I Guess I are One…Finally!

Posted on July 25, 2010 by John F. Dini

I just read Malcolm Gladwell’s book “Outliers.” Like The Tipping Point and Blink before it, he gives a very readable and fresh insight into things you thought you knew, or kind of thought you knew but never really applied logic to, or maybe never thought about at all, but are glad to know.

One of his fascinating observations is the 10,000 hour “rule.” He says that it takes 10,000 hours of direct experience to become truly proficient (at anything) on a world-class level. Ten thousand hours is a lot. He delivers several anecdotes about how this happens

Bill Joy (creator of Unix and Java), Bill Gates and others were placed in unusual circumstances as children, giving them massive access to computers before they were available to the general public. Gates, for example, would sneak out of his house in high school to use the university computer between 3 and 6 am; because no one would kick him out then. He attended a school that had unusual access to computers, and had even more access at home.

Professional athletes spend more time in their youth on all-star squads with greater practice requirements, and frequently play one sport year ’round. They are also “gym rats” (or the equivalent venue in other sports) putting in endless additional hours refining their game. Michael Jordan is only one star of many who was known for “first to arrive, last to leave” practice ethic throughout his career.

How about those profiles of Olympic stars during the games? Michael Phelps swimming three hours each morning and three each afternoon, six days a week, 52 weeks a year. That’s 36 hours a week, 1,900 hours a year, from age 12 until he becomes a world-class competitor at 17. About 10,000 hours.

The Beatles were bigger than any other band of their era. Why? Because of their unusual early history. They loved playing the strip-joint dives of Hamburg as teens and early twenty somethings. (No drinking age and unlimited sex. Go figger) Five years of months-long gigs playing from 6:00 PM to 1:00 or 2:00 AM, with no breaks allowed, because customers only came in if the music was going. In five years they played an estimated 1,200 nights. 10,000 hours.

I began wondering what it takes to be a true expert in a business discipline. A 40 hour work week would deliver about 2,000 hours of experience in a year, but how much of that experience is directly enhancing a skill? Swimmers swim. Musicians play music all the time. But do salesmen sell all day? Do managers manage every minute they are working?

If you were a salesman, for example, you would have to deduct travel time, report writing, sales meetings, coordinating with your secretary, learning new products, and market research. That’s not to mention trips to the bathroom, calling home to see what’s for dinner and checking your stocks on the Internet. How much of your time is actually spent in face-to-face selling? Is it 10%? 20%? At 20%, or 400 hours a year, it would take you 25 years to develop a sales skill level that was the equivalent of a rookie NBA player’s skill at basketball. That assumes your 25 years were all spent in selling as your “full time” occupation.

I have hesitated to call myself a small business expert. I have about 33 years in management and running companies, but how much of that was doing one thing? I have always thought of myself as more of a generalist. I can sell, and I understand finance. I’ve managed lots of people, sold a substantial number of companies, and done strategic plans; but does that make me an expert in anything by Gladwell’s definition ?

If I put all my certifications together I could string twenty-something letters after my name. But does 80 or 100 hours studying for a certification program, or even 500 hours getting an advanced degree, make someone an expert? Any of us who work in the real world knows that isn’t the case.

If I’ve had a chance to be expert at anything, it is understanding the issues of a small business owner. For the last 13 years, since September of 1997, I’ve applied my experience in direct facilitation of meetings of business owners in The Alternative Board® and in coaching them one on one. Of course I wondered, is 13 years enough to be an expert?

For most of that time we’ve had 12 Boards, each one meeting for 4 hours each month. I have usually chaired 4 boards myself, and audit another meeting or two each month. Lets say 5 meetings a month on average, sometimes a lot more. 5 meetings x 4 hours x 12 months x 13 years= 3,120 hours listening to business owners solve their issues. That not even close enough to make me an expert.

During the 13 years I’ve coached between 30 and 40 clients personally at any given time. The coaching sessions last at least an hour, and often more. Let’s take a conservative measure of 30 clients monthly at an hour each. 30 clients x 1 hour x 12 months x 13 years= 4,680 hours coaching business owners on their issues. That is a big leap in the right direction, but I still fall far short of “expert” by Gladwell’s definition.

Most of the rest of my time (typically in a 60 hour work week) is spent in business owner related activities. I give presentations about The Alternative Board, plan and deliver seminars, meet with our contracted coaches to discuss clients, do lots of continuing education, write books and articles and sell businesses as a broker. While all of those are related to small business, they aren’t actually dealing with the specific issues of individual owners. They are more the equivalent of the salesman doing call reports.

