bureaucracybusters

Posts Tagged ‘BUSINESS’

THE GOOD NEWS IN THE ASHLEY MADISON SCANDAL

In Bureaucracy, Business, Law Enforcement, Social commentary on August 26, 2015 at 9:50 am

It’s the nightmare-come-true for corporate America.

Name-brand companies, trusted by millions, hit with massive data breaches.

And with a series of keystrokes, the most sensitive financial and personal information of their employees and/or customers is compromised.

Among those companies:

  • Target
  • Kmart
  • Home Depot
  • JPMorgan/Chase
  • Staples
  • Dairy Queen
  • Anthem, Inc.
  • Sony Pictures
  • Primera Blue Cross
  • U.S. Postal Service

Click here: Data Breach Tracker: All the Major Companies That Have Been Hacked | Money.com

And as of July 15, Ashley Madison joined this list.

Ashley Madison is, of course, the notorious website for cheating wives and husbands.

Launched in 2001, its catchy slogan is: “Life is short.  Have an affair.”

One of its ads featured a photo of a woman apparently kneeling at the feet of a bare-chested man, her hand passionately clawing at his belt.  Next to her was the caption: “Join FREE & change your life today.  Guaranteed!”

Ashley Madison - Ashley Madison Agency

Ashley Madison claims to have more than 37 million members.  And now, untold numbers of them may find their lives changed forever.

Its hackers were enraged at the company’s refusal to fully delete users’ profiles unless it received a $19 fee.

Referring to themselves as “The Impact Team,” they stated in an online manifesto: “Full Delete netted [Avid Life Media, the parent company of Ashley Madison] $1.7 million in revenue in 2014.  It’s also a complete lie.

“Users almost always pay with credit card; their purchase details are not removed as promised, and include real names and address, which is of course the most important information the users want removed.”

On July 20, Avid Life Media defended the service, and said it would make it free.

Adultery-dating website Ashley Madison hacked

The hackers demanded: “AM [Ashley Madison] AND EM [Established Men] MUST SHUT DOWN IMMEDIATELY PERMANENTLY.

“We have taken over all systems in your entire office and production domains, all customer information databases, source code repositories, financial records, emails.

“Shutting down AM and EM will cost you, but non-compliance will cost you more.”

The hackers threatened to “release all customer records, including profiles with all the customers’ secret sexual fantasies and matching credit card transactions, real names and addresses, and employee documents and emails.”

Avid Life Media assured its customers that it had hired “one of the world’s top IT security teams” to work on the breach:

“At this time, we have been able to secure our sites, and close the unauthorized access points. We are working with law enforcement agencies, which are investigating this criminal act.”

This statement gives new meaning to the phrase, “Closing the barn door after the cow has gotten out.”

And it raises the question: Why wasn’t this “top IT security team” hired at the outset?

After all, its database is a blackmailer’s dream-come-true. Yet apparently its owners didn’t care enough about the privacy of their customers to provide adequate security.

On August 18, the hackers began releasing their pirated information.

As usual during a corporation’s data breach, Ashley Madison issued a reassuring statement: “We are working with law enforcement agencies, which are investigating this criminal act.

“Any and all parties responsible for this act of cyber-terrorism will be held responsible.”

Eight of those customers (so far) have decided to hold Ashley Madison responsible. They have filed lawsuits against the company in California, Georgia, Minnesota, Missouri, Tennessee and Texas.

They seek class-action status to represent Ashley Madison’s 37 million users.

The lawsuits claim negligence, breach of contract and privacy violations. They charge that Ashley Madison failed to take reasonable steps to protect the security of its users, including those who paid the $19 fee to have their information deleted.

If they win–and force the owners of Ashley Madison to pay up big-time–this could set a precedent for lawsuits by other victims of such data breaches.

An October 22, 2014 “commentary” published in Forbes magazine raised the highly disturbing question: “Cybersecurity: Does Corporate America Really Care?”

And the answer is clearly: No.

Its author is John Hering, co-founder and executive director of Lookout, which bills itself as “the world leader in mobile security for consumers and enterprises alike.”

Click here: Cybersecurity: Does corporate America really care?

“One thing is clear,” writes Hering. “CEOs need to put security on their strategic agendas alongside revenue growth and other issues given priority in boardrooms.”

Hering warns that “CEOs don’t seem to be making security a priority.”  And he offers several reasons for this:

  • The sheer number of data compromises;
  • Relatively little consumer outcry;
  • Almost no impact on the companies’ standing on Wall Street;
  • Executives may consider such breaches part of the cost of doing business.

“Sales figures and new products are top of mind,” writes Hering. “Shoring up IT systems aren’t.”

The key to sharply reducing data breaches lies in holding greed-obsessed CEOs financially accountable for their criminal negligence.

Only then will their  mindset of “We don’t care, we don’t have to” be replaced with: “We care, because our heads will roll if we don’t.”

