Bill: Well, good morning, everyone, and welcome to the Cyberhood Watch radio show. It’s been a while since we’ve been back, but glad to be here and looking forward to speaking to our guest, Raj Goel. He is the author of The Most Important Secrets to Getting Great Results From IT: Everything Your Computer Consultant Never Told You.
Dave: Just wanted to thank Raj for being here. Actually, Raj is one of my favorite guests. There’s never a moment or time we’ve had him on the show that he didn’t leave something of value behind for our listeners to download and apply to their businesses. As we’re waiting for Raj to arrive, I just wanted to welcome everybody and talk a little bit about Raj’s book. It’s a very simple read, but it’s extremely packed with knowledgeable information about when you’re running your business. I find it very interesting that Raj may present himself as an IT, but he’s so much more than that. It’s obvious when you get a chance to listen to what he says, so let me bring in Raj and introduce him. We’ll talk about his new book. Raj, you there?
Raj: Hey, David, I’m here.
Dave: Okay, glad to have you. I was just trying to fill up time so you could catch up with me. I’ve already introduced you. I’ve let everyone know we’re going to be talking about your new book The Most Important Secrets to Getting Great Results from IT: Everything Your Computer Consultant Never Told You. So let’s begin. Maybe what led up to the book? I know it’s not an easy task, but what possessed you to want to write a book?
Raj: Well, having done IT for over 25 years, I would describe my career as a very long Groundhog’s Day. I keep seeing business owners and clients falling into the same traps and making the same mistakes over and over again, and the book is really my attempt at beginning some sanity to the process. It’s kind of funny to me that every business owner makes the same exact mistakes as every other business owner and still thinks their alone and unique in the world. I know as a business owner, some of the things I talk about in the book? Guilt as charged. Some of those are my mistakes, and some of those I’ve seen in clients too either before they found this or after they became clients of ours. And it took me a while to reeducate them or to educate them for the first time ever on how to better use technology and information to grow their business, to make their staff happier, and ultimately make themselves happier.
Dave: So what do you find the common mistakes are that business owners are making? And does that apply from the mom and pop business owner all the way up to maybe the fortune 50-business owner?
Raj: Well, a lot of clients have ranged from the fortune 50 down to the fortune 5 million. So mom and pops all the way up to some of the largest corporations in America. And some of the common mistakes I’ve seen them make on both sides of the fence is before they hire employees, they’ll go nuts, they’ll go through recruiting sites, they’ll go through Monster. They’ll spend all this time trying to hire and interview the right people. But once they’re hired, they kind of forget about them. They stop investing in their people.
Dave: And isn’t that what you say one of our greatest assets is? Is the fact that not only our own people but our current customers that we go out chasing new customers when actuality we should be devoting more time to existing customers?
Raj: Yeah, that’s number 2. As a business owner, as a marketer, I spent years chasing new customers totally ignoring people we already had. The most important lesson my sales coach every taught me, and I spent a year and a half in sales training with a really smart guy, was that dumb salesman chase after new customers. The smart guys double their business using existing customers. And I’ve applied that philosophy from our business whether it’s asking existing clients for more business because they bought a service. Or asking them to introductions to their vendors, their suppliers, their colleagues has been far more lucrative than marketing. I’m not saying marketing is dead or bad. We spend a fortune on newsletters, email newsletters, and conferences, and so on. But at the end of the day, almost everyone one of our clients came to us because somebody we know trusted us enough to refer us. And so the second mistake most business owners make is they fail to invest in existing customers. Most of them don’t even do the annual Christmas holiday car or a box of cards much less engaging with clients and odd times and in the middle of the year.
Dave: So you talked about in your book how a best defense is a defense in depth. Can you maybe expound on that and tell us what that really means?
