Your Operations Solved

Hello and welcome to Your Operations Solved, for Wednesday, June 2nd, 2021I'm your host, Channing Norton, of PC Solutions, and this is the 24th episode of our show,Listen to us Wednesday and Friday mornings at 9:30 Eastern, or on our bonus shows released on the 2nd Saturday of each month, at 2:30 PM. If you find the show helpful or informative, please do give it a like on your platform of choice, or share it to someone else who might also enjoy it.If you have a problem in your business you want solved, email us at Solutions@youroperationssolved.com, we may just feature your business on our bonus show as we tackle it to help you and others.With that out of the way, let's get started on today's headlinesFirst, an update to an existing story.We've talked several times about Google's new targeted advertising technology FLoC, on this show, and the associated controversies in its potential to target ads in a predatory manner. In response to the backlash, Google has added a new setting to opt out of FLoC in the latest build of google chrome... if you're willing to dig for it in the obscure Chrome://flags page. Alternatively, one could use another browser, as both microsoft edge and Mozilla firefox block FLoC by default. Floc is currently in early stage trials affecting about .5% of browsers in selected regions.With that out of the way, let's talk about our main story, turkish killbots.Being that this is a technology show, I try to stay as FAR away from politics as possible. I, like anyone else, have my own political leanings, but, outside of specifically discussing policy affecting the tech space, I try to keep things out of the show. Even when politics does come up, I try to constrain my commentary in scope to how a change or event will affect my listeners in the small and medium business space. That being said, when I saw this story, it's egregiousness, and its potential to serve as a vector to talk about a topic that is often overlooked in the business space, I decided that this was a conversation I wanted to have with my listeners, even if it is a bit more controversial than I like to put in.The UN has confirmed, as of a recently released report, that, back in march of 2020, Turkey deployed a fully autonomous weapons system in Libya. When I say, fully autonomous weapons system, I mean an Unmanned drone, that, armed with artificial intelligence, made decisions entirely without human input or confirmation as to if a target should be fired upon. If a person should live or die. This is a literal autonomous killbot. This is thought to be the first time such a weapons system has seen combat in a fully autonomous mode. Certainly its the first recorded case. As someone who dabbles in AI in their spare time, and interacts with software made by much smarter programmers than I at all stages of the software lifecycle, this terrifies me. Fully automated AI systems shouldn't be trusted with a number of far less impactful or permanent decisions than to end or not end a human life; I wouldn't trust an AI judge to handle a case of a traffic ticket without human oversight, let alone the decision of if someone should be killed. This isn't just my opinion, talk to anyone in the AI or software engineering spaces what their thoughts are on trusting software to run highly critical applications, like voting, or indeed war, and the near universal consensus is that these systems are not ready for prime time. Via how they operate on a technical level, their decisions are near impossible to audit, even for the engineers who designed them, they, like any software, have bugs that no amount of testing will ever uncover, and that's in an ideal case where we assume the code is secure, everyone involved in developing it is highly capable, that management doesn't rush project delivery or force any decisions upon the engineering team that negatively affected the quality of code delivered, that the physical constraints of sensors and cameras, processing power, or other hardware didn't result in tradeoffs being made, and that all the hardware works perfectly all the time. Needless to say, I doubt a single engineering product in the history of software development has been free of a single one of these concerns, let alone all of them. It's no wonder that the UN tried to ban systems like this back in 2018, though both Russia and the US exercised their Security Council veto power, leaving such systems as fair game in war. Yikes.So, let's take the time we have left in our news segment to talk a little bit about AI ethics, why they are important for businesses, what biases in AI might look like, and how these systems make decisions. We will follow up on our friday episode with a larger conversation about AI, and the value it can bring to businesses.Modern AIs are constructed with software patterns designed to mimic the structure of neurons in the human brain. However, the scale at which they do so is much, MUCH smaller than that of the brain. Where humans might have 100 Billion Neurons, these systems operate on anywhere from a dozen to a few thousand. This reduction in complexity is both a hardware constraint, simulating a full brains worth of neurons is still outside our reach without absurd hardware and absurd time, and a project management constraint; when we write code to make an AI work, a large part of that is defining how these neurons are capable of interacting with inputs, outputs, and each other. More neurons, more code, at least to an extent. In exchange for having less complexity than a human brain, we task these AIs with less complicated decisions. Rather than "What could possibly be causing this patients symptoms given their complex medical history, diet, vitals, medication, and response to prior treatment attempts, and what is the best treatment option for this diagnosis?" We ask such a system "Does this Xray show evidence of cancer?" Another important point is that these AIs are purpose built. An Xray reviewing cancer finding AI will be useless at say, identifying pedestrians in an image for a self driving car system, or even at identifying cancers in xrays on different parts of the body than what it was designed for.The next portion of this is how these AIs learn what the correct answer to their question is. And that comes from human input. Generally speaking, we show AI systems a bunch of questions that have already been answered, and the software tunes itself to come to the same answer the training data provides. This is a HUGE source of malfunction in AIs today. For instance, give a bot that reviews resumes to find the best candidate for a job opening based off the performance review scores of your current staff, crossreferenced with the resume's they used to get hired, and you have the potential for the biases of your managers not involved in the resumebot project to be reflected in the bot as well. For instance, if, without realizing it, the managers of microsoft collectively rate female employees 5% lower on performance reviews than their male counterparts would receive for the same work, and the performance review history of microsoft is used as training data, an AI will see correlations in resumes, for instance "Applicants from this all women's college should be reduced in value, as existing employees from this college perform worse on average, if only slightly." Boom, your nonhuman system has been introduced to human biases. This isn't hypothetical, this is something we have directly seen, again and again, in all kinds of bots. From bots that identify people using facial recognition failing to correctly identify people of color due to training data being disproportionately white, to bots designed to help hiring managers wade through resumes not giving female applicants an even playing field, to bots designed for speech recognition failing when confronted with accents and speech impediments. These concerns are important for businesses because, while AI seems like a great way to cut down on expensive human labor, its misuse can get a business into hot water. After all, imagine the press and lawsuits if microsoft were to implement a hypothetical hiring AI, and it was found to artificially decrease the hiring rate of women. At the end of the day, decisions made by AI need to be regularly and continually checked and audited, by humans, to ensure that the decisions reached are the decisions we want these tools to reach. So, lets take this all back to Turkey in Libya. The drones deployed have two modes, one that is fully autonomous, and one which functions closer to traditional weapon systems where it asks for human confirmation before taking any shots. This is, as far as the UN and press can identify, the first time any weapon system has been switched into a fully automatic mode like this, and, as we've begun to explore, there's simply no way that this system doesn't have a very real potential for false positives in identifying combatants, and the only way we can find these issues for sure is if we have such a false positive, which means someone is dead who shouldn't be.With that done, lets get on with the discussion we began previously on technical debt, and look at specific sources of debt that I see a lot in small and medium businesses.In writing the script for this episode, I reviewed the past few hundred tickets PC Solutions has received during the onboarding stage of our clients' journeys, as well as a selection from the previous weeks' tickets, and marked down which tickets were a symptom of technical debt to get some specific, real world examples. I identified 5 core areas where a lot of businesses are lacking, that produce additional labor or risk as a result.Email.Email email email email. There's a reason we've covered email in about four or five different shows at this point. It's an extremely powerful communication tool that, well, at this point, almost everyone hates. There's 3 mistakes I typically see in this areas1. Not using a decent email host. There's really 3 good options for email hosts, anything else causes problems. One is Microsoft 365, Two is google apps for business, which is not as good, but workable, and hosting it yourself if you're a large enterprise with well over 500 mailboxes. Anything else is a huge mistake that will end up costing you money, and give you countless headaches with spam, email delivery, trouble organizing email, space constraints, and so much else. On top of that, a solid portion of the other services out there will actually charge you more than the best in class products. Don't bother doing anything else, its not worth it.2. Poor email organization. See our episodes on organizing small business email. Without email being properly organized or managed, people run into missed emails, along with metric tons of emails they don't care about cluttering up their workspace.3. Improperly configured DNS records. Do you find that a lot of your emails go unopened, or aren't received at all? Or that your recipients find emails from you in spam? This is likely why. A lot of the customers we bring on never had their email set up quite right, either to begin with, or to reflect a change in email hosts, and the end result is poor email delivery. Documentation and policies.The hidden magic that makes a system, any system, work well, consistently, is the documentation that backs it. Without proper documentation, businesses rely on what is effectively an oral history to determine how to operate. This is less than ideal, and makes scaling the business or any employee turnover unreliable and inconsistent. The end result is this causes problems. Different people do things different ways and interact with different people also doing different things in different ways, and your product or service suffers.Business operational inefficienciesA lot of businesses have debt in the area of their business operations, and how tasks are supposed to be performed. Something has become common practice that is not ideal, and results in more work on the backend, without the affected people even realizing it. For instance, a piece of software designed to track inventory might spit out spreadsheets with its results, that employees enter into a system to reorder products, without the business realizing that those two pieces of software can be made to interact, eliminating that task. Recurring data entry usually falls into the category of work that can be eliminated, and is costing your business money needlessly.Single points of failureHere we have a big one. Single points of failure. Anywhere where your business operates with a single person or device as the only safeguard against an area of the business not being able to work properly. Problems occur when the single point of failure either doesn't work, if its hardware, or leaves, or is simply out sick if its a person. How many tasks exist in your business today that only one person does or can do? These need to be made redundant ASAPFilesharingFilesharing. I cannot count the number of times I've gone on a first visit to someone's office, and overheard the sentence "Can I borrow your computer real quick, I need a file on it," or "Can you email that file to me?" These That's our show for today, thank you so much for listening. Next time, join us for our conversation on AI, ethics and business. In the meantime, check us out on the web at www.YourOperationsSolved.com, where you can join our newsletter, and separately opt to be notified of all our uploads. I will see you next time.

Hello and welcome to Your Operations Solved, for Wednesday, May 26th, 2021I'm your host, Channing Norton, of PC Solutions, and this is the 23rd episode of our show,Listen to us Wednesday and Friday mornings at 9:30 Eastern, or on our bonus shows released on the 2nd Saturday of each month, at 2:30 PM. If you find the show helpful or informative, please do give it a like on your platform of choice, or share it to someone else who might also enjoy it.If you have a problem in your business you want solved, email us at Solutions@youroperationssolved.com, we may just feature your business on our bonus show as we tackle it to help you and others.With that out of the way, let's get started on today's headlinesFirst, an update to a prior story. We have discussed the increase in regulatory activity surrounding the tech industry worldwide on several occasions on our show. Such activity continues as, on Tuesday, the DC attorney general filed an antitrust suit against Amazon, complaining that Amazon's requirement that third party sellers not offer their products at a better price or better terms on any platform than what they offer on amazon's marketplace platform is anticompetitive and stifling. This case could have large implications both for amazon's Ecommerce dominance, and for other eccomerce players that are able to find major leverage in other niches, like game developer Valve's stranglehold on the online videogame market, which places similar constraints on developers wishing to be released on their platform "Steam." If successful, the case seeks to force amazon to change their policy and extract damages. This case could serve as important precedent to limit such pricing agreements from being standard cost of admission on many ecommerce platforms. I remember the days when you could always seemingly find a better source offering a slightly cheaper price on a product. A promo code here, a bundle deal there. The deal hunting and digital couponing world has simply collapsed over the past decade, and i'm sure many price savvy consumers, myself included, would like to see its' return. This move is also good for those businesses selling consumer goods over the internet, as it potentially threatens amazon's hold on that market. These days, businesses have to operate exclusively on amazon, or nearly so, eat amazon's fees as a cost of doing business, and be very careful not to do anything that could draw the Yellow Giant's wrath, at threat of losing their customer base. By being permitted to offer their products at better prices elsewhere, it gives small sellers the opportunity to build themselves a customer base independent of Amazon, allowing for more robust businesses, and potentially the opportunity for more innovation in products. This is good news for everyone. Except Amazon, of course.Now, onto our main story today, Payment processing giant Square appears to be preparing to launch a full fledged banking system for small and medium businesses reliant on the platform. While no official announcement has yet been made as of time of writing, data mining of their PoS terminal app shows that a recent update added references to this platform in the code. Adding code underpinning new features before they are released is extremely common in software development, and that appears to be what's going on here. According to what we can find, as best we can tell, these accounts will hook in with the existing Square debit card, and offer no fees for overdrafts or minimum account balances. This would appear to be a potentially VERY good option for retailers already relying on square's platform. We await an official announcement, and will of course keep you updated on whatever goings on happen with this developing story.With that done, let's talk about our business issues today, technical debt.Technical debt is a problem that plagues many businesses, and one that every business needs to be aware of. As any business leader knows, if you dedicate less time and resources to your technology, your business can still work. So, since technology is a cost, what's stopping us from operating on no budget, and just fixing critical problems when they come up? Well the answer here is technical debt. Much like issues anywhere else in business, it gets more expensive to fix problems the longer you let them go on. Imagine a car with a slight alignment problem. Getting your alignment adjusted at a car shop costs 300 dollars max. But if you let it go on for a thousand miles or so, all of a sudden, you're out a tire or two. Let it go on for 5 thousand, and all of a sudden you have some serious suspension issues, Let that go on, and all of a sudden, your suspension issues result in an accident you never would have had if your car handled more true. A 300 dollar fix just became a 3000 dollar fix with injuries. In the model of fixing things as they break rather than looking at matters proactively in your business IT, you run into the same issues. It is cheaper to have a proper backup system than it is to try to recover data, it is cheaper to have a solid antivirus than recover from an infection, and it is cheaper to fix an employee's inefficient workflow that wastes them a few minutes a day than it is to let them continue to be inefficient for years on end. It is cheaper to replace your computers when they are at the end of their warranty than it is to get a year or two extra out of them and have to buy one with rush shipping and loose two days of worker productivity when its hardware fails. This is technical debt. If your environment has gone a long time without being properly maintained, you likely have a lot of it. As PC Solutions often gets called in when stuff breaks in such unmaintained environments, I run into a lot of companies that are in the situation of drowning in technical debt, one of the pieces that kept everything running failed, and the entire business is suddenly unable to operate. Its never a fun day, its never worth the money saved to any business that's affected. There's a reason that most of these companies don't make the same mistake twice. So what does technical debt look like, how can we get rid of it, and what benefits to the business can we expect to see afterwards?Well, technical debt can be challenging to identify, especially for people not working in the technical side of the business, and these types of problems can take many forms, but anything that seems overly slow, breaks often, or is otherwise a waste of time and resources is likely indicative of technical debt. Technical debt can apply to security as well, and these sorts of issues are hugely important. Cybersecurity debt can look like log reviews not being performed frequently, Computers and Servers not being kept up to date with the latest updates, running old software, backups not being performed, security best practices not being followed, like forcing 2FA for important signins, and training users on handling phishing threats and proper password management. So, how does this debt get built up? Security or otherwise? Well, there's three main ways. One is things break, and aren't fixed properly, and are instead fixed haphazardly, because its' faster, easier, or cheaper. Band aid solutions absolutely exist in the technology space. Basically, something goes wrong, a process breaks, and a technician comes up with a solution to get people working as fast as possible that's not as robust as the proper way to do things. This is fine, i've created thousands of these band aid solutions, they are important to get companies up and running quickly when things go wrong. The problem is when these band aids become permanent. If the immediate pain is gone, and there's too much broken in an environment, sometimes the normal means of operation is not restored, simply because there are not resources to do so. This is bad. There is a REASON the workaround was not set up as the solution to the problem to begin with. Such band aids build up, and, over time, you have a business who's technology runs on matchsticks and glue. The next way you accrue technical debt is with inadequate training. Generally speaking, if people can figure out an easier way to do a task, they will. Normally that's a good thing, but if there's a REASON that things are done the way they are, you could be in for a problem. For instance, a lot of these user created workarounds might violate security policy, security that's there for a reason, and these workarounds present additional risk. The final way that technical debt is typically accrued is from the advancement of technology. You might solve a business problem by implementing some technology, then, 3 or 4 years later, someone comes out with a better solution, well, that old solution might be worth switching off of. Let this happen a dozen times, and, well, you're now doing what you've always done, and its deeply suboptimal. Remember, on this show, we push for continual improvement. Your operations are not the way they were 5 years ago, so why should your technology be the same? How can we get rid of technical debt? Well, there's no way around it, the answer is resources. Eliminating debt means spending the money on up to date systems, on the expertise to deploy them, and the manpower to keep them running. In the short term, this can be expensive. In the long term, by definition, things are easier and cheaper to maintain. After all, part of ANY analysis of a business IT solution is looking at the costs involved in deployment. Typically, what this means is starting by talking to your existing IT. If your team is struggling to keep up, they likely know where the problems are more than anyone. Have the conversation of "What's broken, what problems is it causing, how much would it cost to fix it, what does fixing it look like?" It will give you an idea of what you're in for. The next ingredient is expertise. If you have a mature, in house IT team, you usually have this, but if you have a solo individual, or small team, its possible the knowledge you need to do better cannot be found in house, and it's time to bring in a second pair of eyes for an audit, to see what places could benefit from some love. Finally, we have time. Organizational change takes time. No matter how much money you throw at things, you cannot eliminate the technical debt from a business overnight. Change takes time, and not all of it will be directly felt by IT. Time spent retraining employees. Time spent by executives writing policies and contingency plans with the help of IT. Time vetting new vendors. Time learning new software and procedures. And that's okay. Ultimately, your business benefits from it all. So, what are the consequences for NOT dealing with technical debt. The biggest is risk, and stability. Let's take an example. You have a file server. Its critical to your operations. It's backed up directly to the cloud, but the storage is not locally mirrored. We have a single point of failure here; if the hard drive storing your data fails, YES, you have backups, but replacing the hard drive and running a restore will, at best, take at least a few hours, and a panicked trip to best buy. In practice, such a repair is more likely to take 2 or 3 days as parts come in from online. Whats's the cost to your business from operations being stopped for a day? Two days? Even with no data loss. But the cost to add that redundant hard drive? Usually about 100 dollars. The cost to replace the drive urgently at best buy? 150? 200? No matter how you slice it, it makes sense to minimize that risk, ESPECIALLY seeing as a hard drive failure is certainly a when, not an if; Those components have set lifespans. When you have a business plagued with technical debt, you can expect unreliability and inconsistency in your operations. If you spend a lot of time putting out fires everywhere in your business, it's very VERY likely that you have a technical problem, not a cash flow problem one week, a staffing problem the next, and a customer retention problem the following.That's our show for today, thank you so much for listening. Next time, join us for our talk on the common, specific sources of technical debt plaguing the small business. In the meantime, check us out on the web at www.YourOperationsSolved.com, where you can join our newsletter, and separately opt to be notified of all our uploads. I will see you next time.