My face-to-face contact with business owners for the purpose of discussing their issues, ambitions and plans includes one or two lunches a week with those I don’t coach personally, just to keep up. (Let’s say 6-8 hours a month.) I interview an average of three to five prospective TAB members monthly at 90 minutes to two hours each. (5-8 hours). I consult directly, both as a favor to members, discussing the sale of businesses as a broker with owners who are considering an exit, and in paid engagements. That isn’t all face time, but I can easily call it another 8 hours of face-to-face contact each month. Those one on one interactions total at least 20 hours a month, or another (20x12x13) 3,120 hours over the last 13 years.

Totaling 3,120 with 4,680 and 3,120 yields 10,920 hours of specific discussions with business owners for the purpose of tackling the special challenges, concerns, gratification and (sometimes) pure terror of being responsible for your own destiny. (Note: That’s why this blog is called Awake at 2 O’Clock in the Morning. All business owners get it.)

Like the others named above, I owe the magic 10,000 hours to an unusual set of circumstances, and my own love of the game. I don’t play golf, or hunt, or fish, or do much of anything else except work with business owners and spend time with my family. At least it appears that I’ve earned the right to claim expert status in my chosen profession. It’s nice to know.

Posted in Thoughts and Opinions | Tagged , , , | 1 Comment

One Response to I Guess I are One…Finally!

  1. Anonymous says:
    September 28, 2010 at 4:45 pm

    I have to wonder whether 10,000 hours really is the magic number. Each of us has a different hunger for knowledge and a varying commitment to learn and grow. Some get 5,000 hours of experience and will truly become proficient at their task whereas some will get 1 hours experience 10,000 times and never master anything.

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

If You are a Victim; You are Guilty.

Posted on July 11, 2010 by John F. Dini

Let’s say you own a small Italian Restaurant. Fifteen tables. Pasta, Pizza, beer and wine. Not really a white tablecloth place. More like plastic red and white check tablecloths with Chianti bottles and drippy candles. On a good Saturday night you might take in $2,500. You average about $400,000 a year in sales. You are closed Mondays, because everyone in the family needs a day off.

One Tuesday morning you come in early to start food prep for the week. The mail is piled on the floor where the mailman pushed it through the slot yesterday. You sit at one of the tables drinking a cup of coffee as you open the mail. Routine stuff. There is the produce vendor’s statement.A postcard from a regular customer on vacation. An offer or two for new credit cards. There is a letter from a credit card processor; Visa or MasterCard. It informs you that a number of customer cards have been used fraudulently. They have traced the origin of the security breach to your restaurant, and you owe them $170,000 under your merchant agreement, plus penalties. Your issuing bank will be contacting you regarding the collection terms, and to inform you of the additional costs.

You are out of business.

This isn’t a joke. It’s not an Urban Legend. It is happening every day to scores of small businesses nationally, and the number is increasing rapidly. PCI (Payment Card Industry) compliance is a term that should strike terror into the heart of every small business person who accepts credit cards. If you’ve been ignoring the warning information from your bank or merchant processor, or if you think you have it taken care of, think again.

A restaurant here in San Antonio recently went to the newspaper to ask for a story warning every customer of theirs to get new credit cards. This restaurant was hit for over $500,000 in charges, plus penalties (more on those later.) The most bitter pill to swallow is that this restaurant did it right. They have the latest version of a POS (Point of Sale) register system. Their network was behind an up-to-date firewall. Their credit card data was encrypted. Nothing saved them from a sophisticated international fraud industry that remains one step ahead of security techniques.

Some fraud is low-tech. A waiter takes cell-phone photos of cards as he runs them, and mails them to an online fence who pays him a couple of dollars per number. A hotel is missing boxes of old credit card slips. (That happened last week in San Antonio- 17,000 customers affected.) The most pernicious, however, is the Internet hack. The threat encompasses every business; retail, service or B2B that accepts credit cards.
Organized thieves, many of them in Eastern Europe, spend all day “pinging” IP addresses in the US. When one hits a firewall, or more commonly, hits an electronic cash register, processing terminal, PC or a server that isn’t behind a firewall, they blast a dictionary of keywords at it to identify whether there is any credit card information on the other end. If one of these words gets a hit, they begin the hack, inserting a program that duplicates any card number run through the system and transmitting it to their servers. It takes seconds for the whole process.