Raj: Sure. First, I want to put that in the context. The book talks about a bunch of things. It is partly a chronicle of my journey from employee to business owner to entrepreneur. Partly, it’s a lesson learned from our clients. I’ve sort of touched on things that impacted them on their business. From how to grow your business from marketing and reading and writing and speaking to investing in your employees, sending them through proper training, updating their IT equipment, updating information tools. And I talk about information security. The reality is, it doesn’t matter what business you’re in. Whether you make pizza for a living and you’re subject to the food health guidelines or you sell real estate and you’re subject to financial reporting and the IRS guidelines or you’re in healthcare and HIPPA and PCI and all these things apply to you, every single business in this country is subject to 57 or more information security laws. And importantly or equally importantly, whether laws apply to you or not is almost irrelevant. Information security should be baked into your company’s DNA. If you lose your customer list, using the list isn’t the problem. It’s when you get caught that you lost the list is when you lose the faith in your customers. Once you lost the customers’ faith, they’re never coming back. And there are studies after studies proving this that the largest cost of losing the customer isn’t what you spent in defense in security. It’s the loss lifetime customer revenue costs. [Someone at 08:37] did this great study on that. So what I talk about in this is whether you’re dealing with technology, you’re dealing with people, anything you’re dealing with, don’t depend on any one person, any one process. Adopt a mentality of strategy, of defense, and depth. Talking about security, you should have anti-virus on your desktop, but that’s not enough. You should have a good network-grade firewall on your network at home and at the office. You should VPN. Your employees are going to go on the road. You’re going to go on the road. Use proper security. Don’t depend on hotel Wi-Fi. You may want to buy the 4G plans that AT&T, Sprint, Verizon cell you. Yeah, it costs $40, $50, $60, $90 a month but that’s a heck of a lot cheaper than using free hotel Wi-Fi and having your account sucked out because most open Wi-Fi networks are full of attackers. And even if they aren’t, you don’t know who else is getting your login credentials.
Dave: Yeah, a lot of individuals don’t realize when they are travelling out and about how susceptible they are to getting hacked. You mentioned that the fact that you lost a list but in essence you lost a great deal more when you’ve lost the trust of your customer. It kind of related back to some of the things you talk about in the book where productivity loss versus opportunity costs. Why don’t you explain that. Most businesses say, “How much is it going to cost?” But the real fact sometimes is, “What is the cost not doing it?” Kind of explain that to some of the people listening, and we’ll download that and listen to it later. But the idea of taking actions versus not taking action.
Raj: Sure. So let’s talk about productivity cost, productivity loss is a metric that almost no business measures except for a few of the very large ones. You have productivity officers. Small businesses can’t even spell the words productivity loss. But here’s one way to look at. Let’s say there’s a company of 10 people, and let’s say on average you’re giving people $50,000 a year on salary. Someone might be making $30,000, somebody might be making $100,000, but your average is $50,000 per person. That’s .5 million dollars in salary. So you figure out just on salary costs, what is your cost of day of downtime? Doing some quick math, that’s roughly about $1700 a day. And so if your network is down for a day, you just lost $1700 in hard salaries. Figuring most businesses, your taxes and benefits and everything else is at least equal to salary because no one ever factors in the cost of the space. The fact is you have office, you have rent, you have electricity, you have insurance, you have health insurance, you have liability insurance. All of those things combined. What I’ve found in our business, for every $1 we’re paying an employee, we’re paying $1.50 for overhead costs on top of the employee, so it costs another $100 all factored in. That means that every single day of outage, it’s costing you $3400, $3500 a day of losses. That’s not taking into account any lost businesses. We talked to a lot of small businesses who asked us to come in and do an audit or assessment, and we went, “Okay, here’s what we’ve found. Your anti-virus is out of date or nonexistent. Your patches are missing. You’re using a cheap Net Gear router from BestBuy as your firewall. It hasn’t been updated in a couple of years. You’re using 5, 6, 7-year-old machines. Some of them have to because you’re using old software that can’t be upgraded, but the other ones need to be upgraded because they’re starving with an old machine with a gig of RAM.” We come back and say, “We’re not going to upgrade everything at once. You can’t afford it. You can’t handle it, but let’s improve your network defense. Let’s improve your best defense. Over the next quarter or 6 months, let’s take your key employees, rainmakers, executives, the guys and girls doing the sales on the deals who are not running applications… let’s give them upgrades. Let’s give them new computers with 8 or 16 gigs of RAM so Outlook runs at a click of a bottom. Word runs beautifully. Let’s give them better looking templates and documents.” And business owners come back and say, “Oh, that’s too much money. Oh, I can’t afford that.” And what we have found is when people don’t think about what a day of outage cost me and then it occurs, their costs go through the roof. We’ve had clients who come to us after being down for 5 or 10 days, literally no work got done for a week to 2 weeks. That’s an expense that they never accounted for and now they have to pay for. The really sad part about it is once you’re down for a day or more, your employees get used to that the computer is unreliable, the network is unreliable, the firewall doesn’t work, and they start creating work rounds. And we have found that once we’ve cleaned up the mess and taking a client on board, it might take us a while to get things done otherwise. It takes us sometimes up to 6 months to retrain employees back to trusting the systems, back to not wasting time saving all their Outlook and PFD files, duplicating documents in 10 different places. Or adopting other practices that are defense and self-protective in nature and damaging productivity.