Script 22Hello and welcome to Your Operations Solved, for Friday, May 21st , 2021I'm your host, Channing Norton, of PC Solutions, and this is the 22nd episode of our show,Listen to us Wednesday and Friday mornings at 9:30 Eastern, or on our bonus shows released on the 2nd Saturday of each month, at 2:30 PM. If you find the show helpful or informative, please do give it a like on your platform of choice, or share it to someone else who might also enjoy it.If you have a problem in your business you want solved, email us at Solutions@youroperationssolved.com, we may just feature your business on our bonus show as we tackle it to help you and others.With that out of the way, let's get started on today's headlinesFirst, an update to an existing story. We've talked a lot about the ongoing global semiconductor shortage on this show. Recent press releases by Cisco have given indication that, once again, the shortage is exceeding expectations, and not in a good way. Cisco confirms that, while they have successfully locked in their own supply and pricing, that capacity of their component manufacturers proves extremely limited. Cisco also cites an increase in demand as a factor worsening their existing issues. Cisco is seen as an important indicator in the computing market, as their hardware typically gets bought in advance of large business rollouts. As such Gartner has updated their predictions on the chip shortage, and now anticipate it stretching to the second quarter of 2022. Quite a few businesses are trying to buy early to get ahead of the anticipated further squeeze in prices. Meanwhile, elsewhere in the industry, AMD has announced a new line of computer processors that, uniquely, rather than focusing improvements on speed or power efficiency like any new release line in normal times, instead focuses on intercompatibility and ease of manufacture. They are betting that the higher yield rate that these chips may be able to offer them will be enough to get consumers to buy them for sake of being available. In short, AMD is betting that the shortage will last long enough for them to fully bring manufacturing of several new products on multi year cycles up to speed for manufacturing, with enough time left over to still make a profit over R&D costs. Regardless of how you look at it, the shortage is going to be going on for a bit.Now, onto our main story, GDPR Fines. This one is a bit more relevant for our European listeners, but any listeners in america or other regions that do any business or have any presence in an EU country are subject as well. For those not familiar, GDPR, or General Data Protection Regulation, is a broad regulation covering how companies handle personally identifying information for consumers. Among other things, it requires that EU citizens be able to opt out of data collection activities, be notified of them, things like that. The law is too comprehensive to cover in detail here, though if there's interest, I can certainly break down the implications. One snag of GDPR compliance is that it applies to EU citizen data, even when they are not physically located in the EU, so, functionally, if your company does business in the EU, or serves EU customers, even simply via selling products on the internet and shipping them into the EU or delivering them digitally, you have to be GDPR compliant. In practice, of course, if you aren't subject to EU jurisdiction, then, well, there's not a whole lot they can do to you. Next Tuesday marks the third year anniversary of GDPR being enforceable, and we see that, unlike data protection laws in the US, it's far from a slap in the wrist for violators. Collectively, all 28 EU countries, plus the UK have handed out well over 330 Million Euros, or 415 Million US Dollars in fines that we are aware of (not all fines are listed in public databases), with the largest going to google, at 50 Million euro for failures to observe GDPR principles in the design of the Android Mobile operating system, and the smallest fine amusingly ALSO going to google, at $28 for failing to fulfill an individual's request for an inventory of google's collected personal information on themselves in an acceptable timeframe.Regulators have been unafraid to go after entities as small as individual people, and as large as Google in their enforcement efforts, So, what does this mean for your business? Well, if you're subject to GDPR and EU jurisdiction, compliance is key, as the fines for noncompliance are getting more and more frequent (incidentally, if you want to check out the fine listings, Privacyaffairs.com keeps a record of every GDPR fine ever issued that's listed publically), so it's a matter of when, not if, noncompliant companies get fined. Nor is it simply one regulatory body you have to keep track of; GDPR is enforced individually by every individual country subject to it. So, how do we get in compliance? Well, the only way to know that you are in compliance is a thorough compliance audit performed by a firm or expert who has adequate knowledge and experience with GDPR to make that determination, however, let me talk to you about some basic guidelines to live by to not run afoul of GDPR too much.1. When you collect data, notify the person you are collecting data on, and give them an opt out.2. Have a privacy policy on your website, and make sure that privacy policy is within the scope deemed acceptable by GDPR.3. When you let people sign up for contact, like an email list, specify each form of contact (email list, calls, texting), and allow them to opt in and out individually.4. Have a cookie notification on your site, should you use cookies, giving the visitor the ability to opt out.5. Have a means to furnish information requests. If someone wants to know what information you have on them, you do have to provide it in a timely fashion.The theme here is that, ultimately, users have control over their data, not the company. If you are transparent in what data you are collecting, how you are using it, and give customers the option to opt out of that collection, you will have gone a long way to safeguarding your business from costly fines.With that done, let's talk more on the topic we started on wednesday, collecting effective feedback from your customers, and tracking it in a way that allows you to use that data to improve your business.In our discussion Wednesday, we established the fact that WHO you are asking for feedback, WHEN you are asking them, and HOW you are asking them are all really critical in making sure the feedback you get is both useful and representative. You certainly do not want to only collect feedback from some channels, and have areas of your customer base unlikely to use that channel be unsatisified and not know it. Take the example of McDonald's offering free food to those who submit surveys about recent visits. While I don't have access to their data, it seems likely that the submitters of such feedback likely skew poorer than McDonalds' average consumer. Free food is more attractive to a broke person than a millionaire, after all. That's fine, because the feedback is still valuable, but McDonalds now has a hole in their data. They fill this hole by collecting data from secret shoppers, and occasionally running larger feedback driven promotions. How can we apply these principles in your business? Well, it starts by recognizing that there's two types of feedback, detailed feedback and micro feedback. We can see this in the fast food example. In researching this piece, I filled out a half dozen feedback forms for fast food to get an idea of the length and questions, as well as explored their apps. To any customer experience managers at national fast food chains who might be listening, I'm sorry, you got a few garbage results in from me, for science. Every single one of the chains I examined, McDonalds, Wendys, KFC, Subway, Sonic, Jack in the box, had two types of feedback available, In the app, for an order, you can provide microfeedback, that is, a single question satisfaction survey. Was this order good, thumbs up or thumbs down, variations on that. Every single one also offered the free food system... but for that you needed to fill out more questions. The winner was Wendy's here, who gives out a free burger if you complete a, by my count, 28 question survey (though by the look of it, question count changes based on your answers, so its possible you can get greater or fewer). These restaurants assign a higher value to these in depth surveys, but always make sure they cover other parts of their market with other feedback systems. We can learn from this.Standard business activities should include Microfeedback options, a "How did we do?" This way you can identify the customers who were not served properly and fix your mistake before they get unsatisfied. I will say, anecdotally, some of my favorite online sellers were not those with a perfect experience, but those where the product I got required a warranty claim, and it was fixed quickly by the seller. Similarly, if you screw up a customer interaction, and go above and beyond to fix it, you will have turned an unsatisfied customer into a loyal one, as they know they can rely on you to make things right so that they always get what they need. An example of this would be setting up feedback software to include a feedback system in your email signatures. The additional data points here will be used to to plot trends, with this, for business to business customers, you can get a read of what accounts are at risk of being lost and need extra love, and what accounts are prime for testimonials, case studies, and referrals. For Business to Consumer customers, this looks more like the McDonalds example, of providing quick feedback in your ordering system or online for your customers. Without a mobile app and a strong presence, getting feedback from as large a swath of your customers as the fast food companies do is difficult, but you should be able to get a start.You also need longer form feedback, and typically this has to either be directed at a particular person, or incentivized, or both, to collect. People don't like filling out long surveys, but will happily do so for a reward, or if asked directly, person to person, so, for business to business companies this takes the form of regular point of contact meetings.Finally, if possible, we'd like to look at other avenues where our customers talk about our company. Examples of this are online reviews and social media. Good customer experience tools are capable of tracking both of these platforms and putting you in a good position to respond to both. In addition to addressing your public image in cases of failures, and in building a brand. Look at Wendys, for instance. Careful use of these tools can help you get involved in the conversation when you and your industry are discussed, and help direct the conversation to you.So, let's talk now about where to compile all this data and how to use it. Different platforms, both industry specific and generalized, exist. A good tool should allow you to track your general Customer Satisfaction score, a Net Promoter score, which analyzes how likely a customer is to evangelize your product to others, and for account based businesses, customer health score, which is a bit business specific, develop a scoring system based on what accounts leave you based off how long they've used your product, how often they engage with it, their CSAT, number of support issues, etc. Build a model of an account that's about to fail, and make sure that your metrics would flag that account for attention and love. Ideally, in a system, you should be able to drill down into specific concerns and feedback, specific accounts or products, as well as see overview metrics in the moment and over time. The goal here is to allow you to implement initiatives in your business while having fine grained control over your Customer Experience. For instance, you might make a structural change that allows you to fulfill orders faster, and its important to keep track of if your customers feel a quality drop as a result of the change. Customer experience metrics are your way of doing that. On the flip side, you might change your packaging to something that costs a little more per order, and use your Customer Experience metrics to track if the change is worth the additional cost. For account based businesses, the net promoter score can be used to drive referrals. For non account based businesses, high NPSes could be targets for some swag, to encourage them to actually promote you.Next on the wishlist is Automation. While obviously, no Customer Experience Management platform is going to make you send out surveys manually, automated followup is another matter. Say, for instance, you had a customer that ranked you two of ten on a survey, you may want to automatically send an email "we're so sorry you had an issue with your experience. Our team will get back to you shortly to make this right."Also important is integrating with your existing CRM, if they are not the same product, you need to be able to see these stats in your CRM so you know what customers to pay attention to.Finally, Chat inboxes. Many people like using web chat boxes for quick queries, especially with the influx of decent software chatbots beginning to hit the market over the past few years.Do you have ideas on how best to utilize and collect customer feedback? Let us know about Solutions@youroperationssolved.comThat's our show for today, thank you so much for listening. Next time, join us for a conversation on technical debt. In the meantime, check us out on the web at www.YourOperationsSolved.com, where you can join our newsletter, and separately opt to be notified of all our uploads. I will see you next time.

Hello and welcome to Your Operations Solved, for Wednesday, May 19th, 2021I'm your host, Channing Norton, of PC Solutions, and this is the 21st episode of our show,Listen to us Wednesday and Friday mornings at 9:30 Eastern, or on our bonus shows released on the 2nd Saturday of each month, at 2:30 PM. If you find the show helpful or informative, please do give it a like on your platform of choice, or share it to someone else who might also enjoy it.If you have a problem in your business you want solved, email us at Solutions@youroperationssolved.com, we may just feature your business on our bonus show as we tackle it to help you and others.With that out of the way, let's get started on today's headlineThe Biden Administration has released an Executive Order detailing government and infrastructure cybersecurity. This covers immediate changes that are being enacted right now, as well as longer term plans that expand further into the private sector. This response to the SolarWinds, pulse secure connect and Colonial Pipeline hacks is an attempt to shore up US government agencies against attacks.In the early stage changes over the next 30 to 90 days, we see most of the guidance being directed towards outsourced IT providers for government agencies. For instance, a lot have to do to how these outsourced providers respond to cyber incidents. It's all good stuff. Unfortunately, the experience of myself and colleges in this industry would indicate that these new policies are unlikely to be followed. As an example case, let's take the requirement for these providers to report anything that looks like a breach, immediately, to the government, and have the government respond to it. Sounds reasonable, and it absolutely is. Best practice is absolutely to notify the hacked entity immediately, and give them the option for specialist mitigation, if you as a vendor don't have the capabilities, credentials, or experience to do it in house. Cyber forensics is a very specialized field, and one that has relatively few practitioners, and said practitioners tend to have very narrow scopes of expertise. By contrast, IT firms by their nature tend to focus on hiring generalists, and while mature ones certainly have cybersecurity teams and expertise to perform such work, notification of the client is still essential, especially in more serious incidents where legal needs to be looped in. Nevertheless, many providers can be seen sweeping security incidents under the rug; Cyber incidents are expensive, take large amounts of time, potentially stressing other accounts, and reflect poorly on them as providers, so the small stuff gets handled quickly and haphazardly, even if that's horrible from every angle legal, technical, security, and most importantly ethical. The reason I don't think that, for instance, this notification requirement will be followed is that these decisions are not made just by the legal department that only has the goal of not getting the company in hot water. The decision to determine something to be a breach and NOT sweep it under the rug is one that is individually made by every technician and team that touches the ticket. Most incidents start out as very low level, very routine things, either an alert from an antivirus, which is most of the time a false alarm, so is relegated to a low level tech triage, or an unrelated issue is being investigated when something strange is discovered. When we, as IT professionals, find a potential security breach that needs investigating, it is almost never a case of "Sound the alarm, we've been breached this is bad," so much as "Wait, why is that doing that, let me run an extra scan... Oh crap, it found something. This is a problem. Let's figure out how big of one it is." As a result, a dozen or more Technicians, Managers, Security analysts, Account managers, and executives have to ALL choose to do the right thing with a breach for it to be reported, each person with their own motives and faults that may fail to report a breach. The account executive who's afraid to get fired if they loose another account this quarter. The manager who doesn't want to loose a team member for a few hours to investigate things on a busy day, the executive who doesn't want to handle the paperwork of being involved here. Sure, mishandling breaches is unethical, but from the perspective of a stressed manager who doesn't want this breach to reflect poorly on them, it can be easy to ask "Is this one incident really THAT bad? I mean, its just one little bit of malware. Odds are it won't do any harm." While good companies are structured to make sure that security incidents are well handled, and that there's adequate oversight, not all organizations have these controls. I'm not saying that the changes coming out of the white house are bad, on the contrary, they are much needed, just that this problem is one that's very hard to regulate the industry out of.Moving into the midterm, the measures begin to affect software development companies. Initially just in their interactions with the government, but, as time goes on, interactions with their other clients and customers. For instance, the new regulations require maintaining a "Software Bill of Materials," the frameworks for which have been in the works by many industry groups for a while now. Basically, software is built on other software. When a programmer writes code, it is inevitable that they will use code from elsewhere. This comes from a variety of sources. They might run into a difficult problem to solve, turn to the internet, and find some code online that solves the issue that they adapt to fit into their program, they could rely on "libraries," which are large packages of utility code that contain solutions to frequently encountered problems, that programmers can then just reference by name, and not worry about the "how" or APIs that connect different bits of software and technology together to allow developers to utilize the behavior of a completed program or project in their software. Making this problem even worse is that all of this code from sources other than the programmer itself has the same issue, multiple layers down, with code in program A relying on library B, which itself relies on API C, which has a problem in the code that the programmers solved based off some code they found online that they didn't really understand, but it solved the problem so they put it in. This software house of cards can be best seen by the "Left Pad" incident. Back in 2016, a programmer removed a tiny snippit of library code they had written from the repository it was stored in protest of a decision made by the repository. The tiny bit of code, 17 lines long, called left pad, was used in a few popular packages, some of which were used in others. The end result is that large swaths of the internet just... stopped working, and big companies found their codebases not working. The "Bill of Materials" would force all of these dependencies to be documented, at every point in the chain. That way, if someone makes a change to a library that changes another library which changes the code in the project, it would have to be documented. The idea here is that this kind of software supply chain is potentially vulnerable to bugs or compromise, several links down, and that auditing these dependencies can allow vendors to have more control over what code ends up in their projects. Without this, an attacker could, for instance, get a malicious edit approved in some open source code far down in the chain to compromise a product in use by the government. After these software quality standards, like the software bill of materials are implemented for the government, the order provides language to phase such controls into software sold to the consumer and to businesses, by means of labeling requirements. As fundamentally, the sale of software over the internet is inherently a bit hard to regulate, for smaller projects targeted at niche consumers, I don't think that this will be overly burdensome. For larger projects like the ones we see in use in business, government, and enterprise, as well as larger, recognizable consumer products, I think that its likely this will be followed without too much issue. As this was already a practice that industry groups were pushing for in recognition of this problem, I think that this will be a very good thing for the industry, and, in the long term, the consumer and non software development business, as it will improve the quality of software products in a variety of ways.So, if you don't work in software, defense, or IT, this means that you can expect, over the next few years, the software you rely on to conduct business to be more thoroughly auditable. This codification of best practices will also improve the quality of products made. The fact of the matter is, a lot of best practices for quality code are only roughly followed in the software industry as it stands, as project managers push for faster delivery times, putting less emphasis on architecture and testing. This regulation will push up against that, and hopefully result in better software for everyone.With that done, let's discuss our business challenge for today, gaining customer feedback.An important part of any business is satisfied customers. Regardless of your business type, business to business or business to consumer, regardless of your niche, budget or premium, and regardless of how frequently your customers need your business, satisfied customers are the lifeblood of your business, they bring repeat business, drive others to your business via word of mouth, help you build a brand and following, and so much more. So, keeping our customers happy is important, and a critical investment into our business expansion. Let's talk about an important vector for doing so, customer feedback systems, and what types of businesses pair with what types of method for collecting data.Before we get any further, we need to determine what types of customers we have, and how we interact with them. After all, different means of gaining feedback work for different types of companies. McDonalds gets feedback by offering a free burger to anyone who fills out a survey. That works great for fast food, but try being a medical provider and offering a free colonoscopy to your patients who leave feedback, and you will find your program to be... less than popular, and, for the few takers, the cost for that feedback will get expensive, fast. So, let's start with who your clients and customers are:Are theyConsumers?Small Businesses?Enterprises and governments?Is your product something that your customers HAVE to buy, or something they WANT to buy? Its obvious that consumers respond differently to healthcare vs buying electronics, and businesses respond differently to purchasing shipping supplies than they do office furniture. This plays into how we want to collect feedback from our customers.Finally, what type of product do you have? Durable or nondurable? How often will people be coming back to you? This applies to services as well. It's conceivable that McDonalds could service the same customer twice in one day, but that's unlikely for a plumber or mechanic. Similarly, the customers of a recruiting agency will often do business with the same agencies over and over again for every opening, hiring every month or two from them, but the market for commercial fire restoration is, hopefully, not plagued with as reliable of repeat business.Of course, all of these categories are on a bit of sliding scales. Many a company sells to both business and consumer, or to both small business and enterprise.  Plenty of essential services and goods could be hit with the question "How essential is this REALLY?"This gives us half a dozen to a dozen broad categories of company, that will each require their own solutions towards collecting feedback. We will examine several companies over today and Friday's episode.For today's companies, let's imagine a Medical Clinic and a Marketing agency.We will start with the medical clinic. Medical services are targeted near exclusively at the consumer, they are fairly expensive, and are pretty essential. Depending on the practice, they may rely heavily on repeat business, such as a general care practice, or very little on repeat business, such as a facility specializing in sleep studies. Their customer cycle is fairly long. Unlike fast food, you generally aren't in and out of a medical clinic in several minutes. Because of these elements, patient feedback for the general care practice might be best requested at checkout "On a scale of one to ten, how satisfied were you with the care you received today?" However, with specialist clinics, the patient really doesn't have a whole lot of experience to go on, and they often don't have results yet. If this is an outpatient surgery center, they also haven't experienced the post surgical support yet. As such, an email sent 2 to 3 weeks later as part of followup might provide more useful data, even if it provides less of it. Figuring out when to ask your customers for feedback is almost as important as what you ask or asking at all. An ideal system will allow you to identify systemic problems before they start loosing you customers, address one off failures that would otherwise go uncaught and lead to a bad experience, and measure the impact of initiatives elsewhere in your business on the quality of goods and service provided. As such, the software solution that tracks this data may change depending on your needs.Next, the marketing agency. Marketing agencies are targeted near exclusively at businesses. What scale of business depends on the agency. Being a business to business company, they rely very VERY heavily on customer promotion for growth, and repeat business. Their services are a mix of one off, such as branding consultations and graphic design work, and longer term recurrent revenue such as campaign management and content syndication. Essentially is a bit harder to pin down, however. A marketing firm is by no means essential to the operation of a company, but a marketing strategy is essential to its growth. So we see it as something that businesses are very willing to spend money on if they can afford it, but also something that will get cut quickly if expenses pile up in many cases. Marketing agencies are in a good position of having a very clear performance metric for many of their activities. They can ask their customers for their growth before and in the months following their services to determine their impact, but this metric is not the only important one. things such as turnaround time on projects and adherence in a campaign to executive vision is also a concern. Marketing agencies points of contact are often executives, who may find filling out surveys cumbersome and time consuming. As such, finding place to ask interspersed throughout business activities is the answer. For instance, a marketing firm might host a portal where they upload graphic design work for their customers to examine. Having an integrated feedback form built into the download page could make it much more likely for the firm to receive responses, as customers will tend to fill in their feedback either as a requirement for downloading, or simply while waiting on their file to finish. Alternatively, for business to business customers, giveaways tend to work well. Give away a hot consumer product to 3 random office managers who submit feedback among your clients. In this kind of business to business relationship, multiple relationships are important and need to be judged, as, at the end of the day, a personal assistant won't make the decision that cuts a vendor, but they sure have influence over the person making that decision.That's our show for today, thank you so much for listening. Next time join us for a discussion on what software solutions to the feedback issue exist, and an analysis of two more types of businesses, a Florist and a Wholesaler. In the meantime, check us out on the web at www.YourOperationsSolved.com, where you can join our newsletter, and separately opt to be notified of all our uploads. I will see you next time.