Typically they will collect for some time, months or in some cases years, before they put the cards into use. It gives them economies of scale. With faster fraud identification systems, many have started “real time” usage, duplicating cards in Europe or Asia and selling them the same day.

Illegal web sites post buyer requirements; how many cards, issuer type, credit limits sought and prices to be paid. (“Need 200 AMEX Gold or Platinum- pay $50 each”) Other sites will tell you the current available limit on any card number. Still other sites sell stolen numbers in a daily auction, batched by type and credit limit availability.

Your data is encrypted? Law enforcement sources tell me that decryption programs to defeat the current levels of credit card security can be bought for $125 on the web and installed in 15 minutes.

When I tell small business owners this story, they usually say “But my credit card company says I’m not liable for fraudulent charges.” That is true if you are a consumer. If you are a merchant, you have already accepted the liability. You agreed to comply with all PCI security protocols. Those protocols, however, are so loosely defined, and so complex, that if you are defrauded it essentially means you weren’t in compliance. In other words, if you are a victim; you are guilty.

When cards are used fraudulently, here is what happens. The card processor begins an algorithm to cross reference the fraudulent cards with the places they were used. In minutes, twenty cards cross at one point- Anthony’s Italian Trattoria in Peoria Illinois. (If there is really an Anthony’s in Peoria, I apologize. I checked to see that there wasn’t. It’s supposed to be fictional.) You are proven guilty.

What happens next is a nightmare. First, every customer who charged something at your business (in a time frame of potential risk determined by the processor)  must be notified that their card may have been compromised, and they should get a new one. The charge for that is $30 per customer. It is billed to your bank issuer, who can either pass it on to you or eat it. Guess which one they will choose?

(A quick aside here. If you are like almost all small business people, your accounts are concentrated at one bank. Your loan agreements usually allow the bank to deduct amounts owed them from ANY account you have there, business or personal.)

Then they have to do the forensic investigation, to determine how the cards were stolen and the potential losses. The cost of a forensic examination is currently set by PCI at $10,000 minimum. All this is in addition to any fraudulent usage, which is directly billed to you. The bank may choose to let you continue operating, if you can afford to let them withhold everything charged to credit cards in your business until repayment is made.

If you think I am being alarmist, check out the PCI video at TAB member Don Douglas’ Comply Guard Networks website. (This isn’t a plug. Few small business owners could afford Don’s services, which are geared to corporate and institutional customers.) The other examples I cite here are from my own experience locally in the last month, and they are not the only ones I know.

What can you do? Checking a driver’s license, which many people consider security, doesn’t help with this problem. That only protects you from being back charged for a fraudulent usage. That is one transaction, not hundreds or thousands.

You could stop accepting credit card, but for many of us that isn’t feasible.

Here is what you CAN do, in simple terms:

First- Spend the money to upgrade your system. I’ve talked to POS vendors at length about this. They tell me that the usual openings, lack of a firewall, shared hubs with wireless hot spots, and out of date software, cost between $1,000 and $3,000 to change. It still isn’t fool proof, but it is like the burglar who was asked why he didn’t hit houses when he knew there were only timers on the lights. “Because the house next door doesn’t even have timers.” The cost is minimal in comparison to the deterrent factor. 

Second- DO NOT STORE CREDIT CARD NUMBERS ON TRANSACTIONS ANYWHERE, EVER! Many businesses don’t even know that their systems are keeping numbers. With cheap data storage, some have no erasure process at all. One restaurant locally, with hundreds of seats and a booming business, recently found out that they had every credit card number for every transaction in the last ten years residing in their hard drive. One hack, and they could have been hit for millions in notification fees alone.

If you have a customer dispute or question, you can get the information from the credit card company. Yes, it may take forever on the phone to wade through the process, but how bad is that compared to losing your business?

There are some major things that the industry could do, but for now they’ve chosen to just shift the liability to small business owners who are generally unaware of what has been done to them. In this case, such ignorance can ruin you.

If this is news to you, it is probably news to your business owner friends. I have been passing this information on to every business owner I know. Most have been surprised by it. Do a friend a favor, and give them a heads up. Ask them “Are your computers PCI complaint?” If they look at you blankly, send them here.

Posted in Uncategorized | Tagged , , , , | 2 Comments

2 Responses to If You are a Victim; You are Guilty.

  1. Anonymous says:
    July 12, 2010 at 3:20 am

    "Your data is encrypted? Law enforcement sources tell me that decryption programs to defeat the current levels of credit card security can be bought for $125 on the web and installed in 15 minutes."