Dave: That’s amazing when you think about it. We’ve had you on the show several times, and I’m really always excited when you come back because there’s so much you have to say and offer. Are you the exception of what an IT guy is? Because the IT people that I have come across…. it’s almost like you are the exception because you come from a whole different point of view rather than, “I’m here to fix your technology or equipment or make sure that things are set up properly.” But reading your book, you give it much more of an understanding at you’re really a consultant and really part of that company if you’re their client. You’re there to help them in a much greater way then an IT guy that comes in and takes care of the equipment. So are you the exception? Are there more like you out there?
Raj: I can’t say I’m an exception, but thank you for pointing that out. For me to say that would be a bit grandiose. And people who know me might laugh at that one. I can’t say I’m an exception, but what you’re hitting on is a very, very good insight in that there are 2 or 3 different types of It professionals. At the bottom of the food chain, at the bottom of the barrel are your basic technicians. These are the people you find working at your local BestBuy, your local repair shop. These are basically no different than the mechanics at the local car store or local gas station. They know how to fix the car, they know how to fix the computer, but that doesn’t mean they’re qualified or have the wherewithal to actually look at your driving habits, usage habits and go, “Gee, Dave, you’re driving this 4×4 but I see you driving every day. You’re going to the grocery store every day, shopping for 30 people. You might be better off with a pickup truck.” Or, “You know, you’ve got this large family. You’ve got these little cars. You might be better off buying a minivan or leasing a minivan.” So the difference between myself and most technicians…my employees are techs. I say, “Go fix a problem.” My client says, “We have a problem”, my guys will come in and fix it better than average. They are really good at fixing things. I am really good at looking at the business and fixing the business. So, yes, I am a consultant. I look at, “What do you need from me and my team and my list of resources to help you grow your business, to help you sleep better at night? What do you need? What are you looking for? Are you looking for more clients, more revenue? Are you looking for more profits? Are you looking for just a way to put your kids through college or pay for your daughter’s wedding?” So that’s a conversation I have with business owners. I say, “Let my techs talk to your employees. Let them fix the fire. That’s their job. Let’s you and I talk about what you want.” And it’s amazing, but the most common complaint I hear from a client or prospect isn’t ‘I need new customers’. Everybody says that. Usually the biggest is, “I haven’t had a vacation in 2 to 3 years or 5 years. I want to go jump out of an airplane. I want to go learn to fly an airplane. I want to go skydiving. I want to go scuba diving. I want a week off without something breaking at work.” And what we do with that is promise to our clients and anyone who will read the book and apply some of the principles in there is if you do this correctly, you work with vendors…and I’m not the only one. There’s a whole bunch of guys around the country who are at least as good as I am and who are as articulate. If you work with somebody local who knows your community, knows your industry, and you have to trust us the way you trust your doctor, mechanic, accountant. The more you trust, the more of the kimono you open. The more you’re open to getting advice from your vendors, the better off you’ll be. I don’t know the first thing about tax laws. I trust my accountant to know the intricacies of tax law. But what I do know is what I want out of my business. I know the questions to ask my accountant. The first question usually is, “Are the returns done before April 14th?” The second question usually is, “How do we plan for this year? What’s your recommendation based on our revenues or profitability and whether we are as business owners and employees…what would you recommend we put in place in January or February of this year to help meet our tax strategy at the end of the year?” And that’s what my accountant taught me. You start in January 1 not December 31.
Dave: So going back to one of the original questions where we talked about the cost of not doing it. So if somebody’s thinking, “I could never afford Raj. I’m not that big.” We talked about how everyone is susceptible to the 57 different laws that apply to them as a small business. Is there a point where you don’t need to be concerned about the 57 different laws because you’re small enough and a person like Raj would be overkill for my business? I’m sure there’s people listening in on this that are small business owners going, “Who wouldn’t want somebody like Raj working on behalf or part of my company? But I couldn’t afford that.” So they’re thinking that then we present them with the idea that’s: what’s the cost of not doing or having someone like Raj? And at one point am I small enough where I really don’t have to be concerned about all this? And at one point should I be paying attention? So how does somebody afford somebody like you?