Hello and welcome to Your Operations Solved, for Friday, May 14th, 2021I'm your host, Channing Norton, of PC Solutions, and this is the 20th episode of our show,Listen to us Wednesday and Friday mornings, or on our saturday afternoon bonus shows. If you find the show helpful or informative, please do give it a like on your platform of choice, or share it to someone else who might also enjoy it.If you have a problem in your business you want solved, email us at Solutions@youroperationssolved.com, we may just feature your business on our bonus show as we tackle it to help others.With that out of the way, let's get started on today's headlinesFirst, a mini story. I would be remiss if I did not at least mention the colonial pipeline ransomware attack. We are, after all, a tech news show, and this ransomware attack is front page news nationally. The fact of the matter is though, beyond the obvious knock on effect of increased fuel costs, this doesn't have direct impact on small businesses, despite the flurry of followup marketing activity by cybersecurity vendors and firms. As this is a show looking to help small businesses out, covering this story in depth would be nothing but fluff. Use this as a reminder to do a test restore on your backups, if you haven't done so recently. Anyone trying to tell you that the colonial pipeline attack changes ANYTHING for a business that doesn't have thousands of employees, is trying to sell you something, and isn't able to let the quality of their product stand by itself.Next, our main story, also a security issue, is a major bug in the modern implementation of wifi security, leaving virtually all wifi devices vulnerable.When I was looking for the main story for todays episode, I happened upon an article on a hypothetical security vulnerability with wifi. I opened it thinking that it likely wouldn't be a good fit for the show, but that I wanted to read it to keep myself informed. As I read more, however, I realized how truly unprecedented this flaw, or set of flaws was, and decided to cover it.back almost nine months ago, researchers discovered an exploit in the security protocols that underpin modern wifi that could leave virtually every wifi network on the planet open to very serious attacks, They dubbed this set of exploits FragAttacks. As is best practice when researchers discover a flaw like this, the flaw was not disclosed publicly immediately. Instead, the researchers contacted vendors to try to get the issues fixed before they became public knowledge. This is known as "responsible disclosure." After the vendors are given an opportunity to fix the bugs, the public is then given the knowledge publically. The idea here is that this minimizes the time between when a potentially dangerous issue is widely known where anyone can develop malware for it, and patches being available that protect users of the compromised product. The disclosure period, which for this flaw was 9 months, is over. Microsoft has released a patch that should ensure that windows computers connected to affected networks are not vulnerable provided they are on the latest version of windows 10.So, this bug specifically would allow someone within wifi range to-connect to a network and use it without a password-eavesdrop on the traffic between a user who was connected to the wifi, and the internet-modify or fake that traffic while pretending to be the wifi access point, for instance by loading a fake version of Amazon.com to users who tried to do online shopping, one that steals your credit card info.and much much more. This is a scary flaw.So, what do you need to do to keep yourself, your business, and your customers safe?Well for one, recognize this is a flaw that affects WIFI, and only wifi. So, any devices or computers that are connected to the internet via a network cable are unaffected. Similarly, any networks running on hardware from before the standard with these flaws was created, so older than 1997, is unaffected, though, if you're running 1997 era networking gear, you likely have bigger security problems.Two, patch your systems. Microsoft has released a patch for windows computers to be able to use affected networks safely, so, if you're on windows 10, update with the patches released on tuesday the 11th, and that PC will be safe. If you're still on windows 8.1, 8, 7, or earlier, there is no patch coming, and these systems will forever be vulnerable to these issues.Three, recognize that this flaw affects wifi hardware. So your wifi access points are vulnerable. If you are on enterprise grade or prosumer grade gear; Fortinet, ubiquiti, cisco, sonicwall, meraki, watchguard, HP enterprise, palo alto, whatever, there's likely a patch either applied or incoming, research your specific product and install it ASAP. If you are using prosumer networking hardware, its highly, highly likely that nothing will be done, and that you'll need to replace the hardware with something that's not fragattack vulnerable.Finally, recognize that this issue affects more than your network. If you work in a coffee shop or another place with public wifi, I have bad news for you. You don't have a means of checking if they are vulnerable easily. Normally, I would never recommend a consumer "privacy focused" VPN as a security product that provides actual useful protection in any sense; they're largely smoke, for why, I recommend Tom Scott's video entitled "This video is sponsored by blank VPN," about why this industry sells a product based of dubious claims for a product that is not actually useful for what its sold as, but this is the one case since about 2005 that such a solution would actually help out. If you are planning on working on wifi that you can't guarantee the safety of, EVEN if that wifi is your home wifi, I would grab a VPN. If your office has a next generation firewall, ask your IT team to configure a full tunnel VPN for you, which may be different than the configuration they used to set you up to work from home. Otherwise, any off the shelf VPN product will do the trick.with that done, let's continue our conversation on email, and talk about Spam and promotional mailings as part of our larger discussion about email flow in business.Anyone who talks to me knows I love Microsoft 365. Its a great product and makes email management for the organization fantastically easy, and provides great value. There are, however, two areas where I feel it falls really flat. Email marketing, and spam management. Furthermore, out of the box, it's an okay solution, but one that needs to be managed and configured to get the most value from, and one that understanding by business leaders benefits. So, lets look at two areas where I feel Microsoft can do better on Microsoft 365, examine the competition, and what a sensible, 365 based system that gets the best of both worlds looks like.First, we will start with email marketing and promotional mailings. This is an area typically covered by Microsoft Dynamics 365. Dynamics is a fairly young product by microsoft standards trying to compete with both Salesforce as a general CRM platform, and the slew of smaller, industry specific CRMs that still run most businesses. In that, I can't say I've worked with dynamics enough to say if its serves as a solid competition to salesforce, but, in regard to what a lot of small businesses need, Dynamics is a solution to a problem that many small businesses don't have. For small businesses, those smaller, industry specific line of business softwares simply make far more sense. Even for medium sized businesses, they're still usually a solid option. The issue with a lot of these industry specific CRMs, is that, while they do great at managing your existing business, their options for tracking potential accounts is usually limited, and their promotional email capabilities are typically nonexistent. This leaves us with a bit of a hole in our capabilities. Neither m365 nor our industry tool does email marketing very well at all. This is fine, because email marketing is actually an area where even the major tools like salesforce tend to suck anyways. Email marketing has split off into its own software field, one that is almost entirely cloud based. There's a lot of giants here. Hubspot, which also offers a "sales CRM" specifically designed to better handle leads, without trying to run the rest of your business, some that focus on really solid templates and designs like mailchimp, still others that focus on ease of use, like MailerLite. There's... a lot of products in this space, because I'm not the only one who feels the options for email marketing are rather limited by existing CRM tools. Pick one based off your needs, its features, integrations, pricing, reviews, and whatnot, give it to your marketeers, and let them go wild. There's some important notes here. One, if you want to keep your marketing emails from going immediately to spam for almost everyone, you need to make sure you talk to your IT and get some backend stuff configured for sending emails from your @companyname domain. If you don't have an IT company or team, then whoever did your website is your next best bet here. Two, you should NOT try to handle email marketing without any product via just tons of spreadsheets and sending out mails as BCC to every one of your leads. It doesn't look professional, it takes up way WAY more time than the 10 dollars a month saved is worth, and, depending on your email content, puts you at a very high risk of both having your standard emails to existing customers start getting filtered as spam, or running afoul of anti spam regulations, or both. This is absolutely a case of investing in a good tool that can do what you need out of your email marketing. If that's sending out rewards points for shopping, or promo code management, there's a product with those features. If its sending out surveys, there's a product with that. If its serving as a larger sales tool, there's products for that. So the important thing is picking the right one, setting it up right, and sticking with it.The next area where m365 falls flat is with the flip side of email marketing. Spam. To most of us, spam might not seem like a huge problem. Even if there's a lot of it, it is, at worst, an annoyance. In reality, it has the potential to be a larger problem in your organization than you think, and still informs how we should be managing our messages. This is because when I say spam, different people have different thoughts come to mind. When we think of "Spam," we think specifically of scams. For instance, the 409 scam, "Hey, I have a large amount of money that you are owed. If you first wire a bank fee to me, I will grant access to this much larger pile of money." But spam can comprise more than just obvious fakes like that. Functionally, when I say spam, let's combine it with the larger concept of unwanted messages. Recall how, in last episode, we talked about creating mailboxes for messages from vendors to cut down on vendor messages going directly to preferred inboxes. By this broader definition, those too, are spam. Unwanted messages can be scams, attempts to infect users or take over accounts via Phishing, where a message pretends to be a trusted website like paypal, microsoft, amazon, whatever, and gets you to sign into the fake site linked into the email, thereby giving the attackers your password, vendor messages that you want to archive but not look at, like receipts, and vendor messages you don't, like promotional emails for a vendor you never intend to use. All spam. Go through your inbox, right now, look at the top 50 messages. How may of them fall into one of these categories? 30? 45? All of them? Imagine if you could just get your phone pinging for actual conversations between actual humans involving you. Think of how much more you would able to address without all this vendor messaging. We could split these messages into "Harmful," which we need to kill as aggressively as possible, "Annoying," which we would also want to stop if possible, but also need to err more on the side of letting a message through if its POSSIBLE that its something you want. Archival, where we want to retain them, but not look at them, and messages we do want to get through, like 2 factor and password reset automated emails, and, again, human conversation. This level of granularity is simply outside the scope of what Microsoft 365 can do on its own. It can cut through a lot of the harmful spam, but not much beyond that. If you aren't in a position where the vast majority of the messages you see are actionable, your email is wasting you time, every day. Lets learn to recapture it.For starters, we need to look at separating the messages we want shoved in a folder somewhere from our main message stream. If its messages for say, invoices and support departments at your vendors, you can configure outlooks rules to better handle things, as mentioned. For instance, sending everything coming in from "billing@vendor.com" to a dedicated folder. For messages from vendors you want to have on hand and not delete, like update notifications for products you use, that too should go in a different folder, assigned by rules. Now comes the stuff we don't want to see at all. The harmful spam, and the most egregious of the annoying spam. If more than a few messages in this category are getting through, you need a beefier spam filter. And while Microsoft sells one in m365, it's not really that great. In studies to measure effectiveness of spam filters for business, they consistently place second to last among the serious contenders, ahead of only the base filter included with M365, and its more expensive than other options ahead of it. Depending on your organization, and how careful you are about doing things that will sign you up for unwanted bulk mailings, the base filter might be enough to suit you fine, but I suggest that everyone get an aftermarket filter. If you don't go with microsoft's option, this will also provide a failover server so that if Microsoft 365 goes down, which happens one or two days a year, you won't loose any messages, and can still get access to your mail via a separate signin while things are down. These filters also do a lot better at cutting down on the well crafted and well targeted harmful spam that, as it happens, is one of the largest sources of cybersecurity incidents for any business. Like with the mail software above, you need your IT to help you implement and manage this solution, but it should be pretty cheap, and I think pays for itself for every employee with time saved.That's our show for today, thank you so much for listening. Considering the show's recent production issues, We will be changing schedule starting next week. Catch us Wednesdays and Fridays at 9:30 AM eastern time, from now on.

Script 19Hello and welcome to Your Operations Solved, for Tuesday, may 11th, 2021I'm your host, Channing Norton, of PC Solutions, and this is the 19th episode of our show,Listen to us Tuesdays, Wednesdays, and Thursdays, or on our Saturday compilation episodes. If you find the show helpful or informative, please do give it a like on your platform of choice, or share it to someone else who might also enjoy it.With that out of the way, let's get started on today's headline.Google has announced that 2FA by default will be rolled out to google consumer accounts over the coming weeks. Even for accounts that already exist. If 2 factor CAN be enabled, it WILL be enabled.This is great news from a security perspective. A LARGE number of successful cyber attacks are able to do a large chunk of their damage due to compromising an email, and gmail, which this change affects, is by far the largest host of consumer email. While it's hard to know exactly, market research would give google a marketshare of between 30 to 70% of the personal email market by actively used mailbox count, and about 40% marketshare over the business email market. Right now, they are just forcing 2FA for consumer mailboxes, but its likely that, in the coming months, administrators of their Google Apps platform, which is used for business email, will have to specifically opt out of 2FA if they don't want it to be defaulted on there. Between these two platforms going to near universal 2FA, the internet is about to get noticeably safer. According to Verizon's 2020 cyber breach data, two thirds of successful cyber attacks against businesses leverage compromised emails. 2 Factor authentication makes compromising an email much much harder. Possible, but not without much more effort. While I don't have hard numbers to give you, I will anecdotally say that I've handled several hundred to a thousand compromised email account scenarios in my career. Of them, only a SINGLE one was on an account with 2 factor set up, despite, across the environments I've worked in, the split of people with 2FA and without was roughly 50/50. As such, this change promises to make a SUBSTANTIAL chunk, about 50% of these business cyber attacks considerably harder.With that done, let's continue our conversation from Thursday about structuring our email system.So, as a review, for our address types, we had standard addresses, aliases, distribution lists, and shared mailboxes. In structuring our mail system, we had 8 focuses.1. A good email system should leave you open for growth.2. A good email system should reduce the exposure of turnover to customers.3. A good email system should allow for customers to feel they are having personal interactions when necessary4. A good email system should provide a framework for clear internal communication.5. A good email system should allow your employees to easily identify what mail they are responsible for6. A good email system should be as free of spam and phishing emails as reasonably possible.7. A good email system should allow segregation of mail by type and purpose.8. A good email system should not allow messages sent to former employees and addresses to go unnoticed.Using the tools we outlined above, how can we accomplish these goals most effectively? It obviously depends on your business, and who your customers are and how they get in touch with you, but let's get an idea of what a good structure might look like. Give every living, breathing, human in your organization an email address. I suggest first initial last name as the format, as it scales very well and is the defacto standard, but take any format you want for naming these accounts. Just standardize it. These first initial last name accounts will be primarily used for INTERNAL communications with your employees between one another, as well as administrative functions like signing up web accounts. The only cases where employee specific accounts will be external will be in high touch positions like salespeople and account managers, where, should turnover occur, you would expect to directly notify clients of their handover. As a good rule of thumb, if the person in question is issued business cards, you can expect traffic from your customers or vendors to this address.Next, examine every external facing department or activity. These are the areas that you want to protect from turnover. As such, they should be assigned shared mailboxes, with access granted to each person who could handle such requests.There's a few applications here. Broadly speaking, they fall into 3 categories.1. Emails that you post online. For instance, the bottom of your website might list Sales@company.com, or Customersupport@company.com. Depending on the nature of this email address and the level of personalization required, you will then either respond to incoming emails by reaching out to submissions from a direct email address, like what you'd want with a sales inbox, or merely by replying, for instance with a support address.  2. The next application I see is for regular customer communication. For frequent touch, regular business activities, with existing clients, like a healthcare clinic scheduling appointments, a support vendor's support requests, a wholesaler's order address, or an insurance company's claim address.  For these applications, customers are not expecting to get a direct inbox in response; even if they are expecting a personalized response of some sort, having that personalization in the form of an email signature or greeting will suffice.3. The next use I see for mapping shared mailboxes to business activities are for use by your staff. In communicating with our customers, we all run into situations where a customer makes a request via the wrong channel or to the wrong person. Shared mailboxes are a great way to allow your staff to easily send these responses to the correct place. For instance, if you were a wholesaler, and had a customer make a complaint to the quality of a fulfilled order to your orders inbox, you could create a catchall "Account Management @ company .com" address for your orders team to forward the issue to. In this case, it's not important that your customers know about this address, but instead that the associated team has a centralized place for requests sent out of channel. Beyond this, I do also suggest that any customer facing shared mailbox be given several aliases for likely misspellings and miscategorizinations. For instance, you might have both Sales @ company dot com and Sale @ company dot com going to the same place to make sure that that inbox doesn't miss any messages with mistyped or misheard addressesWe now have made great progress in curbing the chaos of handling messages for our customers, but what about other types of messages?By far, the biggest offender here are vendor sales emails. At least in my field, if I reach out to a vendor ONCE, to get their pricing or demo their product, they will continue emailing me for months or YEARS later, and unsubscribe requests are not always honored, certainly not to the extent they are with more public mass email lists. Similarly, even the vendors I USE give me a lot of emails. Bills, update announcements, new products, sales pitches to step up to a higher pricing plan on what I use,and so SO much more. For this I like using shared mailboxes as spamtraps. When I want to sign up for something that will put me on a vendors mailing list, it goes to an inbox dedicated to that. I actually have several divided by purpose. Combined with a number of inbox rules, vendor spam is largely easy to tame, even if setting up the rules can be a touch time consuming and arduous.Before we finish for today, let's touch again on internal communications, and a use case for one of the tools we've largely ignored so far; distribution lists. Largely speaking, I would argue that most of what a distribution list does, a shared mailbox does better. However, there are some exceptions here. The biggest is departmental distribution lists intended to allow people to easily send announcements to an entire department or workgroup. This would not be the place to send work to that workgroup, that would be their shared mailbox, but instead to alert everyone on that list of say, a procedural change. Functionally, if something is in your personal inbox, you are responsible for it. If its in your departmental shared mailbox, it is the responsibility of the department as a whole to ensure a single person within the department handles the matter. This allows ascribing responsibility for each message. The end result is that managers and employees from other workgroups have the toolset to ensure that information that needs to be distributed within your organization is sent to exactly who needs to see it, and that responsibility for handling or addressing that communication is clearly determined by the sender.There's still a bit more to this conversation, so join us tomorrow for the last third of perfecting your email system.That's our show for today, thank you so much for listening. Tomorrow, join us for ___XXX___. In the meantime, check us out on the web at www.YourOperationsSolved.com, where you can join our newsletter, and opt to be notified of all our uploads. I will see you next time.

