Monday, January 31, 2011

Leaders Don't Have Autopilot

A leader has many roles – setting goals, inspiring others, developing strategy are some examples.  But the most important is keeping teams and individuals on track.  Without this ability, the other roles will never be met.  It is also the most difficult.  No matter the education level, or pay scale or task, keeping teams or departments and all the individuals that make them up on track is by far the most challenging job a leader has.
Shortly after I first moved into a management role, I had lunch with a former boss.  He asked me how I dealt with people always coming to me for assistance or questions or needing something.  I hadn’t talked about it, but realized just how right he was and how he must have had that in his role.  And, of course, I wondered about all the special requests that I had gone to him for in the past.
The idea stuck with me and I have grown to realize that leadership is all about people more than anything else.  Addressing the needs of customers, staff, direct reports and keeping the individuals on your teams working towards the same end is the real work at hand.
Throughout my management experiences, I have encountered a number of similarities, no matter the exact job or task involved.  Namely, as a leader you are constantly striving to keep your followers or employees on track.  You may have a set vision or destination in mind and specific steps needed to get there, but you can never lose sight of what your group needs.  Because no matter how carefully you’ve trained them, developed them or inspired them, people lose that vision and things fall apart.
               Individuals will find reasons to argue and debate and work against each other instead of working for each other and the common good.  It is not due to malice, at least not always, nor any kind of bad intention.  It is just natural that a group of people will all have different ideas on how to get things done or on what to focus on.
               As a department leader, I have seen supervisors with worries about handling difficult individuals.  Sometimes, it seems as if they are more worried about being popular than meeting goals.  Other times, they are more focused on having someone do things ‘their way.’  The result is that they lose focus on the goals and end up losing the respect of their own reports and can become overbearing themselves and lose any esteem they may have had.  But the common thing is that they seemed surprised at the challenge.  That is exactly what they are supposed to be dealing with.  Difficult individuals and their differences. 
               As a leader, you will always have a target on your back – people will focus on what you do or don’t do and watch what example you set.  This is where your focus on vision is essential – people will see what you are trying to accomplish and follow if they believe.
               As a leader, you must develop, nurture and grow that belief.  This is where your knowledge, experience and most important, your judgment, come into play.
               Once you’ve done that, you cannot sit back on cruise control or autopilot.  Your ship needs constant tending and tweaking.  Individuals will wander and falter.  This is what separates great leaders – keeping everyone on track.
               And that is the difference between true leaders and just managers.  Being able to negotiate the minefields of individual differences, emotions, jealousies, private goals and personalities is critical.  And for the true leader – you cannot let down your guard or coast on auto pilot.  Issues come up too fast and too frequently.  The best of teams will fall down.
               So turn off the autopilot and forget the cruise control and settle in for a long, and often, bumpy, but rewarding ride.

Sunday, January 23, 2011

Political Correctness May Have You in the “Crosshairs”

