoS attack.
Often times these attacks are accompanied by a ransom note demanding funds to stop the DDoS attack; other times the attack is merely a smokescreen, giving hackers time to probe the site for vulnerabilities.
In either case, rather than fall prey to extortionists, e-commerce sites should enlist DDoS protection to detect and mitigate the attack before it impacts their bottom line. DDoS protection is often available from hosting providers, so small businesses can ask their website hoster for options.
Two-factor authentication

Stolen or compromised user credentials are a common cause of breaches. eBay reported that cyber attackers compromised a small number of employee log-in credentials, allowing unauthorized access to eBay’s corporate network. Criminals use social engineering, phishing, malware and other means to guess or capture usernames and passwords. In other cases, attackers target administrators, whom they discover on social networks, using spear phishing attacks to obtain sensitive data.
Stopping this problem is as simple as implementing two-factor authentication. This second factor is usually a code generated via an app or received via text on a phone owned by the user. Two-factor authentication has been around for a while, but just as better smartphone cameras opened up a whole new market of photo editing and sharing applications, so too has the escalation in breaches increased the number of options for two-factor authentication.
Today, there are a number of great two-factor authentication solutions that are both easier to use and very effective at keeping hackers out. Many are free, including Google Authenticator, and are packaged as handy apps on smartphones. With the increasing risk of breach, it’s more important than ever that any application dealing with customer data be protected by two-factor authentication.
Scan your site

Web scanners are an important tool for detecting the SQL injection vulnerabilities and XSS mentioned above, as well as a host of other vulnerabilities. Information from these scanners can be used to assess the security posture of an e-commerce website, providing insights for engineers on how to remediate vulnerabilities at the code level or tune a WAF to protect against the specific vulnerabilities.
However, in order to be effective, businesses need to use them regularly. It’s important to subscribe to a service that scans on a periodic basis — not every three years.
Know your vendors

Third party providers — hosters, payment processors, call centers, shredders — have a significant impact on breach likelihood and scope. You wouldn’t trust your money to a bank without rigorous, proven security measures in place. Nor should you trust a software vendor without security practices in place.
When seeking new providers, make sure they’re compliant with security best practices like the Payment Card Industry’s Data Security Standard (PCI-DSS) and cloud-security certification SSAE16. Don’t be intimidated to ask cloud software vendors how they’re managing security and what certifications they have. If they have none, you should think twice about working with them.
Don’t overlook this. No matter how good the product, if the software introduces risk to your business, it’s not worth it.
Today the risk of data breach is greater than ever, for large and small businesses alike. But security does not have to be complicated. By using the right tools, partnering with the right vendors and implementing safeguards, online businesses can reduce risk.

Productive Team Meetings

During a busy workweek, the last thing any manager needs is a wasted hour due to an unproductive meeting.

Managers need to make every minute count. When done well, meetings can be extremely productive and accomplish a lot in a limited amount of time.

 Understand the needs, behaviors and schedules of employees. Meetings often take away valuable time from workers, decreasing their productivity. When planning meetings, understand employees’ schedules and workload for the week.

The best time of the week for a meeting is 3 p.m. on Tuesdays. That’s early enough in the week that the meeting won’t interfere with deadlines.

 Create an agenda, and stick to it. Agendas should include step-by-step details for the meeting — including specifying the time for questions. Even if a detail seems obvious, include it on the agenda so that every attendee can be on the same page. Make sure each item on the agenda is clearly described and allotted a time frame. Skipping an item on the agenda is OK; adding to the agenda during the meeting is not.

 Make everyone responsible. Successful Fortune 500 companies such as Apple and Google have the mechanics of running a productive meeting down to a science. How so? These employers assign every employee a responsibility at a given meeting.

Apply a similar concept: For example, the meeting chair should require employees to report on their accomplishments for the week, no matter how big or small. This way, each employee is involved and more accountable for their work.

  Create consequences (and rewards) for meeting attendance. When employees show up late for meetings, it can make the meeting last longer than needed and increase distractions. To ensure everyone shows up on time for meetings, enforce consequences for attendance.

