Breaking into the Vault

Every so often, an article will appear with a title along the lines of “Customer data stolen from Corporation X – thousands of records released”. The article will then go on to explain the type of data, whether it was encrypted, and the means by which is was taken (for example, a hard-drive was stolen, but the drive was encrypted, and it only contained mailing addresses).

As a business owner, these articles should be of major concern. Your clients entrust you with some of their information, starting with their contact information. That trust can prove to be fatal to your business if you don’t take the proper precautions to prevent the data from falling into the wrong hands. The problem, however, is that you do need to be able to use the information, as do your employees.

The question then is, how can you balance the need to access secure information against the need to secure the information against access?

Prevent Access

The first model of protection is to place the data in a location that is difficult to access. This is similar to the construction of a moat around a castle, placing slits for archers in the outer walls. The idea here is to make it as difficult as possible for someone to get into the castle, or, in the case of your data, as hard as possible to reach the files.

The problem, however, is what if an attacker does manage to get into your castle.

Prevent Escape

Preventing escape is a little different. I’ve walked around a few castles, and one of the things I’ve noticed is that there are rarely any direct routes out of the castle. It’s easy to take a wrong turn and spend ten minutes figuring out where you are. Those familiar with the castle can quickly cut off escape routes, preventing items from leaving the secured location.

Your data is no different. You can design your security in such a way that removing it becomes a time-consuming process for anyone unaware of the proper ways to do it. This won’t hamper your employees, who know how to access the information, but trying to hack your way out can be made like trying to navigate the outer walls of a castle.

There’s still a problem, however, in that there is still a legitimate route in and out, and often it is not an outsider who leaks data, but an (ex)employee.

Track Access

The last step is to track all legitimate access to secure data. Every id that can access your data should be owned by a single person, and every time data is accessed, a note should be made elsewhere of the time and date of access, the user who accessed it, and where the access was done from. This information should not be accessible to any of the users of the system, and should be backed up independently on a regular basis.

In this case, the message being sent to those with legitimate access is that you might not be able to prevent them from taking the information, but if their id is used to do something like that, you’ll know about it.


When protecting data, you need to have all three elements of defense. You need to make it hard to get in, hard to get out, and hard to do either anonymously. A failing in any one of those three areas can expose you to risk of losing both your clients’ data and their trust.

When the Fans Hate You

I went to the home opening game for the Toronto Blue Jays a few days ago, and experienced something interesting. A player who had formerly played for Toronto was at the game playing for the Chicago White Socks – Alex Rios. He came to bat 5 times during the course of the game, and each time, he was booed by a significant number of fans.

The stadium was full, with about 46,000 fans in attendance. When Alex came to bat, they all shouted at him. As a Canadian, the level of emotion driving at Alex astounded me – where were the stereotypical pleasant Canadians hiding during these outbursts? Why were the fans so bothered by Alex’s presence on the opposing team? Playing baseball in the Major Leagues is a profession, not a hobby, so why would anyone expect team loyalty from the players?

The more I thought about it, the more I realized this is like developing a product in business, and your customers all shouting at you that they hate the product. In business, this is a good thing – your customers care enough to complain. In fact, if your customers are not complaining, you have to wonder if perhaps you’re connecting to them at all. Silent customers don’t help you improve your product – it’s the one’s who complain that get the new features they want added.

Much like what was happening to Alex Rios. Sure, the fans felt betrayed that he left “their” team. But the reason that they booed so loudly was because they never had wanted him to leave – deep down, they wish he still played for Toronto. (I’m sure there are fans who will disagree with my assessment. If you’re one of them, please answer the question as to why you booed so loudly if you’re happy he left Toronto.)

In my business, I’ve had customers complain, and customers quietly accept whatever I tell them. Honestly speaking, the one’s who complain usually end up with better service – because they tell me what they want or need! If all my customers were vocal in their satisfaction with my work, they would all get better service. But I can only fix what my customers tell me about (okay, that’s a bit extreme, but you get the gist of my point).