Hello and welcome to Your Operations Solved, for Thursday, May 6th, 2021I'm your host, Channing Norton, of PC Solutions, and this is the 18th episode of our show,Listen to us Tuesdays, Wednesdays, and Thursdays. If you find the show helpful or informative, please do give it a like on your platform of choice, or share it to someone else who might also enjoy it.With that out of the way, let's get started on today's headlinesFirst, an update to a prior story. On our eleventh episode, entitled "China's Changes, and Supercharging your Sales Engine," we discussed China flexing it's political muscles to reduce the independence with which its Tech Giants such as Tencent and Alibaba were able to operate. The CCP regime has again made its will known via the Bank of China, which has released new guidance in how companies within the country are expected to operate. While a slew of changes were introduced, the most sizable are in regards to curbing the activity of epayment apps like Tencent's WeChatPay, and Alibaba's AliPay, equivalents in function to Venmo or CashApp. As per our previous reporting, we can expect the Chinese tech titans to focus more on the Chinese market rather than external markets, which may cause supply chain interruption, but also clears the field for others in their niches.With that out of the way, let's move onto our main story,, another big data breach.I'm beginning to think that we need to have a dedicated podcast section for important data breaches, cyber attacks, and compromised supply chains. It seems that it's almost half of the news we cover here. Regardless, a product called "Pulse Connect Secure VPN," used by primarily large networks, has been confirmed to be compromised by a major security flaw. Worse yet, the US CyberSecurity and Infrastructure Security Agency has confirmed that Chinese affiliated state actors have been utilizing the flaw for at least a month, and has compromised at least 5 known US agencies, though CISA did not indicate WHICH agencies were compromised in their press release. If pulse secure connect is in use on your network, there is a tool available, the pulse connect secure integrity tool, to plug the hole that this vulnerability in your network represents. That being said, most small businesses will not be *directly* affected. What's far more concerning about this particular breach is the fact that we have confirmed exploitation of US government agencies. This is, to say the least, scary. With over a month of uncontested access, we could see this turn into an incident as large or larger than the 2013 OPM hack, which, to this day, remains one of the most damaging cyberattacks on record because of the volume and detail of the information that was compromised. In that case, it was full security clearance background checks for anyone who had requested a background check since the switch to computers for OPM, affecting government employees, contractors, and private industry employees in the defense sector. Right now, as a small business, beyond a check to confirm that you don't use this product, there's not a whole lot you need to do directly, but I imagine, as more details are released on what entities were successfully compromised by the attackers and what data was exfiltrated comes out, that's sure to change, so I'll keep you posted.With that done, let's talk about today's solution, improving email flow in small businesses.So, let's start by exploring what email looks like for a lot of organizations in the 5-25 person size range. I typically see one of two options. One, typically present in low turnover organizations, is the simple, personalized system. Either First Initial lastname @ company.com or firstname @company.com. Everybody gets their own mailbox, and, when people leave, mail is either forwarded, checked by another employee, or simply ignored, possibly with an out of office responder set to notify people of the employee taking over the persons responsibilities. There are significant benefits with this system. Namely, customers feel more attached with the personal touch of reaching out to individual reps, and everyone has a clear scope of what mail is their responsibility and what isn't. There are, however, some downsides. Turnover for customers can be very jarring. I've set a lot of autoresponders on these types of mailboxes for people who have left a place of employment, and the only one that ever seemed to me like it would be pleasent to get from an inbox was one to the effect of "After 15 years of service, Beth has retired, we wish her the best in her endeavors going forward." The other side of this is some people will not get the message. Indeed, I can recall, in the months after setting that autoresponder, I myself hit it at least twice... There were two Beths at the company, and the person in charge of triaging tickets at the tech support company I was working for at the time occasionally put the retired Beth in as the affected user. Finally, this system makes your turnover more visible to your clients and customers, which, while a natural part of  doing business, is needless to say, not something we like advertising.The other main approach I see is departmental email addresses. Sales @ company.comorders @ company.comAccounting @ company.comand what have you. There's also typically a few people such as the business owner and veteran employees, who are grandfathered in from before this system is in place, as the former is kinda the default.These mailboxes are usually staffed by a single person, but occasionally I do see multiple people assigned. These have the benefit of helping you scale up your operation easier, as these department names can easily be scaled from one person to two to five, without much customer impact. The downside is that interacting with a mailbox called "Account management" is a bit... machinelike, and would not, at least for me, be an ideal customer experience. Furthermore, this can cause in-office communications to be a touch hindered, especially in smaller organizations with less clearly defined roles. You run into questions like? Who is accounting again? Is it stacey, or is it Clark? I think Clark is accounts receivable. This is not ideal, and can impact efficiency and ease of communications for employees and customers alike.So, how do we fix this? Let's start by estabilishing what our goals for an ideal system are, so that we can better figure out how to get there. 1. A good email system should leave you open for growth.2. A good email system should reduce the exposure of turnover to customers.3. A good email system should allow for customers to feel they are having personal interactions when necessary4. A good email system should provide a framework for clear internal communication.5. A good email system should allow your employees to easily identify what mail they are responsible for6. A good email system should be as free of spam and phishing emails as reasonably possible.7. A good email system should allow segregation of mail by type and purpose.8. A good email system should not allow messages sent to former employees and addresses to go unnoticed.So, What does this look like in practice. Well, let's examine the tools we have available. First, we have standard email addresses. From a formal perspective, these are addresses that can be directly logged into, and can send and receive mail. Ideally, in your organization, you should have a ONE TO ONE mapping of employees that need any kind of email access at all, and these accounts. Next, we have distribution lists. These are the lists you might see that are, for instance, "employees@company.com." They don't hold any mail themselves, but instead forward out any mail received to a preset list of addresses, such as an all company email list. These can be configured to accept mail either form anywhere, or only from your internal emails. After that, we have Aliases. Aliases are not themselves email accounts, but allow a single email destination to be accessed via more than one addressed. For instance, you might have an employee that gets married, and changes their name, and set them up to be able to receive mail both at their old address, and their new name, without there being any difference in the way the mail gets treated. Finally, we have the crown jewel of email management, in my opinion. The Shared Mailbox. Not all email hosts have this feature, but the three main enterprise email solutions, Microsoft Exchange, Microsoft 365, and Google Apps for Business, all do, in various names. A shared mailbox can be thought of as a PO box wherein the key may be given to multiple people. Nobody can log into the mailbox directly, much like how nobody lives at their PO box, but anyone with permission can see and access the mail in the shared mailbox, and manage it just like it was in their own account. Unlike a distribution list, however, where mail gets copied to each persons inbox, in a shared mailbox, actions are, well, shared. There's only one copy of the message. If someone marks it as read, or replies to it, or moves it to a different folder, these actions are reflected for EVERYBODY with access. Also differentiating it from the distribution list is that messages can be sent FROM them, without revealing the email address used to access it.These tools should give you some inklings for how to look at improving your mailflow, but there's quite a bit more to making our email flow as painless as possible. More than I could cover in a single episode, as I realized when this script reached about 60% longer than my target length, and I was still typing. That's our show for today, thank you so much for listening. Check us out on our tuesday episode next week where we move from theory to application, and show how we should utilize these tools to make our business communications smoother. In the meantime, check us out on the web at www.YourOperationsSolved.com, where you can join our newsletter, and opt to be notified of all our uploads. I will see you next time. Tomorrow, join us for ___XXX___. With these tools in mind, how should we structure our email, and solve common email problems?Well, I would suggest, 1. Give every living, breathing, human in your organization an email address. I suggest first initial last name as the format, as it scales very well and is the defacto standard, but take any format you want for naming these accounts. Just standardize it. These first initial last name accounts will be primarily used for INTERNAL communications with your employees between one another. The only cases where these will be external will be in high touch positions like salespeople and account managers, where, should turnover occur, you would expect to directly notify clients of their handover. As a good rule of thumb, if the person in question is issued business cards, you can expect external traffic to this address. Otherwise, it will mostly be used for internal purposes, and to grant access to other addresses like shared mailboxes.Next, examine every external facing department or activity. These are the areas that you want to protect from turnover. As such, they should be assigned shared mailboxes, with access granted to each person who could handle such requests. Direct your customers to this location. This includes areas which you want the personal touch of customers using individual people's addresses. This is so that you have a central location for "Catch all" requests, such as for posting a sales email inbox online. It also gives your employees in other departments a central place to email that department. Let's look at this in the context of PC Solutions, and see how we handle things. PC Solutions is an IT support firm. As such, our customers need the ability to submit tickets, potential customers need the ability to request information, and technicians need to be able to direct requests that should go to account managers that came into the technical support queue to the account management team. Here we have the three main use cases for these shared mailboxes. First, our routine business operations with our customers go to the ticketing address. For other companies, this might be an "Orders" address, or the like. That's our show for today, thank you so much for listening. Tomorrow, join us for ___XXX___. In the meantime, check us out on the web at www.YourOperationsSolved.com, where you can join our newsletter, and opt to be notified of all our uploads. I will see you next time.

Hello and welcome to Your Operations Solved, for Thursday, April 29th, 2021I'm your host, Channing Norton, of PC Solutions, and this is the 17th episode of our show,Listen to us Tuesdays, Wednesdays, and Thursdays, or on our Saturday compilation episodes. If you find the show helpful or informative, please do give it a like on your platform of choice, or share it to someone else who might also enjoy it.With that out of the way, let's get started on today's headlinesFirst, we have an update to the ongoing global semiconductor shortage that we have discussed on several occasions on this show. Major chip manufacturer UMC has annouced that, rather than focusing their capacity and resources to increasing production of newer chips, they will begin producing older chips at a higher volume, citing the higher yield rate of these easier to manufacture chips. These computationally weaker designs require higher power, and are below modern standards for use in computers and the like, they are sufficient for replacement of chips in embedded systems applications like the automotive industry. This promises to ease the supply shortage slightly that is affecting these embedded systems industries, but may worsen the shortage for higher power uses like game consoles, and desktop and laptop computers as the capacity is diverted. This is a rare and unusual move, as most fabrication companies like UMC race towards producing the most advanced chips they can, as they can be sold at much higher margins and stay relevant for longer.The end result of this is that equipment purchases that fall outside the range of traditional electronics such as vehicles and industrial machinary are likely to have their prices be less affected by the chip shortage, making them cheaper to buy several months from now than they otherwise were likely to be until late 2022 or so.The shortage for computers and computer components, on the other hand, is likely to be worsened, with major online retailer Newegg having expanded its already unprecedented raffle system for the chance to buy some hard to find components, leading to even further inflated prices.next, our main story. Following the ongoing trend of regulators around the world taking a recent interest in big tech, lawmakers from the US senate judiciary comittee spoke with the leaders of Twitter, Facebook, and Youtube on Tuesday. Rather than the confrontational tone that such discussions usually take, however, today the tone was one of collaboration and cooporation, as the leaders of both public policy and social media discussed how the technologies we have today can be used to achieve important goals such as reducing the spread of misinformation and extermist content, as well as what regulatory measures can be imposed to ensure these goals are achieved. As part of these discussions, the committee also met with experts in the field of digital ethics, who were subject to similar questioning and discussion.Making the interaction even  more unusual by the standards of discussing regulation in business is that these discussions seem to have broad bipartisan support, bringing together members as diverse as Senators Ben Sasse and Dick Durban, as well as other notable voices such as President Biden's acting chair of the FTC, Rebecca Kelly Slaughter. This high degree of cooperation in regards to working to reduce the spread of extremism and misinformation online is certainly a signal that the political winds are changing. The result of this for your business is that there are likely to be changes in the algorithms that drive what posts appear in social media news feeds, which are an essential means of advertising for many businesses of all sizes. It's likely that local, accurate, and time relevant content will be pushed to the forefront, as that seemed to be the desire of many of those speaking on capitol hill on Tuesday. The precise details of these algorithmic changes and what content will get prioritized at the expense of what existing content that is presently successful on these platforms, is yet to be seen. Should any company announce algorithmic redesigns in the future relevant to advertising, or major regulation that could force such changes be put under consideration, we will certainly make an update.With that done, let us discuss our business improvement for today.  The benefits of a properly deployed, cloud managed phone system.While increasing amounts of our business are conducted over email or other electronic communication means, there's still nothing quite as convenient for some conversations as a phone call. As such, we all have phones. The most common setup I see in offices with 5 or fewer people is a single line, with a phone at everyone's desk, and all phones ring at once. With offices with 5 to 25 people, I tend to see a dedicated receptionist, who picks up all calls, and routes them to the correct extension manually. Basically every office past around 25 people, has a cloud phone system. And, as an office much smaller than 25 people, I will tell you that PC Solutions has one as well. Let's explore why, and what value I think it can bring to small businesses.So, at least for me, by far the greatest benefit is one of flexibility. Despite having a business line, I don't have a desk phone. Calls destined for me go directly to my computer, or, should I be away from it for more than a few minutes, my cell phone, without revealing my personal cell to clients. If I'm at a client site, or driving, I can take the call just as easily as if I'm at my desk, and our customers see no difference, other than perhaps a slight drop in connection quality. Also beneficial for the small business is the ability to have a call schedule. Calls during PC Solutions' regular business hours get directed to our technicians' phone group, but after hours, customers are greeted by a voicemail box where they are given the option to submit a ticket as regular, for response the following business day, or emergency, which alerts our on call system to notify whoever is on call until they respond.This intelligent routing, which can be extended to include automated menus, forwarding calls to different numbers, sending voicemails to different voicemail boxes, ringing phones in sequence as each phone is left unanswered until someone answers theirs, or just about anything else you can imagine, is all made possible with a cloud phone system. It allows us to spend less human time routing calls, and more time on our core responsibilities. It also makes it easier for clients, prospects, and vendors to reach the correct person, improving our quality of service, and reducing frustration. Finally, this system allows me to draw a much more firm line for work life balance, which I suspect is a concern for just about every small business owner out there, not just me. There's a number of little minor benefits as well, too, that won't save you money, but do just make things... easier, like how most of these systems come with a virtual fax machine that simply works without any setup or hassle whatsoever, for the half dozen times a year I need one, that also sends and receives faxes in, at least a little bit higher quality than I've come to expect from fax.This all sounds too good to be true, so what's the cost look like? Well... surprisingly affordable. The system I have is actually cheaper per line than my cell phone plan, and was only 5 dollars more expensive per month, per line, than a traditional phone system through our internet service provider that would have required I purchase a handset and been tethered to my desk. I cannot recommend this more enough. They are dirt cheap, easy to set up, and just... easy. Even for one to five person operations, you will love the flexibility. This is probably the most no brainer piece of advice I've ever given on this show. Just do it, and watch communication get easier overnight.That's our show for today, thank you so much for listening. Next week, join us for a conversation on how I like to organize small business email to tame the spam beast, and make employee turnover less jarring for customers, while also setting your business up for individuals changing responsibilities. In the meantime, check us out on the web at www.YourOperationsSolved.com, where you can join our newsletter, and opt to be notified of all our uploads. I will see you next time.

Hello and welcome to Your Operations Solved, for Wednesday, April 28th, 2021I'm your host, Channing Norton, of PC Solutions, and this is the 16th episode of our show,Listen to us Tuesdays, Wednesdays, and Thursdays, or on our Saturday compilation episodes. If you find the show helpful or informative, please do give it a like on your platform of choice, or share it to someone else who might also enjoy it.With that out of the way, let's get started on today's headlinesFirst, an update to a previous story. On our very first episode, entitled "What is IT. How can it improve your business," we talked about a proposed acquisition of social media startup Discord by Microsoft. Discord has announced that they are backing out of the deal, and will instead be seeking an IPO. This is likely in part to the discord userbase being generally wary of the deal, as microsoft has managed several platforms with similar formats to discord, and is seen as being unsuccessful in doing so. As a discord user, I do think that this is good for the platform as a whole from a community management perspective, but as an IT provider, I do think that the possibility of integrating discord into the microsoft stack was exciting, and a part of me is sad to see that possibility go away. That being said, I think discord is a great platform, in fact, I met my wife on it, so I am excited for them going public nonetheless, as well as whatever they have in store for us going forward as far as new features and capabilities. Should any of them be relevant to business and marketing, I will certainly update you.Next, we get onto today's main story. Another day, another major data breach it seems, as 2021 has had quite a few. Australian Developer "Click Studios" was hit by a supply chain attack that compromised their password management tool, passwordstate, the developer announced in an email to its customers on the 23rd of this month. As the tool is used globally, and this announcement was sent via email to only customers thought to be affected, the first press reporting from english sources I have seen of this hit today, as news has been trickling in worldwide. Password state is an enterprise password management tool used by large enterprise customers, including over 100 of the fortune 500 companies, as well as a very large proportion of outsourced IT providers. As such, this breach affects more than just password state customers. The reason for this is that, as password state is designed specifically for IT users in mind, and markets almost exclusively to them, the passwords contained that have been compromised are going to be largely passwords for firewalls and servers. As such, if you are a business owner, you need to check with your IT team, be they in house, or outsourced, and confirm several things.1. That they do not use password state2. That no vendor that has access to any of your infrastructure uses password state3. That if anyone does use password state, they update it ASAP according to the instructions in the email from the vendor4. That if anyone does use password state, that you change every password that that vendor or department may have had access to as soon as they update it, but not a moment before.In my opinion, the quiet manner in which this VERY serious breach was disclosed is unacceptable. This is a breach with global consequences, and leaving the world at large in the dark about things, while knowing that this breach affects more than just your direct customers is... disgusting, for lack of a better word. While I can vouch first hand that password state is an fantastic product, I would even argue the best on the market for password control in certain use cases, this manner of breach disclosure makes me unwilling to ever consider click studios as a vendor going forward. The risk of not hearing about another breach like this is far, far too high.As a disclosure, PC Solutions did previously make use of this product, however, we migrated off of passwordstate in Febuary of 2021. As our password state server was not running at the time the compromise took place, we are not affected by this breach.Passwordstate developer click studios did not respond to my request for comment on this breach via email prior to recording, and all of their phone lines are busy or out of service at time of recording. Should they respond in future, an update note will be made.With that done, let's talk about our main topic for today, document and contract management. Depending on your industry, you may spend a lot of time shuffling documents and contracts around. Looking at you, lawyers, but its not just the legal profession that does, many Business to Business companies, companies involved in real estate, or large scale projects like construction also spend a lot of time managing contracts. It's likely that, even prior to the pandemic, such companies were making use of Esignatures on their documents, but most are not utilizing that technology to its full potential. This is where Document and contract management tools come in.If you're like most companies using esignatures, you send out a contract proposal via email with a link to your document, and get an email back when the recipient signs things. Maybe it even gets fancy and sends out a reminder email or two on your behalf. This works well enough if your volume of contracts is small, perhaps two or three a month, but beyond that point, there's a lot more efficiency that can be gained. Let's examine the workflow around that contract.Prior to sending out the contract, you have a series of exchanges with the signee to determine some information that will be codified in the contract, say the sale price for a house, or the exact nature of services within your scope of services that they require. You then have a template document that you prepared that you stick that information into, you send the document out via email, you wait, a few hours or days later, you get an email saying the contract has been signed, and then you go into a few different pieces of software to mark that contract as signed, for instance, quickbooks to put in the revenue that that signed deal represents, and perhaps set up an invoice, and your CRM suite to update the status of the customer as a landed deal. Finally, you might send out an email to the office stating that "So and so has signed their contract, they are now a customer rather than a prospect" or "Such and such house just sold, don't show it off to any more potentials." All of this makes the process of sending out a contract take an hour on each end, or more. These are the inefficiencies a document management system is designed to eliminate.We have a case of double entry here, which is always indicative of inefficiency, It's subtle, and I will admit, I didn't spot it at first when I was introduced to these tools. Can you see it?We're entering say, a sale cost into quickbooks, but we've already entered it somewhere... the contract itself. If our contracts were more than just... images with signature fields, if they were smart, we'd be able to pull that information out, along with other information in the contract, and push it to our various systems, and this is exactly the idea with contract management tools. Let's re envision the contract signing process.You negotiate with the other party. As you do so, you are updating a template contract, which can keep track of revisions, in case you need to revert terms, or check your negotiation timeline. Once you and the other party are in agreement about the terms, you can, with one click, render the final document, and send it out to them, potentially from your main line of business tool, rather than a seperate one. You can check the status of your contract from that line of business tool, to see when they sign it, and automated reminders go out. When the contract gets signed, all of that information, those emails to the office, the invoices generated, the statuses in your CRM updated, whatever, happen automatically, saving you time on every single contract. Such tools also keep a helpful repository of contracts in one place akin to an actual file drawer, and easy to back up or export to other tools and media if needed. These document management systems have certainly been helpful in my practice, and I'm sure they can be helpful to a number of my listeners as well.That's our show for today, thank you so much for listening. Tomorrow, join us for a conversation about a better phone system. In the meantime, check us out on the web at www.YourOperationsSolved.com, where you can join our newsletter, and opt to be notified of all our uploads. I will see you next time.