First, create a strict start time for the meeting. For example, let’s say the meeting takes place every Tuesday at 3 p.m. If employees arrive exactly at 3 p.m., they will be marked tardy. Any employee who is marked tardy will have to stay after the meeting to clean up.

Employees who show up early can be rewarded with having the first choice on a new project, for example.

 Make the meeting actionable. At the end of the meeting, require every attendee to share what they learned and their new goals in a 30-second recap. This helps the meeting chair find out what information attendees retained and whether a certain topic needs more clarification.

Meeting leaders can also ask a series of questions at the end of each meeting to find out what each attendee learned. Here are some examples:

“What do you plan to accomplish in the next week?”

“What information from this meeting will you relay to your team?”

“Name one valuable thing you learned from this meeting.”

 Put bookends on the meeting. Every meeting should have a clear start and end time to ensure the meeting doesn’t stray from its goals. Start and end times allow meeting chairs to keep attendees on track and decrease room for unnecessary chatter or long-winded, repetitive discussions.

Ultimately, productive meetings must be well-planned and focused on a goal. By getting the right people on board and promoting timely yet engaging discussions, the productivity of meetings will be greatly improved.

Growth Companies by Donald Hjelm

Sooner or later nearly every growth company needs to raise capital be it through borrowing, an equity investment or a merger. The days of blindly picking an investment bank and trusting the experts to go out and find capital from private equity firms are over.

Only investment banks that directly align their business model and compensation with the interests of their clients will survive as online investing platforms continue to transform the capital-raising landscape. I say this as a CEO who has been through this. An advantage of using some online platforms is that companies seeking capital remain in control of who sees their information and can see to it that sensitive information doesn’t end up in the hands of dozens of undesired investors. When an investment bank shares a company’s information, potential investors — typically private equity firms — might hold onto that information for several years.

When working with an online private investing platform, an entrepreneur can determine which potential investors look at the company’s data and first evaluate prospective investors’ backgrounds to decide if they would be a good fit. In contrast to the traditional investment-banking model, the entrepreneur remains squarely in control of the information and the capital-raising process.

This isn’t to say all investment banks are bad. Rather, it’s incumbent on the company to do their due diligence before hiring one. Here are the seven questions you need to ask:

1. What is your success rate?

Ask what percentage of the bank’s engagement letters lead to closed deals.

2. Why do you love my company?

Make the bankers be specific. If the bankers can’t convince you that they are strong believers in your management team and your business, they certainly won’t be compelling when they present the company to potential investors.

3. What’s the average time for closing a deal?

Don’t have the bank make speculative guesses about the length of time it might take to close a deal. Have the bank confirm its statement in an email with specifics after it runs an analysis. Once you sign an engagement letter with an investment bank, the meter is running. If the fee structure is weighted toward a retainer rather than a commission, the banker has less of an incentive to close a deal quickly. Often investment bankers will take three or four months before they even begin to talk to investors.

4. Does the bank have experience with firms of this size?

If the investment bankers tend to work with larger companies, think about what might happen if a larger client needs attention. Suddenly, your company might become a second- or third-tier customer. What if the bank has had no recent clients in your industry?

5. Can you provide five references?

Ask for introductions to five companies that were former clients of the bank in a fundraising effort — two that were successful in raising capital and three that were not. Ideally, these references will be in your industry and in your company’s size range. Ask that these clients be recent ones and make sure they all worked with your specific banker not just the bank itself.

6. Who are the first five people the bank will approach?

If you run a $15 million food company, and the investment banker wants to approach a Fortune 500 firm, ask for specifics. If the banker mentions contacting Nestlé, say, “That’s great, who exactly would you call at Nestlé and when was the last time you talked with him or her?”

7. What are the firm’s average fees?

A very high retainer doesn’t provide a banker an incentive to close a deal. Conversely, investment banks that rely heavily on commissions are motivated to close transactions quickly and at the highest valuation possible. And they are inclined to only take on companies in which they believe strongly.

Donald Hjelm

Don Hjelm