Raj: Four great questions, so let me attack them one by one. Long before you talk about whether you can afford me or not, that’s usually the wrong question. It’s the question I get asked most, but it’s the wrong question. The first step I would take is figure out for yourself, talk to your attorney, talk to your accountant what laws apply to you. Learn about them. As a business owner, you don’t have to be the expert in it, but you have to know what the rules of the road are. So talk to your advisors, ask them what laws if any apply to, and what are the current requirements in your state and city that are more applicable to you. Every business has them. Some of them we just take for granted. Secondly, read the book. Part of writing of the book was, “Yes, not everybody can afford me. How can I take on everybody?” We get 10 clients a year, it’s a great year. We take on 100, I’m probably going to have a heart attack. We’re not geared to getting 100 new businesses all over the country. We have a growth climb that calls for some growth but not massive growth. Third is talk to me first. If you have a question or concern, talk to others like me and we’ll tell you might it what cost, and you might be surprised at how much cheaper it is. For example, I had a large client. They fall into a fortune 100. And we were working on a large project for them, large compliance project, and the budget for the project was hefty. It was about $20 million. They had the same question the small business had: Can we afford that? And I did the math for them. I said, “Last month, you did x million transactions. By doing these upgrades to meet your security but also improve your operations, you’re going to save 1/100 of 1 second per transaction.” They did the math on the whiteboard with me. Even if they would’ve spent $20 million over the year doing their upgrades and putting that in budget, they were going to break even in 9 months on a 3 year return investment. I have the same conversation with small medical practices. “Yes, doctor, you need to EMR. Your IPA is demanding you do it. You’ve got 7-year-old computers running Windows XP. Your staff hates them. They don’t support your new system, so upgrades will cost you x dollars. You can pay directly out of pocket, or you can lease them and we can finance them. But here’s the really benefit to you and your business. Here’s how you’re going to lower the cost of doing business.” In one particular case, they were looking at hiring an assistant to do transcription, basically type up stuff. I said, “No, already have a good computer. You bought a new computer with windows 7 with Dragon on it. Dragon costs them $199. I trained the assistant to use Dragon. And instead of hiring a person just for transcribing, now the assistant just talks into a microphone. And they admitted they are saving one half salary just by doing this.
Dave: That’s what I’m talking about. That value that you bring to the table that I keep seeing over and over is that your way more than just an IT. All two of your horn for you because I think that’s so important. It kind of leads me to another question. When a business owner decides to hire somebody for the IT, what are some of the qualities they should be looking for when they’re in the process of doing their due diligence?
Raj: when you’re hiring a good IT professional or an IT firm applied the same habits that you use when you interview a new doctor for new accountant and lawyer. Step one is to personally feel comfortable with them. If the person sitting across from you gives you the used car salesman feeling, and are not comfortable, don’t take it. If you are hiring a technician just to fix your computer on a one-time job, personality and social skills don’t really matter. You’re going to a local mechanic for a fill-up. I don’t know who the guys are that do the fill-up up are. I don’t care. But I do know the guy that’s the head of the service department at my local dealership because he’s the one my wife and I deal with for our car. I don’t know who these guys are. I don’t particularly care about their personalities, but I made sure that the dealership we dealt with… We knew who they were and they knew who we. We had certain priorities. We have certain needs. We like working with certain types of people. My doctors, my accountants, we interviewed them. I look for is this is a personality I can work with? Are you someone who makes me feel comfortable? Can I trust you? In everyone you going to meet, unless they’re a psychopath or a scam artist, is properly credentialed. They have the certificate. I have never gone to my doctor and said, “Show me all your credentials. Let me double check your credentials.” I could if I wanted to but have never had to go that far. First step is check that. I know when someone’s trying to pull a fast one on me. I know when the salesman is trying too hard. I say, “thank you very much but I’m not interested.” I’m not a hard salesman. I’m not an aggressive one. I don’t like to sell aggressively. I don’t settle aggressively. And I don’t like used-car salesman.
Dave: Now you talk about other things other than just IT. Now at a point where we just decided we are going to hire. What is the best value can get to your IT. I mean, talking to you, obviously there’s so many different avenues you can take to help the business. When you’ve got your IT, what are some the first things they should do for your business?
Raj: Each business is unique. In our practice, our baselines are only going to new clients and having agreement. The first thing we do is we document everything. We document on things you have, all your vendors, all your contract numbers, and we present our clients with a nice report, which can be five pages. It could be 90 pages. It all depends on who we are and what we have been asked to do for them. But the first thing we do for them is: here is the Bible. Here is one document listing everything that touches your company from the phone company, to the fax machine, copier, to the voice over IT, you name it. If you give them a dollar or a service you, they are in our documents. Second thing we do is my guys will then go in based on this document and put out the fires. They will deal with the virus, deal with the updates, identify which machines in which people need upgrades in the next three months, six months, nine months, two years. It all comes down to what they does his business, but their value is to the business, what their paying points are. What my guys do in that portion of the task, I talk with the business owner or the COO. I ask, “What are your challenges? Forget about the technology. What are your challenges?” For example, one of our favorite clients is an insurance broker firm. They are really good at what they do. If you need insurance about long-term care, these are one of the best in the industry. They are very, very good. Their business challenges was that their marketing had 150 things on it. These are all the meetings they want to go to this year. These are all the breakfasts and lunches and dinners they wanted to go to and invite people to. That’s a very, very packed marketing calendar. How you doing on it? Well, the truth is, it’s on the calendar but some of these things don’t get done because we are shorthanded like everybody else. They all scrambled to last-minute to invite people to their breakfasts, lunches, dinners, all that stuff. So once we fix the firewalls, patches, and the upgrades, we brought them into a sense of stability. I went to work with her on the marketing program. We ended up implementing three different technologies. All fairly easy to use. One lets her plan a year’s worth of meetings and send the invites to the meetings in four hours of work. In four hours, they are done for the quarter. Another one lets them send greeting cards and gifts to their clients: the clients, clients, and prospective clients at a click of a button. There’s a great company out of Utah called Send Out Cards. We are a customer. We recommend them to a lot of our clients because they make thanking people very, very easy. So we educate our clients on how to use Send Out Cards to do some really good low-cost client marketing.