My Business and Homemade Liqueur

Sunday evening I decanted a couple bottles of coffee liqueur which I had made several months earlier. It’s been 18 months since I made my first batch, and I reflected on the fact that my business is quite similar to the process of making a bottle of homemade liqueur.


First, there’s the fact that making the liqueur involves a significant amount of experimentation. I started off with a recipe, but when making each batch, I try something a little different, to see if I can get my recipe even better. I taste a batch, and find it too sweet, so in the next batch, I reduce the sugar. Or maybe there’s not enough vanilla, so I add a small amount of extract to each batch.

Business is like that too. You can take a formula for a successful business, but then you tweak it. You try a different advertising campaign, and measure the results. You stock different products, offer different specials. Eventually, you’ll find something that works for you. It may have started with a recipe, but the end result is far different from the description in your downloaded business template.


Each time I make my liqueur, it takes between 3 and 6 months before I’ll know how it came out. After I make each batch, I wonder if I got it right, but I wait to see how it came out before trying something different. Occasionally I’ll make a couple batches at the same time, each slightly different from the other. But then I wait for them to be ready before trying something else.

In business, when you experiment, there’s a period of time before you’ll know whether your attempt was successful. While you may be tempted to try different things at the same time, you need to be able to measure your success with each experiment, so you can figure out what works and what doesn’t.


After making each batch of liqueur, I need to wait until it’s had a chance to settle, for the flavors to blend properly. I’ve tried sampling it too early, and it can spoil an entire bottle by opening and decanting too early. Trying something in business is the same – sometimes you need to let things run their course before trying to measure their success. Measuring the success of a 2 year plan after 6 months won’t get you accurate results.


How do you know what works? As I bottle each batch of liqueur, I write on the bottle exactly what I tried in that batch. When I open the bottle several months later, I make sure to copy those notes so that I can apply what I learned from that batch. Last, I include my tasting impressions with the notes on the recipe so that I can reproduce a particular taste.

In business, if you don’t write down what you did and what happened, you’ll have a hard time reproducing certain results. Not only that, but you risk deluding yourself later on into thinking that a particular experiment had better results than it actually did. If you try to reproduce the event, you’re more likely to end up running a new experiment rather than doing something tried and true.


A business can be started with a recipe, but like many things homemade, the recipe gets changed to suit your personality. You’ll also try things, and, if you do it right, will have other people asking you what your secret recipe is for success. Why not be able to give it to them?

Recurring Revenues

This question was raised over at Advice Tap by Susan Varty (WordTree) – how to create recurring income in a consulting-based business. There were some good answers there, but for a more complete answer, one must understand why people will pay recurring fees in the first place.

In a service-based business, recurring fees are simple – if you want to continue to receive service, you have to continue to pay. Think of paying for your cellphone: the company provides you with a phone and a plan, and for that, you pay a monthly fee.

Warranties are a little different, in that what you get for the ongoing fees you pay is a guarantee that if something happens to your product, the manufacturer will replace it. In that, they are very much like insurance policies.

Other businesses operate on a cyclical schedule; for example, you have to file your taxes once a year, and so your accountant can depend on your return each year.

If, however, your business falls into none of the above categories, how can you get your customers to continue to pay you month after month?

In order to do that, you need to turn your business model to something which offers ongoing value, which will be removed if the customer does not continue to pay. As an example, software licensing can work that way, where the purchase of the program entitles you to use of the program, but not support. An ongoing fee provides the user with access to support (yes, some companies really do distribute software like that).

Alternatively, you can have the customer pay a retainer, which gives them access to a certain amount of your time at a reduced rate. By paying up-front, the customer guarantees a lower rate, but if they don’t use the time allocated, then the time does not carry forward. In a business where most customers require some time on a monthly basis (for example, supporting websites in a typical month will involve some work for pretty much every client), this model can work well.

The problem here is determining a price that is fair to both you (the provider) and the client. In order to figure out what a fair retainer is, you need to estimate how much time you usually spend on each client on a monthly basis, and the rate you would want if you were guaranteed to get paid whether you worked this month or not (this is typically less than your normal rate by a significant amount). From the client’s perspective, the price has to be such that even in months where they don’t have work, they’re still going to be saving money overall.