DATA SECURITY BREACHES: “WE DON’T CARE, WE DON’T HAVE TO”: PART TWO (END)

In Bureaucracy, Business, History, Law, Law Enforcement, Social commentary on July 21, 2015 at 9:35 am

It’s become as routine as the robbery of the corner liquor store.

Name-brand companies, trusted by millions, hit with massive data breaches that compromise their customers’ and/or employees’ most sensitive financial and personal information.

Among those companies:

  • Target
  • Kmart
  • Home Depot
  • JPMorgan/Chase
  • Staples
  • Dairy Queen
  • Anthem, Inc.
  • Sony Pictures
  • Primera Blue Cross
  • U.S. Postal Service

Click here: Data Breach Tracker: All the Major Companies That Have Been Hacked | Money.com

And as of July 15, Ashley Madison joined this list.

Ashley Madison is, of course, the notorious website for cheating wives and husbands.

Launched in 2001, its catchy slogan is: “Life is short.  Have an affair.”

One of its ads featured a photo of a woman apparently kneeling at the feet of a bare-chested man, her hand passionately clawing at his belt.  Next to her was the caption: “Join FREE & change your life today.  Guaranteed!”  

Ashley Madison - Ashley Madison Agency

Ashley Madison claims to have more than 37 million members.

Calling themselves “The Impact Team,” hackers appear to be enraged at the company’s “full delete” service, which promises to completely erase a user’s profile and all associated data for a $19 fee.

“Full Delete netted [Avid Life Media, the parent company of Ashley Madison] $1.7 million in revenue in 2014,” the hackers were quoted as saying in an online manifesto.  “It’s also a complete lie.

“Users almost always pay with credit card; their purchase details are not removed as promised, and include real names and address, which is of course the most important information the users want removed.”

On July 20, Avid Life Media defended the service, and said it would make it free.

Adultery-dating website Ashley Madison hacked

The hackers demanded: “AM [Ashley Madison] AND EM [Established Men] MUST SHUT DOWN IMMEDIATELY PERMANENTLY.

“We have taken over all systems in your entire office and production domains, all customer information databases, source code repositories, financial records, emails.

“Shutting down AM and EM will cost you, but non-compliance will cost you more.”

The hackers threatened to “release all customer records, including profiles with all the customers’ secret sexual fantasies and matching credit card transactions, real names and addresses, and employee documents and emails.”

Interestingly, the hackers did not target the company’s “CougarLife” website, which caters to female members seeking “a young stud.”

Avid Life Media assured its customers that it had hired “one of the world’s top IT security teams” to work on the breach:

“At this time, we have been able to secure our sites, and close the unauthorized access points. We are working with law enforcement agencies, which are investigating this criminal act.”

This statement gives new meaning to the phrase, “Closing the barn door after the cow has gotten out.”

It’s almost comical, except for the fact that the marriages of millions of people are likely to be threatened by the release of such information.

And it raises the question: Why wasn’t this “top IT security team” hired at the outset?

A website offering cheating services to those wealthy enough to afford high-priced fees is an obvious target for hackers. After all, its database is a blackmailer’s dream-come-true.

This latest breach comes about two months after a similar dating site, Adult FriendFinder–with an estimated 64 million members–was hit with a similar attack.

Again, it was clear that a site like this would be a prime target for those seeking information for blackmail. Yet apparently its owners didn’t care enough about the privacy of their customers to provide adequate security.

“Without question, this is incredibly valuable information,” said J.J. Thompson, founder and chief executive of Rook Security, an IT security firm.

“[Ashley Madison’s customers] are now vulnerable to a significant secret.”

As usual when a corporation’s data breach occurs, Ashley Madison issued a reassuring statement: “We are working with law enforcement agencies, which are investigating this criminal act.

“Any and all parties responsible for this act of cyber-terrorism will be held responsible.”

Brave-sounding words.  But if the hackers make good on their threat, many prominent men in business and politics may soon find themselves facing expensive divorces.

And if that happens, at least some of them may well decide to take out their anger and embarrassment on the websits that assured them that the highly private information they shared was “100% secure.”

That could set a precedent for lawsuits by other victims of such data breaches. Which, in turn, could force profit-obsessed corporations to responsibly protect the highly sensitive information entrusted to them.

There is an important lesson to be learned from this latest disaster.

“Stuff that’s online is pretty much not private, no matter what you might hope or think or wish for,” said Geoff Webb, senior director of solution strategy for security management firm NetIQ.

Old records, like transactions and account details, remain in company databases long after you’ve deleted an account, he said, because the company needs them for tax and other business purposes.

“There used to be an old saying that everybody ends up naked on the Internet at some point,” said Webb.

Although that was meant figuratively, patrons of websites like Ashley Madison could soon find it applying literally.