Dave: Speaking of marketing, it’s obvious that when you moved into talking about marketing. So what are some of the issues out there concerning social networking, using mobile phones, iPads, tablets, and different technologies? What are some of the problems that may not be realized right now while using these technologies? And yet, what are some of the advantages? You went as far as to even mention in your book, and I won’t give away the little secret that’s been there, but just the simple fact of the hundreds of business cards that we all have. You get right down to that little detail of how to use it to your advantage. It’s not just a pile of cards anymore, so let’s talk about some of those technologies, the cloud, and just what is available for the small business or small to medium-sized business owner that they could take advantage of? But at the same time, should be aware that with all this new technology, we may not see it now but eventually it’s going to be misused somehow or there’s always that other side to everything that we see come out.
Raj: Okay so you are talking about two or three different things again. One is the security challenges of social media and new technology and that’s a separate conversation. We are just talking about dealing with small businesses. Yes, I’m a security expert and I’ve talked about security compliance and challenges. When I talk to clients and say yes, do things a secure manner, but long before we talked about technology and social media and all that mobile marketing stuff. Let’s look at number one. Most small businesses I’ve dealt with don’t even have a clue who their customers are. They don’t have a current list of ‘here’s all our customers, here’s all their employees, here’s their contact information’. And before you go into social media and blogging and Twittering and Facebooking, if you want to grow your business, go through your invoices, emails, QuickBooks, and make a spreadsheet of everyone you’ve done business with in the last 2 years. Whether they’re a client or a vendor. If they’re a client of yours, who else works in the company? Make a list of the people you deal with. And then start approaching them in the way they want to be approached. Most people like it in an email. It’s easy to get. It’s easy to ignore. It’s easy to delete. Maybe the best thing you need to do for your business is actually have a breakfast or lunch meeting with your clients. I have some clients who absolutely refuse to use email. I send them an email. Three months later, they’ve just not opened it. Some don’t like phone calls, don’t like emails. They like getting together face-to-face. I have clients I see on a monthly basis just to say hello because that’s just the way they’re wired. They like doing business in the flesh. All right? So, Dave, I’m here. How are things? How are my people doing? Great. What can I do for you today? Oh, nothing. How are the kids? How is the dog? How are the fish? Five minutes later. Oh, can you take a look at this thing? And next thing you know, we’re having a 2 hours conversation about whatever’s challenging them. So the security we will deal with. The security of your business is something you should devolve the responsibility with your security consultant, your IT guy, and your lawyer. The marketing of your business…You can also delegate that to your assistant, to your secretary, or somebody else. The strategy of your security, the strategy of the remarkable still belongs on your desk. So I work with business owners to help develop a strategy and then will find low-cost, no cost, or cost-effective vendors and resources to implement.
Dave: So after writing your book, I’m sure you’ve had many chances to discuss it as you are now. Are there any things that float to the top to be critical points of interest more than others that you bring on the book?
Raj: Not really. The most common comment I got was, ” Wow, you can write it. I didn’t know that.” Neither did I. Until I move the book I didn’t know I could write about. The second most common joke I get is that there’s a ghostwriter. I found him on Google someplace. On a serious note though, what I’m finding is a lot of attorneys who read the book go,” oh my God. When you my office?” No, why do you say that? You are describing my practice. I’ve had a lot of attorneys and some accountants read the book that they were gifted or somebody thought to send it to them go,” when were you in my office?” Because what were describing in the book is the inner workings of a lot of small businesses. What I offer in there is some advice and strategies that have worked for us, that are working for our clients, and doing gangbusters.
Dave: They are not good. They are great practices and tips. Anybody that is in business should preface just to be aware of what’s around them. You have such a great perspective on how to approach your business on a personal level. Is there anything that you wish he would’ve added in the book? Sure there’s a lot of things we didn’t get to put in but is there anything that comes to mind that you wish you would’ve added that he did not get in there?