    Your law enforcement friend is uneducated in this topic, I work in data forensics- simple PGP or RSA encryption would have solved this problem.
    http://news.softpedia.com/news/FBI-Unable-to-Decrypt-Brazilian-Banker-s-Data-145640.shtml

    Perfect example above, from recent news- and thats a cheap encryption suite. Like I said your law enforcement buddy needs to quit talking about things he does not understand.

    They key is to;
    1. use intelligent passwords on all systems and equipment
    2. protect the transmission and reception of cc data
    3. protect your customer, dont let your waiters wonder off with a credit card, have managers be on the lookout for skimmers

    Think like a criminal, its not that hard, how would you steal from your own business?
    Then work on that weakness.

    Criminals evolve, you must as well.

    Reply
  2. Todd A. Marquardt, Esq. says:
    July 31, 2010 at 10:08 pm

    Very informative. Even a proactive business owner may not have known about the risks to accepting credit cards. Thanks.

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

Small Business Goes Global

Posted on June 20, 2010 by John F. Dini

I know that the business press has described the Internet based global marketplace for a decade now. Certainly I have any number of clients who’ve seen their small businesses impacted by a customer’s ability to search the globe for competitive products. Frankly, however, those of us who provide face to face services (which means about 70% of the small business community) have felt a bit insulated from the migration to cheaper online sources.

As a business coach, I have never thought that telephone or Internet based coaching was as good as face to face. 85% of our communication is based on body language. Tracking facial and posture feedback is a critical part of good coaching. I have the same belief as to business brokerage. I, like most brokers, insist on being in the room for ever meeting between buyer and seller. One reason is that I can see when one party is agreeing to something that he or she may not be happy about. Recognizing that frequently avoids a lot of grief later.

Two weeks ago I received an email that I almost erased as a scam. Someone in Ulaan Bataar (Outer Mongolia) was asking me to consult on business strategy. “Sure” I thought. “I’ll bet all I need to do is to send him my bank account number so I can have huge sums wired to me tax free!”

I have a love for Asia, and Mongolia isn’t the normal origination point of these scams, so I Googled the sender. He came right up, and looked pretty legit.

Graham Taylor is an expat Aussie who realized a lifelong dream of crossing Mongolia on horseback, and wound up living there. Like many entrepreneurs, he began a business with what he knew- arranging trips for others who wanted to travel to one of the more remote places on the planet. That grew into Karakorum Expeditions with employees and equipment for adventure tours and trekking. Then, like any true entrepreneur, Graham turned his experience to another venture, wine importing. Xanadu Fine Wines supplies finer wines to the region’s restaurants and hotels.

Graham had found out about me through my author page at Amazon, and contacted me to see if I could help him in making some decisions about his businesses.At first I demurred. What do I know about the challenges of being a business owner in Ulaan Bataar? But as Graham pointed out, the professional business advisory community between northern China and Siberia is somewhat underdeveloped. I had to agree that even help from about 8,000 miles away (I don’t know exactly. I tried to look it up, but none of the Internet distance calculators would recognize any spelling of Ulaan Bataar that I could come up with,) is better than no help at all.

So Graham and I have struck a compensation arrangement, and I’ve gone global. I’ll update you as things progress.

Posted in Marketing and Sales, Thoughts and Opinions | Tagged , , , , | Leave a comment

Leave a Reply

Your email address will not be published. Required fields are marked *

A Goal isn’t a Finish Line

Posted on May 29, 2010 by John F. Dini

I was going over some productivity numbers with a long term client.

“Remember when our goal for this was 2000 man hours?” he said. “Now we are below 1200, and closing in on 1100, and with greater volume!”

Everywhere we looked his numbers were at levels we couldn’t have imagined 10 years ago. I don’t mean numbers he couldn’t have hit back then, but numbers we literally couldn’t have imagined. Some of it is the result of investments in technology, in better systems and in training.Most of it, however, is because he has developed a culture of always, always looking for the next improvement.

Note well that I said he has developed a culture. This business has about 100 employees. As the owner, he knows full well that he is not capable of setting a target and dragging every one of those 100 people to it. He has developed an expectation, at least among his management, that arriving at a goal is merely setting the starting point for the next goal.

I’ve been thinking about how unusual that is.For most small business owners goals are a normal part of managing our companies. Sales goals, production goals, efficiency goals. We work hard to make them, set employee incentives around them, and celebrate when we achieve them. But very few of us start immediately on the next goal. We want to give our people (and ourselves) a break. We are programmed to let people enjoy the achievement; to rest a bit before we start again.