            Every time there is some tragedy, some disaster it is natural to want to try and find the cause so we can make sure the same thing never happens again.  It makes perfect sense to review and debrief the incident and take appropriate steps to correct or fix whatever may have led to the tragedy. 
However, all too often, instead of reasonable review, we see a bevy of knee jerk reactions.  The quick impulse ‘fixes’ or ‘causes’ that some people jump on right away, perhaps for no other reason than to feel like they are doing something, whether it is the best approach or not.
Politicians are probably the best example of this.  Whenever a tragedy happens, before all the facts are in, there are already new bills and laws being proposed.  In most cases there are already laws in place that were ignored or broken.  The classic example is a shooting spree, where a killer goes on a rampage and murders several people, not even necessarily people they know.  New laws, such as more gun control bills, ignore the fact that usually several laws, including murder were already ignored by the criminal.
Unfortunately, sometimes the knee-jerk reactions are not just a waste of time, or a chance to show to voters that the politician is doing something, anything, to fix the problem.  Sometimes the responses are unenforceable and useless and sometimes just plain silly.  But there are times that these quick fixes can actually be risky and cause more harm than good.
In Arizona, we have the recent shooting deaths of six innocent people and many others, including a congresswoman, injured.  Sadly, the responses have included the usual knee-jerk reactions, including passing a law that limits anyone coming within a 1000 feet of a politician with a firearm, something impossible to enforce and equally impossible in many situations for a person to even know they were in violation. 
The worst though is the political correctness gone wild – to the point of being dangerous and life-threatening.
How?  The blame has quickly shifted away from the true perpetrator (Quick – can you remember his name?) to any high-profile individuals who may have used ‘violent’ words such as crosshairs or target in political analysis (I bet you can name one or two people in this category almost instantly).  This attack on rhetoric has become so bad, that last week on CNN, a reporter apologized for a guest using the term “crosshairs” on the air.
Demonizing terms such as crosshairs, target, war room, etc and using that as an excuse to justify some criminal’s act of violence is not just political correctness gone wild or downright absurd, but could get more people killed in the long run.  If this is the measure used to conduct a threat assessment, then that only gives us a faulty model on which to gauge risks.
This is a red herring that detracts from the real motivation behind the attacks and shifts the focus to more of a word police mentality in case someone gets a violent idea and acts on it because a political contributor on TV used the word ‘target’.  Never mind the ideas that they may get watching CSI – Anytown, USA. 
If we are going to truly follow through on cleaning violent language out of our vernacular, then we have a lot of work to do.  There have been countless books, including business books, built around the idea of Sun Tzu’s Art of War.  Any related titles must come off the shelves immediately.
But don’t stop there.  What about the business conferences filled with violent and military language?  No one can talk about their strategy or strategic plan anymore; that is based on military strategy going back to Napoleon’s time.  SWOT analyses are out; an obvious connection to police SWAT teams and even uses the terms threats, strengths and weaknesses.  Defending a product line, corporate takeover, target market, divisions, and stopping the competition dead are all examples of words and phrases that should go.  Gunning for the competition, attacking the industry, having a region in “our sites” are more phrases that will have to go.  Even the C-suite is not safe; the word chief after all could be seen as related to the military, as in commander-in-chief, and will have to be eliminated.
The point is that this kind of politically motivated bantering shifts the focus from the true threat to someone who is perfectly innocent.  When threat assessment teams in schools or in workplaces are trying to evaluate the level of risk from a threatening individual, the phrases and terms used everyday around this country will have no bearing on what response should be taken.  The assessment should focus on the what the suspect said, how he said it, what means does he or she have to carry out the threat, do they feel that they have the right or justification and no other recourse and is there a past history of violent behavior.  That is the where the true focus should be.
In the Arizona case, just like any similar violent act, the reviews and analysis should focus on how to identify the warning signs before anyone gets hurt and making sure that the right steps are taken.
As for the politicians sitting high on their grand politically correct soap boxes, ignore them and don’t fall to that type of peer pressure.  Go on talking like you normally do.  As usual, the rest of us will go about our business, doing the real work and living the real lives that make our country great.  And maybe even targeting some of those absurd political figures and putting them in the crosshairs at the next election.  Figuratively, of course.