My personal formula is something along the lines of the average number of hours I expect to work (say, 2 hours per month) times my hourly rate times 80%. For that, the client gets 2 hours of work, and can carry forward 50% of the hours each month. For me, the risk is low, since in any given month I’ve committed up to 3 hours (in the example provided) so there’s little risk of having to do large volumes of work for little pay (no banking hours). Additionally, from the client’s perspective, they know that they’ll often go over the two hour allocation, but by paying me upfront, they get a reduced rate on the first few hours. In the long-run, they’ll usually save between 10 and 20 percent of their total costs by paying me upfront, even though some months they don’t get any work done by me.

What do you do to establish recurring revenues? What models have you found to work well?

Why Bother with Referrals

I was following an interesting conversation over at Advice Tap last week regarding referrals:

I often recommend my clients to colleagues of mine like graphic/web designers as well as other agencies if I can’t take on the job. What is the protocol for this, or process?

Cinci Csere

I posted a quick answer to the question as asked, but then realized that perhaps I had answered the wrong question. Before you can discuss the protocol for handling a referral, you need to understand the more basic and fundamental reason why people give referrals in the first place.

In trying to answer that question, I pulled up a conversation I had several months ago when someone asked what would most motivate me to give a referral. My answer there, once again, did not explain why I would give a referral, but did give a hint – it’s not about the money.

If a client asks me to do some work, and for some reason I cannot or will not do the work myself, then my next thought is as to whether I should give the client the name of someone who can help them. The first questions I ask myself are therefore whether I want to have any association with this client – if they are easy to deal with, don’t quibble about the bills, and are appreciative of a job well done, then the answer is usually yes.

The next thing I look for is to determine who in my network is best suited to this kind of work. Since I’ll be banking my own reputation on the referral, I want to ensure that I make the best possible reference.

If there are multiple people in my network who could perform the work satisfactorily, then, all else being equal, I’ll pass it off to the person who would benefit the most from the referral.

Note, at none of these steps did compensation factor into the equation, and the reason is actually quite simple. I’m referring my own clients, which means that I’m already being paid by this client. I don’t need to earn something off every piece of work done by every one of my clients.

Additionally, I can look at the bigger picture. Every time I send some business to a colleague, I strengthen that relationship, and business will come back to me. Perhaps not this week or month or year, but it will come. My payment will come when my client is happy with the work done and hires me again, or when my colleague has a project that fits my expertise and sends it my way.

It’s easy for me to remember what it was like waiting for the referrals to come – I still live in that world. When a business is small, every referral matters, and so, you appreciate it when a colleague drops something in your lap that means you can grow your business another step. You’re even more appreciative when they tell you not to worry about paying them, and so, when a project is a little too big for you, or out of your area of expertise, you send it their way.

One colleague put this barter system another way – if we add all the referrals I send him, and subtract all the referrals he sends me, we’ll probably balance at about $0 anyhow. This way, we save ourselves the bother of counting.

I would be curious to know what motivates you to provide a referral – is it the money? returning a favor? Or is it something else entirely?

Waiting for a Break

As you may have gathered from various other articles I’ve written, my time is split between multiple commitments. I work as an employee during the day, during the evenings I do some development for various clients, I’m building up a referral network, and working on various projects of my own. As such, the amount of time I spend working is steadily increasing, but I haven’t yet taken a plunge to free up more time.

Like many people I know, I’m fairly reluctant to accept risk, which for some aspects of my life, is certainly a good thing. In others, however, not only is this trait not considered advantageous, it can act like a ton of bricks trying to fly. In starting a business in particular being risk-adverse is not considered to be a good thing.

When looking at what it would take to get my own projects moving, I discovered that there are 3 types of breaks I could aim for.

Lucky Breaks

A lucky break is when something or something comes your way that provides you with an opportunity that you could not have arranged. What is perhaps the most sought-after break is finding an investor who will remove some of the financial risks or obstacles to let you turn an idea into a business.

Such breaks, in my opinion, should not be sought-after (although, of course, if one comes your way, you would be foolish to turn it down). They happen so rarely that any effort put into chasing such a dream is likely wasted, and could be better spent on actually putting sweat equity into a project.