I commented on how unusual it is to have built an organization where the key people look at a goal as merely proof that they can do what they set out to do, and automatically start thinking about what they can focus on next. He smiled, and related a story.

Last week one of his managers had a performance review with an employee. Not surprisingly, performance reviews are a normal and regular part of their business culture. They aren’t avoided, late, skipped or glossed over. They are an expected part of the manager’s job. They, too, have evolved over the years. They are more frequent and more detailed than they used to be.

This employee had been doing a good job. He was dependable, and skilled at his duties. He was an important part of the team, and handled his area of responsibility without problems. None the less, his supervisor had identified a half dozen areas where there was room for improvement. These were listed as goals, with a time frame for their accomplishment.

The employee didn’t object to the content of the goals. He was very unhappy that they existed at all. I’ve done everything you ever asked.” he exclaimed. “I am here every day. I cover all my responsibilities to the letter. I’ve hit every target you’ve ever given me. But you people are never happy. You always want more. I’m tired of it.”

He resigned.

Replacing him wasn’t going to be easy. Training another employee for his responsibilities would take considerable time and effort. The supervisor was faced with a choice between keeping a position covered well, or starting all over with someone new. It wasn’t really a choice. The supervisor informed his manager that the position would be weaker for some time while a new person was brought up to speed. Allowing an employee to opt out of the culture of improvement simply wasn’t an option.

How many of us have the courage to push our employees past “good enough?” How many have given our subordinates the license to tell us that they need to take a step back before they can take two steps forward? In my presentation on “The 7 Sins of an Entrepreneur” we talk about the sin of Sloth as settling for good enough, because the alternative just takes too much effort. Settling for good enough launches a creeping decay in you business. If one employee can hold a position because he or she is just good enough, then why not two? Why not all of them? Eventually you wind up with a company where everything is merely good enough.

The Japanese call it Kaizan, the constant push for improvement. Americans want to take big leaps. We look for giant increases, then fall back until we marshal our strength for another big push. Kaizan is the discipline of looking at everything, all the time, to see how it could be better.

Building a culture where a goal becomes not the finish line but a starting point, takes time and consistency. It isn’t easy but the results, like the progression of the goals themselves, are incredible.

You probably figured this out already, but this company enjoys a level of profitability that most people in their industry would consider impossible to achieve. They, however, consider it a baseline for their next goal.

Posted in Leadership, Life After, Management | Tagged , , , , , | Leave a comment

Leave a Reply

Your email address will not be published. Required fields are marked *

No! No! Bad employee! No!

Posted on May 25, 2010 by John F. Dini

A very successful plaintiff’s attorney once told me that there were two keys to getting a settlement in a class action product liability suit.

The first was to find the smoking gun. Somewhere, an employee had told someone not to engage the safety, not to install the part, or not to buy the protective coating because it cost too much. Email is wonderful for such cases, since now you can mine through thousands of ill-advised comments that don’t disappear when someone hits “delete.”

The second key is to get the ear of an executive above the one who created the smoking gun, and who has some decision making authority. This is tougher than it sounds. The one who created the problem is highly motivated to contain it, and is probably telling his superiors “Don’t worry, I’ve got it handled.” The higher execs aren’t inclined to let a litigator go around their own internal containment, or to voluntarily become the new point of contact in a lawsuit.

If you can get the audience, however, he said that it was usually the end of the suit. You say something like “Did you realize that your managers were sending written instructions telling the technicians to disconnect the safety?” There is a pause, and the executive says something like. “Oh my God. I can’t believe it. How much will this cost to settle?”

I was thinking of this the other day when National Public Radio ran a story about BP’s legal department going around Mississippi offering fisherman $5,000 to sign away their legal rights to damages.Of course the slant of the reporting was that BP was a nasty giant oil company trying to dupe poor ignorant fisherman.

Do you really think that BP, scrambling in London or Brussels or wherever in an attempt to contain the damage, was plotting to shake down shrimpers in Biloxi? With a hundred million bucks a day going out the door, and CNN running the mug shots of their rig 24/7, was there a corporate decision to fleece the little guy for a few grand?

Of course not. There was probably some mid-level bozo in a regional office who thought he could make points towards promotion by “showing some initiative.” Moron.

Small business owners envy big corporations, where there is somebody assigned to do everything; but sometimes it may not be all that great.

Posted in Leadership, Management | Tagged , , , , | Leave a comment

Leave a Reply

Your email address will not be published. Required fields are marked *