Raj: There are so many things I wish I have added into the book then I probably would still be working on it and it would be 10,000 pages. Here’s the thing that I learned and I hope the subtext to the book and it’s maybe an issue I should have made clearer… Is have great ideas, have great plans but don’t fall in love with them. Do you have a business owner has to have the ability to go, “That is it, you are done, let’s move on to task number two.” There came a time when I could have sat there and spent another three months working on the book, adding a chapter, defining words, but I literally said that’s it, I’ve had enough, I am done, stick a fork in it, now let’s move on to phase number two. The book is written though so let’s get it designed and printed and see how it does on the market. I am certainly looking on my second book. The contract is going to get signed this week. It’s a more security compliance focused book. The first book is designed personal business owners regardless of industry. The second one is really for folks in health care would HIPPA compliance basis. And I’m going to get in a lot more history of the laws and regulations that we have today. But the most important thing that taken away from the book and a lot of the things I’ve done is: you cannot fall in love with your ideas. You cannot fall in love with perfection otherwise you’ll never get done. Good enough is better than good enough. Good enough is great.
Dave: that’s good advice because too often if you are anywhere close to being a perfectionist, it’s hard to say it is good enough, let it go. You can build on that later. Talk a little bit then about to cloud and maybe some of the issues that we might be facing there. And who is a good customer for the cloud? And then who isn’t? And then talk about some of the security issues.
Raj: Okay so first I will define what the cloud is. The cloud is when you take your information, your data, and you trust them to third-party companies around the world. And by extension your trusting their vendors and their vendors and their vendors. All the way down the rabbit hole. Bottom line: you are trusting your data and your business to a third party. It’s no different than hiring an accountant, lawyer, and IT consultant. The first question you have to ask yourself is: what are you outsourcing, what are you delegating to others? And secondly, can you trust them? Most people don’t have the conversation with themselves or their advisors. They find some new tool and an airline magazine where they read about it in Time or they see on TV or something. And everybody goes: I’m going to use Drop Box. I’m going to use Amazon. I’m going to use Gmail. And it a lot of technology companies have started marketing new cutting edge tools with the same tactics and mentality they’ve used to market cars and luxury clothing. I remember when technology marketing was pretty boring and funny, like the old IBM advertisements or the RadioShack advertisements. It was about geeky stuff. Today, you look at a new computer advertisement and you can tell what they are selling: computers, cars, or high-end vodka. And that applies to a lot of new-media tools. Or social media tools. So when it comes to the cloud, I can tell use what are some businesses who are not right for the cloud. If you are a small medical practice, a legal practice, an accounting firm, you are a law firm, you probably do not want to go to the cloud. The technology is fantastic but the laws are against you and if you do go to the cloud…well, whether you go to the cloud or not, the responsibility is on you. But going to the cloud only makes your liability larger. Good candidates for the cloud? Start-ups. If you’re a new firm with a new idea…if you’re only a one-person law firm and you’ve got nothing to lose…fine, go to the cloud. It’s cheaper than anything else out there. It’s better than nothing, but if you’re an established business, be very careful. And even in the cloud, like everything else in life, you can buy security, you can buy privacy, you can buy compliance or you cannot buy them. It all comes down to your budget and how much homework you’ve done. We’ve got some large clients using the cloud very effectively, securely, they’ll almost never have a problem. But they’ve spent a lot of time, money, and done their homework correctly. Commercially, we meet a lot of prospects who are using the cloud willy nilly who are going to get into a world of hurt. And if it’s not the compliance that’s going to get them in trouble, it’s when the cloud vendor pulls the rug out from under their feet and goes out of business or ends up selling their assets or just goes down. No cloud vendor is 100% safe and secure.
Dave: I agree with that. It makes a lot of sense and it’s good to know. It’s good information just like your book, and it goes into some detail about the cloud and different things. [Audio cuts out at 43:27] about the cloud and the fact that attorneys and medical professions should really consider that. And you pointed out how the Patriot Act effected that and the reasoning behind that, and I think that’s probably what you had in mind when you said that. So how does the Patriot Act and maybe you can talk a little bit about that for our listeners…how does that effect what you were just saying?
