Technology News You Can Use

February 2009 – Issue XLIII

In This Newsletter

• Comments from the Editors
• Don’t!  Stop! :  Two Negatives Become One Positive
• Tearing Down the Wall
• Are You Prepared to Respond to a Serious Computer Compromise?
• Sales Compensation Plans – One Size Doesn’t Fit All
• Contact Us
• Archived Tech Newsletters
• IT Resource Guide

Comments from the Editors

A big “THANK YOU” goes out to this month’s terrific contributors.  We always welcome additional articles for future newsletters.  If you have specialized knowledge in any area of technology or business that you would like to share, please feel free to submit an article to us any time.  The North Chamber Technology Council membership is active and thriving and our meetings are well attended – join us on the 2^nd Friday of each month at the North Chamber office for a brown bag lunch beginning at 11:30 am with the regular meeting starting at noon.  And don’t forget about the InnoTech San Antonio Business and Technology Innovation Conference and Expo coming up on Thursday March 5 at the Norris Conference Center at Crossroads Mall.  Although the North Chamber-sponsored CIO Panel Luncheon is sold out, you can still register for the conference and experience first-hand valuable education, innovation, peer-to-peer networking and the latest technology and business solutions.  Register for the conference here: http://innotechsan.com/registration.php.

Brent Daugherty and Matt Reedy

Top

Don’t!  Stop! :  Two Negatives Become One Positive, Bruce Howard, Fisher, Herbst & Kemble, P.C.

Don’t!   Stop!

These two words can be both negative and positive.  When you use the words by themselves it promotes a very aggressive and negative tone.  But when put together, they can change your attitude completely by giving you reassurance that what you are doing is right and correct.  Right now we must put both these words together to combat the prevalent feelings about our business climate.  There is too much bad news all around us and it is incumbent upon each business owner and employee to remain positive and develop a long term attitude to fight off the “end of the world” scenarios that are so prevalent in the halls of commerce.

Several major areas of our business world can, and should be, maintained during a recessionary period.  These are activities that keep us sharp, tuned and ready to capitalize on the next wave!  Here are some areas that you Don’t Stop!

Marketing

Holy cow!  Don’t fire the marketing guy!  How are you going to sell any bananas if they don’t know your store is open?  So many times we see companies cut these budgets first, thinking that these are the resources that are expendable.  Many experts in business development agree that when the tide turns back you run in and grab all the good shells!  Use this downturn to reevaluate your markets and your products and highlight how you can help your clients and customers win the recessionary battle!   Don’t Stop marketing!

Recruiting

So you may have already faced the unfortunate task of laying off some people in your organization.  How many of you really think this recession will last forever?  When the pendulum swings back, will you be ready with a fresh pipeline of talent?  Use this time wisely to maintain and develop new recruiting strategies.  Look for those individuals in the market that you wish were on your team and make contact with them to ensure they know you are in this for the long haul.  And help reassure those remaining on your team that “this too will pass” and allow them time now to relax and refresh.  Don’t Stop recruiting!

Technology

Oh yeah, the technology train is coming to a stop in the station, right?  Do you think the guys at Apple and Microsoft are turning off their research?  Keep up on current developments in technology products and services that are appropriate for your business.  This may be an excellent time to switch out and/or try new software and hardware.  Maybe you can implement the new mobility plan you have been thinking about and start saving money by having your team work from home or out on the road.  Don’t Stop technology!

Finances

Money is tight but that doesn’t mean it has disappeared.  Now is a good time to visit your bankers and update them on the status of your business.  Reassure them that you are here for the long haul and looking forward to capitalizing on the future opportunities.  Review your plans and working capital requirements to see if you can adjust your financial resources to better fit your current business climate.  Also, remember to use this time to research other finance sources such as venture capitalists who will be looking for new investments when the time is right.  Don’t Stop finances!

Take the long term perspective here too.  It is important to retain the people you have on your team. You may devote some of their idle time towards a plan of continuous improvement.  Don’t jeopardize the growth and skills development of your team in the interest of short-term profitability.  New skills means new business and you can certainly benefit from more revenue, right?  Don’t Stop training!

So put these two bad words together to make a great phrase to set the tone for your business.  Don’t Stop building your team, planning for the future, capitalizing on opportunities, and making your business grow.  Short term reactions will short circuit your business so focus on a long term perspective and be ready to ride the pendulum back into the boom times!

Tearing Down the Wall, Technisource

Improving Communication between IT & Management

It’s time to end the great divide between IT and management. Too often, they are locked in a standoff. Both sides feel unloved and misunderstood.  The company pays the price in lost productivity and low morale. IT feels unfairly blamed when things go wrong. At the same time, managers and executives wonder, “Just how hard can it be to make our systems function?”  But it doesn’t have to be that way. The key to turning around the dysfunction is the development of shared goals, a common language and an ongoing communications strategy. With virtually every business now technology-dependent or technology-enabled, it’s critical that IT and management work together cohesively and as a harmonious whole.