Thursday, January 13, 2011

Corporate Spies and Protecting Proprietary Information

Secret bank accounts in Swiss banks; foreign governments; selling of top secret information and the hint of international intrigue – all combined for what could be a Hollywood thriller, except that it is all based on recent news stories. 
The Wall Street Journal and Bloomberg business news reported on the developing story of corporate espionage at Renault, the French automaker.  Three of the company executives are being charged with corporate espionage after reportedly selling information on Renault’s electric car.  According to one article, Renault has invested over $5 billion in developing electric car technology.
So far, the details are sketchy about what exactly happened.  Reports indicate that a Chinese company may have made payments into the bank accounts of at least two of the executives.  And to add to the damages, the French government is the largest shareholder of Renault bringing this to more of a spy operation between two governments than two competitors looking for an edge.
What lessons can be learned?  And I know what you are thinking…my company doesn’t deal in high-tech products; no one would care about what we do.  Wrong.  Virtually every business and organization has information that, in the wrong hands, could impact their competitiveness or damage their corporate reputation.
Let’s take a look at another big news story this week.  In Arizona, there was the shooting that left 6 people dead and several, including a congresswoman, injured.  In the aftermath, three hospital employees where the victims were being treated were fired for unauthorized access to patient health information (PHI).  It does not appear that anything was actually released, but this is a clear example of another type of proprietary information.  The information may have been accessed out of sheer curiosity or it could be that some news agency might have been willing to pay for a ‘scoop’ on a patient’s condition.  This is a risk anytime a hospital has a VIP patient or even a deceased victim.  Think of all the media attention around Michael Jackson’s death and the money that might have been paid for exclusive photos of his body.
Here are two very different industries and two very real examples of proprietary information and the potential damages.
And what if your business or company provides a service or product that is seen as a commodity…there is no value in any company information at all, right?  In this type of case, your proprietary information may be even more valuable.  As a ‘commodity’ price may be one of your strongest competitive edges, especially when bidding for a contract renewal or for new business.  If you went into a sales presentation and knew exactly what your competitor was going to present and exactly what their price model was, wouldn’t you be able to adjust your bid to guarantee winning the business?  Along these lines, wage information, benefits to employees, training topics and costs, manufacturing techniques and vendor information can all become valuable items to know about competitors.
To prevent the loss of the information, a full risk assessment should be done.  Identifying all critical information is part of that, followed by identifying how that information is exposed and what threats can take advantage of the exposure. 
The easy way to look at risk, is this: risk is what you face when a threat exploits a vulnerability to put a critical asset in jeopardy. 
The real challenge comes with protecting information.  There are so many different ways to access and steal it, as we saw not long ago with the Wikileaks scandal.  The tricky part is that for the information to be of value, the employees of an organization have to have access to it.  The executives in the Renault case were responsible for upper level management positions, including heading up new product development.  This story will be worth watching to learn more about how the theft was uncovered, leading to a five-month long investigation.
In the case of the hospital in Arizona, it is very likely that the hospital’s IT department had some measures in place to see who was accessing electronic medical records.  Since this was a high-profile incident, I imagine that more attention was given to tracking access to any related victims.  As soon as any employee other than those that “needed to know” accessed the information, the IT department quickly checked on whose credentials or log in had been used to close that avenue of potential loss.
So what were those lessons learned?  Spy-proof your business with these four steps:
1.      Identify critical information – think about what your competitors would want to know about you and what you want to know about their business
2.     Review how that information could be vulnerable.  Look at how it is stored, electronically and hard copies.  Is it on a server or specific PC that could be stolen?  Could the data be emailed off your network?
3.     Evaluate the potential threats – usually, in these cases, employees.  Do key employees face regular background checks or screening?  Consider looking at credit issues as well.  Don’t assume that because an employee is higher in the organization that they are more trustworthy.  In the Renault case, the theft occurred at the executive level, not the mail room employee.  Think past criminal intent – employee carelessness with data or falling for social engineering (obtaining info by false pretenses) are other possible threats.
4.     Take action to minimize the risk from the threats.  This sounds obvious, but is probably the biggest mistake that companies make.  A nice risk or security assessment may be done and all the documentation completed, but no follow up action is taken.  It is not in the budget, or no one is given the responsibility or worse, no one cares enough until after an incident happens.
Remember your proprietary information, no matter what form or what industry, will be of value to someone – the only question will be if it stays your valuable information or will you give it to your competitors for free?

_____________________________________________________________
Read a follow up post, "License to Fool: Renault Spy Case Takes Another Twist"

Thursday, January 6, 2011

Take Bold Action for Bold Results

Recently, I came across a mention of William the Conqueror.  It occurred to me that his invasion of England in 1066 had a drastic change on history and even impacted our language, adding French influences.  Why did he attack England?  I don’t remember the historic details, but recall that through family ties he had a remote claim to be King of England as well as whatever title he held already in Normandy, France.  He could have made his appeals through the courts of the day and stayed living royally in France, but decided instead to mount an attack on King Harold.
William the Conqueror Crossing the Channel (Wiki Commons)
He organized his army and transported them across the English Channel to attack.  Harold rushed to meet him, weary after fending off another attack on his eastern shores.  The battle raged on throughout the day.  At one point, William the Conqueror was struck off his horse and word spread quickly that he had died.  His army began to fall apart and retreat until William ran around, showing that he was still alive.  He was able to rally his army and continue the attack.  His victory was sealed after King Harold was killed by archers.  William of Normandy became William the Conqueror.  Bold action!  How many of the historical characters that we know of are a result of bold action?  Not many history books document the lack of exploits by Ted the Timid.
This ability to take an idea or even a desire and turning that into action is what has achieved greatness and great results.  Bold ideas, bold planning and bold follow-through!  Bold because often the risks were enormous – even life itself.
Fortunately, leaders today don’t have to worry about being hung or beheaded or imprisoned.  So what holds us back from bold action?  Fear?  Our fears of being fired or making enemies or stepping on toes pale when compared to the historical figures of greatness.
What do you want to achieve this year?  What is keeping you from that?  Is there some type of action that you can take to overcome your obstacles?  When we face challenges or barriers it is too easy to slip back into our comfort zones and not try to get around those.  Imagine if William the Conqueror had not gotten out of his comfort zone and had stayed in France.  The history of England and ultimately, the United States, would have been changed in incredible ways.  America may have been a French and Spanish colony without English influence.  Our entire world would be almost unrecognizable. 
So what are you going to conqueror this year?
Be bold, take action and make the changes that you need to achieve your goals, whether that is within your organization or for yourself to accomplish a dream or objective that you hesitate to pursue.