Unlucky Breaks

Some people who have built their own businesses have had a stroke of luck, often realized only in hind-sight to have been for the better. I have talked to dozens of small business owners who all said that they started their business when they were laid off from their corporate careers (okay, some weren’t corporate, but they were employees). Out of work, with some severance money to live on for a few weeks or months, they launched their own business.

Such a break is what I call an unlucky break. Few people want to be laid off (although I can think of more than one exception to that), but a year after losing their jobs, many more will admit that being fired might be the best thing that happened to them. Being forced to figure out how to make a living, they went and turned an idea into a business, or a hobby into a full-time job. Work became fun, and they were now in control of their own destiny.

Kevin O’Leary, in discussing his background on the last episode of Dragons’ Den, talked about being fired from his first job, and not knowing at the time what the word meant. However, he learned that he didn’t want his life, success, and career to be in anyone’s hands but his own, and built his own businesses. His first job as an employee lasted one day, and was his last.

Earned Breaks

An earned break is one which you can control to some extent, but not completely. Often, it will only be in hindsight that you will be able to see what the break was. Such a break is best illustrated with an example.

Jordana thinks of an idea for a website, so she builds it. She invests $10 in a domain and $60 in hosting for a year and launches. Rather than invest in a partner or hire someone, she does all the graphics, marketing, and business planning herself, keeping her financial investment to a minimum.

Once the site goes live, she convinces her family and friends to check out the site, and give her some feedback, which she then uses to improve the site. She creates a social media presence for her application, and, while perhaps not professional, brings her site to the attention of a few hundred people, of which perhaps 5% decide to check it out.

One of her visitors likes her site, and passes it on to his friends with a recommendation, generating a few more visitors. This happens with several users, creating a cascading effect.

Six months after publicly launching the site, Jordana realizes that she has 500 users on her site, growing at about 10% per week. Her site is generating about $200 per week in passive income, also increasing by about 10% per week. She is also starting to get some referrals through her site, bringing in a further $500 per week and growing.

In this example, the project never underwent a major upheaval. There was no sudden influx of money. There was no newspaper column featuring her. Sure, such events could have brought her to the same position in less time, but those were things outside her control. Instead of chasing those, Jordana focused on chasing her project, to make it as good as possible.

There was, however, a break, and that occurred when her site gained its first user who did not know Jordana directly. When her site became capable of attracting the interest of users with no ulterior motives, she broke the first major hurdle in her drive to success.


We aren’t all so unlucky as to lose our jobs, forcing us to work hard for our success. We won’t all be so lucky as to have someone drop $100,000 in our laps to try to build our latest idea into a business. But we all have the ability to just work hard at creating a solid product that fills a need, and if we focus on that, our success will be that much sweeter.

Pitching for a Homerun

If you spend time networking, or if you are the owner of a small business, you are constantly on the lookout for ways to promote yourself. You have a business card that has your contact information, and a website that has more detailed information about your business. However, you need something more – you need to be able to get the person holding your card to visit your website, and then you need to be able to convert them into a customer.

The topic of this article is about how to convince a random stranger into visiting your website for additional information about you and your business.

You need to be memorable

The person who is receiving your card, regardless of the context in which they received it, likely comes across dozens of requests for their attention on a daily basis. Since your new friend is not currently in front of a computer, you need to make sure that the person will remember to look you up. That means you need to do or say something that is memorable to keep you in their mind.

You need to be relevant

If you’re selling expensive vacations and meet someone at a seminar on how to save money and get rid of debt, you’re in the wrong game. Being so far off-topic might make you memorable, but not in the way you want. Make sure that what you’re pitching is relevant to the person being pitched to – it will increase the chances that the person will want to find out more about you.

You need to be concise

I was at an event a while ago in which one person managed to be both relevant and memorable – but he took almost 5 minutes to get through his pitch. That ensured that not only would I not look him up, my memory of him is someone who I would not want to do business with. To avoid that, make sure you can throw your pitch in under a minute, and ideally in under 30 seconds.