Pulling together around common goals

How to do it? Like most undertakings, the first step is the development of shared goals. With some variation, the goal of most enterprises is to serve their customers. IT and management must align their efforts toward this end. With this new mindset, IT and management become business partners. It clears the way for IT to step out of the shadow of reactive problem-solving and become proactive leaders. Technology leaders who understand the business, technology, users and customers are extraordinarily valuable. Everyone benefits when their skills are fully utilized.  Management must do its part, too. Many managers and executives look to IT to solve specific problems, often in a vacuum, and step in and save the day when there’s a crisis. That’s too little, too late. IT must be involved in strategy, planning and purchasing. Further, management must clearly articulate its expectations and be sure IT has adequate resources and support to meet those expectations.

Creating Strategic Partnerships

A practical way to promote cooperation is to create partnerships between IT and a company’s divisions or business units. For example, perhaps accounting or human resources or purchasing would benefit from having an IT representative who could analyze and make recommendations based on the department’s specific needs.  Also, since cost is often a sticking point, IT and management should establish a structured, ongoing process to ensure that technology investment and business goals are aligned.

Communication is Key

Finally, both IT and management must communicate. From the top, company leadership must emphasize IT’s new role as a business partner, as well as its expectations for an empowered IT department. For its part, IT must communicate broadly its strategy and plans and solicit input.   Some helpful communications vehicles include short, focused meetings; informational e-mails and use of a company intranet. The important thing for IT is to explain how the technology can be used to achieve specific goals, rather than getting bogged down in technical explanations. The focus must be on the employee, customer or vendor.  By staying one step ahead of each other’s needs, management and IT can create a seamless relationship and foster true respect and appreciation. And the barrier, once seen as impenetrable, will come crashing down.

Top

Are You Prepared to Respond to a Serious Computer Compromise? David Gallant, e-fense, Inc.

We all remember the proverbial “3:00 am phone call” commercials from the past election year.  Are you ready for that call?   That same question should be considered by all CEOs, CIOs, CTOs, and senior IT professionals when it comes to being prepared to deal with a compromised computer that is part of your network.  At a recent gathering of over 50 security professionals, I informally polled the audience and asked how many of them had a documented plan to deal with a computer incident on their network.  Only three people responded in the affirmative, and two of them worked for them same company!  Let me assure you from my 12+ years of responding to computer compromises, if you are not prepared, you WILL negatively affect evidence that may be needed to catch and prosecute the hacker if warranted.  The actions you take, or don’t take, in the first few minutes of notification make the difference.  

In most situations, a suspected computer hack, known in the law enforcement world as an “intrusion,” turns out to be a false alarm.  This should not be seen as an excuse to not prepare and respond properly to all suspected compromises, but rather viable, real-world practice scenarios.  If you treat each incident as “The Big One,”  you will hone your incident response skills and truly be ready for “The REAL Big One.”  
  
Most compromises are discovered either by an Intrusion Detection System (IDS), or someone noticing a system anomaly.  A compromise can range from a hacker or an authorized user (your employee!) accessing files that are personal, sensitive, or proprietary.  Over half of the successful intrusions are from insiders! One infamous hacker case was initiated when a vigilant system administrator noticed a server reboot for no apparent reason.  The investigation later determined it was part of an international case that involved numerous federal agencies and resulted in the arrest of three hackers.  Regardless of what prompts a response, the compromised computer needs to be treated as a crime scene, and as such, processed like one just like on CSI!  CSI fans know that if the police do not take steps to protect the crime scene, trace evidence can be taken into the scene or inadvertently removed from the scene.  Computers are no different.  If a well intentioned system administrator looks through the computer’s files trying to figure out what happened, key file attributes are changed that cannot be recovered forensically.  The computer’s RAM is extremely volatile, and ANYTHING can cause it to change.  If the system is shut down or rebooted, running system processes are stopped.  One of those processes may hold the key to locating the upstream location of the hacker.  Pretty important stuff, you think?
  
Help is available.  There are open source and commercial software suites available that will enable you to easily and quickly preserve the system’s RAM and running processes.  By preserving at least that information, you will have saved anything that would be lost due to a reboot or shutdown.  That evidence should be your first and second priorities ANYTIME you suspect you have a compromise of any sort. You should also create a forensic mirror image copy of the hard drive(s) in the computer(s) – a MUST if you hope to either have law enforcement involved, to prosecute the hacker, or to fully undertake an internal investigation. This is your third priority and should be accomplished at the point you are relatively sure you have an intrusion. Ghost imaging is not sufficient and will not stand up to scrutiny in court.  