Hello and welcome to Your Operations Solved, for Tuesday, April 27th, 2021I'm your host, Channing Norton, of PC Solutions, and this is the 15th episode of our show,Listen to us Tuesdays, Wednesdays, and Thursdays, or on our Saturday compilation episodes. If you find the show helpful or informative, please do give it a like on your platform of choice, or share it to someone else who might also enjoy it.I do apologize for the lack of episodes on Thursday and Saturday. I have been immensely under the weather after my second dose of my Covid Vaccine, and was unable to produce the show. Our future production schedule will not be affectedWith that out of the way, let's get started on today's headline,Lawmakers heard testimony from google and apple last wednesday in regard to alleged monopolistic practices of the company's app stores. Combined with the additional interest lawmakers seem to be taking in the ARM/Nvidia aquisition we examined last week, and oversight in the wake of the SolarWinds breach, it would appear that legislatures are more willing to get involved in the technology industry. The industry as a whole has been left largely without regulation over the past 25 years, which has resulted in the rise of a few dozen tech giants into perhaps 8 or 9 major niches which they thoroughly dominate while providing little in the way of innovation, or consumer friendly practices. As such, I feel this additional attention to be beneficial for consumers and small businesses alike.In regard to the App store question, it has previously been proposed in the EU, as well as by representative Ocasio Cortez, that companies should not be permitted to own both a marketplace and proudcts on that marketplace. For instance, Apple could choose to have its own, apple endorsed News app, OR an app store that sells or offers news apps, but not both, or amazon, which could EITHER sell batteries online, or have their own "Amazon basics" battery line. This proposal is made to recognize that, unlike in the brick and mortar space, in digital storefronts, companies have a significant ability to both undercut their in market competition on margins, while also promoting their products more uniquely and effectively on that storefront by say, giving themselves priority listings in search results, than any non marketplace competitor could ever hope to. Specific responses have not yet been revealed by the House, but it is likely that changes will at least be proposed. We will be sure to keep you up to date on them when they are revealed.With that done, let's move to our main conversation today, talking about standardizing your employee training materials and process.If you are like most small businesses, your hiring process is very fly by night. You get some resumes, have an interview, hire the most qualified candidate you can find, they start, and are dropped into their position and told to figure it out, and directed to a similar employee who they can ask for help while learning. This, while easy from the businesses perspective, is less than ideal, as it will take a long time, usually the better part of a year for white collar workers, for the employee to be as effective as they are capable of being. This makes sense, as, while the new hire might well be an expert in the field of work they are performing, they are NOT an expert in YOUR BUSINESS. As such, their learning process is one of figuring out how to make their academic knowledge of the field apply to your business practices and specific environmental concerns, like the exact mix of software you have, or your management structure. Let's take a look at how we can optimize this process to get more out of our employees earlier, with less investment in training.1st, We need to have clearly defined and bounded job roles, which can be accomplished via SOPs, and a central repository for them to be delivered on. Giving the new hire these documents allows them to have a final source of truth for how to do their job. That being said, having a giant pile of procedures dropped on an employee is likely to give you... less than effective results on its own.2nd, We need to have an effective means of communicating the core duties, tasks, and procedures to our hire. This will vary by field to field and position to position, but generally, we see this done in two ways, shadowing senior employees, and training videos. I find that traditional training videos provided by software vendors to be lacking. Typically they focus on HOW to do a task, but fail to give the context of WHEN to do the task, as that question is specific to your business. This impedes their usefulness dramatically.3rd, we need a way to handle edge cases. After a few days or weeks, new hires tend to know how to do the broad strokes of their job, but still need to ask supervisors for when they get tripped up. This is a way to solve the problem, but interrupts workflows of both the hire and the manager, so can be less than ideal.4th, we need to communicate priorities of how the work should be performed. For instance, is speed or accuracy more important in this particular role? What order should tasks be performed in. Stuff like that.5th, we need to help our hire pick up new skills necessary to perform the work that they did not originally possess6th, and finally, we need to communicate to employees how to do their job most efficiently. The more advanced tips and tricks that you want them to pick up.Trying to communicate all this in the first few days of a new job for someone, along with everybody's names, can be very overwhelming, so, let's look at how we can change this up with technology, specifically adaptive learning technology.Adaptive learning is a technology that allows learning materials to restructure themselves in response to a learner's performance. Much like a tutor might assign a student additional homework problems on a topic they struggle with, so too adaptive learning will identify gaps in an employees skills, and direct additional focus to those gaps to keep them engaged by not covering information they already know, and improve their knowledge retention by covering the content thoroughly until mastery is directly demonstrated. On the first day of our employees' new job, they are introduced to your business, your mission statement, and company culture, as well as their workgroup. Fundamentally, the goal of the first day is for them to understand the model by which your company makes money, and the role in which they will be serving the company in that respect. Fairly standard stuff. Next, on day two, they should shadow someone with the same responsibilities, to see what the work performed will actually look like.For the remaining 3 days of their first week, they will find themselves enrolled in the adaptive learning, in a course created by your company for employee training that focuses on your business processes.Day 6, they will spend performing the task supervised directly by their shadow the first half of the day, with more adaptive learning in the second half.Day 7, they get introduced to the Standard Operating Procedure library, and once again perform their work supervised, albeit at a greater distance.Day 8, their mentor begins referring their questions to the SOPs to get the employee used to how the library is structured.Day 9, Employee is now unsupervised and fully capable of doing their job.After 30 days, employee is enrolled in an adaptive learning course discussing how to work most efficiently at their tasks, which they complete continually for 1-2 hours a week. This continued education can be used to introduce new skills, build confidence in areas of weakness, or prepare an employee for promotion, all without much direct supervision.By having a structured and standardized approach to training, we have ensured that our employee gets up to the level of competence we would expect after two weeks of traditional training by the end of day 6, and the competence we could expect from a year of experience in their position after around 60 days. While obviously exact results will vary by field and individual employee, these numbers are consistent with research on the matter. The other side benefit of this structure is the demand placed on the mentor is dramatically reduced, as there are fewer interruptions by the trainee to their mentor. I've worked to implement this structure several times with dramatic results each time.So, I hope you have seen how a better approach to your employee training can get your new hires productive faster, make training less of a burden on your operation, and help you introduce continuing education topics to your employees, but what are the knock on effects?Well, with this system, you are communicating that your standard operating proceedures are the final authority for ambiguity. By doing so, you enforce more standardization in your product delivery. You are also helping get your employees settled in faster, and better, which puts less strain on both employee and manager, leading to better staff retention, finally, you are making it easier for you to scale by making adding new people a more uniform, and therefore predictable process. Better training has a place in your business.That's our show for today, thank you so much for listening. Tomorrow, join us for a discussion on documentation and contract management. In the meantime, check us out on the web at www.YourOperationsSolved.com, where you can join our newsletter, and opt to be notified of all our uploads. I will see you next time.

Hello and welcome to Your Operations Solved, for Wednesday, April 21st, 2021I'm your host, Channing Norton, of PC Solutions, and this is the 14th episode of our show,Listen to us Tuesdays, Wednesdays, and Thursdays, or on our Saturday compilation episodes. If you find the show helpful or informative, please do give it a like on your platform of choice, or share it to someone else who might also enjoy it.With that out of the way, let's get started on today's headlines. First, an update to a previous story. In the fourth episode of our show, entitled "Business Intelligence driven Stocking and Inventory. Decrease overhead, build loyalty and repeat business," we discussed the chip shortage for the first time. If you will recall, the small number of factories that produce the microprocessors that are used by the dozen in every device containing electronics, have been suffering from production shortfalls as a result of a number of factors. Covid, increased demand, decreased production yields, natural disasters, and others. This has led to price hikes and reduced availability of a number of products across the global economy, from Computers and Playstations, to Cars and Dishwashers.To quote Sanjay Mehrotra, the CEO of micron, who is one of the worlds largest manufacturers of DRAM, one of the most widely used and most scarce types of chips. QUOTE "we expect the supply shortages to continue to be tighter through the rest of the year as well, and as we look ahead to 2022 as well, we expect that trend to continue as the world economy rebounds."This statement is consistent with recent statements by other major players in the semiconductor industry. Regardless of who you get your news from, the chip shortage is here to stay, possibly longer than anticipated. As for what this means for your business, expect anything remotely electronic to cost substantially more in coming months, and have more lead time. Affected acquisitions should be delayed if possible, to ensure that your dollar goes the furthest.With that done, let's move on to today's main story. The United States has formally declared the SolarWinds Orion attack to be a state sponsored cyber attack perpetrated by Russian actors. To remind you of this story, since news broke in December of last year, solarwinds, which has since rebranded to N-Able due to the press fallout of this attack, makes monitoring and remote control software used by IT professionals to monitor networks and manage the equipment on them. Among their portfolio of products is a piece of software called Orion, which gets deployed to primarily high security, large networks, the types of networks you would see at major organizations, like fortune 500 companies, branches of the federal government, and internet service providers. This software had an exploit injected into it by these Russian hackers, allowing them to gain a backdoor into any network running the Orion software. This includes such big names as Microsoft, The US department of commerce, The justice department, the CDC, Equifax, VMware, Malwarebytes, Kent State University, and all 5 branches of the Pentagon, as well as NATO. The list goes on and on. The new development recently is that the White House has declared this to be an act of Cyberterrorism by Russia. Let's talk about it, and what you need to know for your small or medium business. If you are a small or medium business, or otherwise have less than thousands and thousands of computers and servers to your name, you DO NOT use Solarwinds Orion, the product confirmed to be compromised. However, the means by which the hackers got in was via an attack on the tool Solarwinds uses to share code internally, meaning that its possible, or even likely, that all of their products are compromised, and we just only know about Orion. As such, I would argue that a full network audit should be done, if you haven't done one since December, to ensure none of Solarwinds, or now N-ABLEs products, some of which ARE well used in the small business space, are in use on your network. Rip them out. Replace them. Beyond that, which hasn't changed since December, what else should you be doing? Well, knowing that organizations are being directly targeted, especially those with some level of political influence or influence on supply chains for the US government, if your organization fits into either of those boxes, it's time to beef up security. Nation state attacks look very different from your typical hacking for profit or hacking because disgruntled employee types of attacks, and the mitigation efforts are similarly different. You need to have a conversation with your Information Security team about the risks your organization faces if it looks at all like the smaller entities that were targeted in the solarwinds attack, or, importantly, if you are a vendor to any entities that are. This attack used multiple levels of supply chain exploits to gain some VERY scary levels of access, and, for both legal reasons and reasons of responsibility, you do NOT want to be the weakest link 3 supply chains deep that gives the next attack a foothold.TRANSITIONNow, with that done, let's take a look at the challenges that organizations beginning to move their employees back into office might be facing, and how we might begin to alleviate some of them.First and foremost, the biggest challenge is your workforce will go from homogenous to split. It's likely you were already dealing with this on some level, with one or two employees in the office during the pandemic to keep the lights on, with the remainder of your staff working from home, but, as you bring people back in, its near guaranteed that not everyone is going to be back in at the same time, or will stay that way. You're going to be looking at a split of anywhere from 20-80% of your staff in office, with the remainder 20% being remote for the foreseeable future. This changes the way that your employees will need to be able to interact with each other. This is especially true for more collaborative fields like the creative professions. To mitigate this, I would make sure that your employees have both thorough means of collaborating in the ways they are most productive. If you use papers, for instance for sketching or drafting in your office, this could mean making more scanners available for in office employees to quickly send revisions to out of office employees. For those office cultures that emphasize calling people over to workstations, screen sharing software could be beneficial, or keeping a persistent remote meeting open for all your staff to quickly be able to send their screen out to everyone in office or out. Next, you should have an easy to follow procedure for meetings. Virtual meetings are fairly easy and routine for us now, and in person meetings are, well, in person, but hybrid meetings are a different animal all together. When working for a tech support company, for crying out loud, I have still experienced more than an acceptable number of technical hiccups when trying to combine a half full conference room with folks working from home. If your conference room isn't AV enabled so that you have cameras and microphones around the room, that's a good first step, but you also need to make sure the procedure for starting a hybrid meeting is simple, foolproof, and can fit on 3 steps, with pictures, that live on a laminated sheet in the conference room. Trust me, everyone, including, as I've seen first hand, the computer people, will forget exactly what combination of buttons to press to get such an AV system functioning if they only run such a meeting once a month or less.Next, there's the matter of physical access to workspaces. Since, again, its possible that not all your staff will be brought back in at once, or able to work in office permanently for the next few years, its possible that the person who unlocks your doors in the morning will be unable to work in office for an extended period. Now is a good time to invest in electronic access control systems and keyfobs, if you haven't already, to ensure you don't have a scramble to figure out key distribution should such an eventuality occur. Incidentally, it should also make your life easier post pandemic too, as you never have to worry about who has keys, who doesn't, or unauthorized key duplication again, if you have your system integrated well and maintained by your IT staff.After that, there's asset management. If you're like most companies, the call to start working from home was a decision made on a matter of only a few days notice. It's likely that your equipment inventory has been left in disarray as a result. Now that people, and their equipment, are finding their way back to your office, now's the time to reconcile your inventory system with reality. I would also, since people are going to be in and out of the office for a while, make sure your inventory system is well designed for checking equipment in and out. My preferred solution here is to set every asset that you track up with a barcoded tag, and have a computer with a barcode scanner set up at your inventory, for people to quickly scan their employee ID badge, or enter their name, then simply scan the equipment they are withdrawing. This way, nothing gets lost. Rolling out barcoding while you are already performing an inventory reconciliation cuts the work needed to implement this system dramatically, and, once in place, maintaining it is very easy.Finally, we get to our last challenge. Security. Your computers, and the data stored on them, have been living away from your office firewalls, and network monitoring systems for the better part of a year. While they all still should have antivirus on them (hopefully), antivirus is a last line of defense against threats, it is NOT bulletproof, and relies on having a strong firewall in front of it to keep you safe. It is therefore possible that your employees brought viruses into the office from home that HAVEN'T been making front page news daily for a year. As your employees get back into the office, you should be looking at doing a cleanup project for their machines, not just to wipe out any particularly sneaky malware, but also to remove any changes that employees might have made to the software configuration to better suit working from home, or using the equipment for personal use. Depending on your environments and needs, this is going to look VERY different for every business, so be sure to get your IT team involved early to figure out how extensive this cleanup needs to be, and how best to perform it.That's our show for today, thank you so much for listening. Tomorrow, join us for a conversation about the benefits of standardizing employee training, and how your IT team can make this a breeze, if you let them. In the meantime, check us out on the web at www.YourOperationsSolved.com, where you can join our newsletter, and opt to be notified of all our uploads. I will see you next time.