You need to be clear

People need to be able to understand what it is your business is all about. If it takes a PhD in Astrophysics to understand your pitch, then you either need to rephrase your pitch to a more simple level, or be at the National Convention of Astrophysicists. Trying to make your business sound complicated doesn’t impress people, it bores them, and drives them to look for someone else who speaks their language.


In brief, you want people to remember you in a positive light, and to be able to relate quickly to what you do. If you can’t explain what you do in under 60 seconds (at least a partial explanation), you really should consider reworking your pitch.

Bookkeeping and Libraries

I recently held discussions with several small business owners regarding bookkeeping, and came away surprised that they all held the same opinion, for the same reasons, and were all wrong.

Oops, that sounds ego-centric and conceited. I guess I should clarify the discussion, opinions, and the facts, and perhaps you will agree with me.

The question being discussed was regarding whether there was a real need for a small business owner to hire a bookkeeper, or, alternatively, keep track of their books themselves. One owner presented yet a third option, which was to use an accountant as a bookkeeper.

What these business owners had in common was the fact that none of them was keeping accurate records, beyond general income and expenses. In some cases, these records were being handled completely manually with a single ledger, recording all income and all expenses on the same page, and just running totals. In other cases, the owner was using software such as Quickbooks or Simply Accounting, but using a tiny fraction of the available functions. In still other cases, records were being kept, literally, in a shoebox.

The issue was that none of the owners I talked to thought there was anything the matter with their system. After all, their accountants never complained, and that’s what they were paying him for.

Perhaps the reason that the accountant never complained was that they were able to bill their clients for the relatively simple task of bookkeeping, which the client could be doing on their own. It’s fairly profitable work. But I digress.

Benefits of Electronic Bookkeeping

There is a reason for keeping records in a business that go well beyond paying the appropriate taxes at the appropriate times. I personally like to think of my books as my personal library. One small function of that library is to help my accountant determine how much tax I have to pay. However, there’s so much more that can be done with a well-organized library.

First, I can save money by having accurate records. There may be tax advantages to spending money one way or another, and only with well-maintained books can these savings be found. Trying to find these savings in a shoebox is simply not going to happen, unless you pay your accountant in excess of the actual savings.

Second, I can plan my business better. By looking at the various documents that can be produced from a good piece of accounting software (I personally prefer Quickbooks), you can determine how to better manage your cash. You can ensure that no bill is left unpaid past its due date, avoiding late fees and penalties. You can see which customers owe you money, and how long the bill is outstanding. You can produce invoices, manage payroll, and connect directly to your business bank accounts.

Third, I can save myself the hassles of dealing with my accountant by providing her with everything she needs in one neat organized file. At the end of each month, I e-mail my accountant my file, and get it returned with any corrections within a business day. That way, my accountant is constantly aware of the state of my business, and can make relevant suggestions to improve my business on an ongoing basis. Additionally, my accountant does not need to do my books for me, which I can have done for a fraction the price. (A good accountant could cost in excess of $200 per hour, while a good bookkeeper can be hired for $20-$30 per hour for the same work.)

Bookkeepers and Accountants

Perhaps the reason that there is an aversion to using proper bookkeeping is that business owners have difficulty distinguishing between bookkeepers and accountants, and the services each provides.

A bookkeeper is about keeping your business records intact and up-to-date. Their objective is to provide you with various reports of the status of your business at any point in time. The records themselves can help you manage your business better, which is key if you want your business to grow.

An accountant, on the other hand, deals with planning for your business. They look at your business, and the various reports extracted from your books, and help you manage your business. An accountant is looking at the bigger picture of your business over the course of years, and how your business is changing over time.

At a simpler level, a bookkeeper is concerned with a particular point in time, while your accountant is concerned with the progression of your business.


Should you be hiring both a bookkeeper and accountant?

It depends on a variety of factors, but at a minimum, you should be making an effort to keeping your books up-to-date on a daily or weekly basis. Ideally, you should be using an electronic form to keeping your books, which makes it easier to share your data with the appropriate people, as well as extract needed reports on an ongoing basis.

Remember, your bookkeeper and accountant specialize in different things. Use each appropriately.