The authorities likely will not be able to respond to your intrusion until you are certain you actually have one, and even then your compromise will likely have to meet certain criteria in order for them to investigate.  They have limited resources, so be prepared to have them decline to get involved or not respond as quickly as you wish.  If you have properly preserved your Priority 1, 2, and 3 evidence, you will have what they need whenever they respond.  If law enforcement cannot, or will not, investigate your intrusion, all is not lost.  There are MANY instances in which it is a good business decision to not involve law enforcement, but due diligence dictates there must be a proper investigation. There are qualified private investigations companies that may be able to assist you in your response and investigation.
  
Other things to consider:
  
1. Have someone on your staff formally trained to respond to computer incidents.
2. Make sure your contingency plan addresses computer intrusions.  Know who you are going to call if you need outside assistance.   
3. Consider any legal requirements you have to make regarding notifications to your clients.  You may be required by Texas , or other states' laws, to inform your clients of a potential intrusion. Check with your legal counsel.
4. Join your local chapter of Infragard ( HYPERLINK "http://www.infragard-sanantonio.org/" \o "http://www.infragard-sanantonio.org/" http://www.infragard-sanantonio.org/).  InfraGard is a cooperative undertaking between the U.S. Government, led by the Federal Bureau of Investigation, and an association of businesses, academic institutions, state and local law enforcement agencies, and other participants dedicated to increasing the security of United States critical infrastructures.
5. Assemble and train with a dedicated incident response kit.
6. PRACTICE!!!!
 
Remember, the steps you initially take, or don’t take, will matter in the end.  You will not get a second chance.  It is better to have properly collected the evidence and not need it than to NOT have collected it and NEED it.

Top

One of the most common mistakes in small (or for that matter large) technology firms is the design of the Sales Compensation Plan.  Oftentimes the Comp Plan consists of a salary base, together with a simple commission structure or rate, and sometimes an accelerator (or cap) in case the sales rep hits the big deal. 

A properly designed and written Comp Plan will inform the sales rep (without other inputs) exactly what his or her company wants from sales activities.  Every firm has their own approach but the following is a recommended approach:

1. Examine the company’s business plan and determine what the overall goals and objectives are for the Sales organization.  Consider:
   1. What are the overall revenue goals of the organization?
   2. What are the goals relative to market segmentation?
   3. What are the goals relative to new customers vs. existing customers?
   4. Are there new product/service launches planned and what their goals are.
2. Consider the skills and motivations of the sales people themselves.  This is obviously much easier for smaller organizations; however, thinks about your ‘hunters’ and your ‘farmers’.  Think about relationships that your sales people have built with existing customers and new prospects.
3. Start designing the Comp Plan.  This is not a trivial exercise and should be done prior to the beginning of the fiscal year.  It is recommended that your design phase be done in confidence.  Employees can be distracted by such discussion and you want them focused on closing the fiscal year.  Here are a few design elements to consider:
   1. Begin with the concept of Targeted Income.  Determine the total compensation you want to pay your sales rep if they hid exactly 100% of their goal.  Now start working to back into this number based on your company’s goals as discussed above.
   2. Consider the mix of base vs. compensation at risk.  Good ‘Hunters’ typically expect that the majority of their compensation will come from commissions and bonuses.  ‘Farmers’ are the opposite.  This mix will drive the commission rate you will pay.
   3. Consider accelerators.  Accelerators typically are a multiple of commission rates and are paid after the achievement of the sales goal.  They can be flat or incremental, e.g. 1.5X after 100% of goal and 2X after 125% of goal.  Accelerators are used to make sure the sales rep is motivated to turn in all business and not ‘sand bag’ for the next year.
   4. Consider caps.  While compensation caps are typically de-motivators for sales people, they can be appropriate when large teams of people are needed to close the deal, e.g. multi-million dollar Federal procurements.
   5. Consider kickers.  You may want to assign an increased commission rate to a new product or service you plan to launch.
   6. You can mix commission rates, e.g. 6% for existing products - 10% for new products.
4. Write then read your Comp Plan.   Is it clear to the sales reps what you them to do?  Have someone figure out how to ‘game’ the plan then fix the holes.
5. Finally, make sure your plan is competitive.  Sales reps by nature are capitalists.  They are easily seduced by the promise of more money from someone else; and, your good ones will be recruited by the competition.

These are only a few things to think about.  There are also other techniques such as MBOs (Management by Objective), perks, achievement clubs, and other elements.  If you get it right, the whole company wins.

Top

 Contact Us

Technology Chair: Chuck Weisbrich
New Horizons Computer Learning Center

Co-Editors:

Matt Reedy, Matt Reedy & Assoc and Brent Daugherty, Time Warner Cable
Proofreader: Stan Waghalter, QualTel Communications

North Chamber Contact: Debby Zucker