Raj: Sure. So the Patriot Act was passed right after 9/11, and it was marketed to the US public and to a lot of senators as the tool that the US government needed to fight terrorism. One of the provisions of the Patriot Act is called the National Security Letters Act. It really expanded the powers that are given to FBI agents. In the old days, if they wanted to do surveillance, wire tapping, data on you, they’d have to go to a judge, get a subpoena or otherwise prove with a much higher threshold why you need to be monitored. Post 9/11, any FBI agent can print out a national security letter, sign it, and give it to your providers and say, “I want all the data on this person.” Or after the occupy Wall Street movements, NYPD literally said to all the phone carriers, “Give us all the cell phone data on every cell phone within this zip code, within these areas.” So whether you were a protester, employee working in a building nearby or a tourist visiting the neighborhood, if you were neat occupy Wall Street, all your cell phone data (who you called, your location, who called you, your text message, all that) is now property of NYPD and dozens of other government agencies. And where the cloud comes into play and becomes a real problem is the National Security Letter section of the patriot act which says the government an go to a 3rd party provider and say, “Give me all the data you have on Dave Ballard. Give me a copy of anything you have on your servers of all of your customers. And by the way, you can’t tell them you gave us this data.” because a lot of the cloud companies are American corporations, if you host your data outside of the US for compliance reasons… because you have European customers, you’re using a European cloud, or you’ve got Asian customers or foreign customers, or you’re using the Singapore cloud… If your provider is American, then your data and foreign jurisdiction is all subjected to the Patriot Act. Microsoft, Google, and Amazon have gone on record as saying that even though they’ve built their Europe and Asian data centers to comply with local privacy laws, if they are served with a national security letter under the Patriot Act, they will give the US government any and all information the US government asks for from the data centers worldwide. The Irish ministry warned their colleagues last year or 18 months ago not to use any American-based cloud provider, so it doesn’t matter what the domain is at the end of the cloud. Amazon.eu, it doesn’t matter. If the company is American owned or if the data is transferred to American data networks, and most of the world’s traffic still does, then your data is still subject to the government with no notice to you by your vendors.
Dave: That’s a lot to think about, isn’t it? It’s hard to imagine but that’s the whole thing about information security. It’s all out there, and there’s such a database on every one of us. At one point do you go, “Okay, forget about it. I can’t keep up with it. Everybody knows everything they want to know about me” So do I just stop worrying about it? Or do I say no? Do you take a stand and try to keep it as best you can? You’re almost throwing up your hands because there’s so little that you can do sometimes.
Raj: Well, I don’t advocate living in a state of fear, a state of paranoia. I do believe in being informed and paranoid but not catatonically afraid to do anything. I have smart phones, my whole family has computers, our clients have computers. If they didn’t, I’d be out of a business. And I don’t say, “Be paranoid.” I don’t say, “Let this stop.” I do say, “You need to be informed. You should be informed of what laws apply to you because at some point, you’re going to get sued, you’re going to sue somebody, you’re going to end up in court. And ignorance of the law is not a defense.” If you don’t know that everything on social media is legally public data and your employee posts something that gets your company sued, it’s too late to go, “I didn’t know.” If you didn’t know that if your kid posts a picture on tumblr or on a Facebook they’re having in Tahiti while going to Fiji and it just destroys your $2.7 million a year security budget, it’s not the kid’s problem. It happened to Michael Dell. His company spent $3 million a year protecting his family. And his son put up a photo of a breakfast he was having before leaving on the trip to Fiji and his daughter tweeted details about a wedding reception she was attending. So the $3 million they spend each year body guarding the family just got shot to pieces by his kids. Ignorance is not a defense.
Dave: And that happens more than not. It’s the individual mistakes that break the system and the fact that maybe that’s a good transition into when you’re dealing with employees and you’re dealing with who owns the information or the message that are being posted. Why don’t you talk a little bit about that? About the security that an employer should think about when hiring employees and what kinds of rules should be in place regarding the use of the technology of the business.
Raj: Well, for starters, every business should have a written security policy. If you don’t have one, have one built for you. If you have any questions, you can always email me: Raj@brainlink.com. There are a lot of templates out there but like any template, you really have to tailor them to your business. Your attorney can help you draft one, I can help you draft one. You should have a written busies security policy. If you’re in healthcare or law, it’s required that you do that anyway. Secondly, when it comes to employees at minimum, have quarterly refreshers. I’m not talking about a boring, all-day meeting where everybody goes in there, checks their iPhones and plays Angry Birds. Have a one-hour breakfast meeting. What’s going on? What did we learn? What did we encounter? What can we do to serve our clients better? What new tools should we be using? What practices should we not be using. Oh and have you changed your passwords lately? Having a written policy is required for a bunch of industries. It’s just a damn good idea because it will help you as a business owner understand what you’re authorizing your employees to do, what you’re not authorizing employees to do. If your policy doesn’t say ‘we allow tweeting from work or Facebook from work’, and your employees are tweeting and Facebooking, you’ve got 2 options. Either update those policies to allow those tools because they make sense for you. Or advocate employees not to do them because they’re against the policy that they signed, or find a better use for these employees.