Hello and welcome to Your Operations Solved, for Tuesday, April 20th, 2021I'm your host, Channing Norton, of PC Solutions, and this is the Thirteenth episode of our show,Listen to us Tuesdays, Wednesdays, and Thursdays, or on our Saturday compilation episodes. If you find the show helpful or informative, please do give it a like on your platform of choice, or share it to someone else who might also enjoy it.With that out of the way, let's get started on today's headlines.First, an update to a prior story. Back in Episode 5, entitled "MRO Woe, Planning for and preventing the worst," we talked about Google's new replacement for cookie advertising tracking, called "FLoC" or "Federated Learning of Cohorts." Cookies are little pieces of data stored in your browser to track what websites you visit and small pieces of information about you like demographics and unique browser "Fingerprints." Google's FLoC system looks to replace Cookies, at least for advertising tracking purposes. Blogging platform Wordpress, which gets used on as many as 61% of websites, has come out against FLoC, as they fear the system could allow google to target ads in a preadatory or discriminatory manner, and reports that they are working on features to allow blogs running on their platform to opt out of FLoC. This is a serious blow to the platform, as blogs provide highly lucrative ad space to google.Next, our main story for today, UK regulators interfere in chipmaking giant Nvidia's planned acquisition of major chip design firm ARM, citing both Antitrust and National Security concerns.ARM designs the processors that are used in some servers, many android phones, and most of the embeded computers in products like cars and appliances, as well as in IoT devices like smartwatches, smart exercise equipment, and the like. Notably, they do not produce any chips themselves. Instead, they make money by licensing out their designs to other companies who build them. Their designs are the most popular on the planet for basically any chip needed for something that isn't in a desktop or laptop computer. Now let's look at Nvidia. Nvidia designs processors as well, primarily for graphics accelerators for gaming computers, and embedded systems like what ARM does. Rather than licensing these designs out for anyone to use, nvidia has their designs produced by manufacturing facilities and sells them directly.As both companies produce chips for embedded systems, some of which go into defense products like guidance packages for missiles, and the like, I don't think it's wrong to object on defense grounds, as moving from two major sources for such products to one could present single sourcing issues. The UK is not the only entity to object to this deal. Antitrust regulators around the world seem to be wary of further consolidation in the semiconductor industry, and major tech companies like facebook and google have decried the deal as anti competitive as well, though I'd argue that particular claim to be a bit rich, considering the source.So, what does this mean for your business? Well, there's two possibilities here. One, the deal goes through, and two, it doesn't. If the deal goes through, then we can expect prices for computer components to rise, and therefore the cost of your computers, and perhaps other devices as well. This could be Nvidia's chance to get into new markets that they've tried to get into for years unsuccessfully, like smartphone processors. If they were to take ARMs designs and stop licensing them out, they would have effectively bought themselves a monopoly on a huge swath of a very important part the semiconductor industry, one that would require considerable effort to pivot away from for its users. Seeing as Nvidia has been suffering from supply issues for its products for several years now, we could also see a price squeeze due to lack of supply on those parts.On the other hand, if the deal doesn't go through, and gets stopped by regulators, it could be seen as a turning point. Antitrust regulators around the world have rarely interfered with the activities of the tech industry, despite its largest entities being gargantuan. This could be seen as an indication that the days of salutary neglect, if you will, are over, which could signal good things for the smaller players in the tech industry, like app developers, or even those who rely on quality software to do business, as it would drive more innovation out of the larger players, and allow smaller innovative players to gain more of a foothold in the market.Regardless, this will be a battle that plays out over the next few years, and one that I will be watching closely.With that done, let's talk about Network Assesments.Network assesments are a scary term, because it's an extremely vague term. Heck, even most IT professionals will disagree endlessly on what they comprise, so how can we, as executives, hope to understand why we need to have those professionals perform them?So, let's start with what a network assesment or audit should contain. A network audit should comprise two core parts, an overview of your IT situation for the Executives, and a thorough analysis of all software and hardware assets and their configurations for the IT team. Some of that value is simply in IT being able to compile the information in that second part of the audit, as doing so may reveal hidden problems, or changes that went undocumented. The larger value to executives, however, is going to come from the first part, the overview of your network. This should include1. An overview of all of your hardware assets, and the anticipated replacement cycles for them. By keeping track of this information, you can get an estimate of upcoming expenditures, to better plan your financial future, and avoid suprise costs.2. An overview of notable open issues requring resources to resolve. This should NOT be a list of every problem that everyone in the organization is currently having, but instead a list of larger scale concerns for improving your environment that your IT team should have. Good IT means Continuous improvement, so if there are not initiatives in the works to improve the way you are doing business or better manage your assets and risk, it's a problem.3. Important Workflow overview. Fundamentally, IT is about the management of your employees workflows, as well as their optimization to make them as efficient and risk free as possible. As such, part of a network assesment should be an operational assesment that describes how data flows through your organization. How are your books processed? How do your employees share files? What data gets stored on site, and what gets stored off site.4. Upcoming improvements. Much like 2, this talks about improvement. Where 2 looks more at correcting pain, this point is looking to be a bit more proactive, and address problems that might not be so obvious. Things like stability improvements, or added redundancies.5. Operational proceedures and contingencies. Part of planning and making assesments is looking at your existing policies and proceedures. For instance, what does adding a new employee look like? Do you have a process to make sure everything is done right for training them and providing them the resources they need to be effective quickly? What about offboarding? Do you have proceedures that ensure a bad exit doesn't leave you vulnerable to malice? What about disaster planning? How will your team make sure that your business survives a fire, a flood, or even, I know this is out there, but, a global pandemic that closes down in person business oeprations for a year.The reason this planning is critical is that it allows you to scale. Large organizations understand the importance of disaster planning, and the value it has. To this day, every prime minister of the UK writes a letter to her majestys navy that gives orders for what to do if London is destroyed by nuclear attack and central command is no more. I would not call that a particularly likely eventuality in the 21st century, but in order for entities, be they governments, businesses, or other organizations, to survive as long as possible, as I hope my listeners businesses do, they must plan for the bad times, as well as the good. Think of it as insurance.Overall, the point of a network assesment is to put your organization in the posture to scale upwards using its IT, and give executives a grasp of what concerns might be affecting their organization operationally. If its filled with obscure technical jargon and fine details, that's a useful assesment for your IT team, but you need to ensure that you get a summary that tells you what is in the future for your organization, both the good outcomes, and how you will weather the storm of an economic downturn or disaster.That's our show for today, thank you so much for listening. Tomorrow, join us for updates to the solarwinds hack and the Chip shortage, as well as a conversation about the struggles businesses bringing employees back into the office may be facing. In the meantime, check us out on the web at www.YourOperationsSolved.com, where you can join our newsletter, and opt to be notified of all our uploads. I will see you next time. 

Check out this week's episodes of Your Operations Solved, and see what we talked about this week.

Hello and welcome to Your Operations Solved, for Thursday, April 15th, 2021I'm your host, Channing Norton, of PC Solutions, and this is the Eleventh episode of our show,Listen to us Tuesdays, Wednesdays, and Thursdays, or on our Saturday compilation episodes. If you find the show helpful or informative, please do give it a like on your platform of choice, or share it to someone else who might also enjoy it.With that out of the way, let's get started on today's headlineChina rebukes its tech giants, signaling the end of unchecked growthOver recent months, china has been taking steps to discipline ecommerce giant Alibaba, a china based amazon competitor that is the 3rd largest ecommerce company in the world, after amazon and JD, also from China, due to comments made by Alibaba CEO Jack Ma that were critical of the CCP Regime. On Tuesday evening by US timezones, they took that a step further, and called 34 of the largest companies in china, including such giants as JD, the largest chinese retailer, Tencent, who makes games and software, Ant Group, a Paypal equivalent, and ByteDance, the owner of popular social media platform TikTok, to a summit, warning them that, Quote "The red line of laws cannot be touched." Clearly, China has grown concerned that their tech giant's influence was beginning to outstrip that of the regime itself, a pattern we see in the west as well, as companies like facebook, google, and amazon have wide reaching influence rivaling that of their host countries on global politics. This discussion, along with the billions of dollars of fines levied on Alibaba in recent months since Ma's comments indicate that China is not comfortable with the rapid expansion of its giants, as it threatens to leave the more western facing companies like ByteDance and Alibaba, in a position where they could slip out of grasp.So, what does this mean for your business?Well, since 2019 or so, many companies have been looking to remove Chinese companies from their supply chain, and many chinese companies, where permitted, have looked to move manufacturing and leadership roles out of China, however, for those who haven't, this promises greater volatility. Furthermore, it can be difficult to identify places where your supply chain interacts with some of these companies. For instance, AliExpress, Alibaba's western facing storefront, is used for a variety of unique small parts that might serve as subcomponents in equipment that you purchase elsewhere, or even be purchased in bulk by american companies to resell on amazon and ebay. Some of these components can't be easily acquired elsewhere. For these parts, we can expect lead time to go up as these companies reengineer their business practices to comply with the more specific demands Beijing is placing on them, along with a possible increase in prices. In the long term, we can expect the rising stars of Alibaba and Tencent to fade in the west, as China has signaled it values cultural dominance over its peoples over the market dominance these companies are seeking to acheive on a global scale. Generally speaking, we can expect less competition out of China in our business endeavors.With that done, let's continue the conversation we started yesterday about CRMs, and now focus on the sales side of things. What should a good sales software provide to you as a business, and how do these functions help you turn more leads into signed deals?So, let's look at the basics of what your Sales system should be doing for you, and how this can help you land more sales.1. Lead management- your sales engine should be keeping track of every contact you have made to every potential customer. The last thing you want to do is bombard a lead with materials from multiple salespeople purusing them, or give them the same materials more than once because you've forgotten what you sent them after abandoing their account as a lead for a few months. Either makes you look unprofessional and disorganized, not exactly a scenario you want for a potential. By being able to see a list of every lead, and every time you've contacted them, their current status, and data on them that you have such as emails for decisionmakers or headcount estimates, you can send more applicable material to your leads and get that material in the right hands so that it gets seen, and you get leads reaching back out to you, rather than the other way around.2. Campaign management. If you advertise in multiple channels, it can be hard to keep track of your advertising spend, and what channels give you the best success rate or most lucrative clients. As a result, balancing your available marketing budget and time for optimal returns can be finnicky at best, and based off gut feeling and guesses at worst. A good CRM should allow you to track your campaigns, see their effectiveness over time, what leads got into your pipeline via which methods, and the individual close rates based off where your leads entered these pipelines. With a little bit of work, you can turn this into a calculation that tells you how much revenue would come from additional investment of X amount into each pipeline, and what sizes of accounts might be expected. You should also be able to send things like follow up campaign emails from your CRM or a linked system, and this should be reflected in your list of contacts for an account.3. Real time data. You should be able to see the click rate on your ads throughout the day, to be able to see how wording tweaks, new keywords, and time of day affect your ads effectiveness so that you can tune your ads easily and optimally, to make sure your ads are being clicked on by the right people at the right time to make a decision.4. In that same vein, your CRM should support the ability to have seperate versions of materials to do A/B testing on, for instance, testing email subject lines between two options on a small portion of your email list, so that you can send out a marketing email with the more successful headline to everyone else. This will result in more clicks on your emails, which in turn means more engagement with your brand from existing and potential customers alike.5. The theme of the last few points has been analytics. Let's take a look at a few of the things a good CRM should be calculating for you.Monthly sales, which helps you with revenue projectionMonthly new leads, which helps you forecast the demand put on your sales teamLead to sale conversion rate, helps you find where in your sales funnel you are loosing people, and helps you project revenue growth, and examine broader trends such as sales team performance or general economic trends that might be affecting your sales rate.Cost per conversion, as hinted above, this will allow you to project revenue growth based off your investment into marketingNet Promoter score, which will allow you to keep track of your efforts to build a stronger referral business to reduce your long term marketing costs.With these analytics, you should be able to more thoroughly tune your marketing and sales engine to make your marketing dollars translate into more accounts with less of that dollar spent on labor and more spent on ads, prints, and the like. It also allows you to get more value out of your email list to get more accounts closed from drip activities rather than direct outreach, which, of course, scales much more cheaply than outbound methods.6. As talked about yesterday, your CRM should be able to serve as your single source of truth for your business. This is equally true for your sales team as your fulfillment teams. You should be able to determine what your status is with an account without ever leaving your CRM, and be able to know that that data is accurate because your business processes demand it to be so. This allows supervisors to quickly get a view of what's going on with any individual lead without having to interrupt the workflow of the employee working said lead, leading to increased productivity for both.7. Quotes, your CRM can be used for all of your quote and procurement needs. This includes sending quotes out to your customers and potential customers, getting signoffs for quote approval, keeping track of prices on your sources, and handling payment. Ideally, once a quote is set up, all the processes should be in place in your CRM to not require any additional human input to get product to the door of your customer. This will increase your quote approval rate, AND decrease your account management and sales teams workload, allowing them to take on work for more accounts and leads.That's our show for today, thank you so much for listening. Next week, join us for a conversation on why you need to have your IT team perform network assessments, and what value they should be bringing to your executive team. In the meantime, check us out on the web at www.YourOperationsSolved.com, where you can join our newsletter, and opt to be notified of all our uploads. I will see you next time.

Welcome to Your Operations Solved, for Wednesday, April 14th, 2021I'm your host, Channing Norton, of PC Solutions, and this is the Eleventh episode of our show,Listen to us Tuesdays, Wednesdays, and Thursday, or on our Saturday compilation episodes. If you find the show helpful or informative, please do give it a like on your platform of choice, or share it to someone else who might also enjoy it.With that out of the way, let's get started on today's headlineWashington state has voted to dismantle Community Broadband Restrictions, paving the way for municipal internet.So, Many states, municipalities, and cities have adopted laws limiting the ability of local governments to create internet providers to service their areas in the way that these areas have jurisdiction over their power and water utilities. This comes at the behest of the ISP industry, basically spectrum, comcast, and ATT, who see community run internet as very serious competition to their otherwise stagnant, monopolistic position in their respective markets. For washington state, this means the potential in 5 years time to have faster, cheaper, more reliable internet, which is valuable. We see that areas with community broadband become Technological Meccas, with lots of them building up a community of tech startups and major tech companies regional facilities VERY quickly after implementation, leading to general economic growth, and lots of benefits for existing businesses in the area that serve such companies, primarily the professional services and consulting industries. Better, more reliable, more available, and cheaper internet, which this heralds, also allows more people to work from home, which, prior to 2020, was not a significant issue for many business, but has surely become one. This regulatory change is the first step in bringing about all of these positive changes for affected areas. This has large implications for those outside of Washington as well. For over a decade, ever since Chattanoga, TN, became one of the first cities to implement community broadband, states and cities have been adopting these regulations banning themselves from doing the same and reaping the benefits, at the behest of these Internet Giants. This is a sign that the tide is turning in this matter, and we could see other states and cities follow suit, at a time when faster internet is essential to everyone for both businesses and consumers as the work from home revolution continues. In short, this is the first step to lower internet costs and faster, more reliable internet for offices in washington, and a tech boom in areas that develop such municipal broadband, as well as consumers in those areas, and possibly an indication of what is to come for those of us not operating out of Washington State. Finally, it can present a valuable business opportunity for those who could serve such a tech boom, especially if they get set up early, before the physical infrastructure does, in areas removing these restrictions.With that done, let's look at today's SolutionBetter Customer Relations Management for a better customer experience.So, You want to be able to communicate with your existing customers, especially if you are in the professional services, medical, or business to business space. You need to examine how your Customer Relations Management system is set up, and see if you are utilizing it to its full potential. Customer relationship management goes by many names depending on industry. For the Medical space, it's analog is the Practice management system. For my industry, IT services, it's a ticketing system. Fundamentally, this is the software that connects you to your customers. Every business not serving the consumer directly, and many that are, likely have some form of CRM hiding somewhere. Let's look at what it should be doing for your business specifically in regard to your current book of business.1. It should serve as a single source of truth in your business operations. Your CRM should state clearly and unambigiously, the status of every customer, every communication with that customer, and every bit of work previously performed or currently being performed for that customer, and the status of work planned for the future. This way, there is never ambiguity or question as to if a task got performed for a customer, you can always check your CRM. There's a saying in the IT industry "If it's not in a ticket, it didn't happen." If you live this, or its equivalent for your business, you will find a dramatic reduction in errors in work performed, rework, and the like. Furthermore, you'll be collecting valuable data in one, hopefully easy to access place to construct metrics and KPIs off of, which, even if you don't use it now, will be valuable going forward.2. Your CRM should be the hub of all business data, even data collected elsewhere. This is a part of the previous point, but a good CRM system should be able to be a hub for business data, and pull information from other software like your inventory system, to serve as a single pane of glass for most in your operations. It should also be able to push data out to other systems like your billing and accounting systems, to keep data in sync across your organization, and reduce data entry tasks. Thereby saving you labor and money.3. Automation, automation, automation. With your CRM being a data processing pipeline that pulls in data, gets that data worked on by your staff, and pushes it out to other systems, there's lots of potential to automate some of these processing tasks, or tasks beyond that. For instance, I mentioned in point 2 pushing data to your billing and accounting systems. Any good CRM with billing functionality should be able to automatically calculate the proper amount of an invoice, and send invoices out to customers automatically when needed, along with reminders, late fees, and the like, allowing you to almost completely eliminiate labor involved in accounts receivables.4. Customer self servicing. Customers like being able to assist themselves without talking to anyone. You also like customers being able to utilize your services without needing as much expensive interaction with your staff while still going away satisfied. You can use the capabilities we've already covered to implement systems on your website or elsewhere for customers to request and sometimes even recieve work without any interaction with your staff at all, which then gets pushed directly into your CRM, with no additional input. This can dramatically reduce the amount of time spent by your staff taking and fulfilling orders.5. In this respect, you can use your CRM predictively, to forecast future demand and supply, kind of like we discussed in our conversation about inventory management several weeks ago. This can help you plan staffing levels to ensure fewer wasted hours of labor.6. Finally, we can help keep our customers for longer by improving conversations with them. The example of this is automated feedback forms. Imagine if, after every order, your customers got a satisfaction survey. You'd hear about a lot more pain from your customers that can be fixed before those customers become former customers, allowing you to retain them longer and keep capturing their revenue, all without significant additional labor.All of this just scratches the surface of what you can do with your CRM, but we've seen how we can use ours to save time and incrase profitability at every stage of our customer journey. This is a topic we will come back to again and again in our podcast, so be sure to stay tuned. Next episode, we will talk about how these CRMs can potentially help you acquire more sales in addition to getting more profit out of your existing customer base.That's our show for today, thank you so much for listening. Tomorrow, join us for a conversation about what your CRM should be doing for your sales team in building new customers. In the meantime, check us out on the web at www.YourOperationsSolved.com, where you can join our newsletter, and opt to be notified of all our uploads. I will see you next time.

Welcome to Your Operations Solved, for Tuesday, April 13th, 2021I'm your host, Channing Norton, of PC Solutions, and this is the Tenth episode of our show,Listen to us Tuesdays, Wednesdays, and Thursday, or on our Saturday compilations. If you find the show helpful or informative, please do give it a like on your platform of choice, or share it to someone else who might also enjoy it.With that out of the way, let's get started on today's headlineMicrosoft has struck a deal to acquire Nuance, creators of "Dragon Natrually speaking" dictation software, for 16 Billion dollars.The software makers still have to get regulatory approval for the deal, but, seeing as they don't really sell competing products of note, there shouldn't be any issues there. If you aren't familiar with Nuance's software, their flagship is Dragon, a dictation software widely used in the medical, law enforcement, and legal fields. Their speech recognicion engine is easily the best in the industry, as it has been for well over a decade, and is also used to power Apple's Siri assistant under the hood.So, what does this mean for your business? Well, if you're already a dragon customer, like about 60% of the medical space is, this could mean faster development time for your software, as Nuance has CERTAINLY been underleveraging their crown asset in that dragon speech engine. I would expect microsoft to pour development funds into Dragon, both in how well it integrates with windows and how effectively it can be used to control the system, as well as on the backend, improving the speech recognician. In exchange, I would expect them to use that engine in more products. I would not be suprised, for instance, if Microsoft started licensing the tech out to automakers to control your car's navigation system, climate control, radio, and the like. For those of us who are not Nuance customers, I would also expect wider availabilitiy of the product, and more generalization. Right now, their dictation software primarily caters to the medical and legal spaces, but I wouldn't at all be suprised if a more generalized version of the product shows up as a purchasable license in Microsoft Office 365, making it available to many, MANY more people, at an affordable monthly cost rather than the substantial upfront cost usually associated with Dragon. Having used dragon myself, it is very nice, and allows for faster writing of long passages without the physical strain and ergonomic issues associated with typing, so more availabilitiy is a good thing.With that out of the way, let's talk about today's solution, specifically, let's talk about a few of the critical security measures everyone needs to make sure they take to avoid getting infected with, for instance, ransomware, which we talked about last week. Most of the time, these programs are able to infect your PC due to a bug in your programs or operating system. Most of the time, these bugs have been patched before you even get infected, so how do you get infected in the first place? Well, the answer is a button on your PC. My favorite button, your favorite button, its called "Restart Later." We've all seen it, we all hit it regularly, when our PC has updates ready to install, we snooze it, perpetually. Or the auto updater doesn't check frequently enough. Or the updater tries to install updates, fails, rolls back, and doesn't try updating again, gettnig you stuck on the version. There's a million reasons updates can fail, and seeing as almost every software update for almost every piece of software includes multiple security fixes, any one of which could be used to compromise your machine, keeping up to date is pretty important. So, if I had to choose one major security measure to put in place for an organization, it would be proper patch management system, critically for the Operating system, where the most serious security flaws can be found, but also important is patching for other programs found on your computers, from web browsers to Databases. A good patch management system will automatically apply patches at a time convenient for users, I personally like 4am sunday mornings. They also allow your IT team to view the versions of your software in use at any given time, and notify about stuck updates. Finally, if a patch is causing issues interacting with another program on your system, they can uninstall it on all systems that have that second program until a patch for that interaction is created. What this means for your business is that you can dramatically reduce IT costs if you are managing your IT in house by reducing the amount of manual work performed by your staff, increasing consistency of your operations by reducing computer errors, as you always have the latest bug fixes, and reduce risk by dramatically decreasing the amount of infections that your staff have to deal with. I would argue that this is actually a more important step from a cybersecurity step than investing in a good antivirus program at this point. All of this saves both your IT team time, and your employees time, which ultimately makes your business more profitable. It's just a small piece of making your business more streamlined, but its cheap, and very easy to implement, while being purely technical, so no operatoinal change is required. From a cybersecurity, and therefore risk standpoint, it's more important to keeping you safe than anything else except backups, which we discussed at length on Thursday. If you haven't checked out our show on what a good backup looks like, I do highly recomend it.That's our show for today, thank you so much for listening. Tomorrow, catch us for a talk on why you need to rethink how you get in touch with your current customers. In the meantime, check us out on the web at YourOperationsSolved.com, where you can join our newsletter, and be notified of all our uploads I will see you next time.