Sunday, January 2, 2011

What risks do you face?

Risk can take many forms.  I had a reminder the other day while doing some mild off-roading in the Rocky Mountains.  We were driving on an unplowed road at dusk with strong gusts of blowing snow and temperatures below 0, reaching -11 degrees without the wind chill factor.  Well, of course, the truck got stuck at one point in a snow bank on the side of a very narrow path.  It took about 40 minutes to get out.  I knew that was a potential risk taking a road like that in those conditions, but on the plus side, I had also tried to prepare for it by having some basic equipment with me to help get out.  And truth be told, it added some fun, or at least suspense to the day and made it more of an adventure than a Sunday drive. 
We like our security and safety, but sometimes risk can even be appealing as in the risks associated with extreme sports.  In those cases, it is the risk or danger that makes something interesting.  After all, most people don’t go sky-diving for the view.  But typically, businesses don’t like risk or the unknown.  Too much risk makes it very difficult to create plans, budgets or decisions about operations. 
So how does risk affect businesses?  Every piece of your core business model has some exposure to risk or dangers.  Some may be security-related such as the cost of crime or loss due to theft.  Other risks could be completely unrelated to security, but could be just or more threatening.
Look at all the parts of a business and your core business model.  You probably have all or most of the following to some degree or another.
1.      Human Resources
2.     Accounting
3.     Management
4.     Proprietary Information
5.     Supply Chain
6.     Vendors
7.      Customers/visitors
8.     Facilities/physical locations
9.     Manufacturing
Any one of these areas has different risks or threats associated with it.  HR may be concerned with the risk of employee turnover, or complaints of harassment or biased treatment.  Accounting may be concerned about the number of days of cash on hand or perhaps the worry about the costs of fraud or increased unemployment taxes.  Management poses a different set of risks and could be the risk themselves.  For example, the wrong strategic response to competition or poor decision-making could severely damage the company.  Proprietary information is obviously a huge potential source of advantage over the competition and loss of key info could give competitors an edge, or create a new source of competition from copy cat products.  Proprietary info may include contracts with pricing or bid information.  And, of course, as technology keeps developing and memory storage gets more advanced, it makes it that much harder to protect key information – just look at the recent Wikileaks scandal and how that information was obtained.
Supply chains and vendors are critical for many businesses, especially if that is the vital source of services or items used to give customers the product.  If a provider in the supply chain becomes unavailable, such as a supplier going bankrupt, or a dock strike overseas, your manufacturing supplies could dry up.  Do you have a back up source so you don’t suffer delays?
Customers and visitors could pose a risk themselves or be part of your overall risk assessment.  In retail, some percentage of customers will actually be shoplifters, taking a cut of your profit.  A bigger concern for any organization is that the customers will go elsewhere for one reason or another.  Are they unable to spend on your product or service due to their own difficult financial situation?  Are there other options in the market place that they might find a better value than yours? 
Traditional risk management focuses on avoiding risk (not building in a flood zone), transferring risk (buy insurance) or accepting risk (“let’s hope that doesn’t happen").  To really understand risk, an analysis should look at each part of the core business model and also the related risk.  Every situation and every organization will be different.  A full enterprise risk analysis should look at the potential problems from a financial perspective, operational view, market risk viewpoint and also security concerns.
Remember to think about what keeps you up at night and more importantly, what should keep you up at night.  Then you can take the right steps to deal with the risks that most threaten your organization.