Dave: Going back to when we were talking about the Patriot Act, the cloud, and the issues there, and the fact that sometimes we might be paranoid but a good paranoid. What are some of the things that you yourself personally put your foot down and would not allow to happen? And would voice a strong opinion against?
Raj: Well, the first thing is I’ve got 2 young kids. They are not allowed to Facebook. My wife and I don’t use Facebook at all. The rule in the house is our kids will get social media accounts when they’re old enough to drive, when we can trust them with our car keys. To our extended family, some are on Facebook and Gmail. We personally do not. I know that I’m probably fighting a losing battle with Facebook and social media, but someone’s got to do it. If I have problems with adults using those technologies, I have a problem with kids using them because the kids don’t know what they don’t know, and kids don’t know they’re giving up their lifetime of privacy rights for the sake of a funny tweet or a funny post. Or because it seems like a good idea at the time. So my foot is strongly down on social media for children. We don’ monitor and surveillance our kids. I think we’ve done a good enough job of raising our kids. I don’t monitor and surveillance my employees because I think I’ve done a good enough job of training my employees, and I trust them. But we do have regular conversations about what we’re doing, using, and we can keep an eye our for our kids and they know if there’s something funny on screen to go find mommy or daddy and we’ll see what’s going on.
Dave: I couldn’t agree more with that. At the end of the show, we’re getting to that point where I’d like to before ask you about the Cyberhood Watch magic one, and you’ve had this before… What are some of the thoughts that you would like to leave our audience today with in closing? And then after that, I will ask you the 2-part Cyberhood Watch magic one question.
Raj: I’d like to leave the listeners with: you and I are living in one of the most amazing times in history. Right now is a great opportunity, whether you want to double your business, triple your business in the next 18 months or just go on more vacations. You and your kids and your community have more information and more tools and more wealth than the emperor’s dreamed of. No emperor in history has had as much power as you have today with Google and Facebook and Twitter and just the Internet. No one else has had much power as you do today sitting in your wallet. So take a minute and be grateful for all the great things that you do have, and then make a list of what you want. Make a list of the experiences you want to have. Go take your vacations with your kids. Go take vacations with your spouse. Go disconnect for a while. Go read a book you’ve been wanting to read. Stop putting things off because you’re too busy working. The work will take care of itself. If you really want to grow your business, read the book, give me a call, let’s have a conversation. If I can help you, I certainly will. If I can’t, I’m sure I can refer to some other people in your neighborhood who are far better at these things than I am.
Dave: That’s pretty much a good Cyberhood Watch magic one answer. Tell us where our listeners can find the book and get it.
Raj: The book is on Amazon. If you go to Amazon and search ‘Raj Goel’, the book is online there. If you go to our website, branklink.com, the link to the book is there. The book is available online. Amazon has it in stock. Do not buy a used copy somebody is selling for $50. The list is $30. Pay the list price. For whatever reason, Amazon is currently out of stock for a week or 2. Place the orders. When the shipment from the publisher arrives, they will ship them to you. So read the book if you’d like. But if you don’t read my book, that’s fine. There are a couple of other books I recommend you read as well. Get Things Done in a Four-Hour Work Week. That’s a great book. The title wows you because you think the title is lying, but it’s a great book on how to get control over your life and how to have fun doing it. It has helped me a lot. It has helped my clients a lot. I make it reading for all my employees. If you’re going to be interviewed here, you have to read the book. Not mine but The Four-Hour Work Week. You can read mine. It’ll get you more brownie points. But you have to read that book.
Dave: That’s a great example of why I think you are, without a doubt, one of the most unique IT people that I’ve come across. The Four-Hour Work Week, not many people as ITs would be aware of that book. You have such great ideas and real solid tips that I would really highly recommend people to get to your book. Again, it’s The Most Important Secrets to Getting Great Results From IT: Everything Your Computer Consultant Never Told You. Thanks again, Raj. It’s always a pleasure having you back on the show, and I look forward to talking again. Actually, when your next book comes out.
Raj: Hopefully we’ll talk long before then because the next book might take me 6 or 9 months to produce. I’ve got to do a lot more legal research, and my staff is going crazy checking citations and references. The law is a funny, ugly beast and having to quote the case laws correctly….thank God for interns.
Dave: Ouch. That’s a labor of love.
Raj: It’s a labor all right.
Dave: Well, thanks again, Raj, and we will. We’ll have you back on again, and we’ll talk about the current issues and some more of technology because it’s always moving fast. It’ll actually probably change by the time you’re back.
Raj: They’ve already changed in the time we were on this conversation.
Dave: There you go. Thanks, Raj.
Raj: Thanks, Dave.
Dave: Bye, everybody.