Welcome to Your Operations Solved, for Thursday, April 8th, 2021I'm your host, Channing Norton, of PC Solutions, and this is the Ninth episode of our show,Listen to us Tuesday, Wednesday, Thursday, or on our Saturday compilations. If you find the show helpful or informative, please do give it a like on your platform of choice, or share it to someone else who might also like it.With that out of the way, let's get to today's headline.New Ransomware Tactics, naming and shaming victimsRecent reports indicate that major ransomware gang CLOP has begun applying additional pressure to its victims by having their customers put pressure on the company which has been hacked. This is allowing CLOP to demand a second ransom from its victims, one to decrypt files, and one to not have their customer data publically leaked. Other ransomware groups are also beginning to employ the tactic. So, what does this mean for your business? Well, in order to discuss this, and why it's so troubling, we first need to understand what ransomware is, and why it's a big concern. Your business relies on computerized data everywhere. Weather its accounting data, order information, emails, business plans, payroll and timeclock data, you need it. Most or all of this information is going to be stored on your network somewhere. Ransomware, also known as CryptoLocking is a type of Virus or Malware that locks this data up in a way that it cannot be recovered by anyone except the criminals who infected you. When I say that NOBODY can recover it, I mean it, assuming the malware is written well, there is literally nothing that the top experts in the field of data recovery or computer security can do to get your information back, given unlimited resources. So, they infect your devices, lock up all of your data, and charge you a ransom, usually in the thousands or tens of thousands of dollars, to get your data back. This happens to organizations of all sizes. I've personally had to deal with the aftermath of this stuff at a church with 4 employees, and a few peoples individual personal devices not affiliated with any organization. For larger cases, countless hospitals have been hit, and even the City of Baltimore was held for ransom in 2019. If you pay, you usually get your data back, but not always, if you don't, it typically gets deleted after a few days. Regardless, you're left with a huge bill, as you'll need to scrub every device on your network and figure out how the malware got in, or you'll just get reinfected a month or two later.So, this new development is, not only are ransomware groups leaving you high and dry without your data if you don't pay the ransom, but also threatening to make you the victims of an expensive and embarrassing data leak if you don't pay both the normal decryption ransom, but a second ransom. This is terrifying, because, in addition to the loss of customer trust for the threats going out to customers that this causes, data breaches are EXPENSIVE. Let's take the medical space. Assuming that the resulting audit by Health and Human services for a HIPAA breach deems the healthcare practice did everything PERFECTLY, the MINIMUM you will be fined is 119 dollars, which sounds okay, until you realize that's PER RECORD. If your attackers leak say, a patient's name, date of birth, and social security number, for ONE patient, we're already up to 357 dollars. For one patient. If HHS deems you willfully negligent, the fine minimums go up to $11 thousand dollars, per record, or 60 thousand dollars per record. Again, per record. These fines can get up into the millions, fast. Depending on the case, there can even be jail time. Safe to say, most medical practices are not surviving this kind of attack if their patient data gets leaked, even if by some miracle there is NO loss of confidence in their patients losing them business. Outside the medical space, consequences are still bad, with total costs per incident of data breaches in US Small and Medium businesses averaging 1.24 MILLION for the breach and assorted work itself, and an additional 1.9 million per incident in average cost of business disruption and loss of business attributable to the breach. Remember, this is just for the breach, not even the ransom that's already been mentioned. This takes the already terrifying prospect of getting hit by ransomware, and makes it easily a hundred times worse. To top it all off, this is a damned if you do, damned if you don't situation, because paying the ransom is actually a violation of US law in most cases. To be perfectly honest, seeing ransomware combined with a data breach terrifies me.So, what can we do to protect against this? Well, getting ransomwared is NOT an option, for any business, so the only option is multiple layers of protection. We're going to start with the big one, Backups, which is today's solution.What can a backup do for you, and what does a good one look like?Well, a backup is keeping a second copy of all your important data, so that if something happens to the first copy, you can load up the second copy and keep going. A proper backup should allow you to always have your data in any of the following scenariosaccidental deletionmalicious destruction by an employeemalicious destruction by a third party, like ransomwaredamage or destruction of equipment, say from fire or flooddamage to supporting infrastructure required to access the dataHardware failureA good backup system will also allow you to restore to multiple points in time so that you can grab files that were deleted long ago, or versions of files that used to exist but got overwritten, and will not be reliant on a human to actually perform the backup. Finally, a good backup should be easily validated and tested, and done so frequently. After all, the only thing worse than not having a backup is THINKING you have a backup, right up until you need it.Good in theory, but in practice, it's very easy to screw up. Let's look at some things that I have seen in the IT world that are not suitable backups, and talk about where they fail.1. Copying important files a second time to a different folder. This protects very little, basically just against a bad edit corrupting the file. If your computer gets Crypto'd, your second copy dies with it. Same deal with a lot of cases of being accidentally deleted, all cases of malicious deletion, or any damage to the equipment. It also relies on humans to update the copies. If you forget, you're out of luck.2. Copying important files to an external drive. This is little better than the above. It protects against the hard drive storing the data dying, I suppose, but everything else still applies assuming you keep it plugged into the computer. If you unplug it, it provides a SMALL amount of protection against ransomware, but relies on luck, of not being plugged in during the window between when you get infected and when you notice you get infected, a period that might be weeks, depending on the situation.3. Copying files to another computer or server. This will protect against a lot of cases of accidental deletion or malicious destruction by employees, not all of them, but most. Malicious destruction by malware, well, depends on the malware. A lot will only affect one machine. A lot won't stop at one computer and will affect an entire network. But if your facility burns down, your data goes with it, and you'll have no accounting records to show your insurance to have them evaluate what your business was worth. 4. Storing all your files in cloud storage like Google Drive or Onedrive. Okay, so this protects against accidental deletion, and, if you are manually copying stuff, most malware as well, it still introduces a human element, which is bad, It also does NOT protect against malicious insiders. You can get rid of the human element if you use sync software like the Onedrive desktop client, or Dropbox, but in doing so, you reintroduce the malware problem, and are still subject to malicious deletion.5. Using a local backup server. This is good, but not great on its own. Done RIGHT, which is not easy, it can protect against accidental and malicious insider deletion, most, but not all malware deletion. It even, if set up really well and really carefully, can provide versioning. Where it falls flat is if there's a natural disaster. That fire still burns servers. It also is not as robust against ransomware as it could be, and will be expensive in the long run relative to other, more protective options. A local server can be a PART of a good solution, but cannot on its own be the entire solution.6. Using non enterprise grade cloud backup software, like Carbonite. Most direct to cloud backup solutions have insufficient versioning, poor retention time, and take simply too long to recover from.So, what does a good backup look like? A good backup backs up either direct to the cloud via a system that allows you to control both retention time and versions that are kept, or, better yet to a backup server that then backs up to the cloud. You should have at least 3 copies of your data, on 2 different types of storage, and at least one copy should be kept off site on a different network. If you follow these rules, it is virtually impossible to loose data, and no ransomware can leave you without. Next week, during our Tuesday episode, we will talk about other important tools to safeguard your business against ransomware.That's our show for today, thank you so much for listening. I will see you then.

Welcome to Your Operations Solved, for Wednesday, April 7th, 2021I'm your host, Channing Norton, of PC Solutions, and this is the Seventh episode of our show,Listen to us Tuesday, Wednesday, Thursday, or on our Saturday compilations. If you find the show helpful or informative, please do give it a like on your platform of choice, or share it to someone else who might also like it.With that, let's get onto today's headlinesSupreme court ruling strengthens "Fair Use" protections in copyright.On Monday, the Supreme court ruled in Google's favor in a decade long copyright case vs Oracle. The case argued two things, one, that APIs, a particular type of computer program designed for other programmers to hook into, in this case, Java, could not be copyrighted, and that, two, even if they could be, google's copying of some of oracles code to port Java support over to Android devices was "Fair Use," In other words, it used Oracles work to SUPPORT Googles work, rather than it being a straight rip off. The supreme court declined to rule on if APIs were copyrightable, but did state that, IF they are, then google's use was indeed fair use.Why is this important for your business, assuming that you are neither google nor oracle? Well, Fair use is important to a lot of small businesses in their business activities. I'm not an attorney, and if you need to determine if your use of someones copyrighted work falls under fair use, please DO consult one. Functionally, if you produce content as part of your business activities, be it creative works that you sell, marking materials that you distribute, or even engineering product like chip designs and building blueprints, its almost certain that you did not create every element of that from scratch. Be it Fonts, stock images, designs of smaller components, references to other brands, products, and works, background music, you use other works constantly when you create creative works. Almost all of these other works are themselves under copyright, and, in theory, without a license to use them, you COULD be sued by the copyright holder for violating theirs. This is why restaurants don't sing "Happy Birthday" to patrons, but, rather, their own versions. Happy Birthday is itself copyrighted. The protection against this behavior is Fair use. If you use of the other work is, broadly speaking creative, doesn't use the original more than it has to, your work is more than just the copied sections and doesn't impact the market value of the original work too much, your use will generally be considered "Fair," and therefore not copyright infringement. The music industry has been pushing back against fair use for YEARS, and has been weakening these important protections. As such, an entire industry of "Copyright Trolls" has sprung up, where companies buy copyrights, sue people and businesses using the work, targeting those who can't afford to legally defend themselves, like small businesses, and try to make a profit from the lawsuits. While this ruling doesn't make this behaviour illegal, it is a general strengthening of fair use laws, giving your business additional ammunition in a court battle vs one of these entities, or indeed, any other copyright case. This is one of the first major rulings in favor of fair use in a long time, as the court system in general has soured on it in recent years, so it provides an important bastion against misuse of copyrights, setting an important precedent for protecting your business.With that out of the way, let's continue our conversation from yesterday about Standard Operating Procedures, if you haven't listened to last episode yet, I do encourage you to pause, go back, listen to it, and come back here.Ultimately, we've created our SOPs, but we now need to make sure they get followed, otherwise most of the value of SOPs goes out the window. The most important thing about SOPs is that they be VISIBLE. I've worked in a place that had fantastic, well written SOPs, and I and the author were the only ones who knew about them, because I found them when digging into records during my training. If they are in a binder on a shelf somewhere, that's no good. One, you need to present your SOPs to your employees at onboarding. Give them a binder with all the SOPs they need to do their job. Also create cheat sheets for their most commonly performed tasks, using those SOPs, that way they have one place to reference 60 or 80% of their job. That way the habit of following the SOP is easy for them to build. Then, you need to look at where you are storing your library of SOPs for the full business, and make sure that its accessible. There's a number of software programs, some industry specific, some more generalized, for doing exactly that, and, in some cases, automating the performance of some SOPs, like sending out emails according to specific rules and the like. Talk to your IT provider about getting this set up for you. You need to communicate the value, to your office employees, of doing things by the book, literally, and have it be habit that over on one monitor, you have your documentation management system, and on the other, you have your actual work. Speaking of, if you don't give your employees multiple monitors, you are missing out on a very cheap, very easy, significant boost to your employees productivity and performance. It's a way, for what, 200 dollars, to dramatically increase how much work any office employee gets done at your business, for the rest of their tenure there, and everyone should be doing it. Anyways, SOPs. Having a documentation system to store and centrally access your SOPS is important, but it doesn't solve problem for employees that already work for you, and are used to flying without them, nor does it fix the problem for employees who work in settings other than in front of a monitor all day. For the former, there's no way around it, this is going to be an adjustment period, but if you put in place a process to allow veteran employees to change a SOP themselves, it will help with a lot of the resistance. Bonus points if this process is itself a SOP. Explain to your employees the importance of using the SOPs, and run incentive programs for those using them. Finally, demonstrate how using a SOP can catch issues or mistakes that wouldn't be found otherwise. If you keep at it, and your managers keep at it, this transition can be done. For workers not in a white collar setting all the time, the cheat sheet approach may work better, along with signage, or the dreaded binder, depending on how frequently a task is performed and what proportion of your workforce it is subject to. You also DO need to be a bit more discerning in what you turn into a widely distributed SOP in more industrial settings, and what only gets used for training, as, when on their feet, people don't have as many opportunities to reference written materials safely and efficiently. Importantly, accessing your procedures should be low effort, and they need to be open when they are needed. An example of how you could do this in say, manufacturing would be with TVs above a production line displaying the SOP for producing and validating the current product, that switches when the line switches to other products, that way only the relevant SOP is displayed for reference at any given time. This could be paired with production metrics to help your shift supervisors keep their production quotas. Of course, the possibilities here are endless, and it varies a lot by industry. When I say that IT is more than just fixing the immediate problems that you come across, this is what I mean, this is something that you need to speak to your team on, to figure out what's possible, and how to most effectively disseminate information to your employees so that it actually gets listened to.That's our show for today, thank you so much for listening. Tomorrow, catch us for a conversation about backups, and what risks a good system can help save you from. I will see you next time.

Welcome to Your Operations Solved, for Tuesday, April 6th, 2021I'm your host, Channing Norton, of PC Solutions, and this is the Seventh episode of our show,Listen to us Tuesday, Wednesday, Thursday, or on our Saturday compilations. If you find the show helpful or informative, please do give it a like on your platform of choice, or share it to someone else who might also like it.First, an update to Thursdays story on the Ubiqiti data breach. Ubiqiti has made a statement in regards to the whistleblower's allegations, reaffirming that they have no evidence that customer data was accessed. The whistleblower has ALSO responded to Ubiqiti, by asserting that to be accurate, but not in a good way. Namely, the whistleblower has now expanded to say that Ubiqiti has no such evidence because they do not keep logs of customer data access. This is equivalent to an airline saying that they have no record of any safety incidents on their planes, and that being true, not because there are none, but because they don't keep such information to know, and just like the airline, this is neither reassuring, nor a good thing by any stretch of the imagination. While an effective way to ensure you can make public statements of "no evidence that data has been accessed," this is a HUGE security issue on Ubiqiti's end, in addition to being simply deceptive in communicating to their customers. I'd say this moves Ubiqiti solidly into the list of vendors to never do business with, if they weren't there already.With that, let's get onto the headline for the day.A massive facebook data breach could be used to compromise security at your business. So, over the weekend, a database of information belonging to facebooks users was leaked. This information has actually been for sale on the darkweb for a few months now, but someone leaked all of it to whoever wants to downloaded. This includes data on over 500 million global users, and is up to date as of 2019. Compromised were mostly profile information, real name, and Cell phone number pairings, but a few hundred million email addresses were also compromised. This information can be crossreferenced with someone's live profile to build a pretty thorough personal profile to target Phishing, that already has up to date contact information, which you wouldn't get by just viewing facebook without this data. The end result is that this is being used to build attacks against businesses using social engineering. Effectively, people are getting emails with the name of their boss in the "From" line, asking them to please send over this years W2's ASAP. Or the information is being used to guess passwords. Or in a million and five other ways to move money from your business to an attackerWhile obviously such phishing attacks have always been a risk, but now they can be made even more convincing. The sheer size of the dataset also potentially allows "lateral motion" in other attacks, where an attacker compromises one element of a system and uses that access to gain further access. For instance someone could hijack a phone number, and, knowing that it's used for 2 factor authentication for the owners facebook account thanks to this breach, use that access to gain access to their facebook, and impersonate them on that platform to achieve their goals, such as spreading a bad link around.For your business, it means that you need to be making sure that your employees know how to identify these scams, which can be achieved with a Phishing Simulation, where you run a fake attack, and see who falls for it. Now is also a good time to be looking at upping your spam protection to ensure that less of this gets through. If you don't secure yourself, you're running the risk of being victim to one of these attacks, which can put companies out of business. I'm not trying to scaremonger here, but small businesses are victims to these attacks hundreds of times every day, and it never spells good things for the victims, so protecting yourself is worth the low cost to do so.Today on the show, for the solution, I'd like to talk about the implementation of SOPs, or Standard Operating Proceedures, and how they can help you deliver more consistent products and services to your customers, with less rework, while making it easier to train new people and grow your business. For starters, who benefits the most from SOPs? Largely speaking, you'll want to implement sops in organizations as early as it makes sense to do so, after the initial sales crunch, when what you are selling and how you deliver that product is largely set. This is because when you change these elements of your business, the SOP has to change too.So, what is a SOP?A SOP is a documented proceedure that clearly and unambigiously explains how to perform a task in your business. This way, by following a SOP, an employee can ensure that they perform said task to the same standard that their supervisors would want them to. It alleviates mental load on your employees, and inconsistency in the quality of work performed by employees by making the tasks more repeatable. It can take the form of a Wiki article, checklist, set of rules, or whatever other format makes sense, with the end goal being that, with a well written SOP, anyone can perform the tasks listed, with little variation in end result. As a practical exercise to get the hang of things, try writing a SOP for making a sandwich of choice after the show today. Determine the order and amount of ingredients, if the sandwich should be toasted, and, if so, for how long, is it sliced? What way? Do you trim the crust? Make that sandwich using the SOP, then hand the proceedure to someone else, and see if they can make an identical sandwich, without looking at the sandwich you made. Now compare the result to asking a third person to make a sandwich of that type without any further instruction. In addition to showing how a good SOP can make your product more consistent to your customers, I've also just handled your next meal for you. You can thank me later.As hinted at above, a good SOP is like a recipe, it should be complete and unambigious. There should be no questions after reading a SOP by someone with the basic initial knowledge in the relevant field in how to perform the task. For instance, provided you know what "Chop" and "Dice" and "Fry" and "Boil" mean, you shouldn't have any issues following just about any recipe in a cookbook. For those field specific knowledge pieces like "Boil," you'd then want to consider if writing a SOP to describe their processes is necessary. For instance, writing a SOP on how to turn a computer on is likely not helpful, but writing a SOP on how to add a new item to your inventory software would likely be necessary if your inventory changes with any significant frequency.So, we are beginning to see the value of SOPs we can start talking about implementation in your business. I'd schedule out some time to start thinking about "How can I document X job." Task yourself with writing One SOP a day, and revising one a week. These should be living documents that update as your business changes, and are continually improved. For instance, think of how you would describe handling your Sales process to a new employee, from start to finish. Then describe your fulfillment process. Look at each step of these processes, each one is themselves a process, or perhaps several. Each one of these need a SOP. You can do this for each department, and each employee role, until you have a library of SOPs. In doing so, you have done several things,1. We have formally defined how our business works, which makes it MUCH more sellable2. This also allows us to easily hire people and train them rapidly to a basic standard of quality of work.3. This allows us to not be beholden to the knowledge of any one person, as any business-specific knowledge should be extracted via the process of writing SOPs4. We have also eliminated potential legal liability by allowing the operations of our business to be verified by these SOPs, and have a documented process to point to as to if a particular step was performed.5. We now have a document to point to to correct existing employees who might be doing something incorrectly to show them how a process should be performed unambigiously.With all that said, SOPs are a big topic, and one we will cover more tomorrow, specifically, join us on the show for a discussion of how to distribute them, so that they don't just end up forgotten in a binder somewhere.If this show was helpful, entertaining and informative for you, please do give us a like, and share it to someone else who you think might like it, that's our show for today, join us tomorrow!

Compilation form of episodes 4-6 of Your Operations Solved. Hear us talk about how your small business is affected by three big news items of the week, A fire at a chipmaking facility, Google's Advertising changes, and new details on the January 2021 Ubiquiti breach. Also learn techniques to continuously improve your business including Business intelligence, inventory management, and risk management.

Welcome to Your Operations Solved, for Thursday, April 1st, 2021I'm your host, Channing Norton, of PC Solutions, and this is the Sixth episode of our show,Listen to us Tuesday, Wednesday, Thursday, or on our Saturday compilations.So, today's headlineNetwork equipment manufacturer Ubiquiti's data breach worse than initially let on. Passwords may be compromised.Ubiquiti, a popular manufacturer of networking hardware, especially in the small business and prosumer space, announced several weeks ago that they were victims of a data breach. They were initially praised for their handling of the breach, being upfront about it, the way a breached company should be. Getting breached is not reason enough to not do business with a company, it can happen to anyone. It's how you respond to the breach, and how the hackers get in that matters. Did they do something targeted and advanced, or did they get in because you were lazy about your security? Did you tell your customers, or did you try to hide it? These are the real questions. Anyways, an unnamed source inside the company went to the press on Tuesday, and indicated that the breach was worse than the executives at Ubiquiti initially let on. In their breach announcement back in January, Ubiquiti effectively said "We've been hacked, change your passwords to be sure, but no customer data was accessed as far as we can tell"So it turns out, that was less than accurate, and Ubiquiti knows it. Their legal team advised they cover it up, in a letter to the European data Protection supervisor, courtesy of reporter Brian Krebs, who broke this story“It was catastrophically worse than reported, and legal silenced and overruled efforts to decisively protect customers, The breach was massive, customer data was at risk, access to customers' devices deployed in corporations and homes around the world was at risk.”So, this is terrible. You DO NOT cover up a breach like this. That's how more people get breached as a result of your butt covering.While I was happy with how they handled this incident before this came to light, even calling them a model example, I'm afraid I'm going to have to revise that statement. This is very troubling. While before, this would have little impact on if I used their hardware, now, I wouldn't trust them any further than I could throw them. At the very minimum, I'd suggest changing your password and enabling 2 factor, again, and, if you use their firewall, which I wouldn't recommend to begin with, as its a weak offering security-wise breach aside, but if you do, I'd make plans to replace it ASAP. The breach, as far as we KNOW, isn't going on anymore, but we can't be 100% positive that the attackers didn't leave themselves a backdoor that hasn't been found yet. If you are handling highly sensitive data like medical or defense industries, and you for SOME reason are on their platform, I'd go so far as to say to pull the plug on the ubiquiti portions of your network, rip it out, and replace it. It's the only way to be sure that your data isn't getting funneled out through this gaping security hole.With that unfortunate news out of the way, let's talk a little bit more about some of the concepts we explored on Tuesday. Back on Tuesday, we talked about business intelligence, and how it can be used to power your inventory management. Let's look at how it can power improvements to your business.Let's start at the basics. Business intelligence, or BI, refers to gaining insights into how to run your business based off data driven analytics. This could be using a BI system to look at the effectiveness of marketing campaigns, reduce cycle time, handle stocking, or assess employee efficiency. How can we use this in practice?Well, let's say you have 3 main ways that customers find your business, Ads on facebook, google ads, and google searching for similar companies and finding you in the search results. You can track where these leads are coming from, and use a BI system to determine the optimal budget for your two ad platforms and Search Engine Optimization budget to maximize the customers per dollar that you drive to your website. Rather than tweaking numbers yourself and hoping you get it right, you can figure out exactly what your ratio is to make sure you get the low hanging fruit on each platform without investing too much into ad impressions and search keywords that aren't getting you any business. The BI system can also tell you what search terms tend to bring in the most profitable accounts, or which customers are actually costing you money to serve.Next, we can use BI for employee management. If you set a few computationally measurable metrics for your employees, you can create a dashboard that shows those KPIs for each employee, and calculates them automatically, which managers will love, as it gives them a one stop place to view how their team is working and look for holdups. You could also do this for departments as a whole to determine where you need to add people more accurately than just guessing or going by "feel."Once we have effective metrics to measure productivity in our business more granularly, we can better see how changes in operations affect things more than just direct output of a department. For instance, if you track metrics, you could find that certain changes intended to boost productivity did in the short term, but also increased employee sick leave use, which could indicate additional stress on your team. This is something you likely never would have noticed without BI, but could warn you about an easy to fix pain point in your employees that could lead to higher turnover, and nobody wants that. BI is also useful for setting prices. There is always the age old question of "Should I increase my margin at the expense of sales, or should I decrease it for more sales?" It's a question every business leader has asked themselves and their colleagues, countless times. Rather than adjusting margins up where you can and down if you have to, use BI and some trials to determine what the ideal price point for your business is, and build your delivery model around that price point.So, who's a good match for BI? Well, it's not everybody. If your business is at a stage where it's struggling to make ends meet, its not going to save you. It can help you build sales certainly, but it's not a replacement for a proper sales engine, nor can it build one on its own. Similarly, if your problems are largely operational in nature, it can give you insight into those problems, but it can't on its own fix them. Business Intelligence is an invaluable tool that is best suited to businesses who are relatively mature and want to take things to the next level. If you're in the black, and, as a business leader, are spending more time working ON the business rather than putting out fires IN the business, it's going to become your new best friend if you let it.That's our show today, thank you so much for listening, I'll see you all next week folks.

Welcome to Your Operations Solved, for Wednesday, March 31st, 2021I'm your host, Channing Norton, of PC Solutions, and this is the Fifth episode of our show,Listen to us Tuesday, Wednesday, Thursday, or on our Saturday compilations.With that, let's get onto the headline for the day.More privacy for better advertisingGoogle begins rollout of its new cookie replacement, FLoC (Federated Learning of Cohorts) for targeted advertising.Rather than tracking individual users on the internet and sending full browsing and search details to google, the new system will categorize users into groups based off their behavior, sharing only these groups with google, and therefore advertisers, rather than the full browsing history. This is less individually identifiable, and promises better privacy for users, along with being able to skirt several privacy regulations. At present, the system has an accuracy rate 95% of that of cookie based advertising, but it IS still in its infancy, so we can expect that to rise and even surpass cookie based targeting as the system matures. What this means for you and your business is severalfold.One, we can expect slightly reduced returns from google adwords campaigns in the near future, due to that slightly reduced accuracy. With that being said, the new system promises to be easier to use to target individual demographics, so in the long term, I would expect improved returns as we are able to target ads better. Rather than selecting potential users to market to based off search terms, one can instead target groups like "Business Owner," "Videogamer," or age ranges more directly and precisely. Two, we can expect increased ability for companies to advertise to groups that are protected from some targeted advertising practices, as this system doesn't track users individually. The two major groups that this is likely to open up are US children under the age of 13, and EU citizens generally. What is and isn't permissible is, however, something we will doubtless see the courts determine over the next few years.Three, we can expect web advertising costs to decrease moderately over the next few years. As a result of these new advertising markets, as well as decreased operating costs on googles end as a result of how these changes work technically, we should see both a dilution of advertising spend, and a decrease in cost for google that they are likely to pass on to advertisers to try to salvage their falling marketshare in the online advertising space that brings in a large chunk of their income.Fourth, we can likely expect this to be paired with some serious changes to googles search algorithm, and therefore search rankings and search engine optimization, in the near future. The current version of their search algorithm prioritizes placing ads in searches over finding information effectively. If you could swear that back in 2010 or so google gave you more of what you were looking for than it does today, especially when searching for highly specific things, this is why. These changes make that paradigm less necessary for google, so they are likely to make their search platform more helpful as a result.In short, expect this to cause a shakeup in your online marketing activities, and make sure your marketing team is aware of what these changes could mean for your business, and be prepared to spend some cash on your website to up your search rankings if and when google updates search.Today's Solution, for MRO inventory woes and risk, as promisedSo what's the problem with Maintenance, Repair, and Operating supply inventories? Well, for the electronic assets in the list, be it servers, laptops, computers, credit card machines, X-ray scanners, Zebra printers, is that they are typically pretty critical, and their price has a direct relation to how screwed you are if they stop working, generally speaking. Credit card machines are relatively cheap, and, sure enough, most enterprises won't be too screwed if theirs breaks, as most have two. But have a medical clinic loose its X-ray machine, and things start getting expensive, fast. Almost universally, if something in this inventory stops working, at least one person, and potentially your entire operation, starts getting paid to do NOTHING until its fixed or replaced. For those larger, expensive, mission critical items, like servers, industry specialized equipment, Network Firewalls, keeping a spare just isn't viable most of the time. So, how can we increase uptime to avoid hemorrhaging money?Well, there's a lot of answers here, and we need to be looking at doing most or all of them. There's no way that anyone can guarantee 100% uptime of any device, system, or piece of equipment. Anyone who tries to tell you otherwise is trying to sell you something.1. Have a disaster plan. Before we get any further, you need to have a plan for when specific pieces of your operation fail. How does your business operate when there's an outage? How does this change based off how long your estimate is for getting things working again? How does this change based off what activities are affected? What steps will you need to perform to get it fixed? If your employees are trained and ready for their workflow to be interrupted, you can get things online faster AND reduce losses during the time that things are down.2. Identify places to add redundancy. So, as we explored above, duplicating ALL of your equipment all the time is simply not viable or profitable. I'm not going to be the one to tell a hospital to go double their X Ray machines but then only use half of them. What I WILL tell you to do is do an assessment, when you are disaster planning, and look for the pieces of equipment that are the largest risks and cheapest to mitigate risk, and look at adding redundancies. You should be building a risk matrix in your plan for each piece of equipment. How damaging is a failure, by how likely is a failure. Add a third axis here, How expensive would it be to add redundancy to that point of failure. For instance, a retail store loosing ALL of its credit card processing is pretty devastating, and not entirely unlikely. But simply keeping an extra reader in back could mitigate nearly all of that risk for less than $100.3. Buy the right equipment to begin with. Whenever you add or replace mission critical equipment, make sure its the right thing. You should be consulting with experts in the relevant field to determine reliability, repair costs, and lifecycle of everything you buy. You also should be looking at plans to get your equipment properly warrantied and on service plans. While in the consumer space, warranties are of questionable value, in business, at least from where I'm standing, an extra hundred dollars to reduce downtime of a device by potentially days seems like a no brainer insurance value. Buy the right things that won't break, even if it costs you a bit more NOW, because that will run you far, FAR less than fixing things later.4. Replacement Cycles. So, everything has a lifespan. Have a plan and a budget for replacing every major piece of equipment as it gets old and less reliable. Once again, this is expensive in the short run, but will save you money in the long run. If you run things until they break, you get a little extra life, sure, but then you have to buy the first replacement that will work, regardless of cost, quality, or suitability. If you have things planned to a cycle "Replace X equipment every 5 years, Y equipment every 3 years, Z equipment every 10 years," and that's in line with industry recommendations, you'll be in a much better place, as you'll be replacing things with the right equipment again, before it breaks, and, if it breaks a few months earlier than expected, you've already got the money squirreled away for replacement, and a replacement plan, you just move it ahead in the schedule.5. Active monitoring and maintenance. Okay, this one varies a lot more by the individual equipment, but for computer equipment, we can actively monitor to prevent some problems from even happening, or alerting maintenance teams quickly for larger failures. You have a program that runs in the background collecting diagnostic data and flagging irregularities. Also set schedules for routine maintenance tasks like cleaning and inspections. You want to know a failure is coming before it happens, if at all possible, so that repair can happen proactively rather than reactively.6. Inventory software. For the non digital supplies you use, if you have a lot of small parts and items that you use in operations, it may be worth investing in a system to check equipment in and out to reduce loss and theft, and perhaps even increase utilization of more expensive items like power tools. Obviously this one is going to depend a LOT on individual needs and industry, but talk to your provider, you may find yourself in a position of being able to save a lot of money by reducing supply waste.These six examples are just the tip of a massive iceberg of ways you can improve your business uptime and reduce expensive, potentially catastrophic failures. We're going to continue examining these reliability issues over later episodes, so be sure to tune in. Tomorrow, however, we're going to look at business intelligence and how it can drive new business, and how to manage it.

Welcome to Your Operations Solved, for Tuesday, March 30th, 2021I'm your host, Channing Norton, of PC Solutions, and this is the Fourth episode of our show,Listen to us Tuesday, Wednesday, Thursday, or on our Saturday compilations.With that, let's get onto the headline for the dayChip shortages driving up goods prices across the economy, worsened by fire.Chipmaker Renesas electronics suffered a fire in their primary Japan production plant. This promises to further reduce semiconductor supply, which has already been hit by covid. Renesas' facility's capacity was roughly 2/3rds dedicated to serving the automotive industry, which had already been hit hard by the ongoing global semiconductor shortage caused by Covid related factory shutdowns. This also promises to cause further squeeze elsewhere in the economy. Basically, anything with a computer chip in it, which is most anything at this point, has been growing scarcer over the past year or two, as a combination of factors has hit the manufacturing sector for such components very hard. Front and center here is of course covid, but also relevant is the fact that all of these billions of chips sold each year are produced in only a few dozen facilities around the world. These "fabs," as they are called, cost billions of dollars and take years to set up, and are, for the most part, highly specialized. Retooling a fab to produce chips other than what it is already producing is a process taking months and tens to hundreds of millions of dollars, something that they have to do every few years to keep pace with new chip designs. The yield rate on these chips is also extremely low, especially in the few months following a retooling. As such, the semiconductor industry is, by its nature, very VERY slow to react to environmental factors. If something disrupts their supply chain, it usually falls to another plant to remedy the resulting shortage, possibly one or two hardware generations later. Which brings us to today.Over the past few years, an alignment of factors, including cryptocurrency mining driving up demand, natural disasters shutting fabs down, engineering struggles reducing yields, delayed openings of new fabs, and a general inability of the industry to keep up with heightened demand, has combined with the economic changes wrought by covid to leave the entire world short of silicon. The Renesas fire is just the latest in this series of events. The end result is that we can expect a decline in the auto market paired with rising prices, as automakers struggle to get the chips they need to put new cars on the road, as well as even further squeezes in both computing markets and general consumer goods. Because our modern economy is so dependent on these components, we can expect this shortage to have knock on effects everywhere, driving up prices near universally for large enterprises. I cannot stress this enough, right now is a TERRIBLE time for new asset acquisition, be it technology assets, vehicles, or other equipment for your business. Wait 2 or 3 years for all the various supply chain problems caused by both semiconductors and covid to straighten themselves out if you possibly can. You'll get much more bang for your buck. Incidentally, this does put smaller businesses at a general advantage, as they are, generally speaking, on slower equipment refresh cycles in most areas of their business than their larger competitors, and as such can be a bit more selective about their acquisitions vs those bigger players. Take this time to invest in your people and business process improvements, and you'll find that your business is in a great position 3 years from now.So, today's operations solution. Let's talk about your inventory. Depending on your industry, you almost certainly have some sort of inventory of goods that get sold to or used for your customers.For those of us who manufacture or resell these goods, you know you don't want to pay the price keep more supplies on hand than you absolutely need, but also need to keep sufficient stock in place to serve your customers promptly. For those industries that mainly perform knowledge work, you have a separate inventory problem, namely your office assets, small and large. Tracking their use, ordering them promptly, preventing loss, damage, and theft, and just getting the right things to begin with. Both of these issues are important, and many businesses will be affected by both. We're going to talk about the office asset issue tomorrow, so be sure to tune into that, but let's get back to the issue of stocking for sale or consumption. For the solution we need look only as far as two of the biggest companies on the planet, Boeing, and FedEx. Both of these companies got to the behemoth size they are today by similar realizations. FedEx built the first high speed delivery network of anywhere near its size by realizing that the data ABOUT their operations and packages was MORE important than the packages themselves. Handle the data correctly, and the package practically delivers itself. This allows them to scale, and perform the magic that is getting a package from any point on the globe to almost any other, overnight, millions of times a day, with VERY few lost packages or late deliveries, proportionally. Boeing takes this predictive approach a step further with their "Just in time manufacturing" revolution. They don't stock parts until a matter of a few days before they are to be used, allowing them to cut down dramatically on overhead. This change is what lead them to industry dominance in the second half of the 20th century. How can we apply these critical principles to your business? Two words. Predictive Inventory. Storing large quantities of stock is expensive. You need a way of anticipating your demand, so that you always just have enough. There's software solutions to doing this that are generally specific to your industry. The other component, beyond the software, is the data that drives its decisions. You have the data, its in your sales history if you just look for it. You should be tracking your sales EXTREMELY granularly. I should be able to go into a database somewhere for your company, and pull up a customer or account's individual orders from a year ago as if it were a new order to be fulfilled today. Take a look at fedex. This sales data is arguably more valuable than the sale itself. Imagine a hardware store that was able to perfectly predict demand. Every day they get a single semi truck of all the stuff they would sell that day. They wouldn't need a massive big box space, its employees, or its rent. You could have a store like Lowes operating out of a 250 square foot retail pad. Obviously, magical, perfect predictions are impossible, you still need some stock, but if you are managing your data correctly, the amount dramatically declines, ESPECIALLY if you aren't in the business to consumer retail space. So, we collect this data, what can we do with it? Well, as mentioned, we can plug it into a predictive inventory system to start getting predictions of what to stock to reduce waste and dwell time, which is good. Ideally, these systems will get better over time as more data is input, so we can have a continual decline in stock on hand. We can also use this data to drive more sales. If its' organized in an accessible way for you to analyze it for business insights, you can drive remarketing based off this business intelligence. Let's take an example. Target stores are FULL of cameras, analyzing everything you do. What items you look at, how long you look at them, what you buy .etc. This system is so precise, that target accidentally outed a teen pregnancy to a woman's father back in 2012 by sending ads for cribs and pregnancy supplements to their mailbox. I cannot emphasize this enough, Just by analyzing sales patterns, target was able to figure out that somebody was pregnant before their father knew. This instance, while embarrassing for all involved. Imagine if the situation were a bit more normal, and you were able to predict a customers needs before THEY knew them, and market promotions targeted specifically towards their needs, right as they have them. You would have a massive leg up over your competition for getting that business. This can be done, you just need to give yourself the infrastructure to do it. Will a small business have access to all the data target does about its customers? No, probably not, but that doesn't mean you can't still make some darn accurate predictions, and drive business improvement both in terms of reducing overhead AND increasing sales.

In this episode we talk about an important announcement by Zoom, and discuss ways to make a hypothetical healthcare clinic more profitable by analyzing its profit cycle. These lessons can be applied to any industry.

In this episode, we talk about a major shift in strategy for chipmaking giant Intel, and how any organization can help alleviate password woes and capture small amounts of time from ALL office employees

In this episode, we discuss the format for our new podcast. Join us tuesdays, wednesdays, and thursdays. We will talk about news and how to continuously. improve your business. We also talk about Microsoft's proposed acquisition of social media giant discord.