DATA SECURITY BREACHES: “WE DON’T CARE, WE DON’T HAVE TO”: PART ONE (OF TWO)

In Bureaucracy, Business, Law, Law Enforcement, Social commentary on July 20, 2015 at 12:20 pm

Comedian Lily Tomlin rose to fame on the 1960s comedy hit, Rowan & Martin’s Laugh-In, as Ernestine, the rude, sarcastic switchboard operator for Ma Bell.

She would tap into customers’ calls, interrupt them, make snide remarks about their personal lives.  And her victims included celebrities as much as run-of-the-mill customers.

Lily Tomlin as Ernestine

She introduced herself as working for “the phone company, serving everyone from presidents and kings to the scum of the earth.”

But perhaps the line for which her character is best remembered was: “We don’t care. We don’t have to. We’re the phone company.”

Watching Ernestine on Laugh-In was a blast for millions of TV viewers.  But facing such corporate arrogance in real-life is no laughing matter.

Clearly, too many companies take the same attitude as Ernestine: “We don’t care.  We don’t have to.”

This is especially true for companies that are supposed to safeguard their customers’ most sensitive information–such as their credit card numbers, addresses, emails and phone numbers.

An October 22, 2014 “commentary” published in Forbes magazine raised the highly disturbing question: “Cybersecurity: Does Corporate America Really Care?”

And the answer is clearly: No.

Its author is John Hering, co-founder and executive director of Lookout, which bills itself as “the world leader in mobile security for consumers and enterprises alike.”

Click here: Cybersecurity: Does corporate America really care?

October, 2014 proved a bad month for credit card-using customers of Kmart, Staples and Dairy Queen.

All these corporations reported data breeches involving the theft of credit card numbers of countless numbers of customers.

Earlier breaches had hit Target, Home Depot and JPMorgan/Chase.

And on February 5, 2015, health insurance giant Anthem Inc. announced that hackers had breached its computer system and accessed the medical records of tens of millions of its customers and employees.

Anthem, the nation’s second-largest health insurer, said the infiltrated database held records on up to 80 million people.

Among the customers’ information accessed:

  • Names
  • Birthdates
  • Social Security numbers
  • Member ID numbers
  • Addresses
  • Phone numbers
  • Email addresses and
  • Employment information.

Some of the customer data may also include details on their income.

Click here: Anthem hack exposes data on 80 million; experts warn of identity theft – LA Times

Bad as that news was, worse was to come.

A February 5 story by the Wall Street Journal revealed that Anthem stored the Social Security numbers of 80 million customers without encrypting them.

The company believes that hackers used a stolen employee password to access the database

Anthem’s alleged reason for refusing to encrypt such sensitive data: Doing so would have made it harder for the company’s employees to track health care trends or share data with state and Federal health providers.

Anthem spokeswoman Kristin Binns blamed the data breach on employers and government agencies who “require us to maintain a member’s Social Security number in our systems so that their systems can uniquely identify their members.”

She said that Anthem encrypts personal data when it moves in or out of its database–but not where it  is stored.

This is a commonplace practice in the healthcare industry.

The FBI is now investigating the hack.

According to an anonymous source, the hackers used malware that has been used almost exclusively by Chinese cyberspies.

Naturally, China has denied any wrongdoing.  With a completely straight face, Chinese Foreign Ministry spokesman Hong Lei said:

“We maintain a cooperative, open and secure cyberspace, and we hope that countries around the world will make concerted efforts to that end.”

He also said that the charge that the hackers were Chinese was “groundless.”

Click here: Health Insurer Anthem Didn’t Encrypt Stolen Data – WSJ

Meanwhile, John Hering’s complaints remain as valid today as they did last October.

“One thing is clear,” writes Hering. “CEOs need to put security on their strategic agendas alongside revenue growth and other issues given priority in boardrooms.”

Hering warns that “CEOs don’t seem to be making security a priority.”  And he offers several reasons for this:

  • The sheer number of data compromises;
  • Relatively little consumer outcry;
  • Almost no impact on the companies’ standing on Wall Street;
  • Executives may consider such breaches part of the cost of doing business.

“There’s a short-term mindset and denial of convenience in board rooms,” writes Hering.

“Top executives don’t realize their systems are vulnerable and don’t understand the risks. Sales figures and new products are top of mind; shoring up IT systems aren’t.”

There are three ways corporations can be forced to start behaving responsibly on this issue.

  1. Smart attorneys need to start filing class-action lawsuits against companies that refuse to take steps to protect their customers’ private information.  There is a name for such behavior: Criminal negligence.  And there are laws carrying serious penalties for it.
  2. There must be Federal legislation to ensure that multi-million-dollar fines are levied against such companies–and especially their CEOs–when such data breaches occur.
  3. Congress should enact legislation allowing for the prosecution of CEOs whose companies’ negligence leads to such massive data breaches. They should be considered as accessories to crime, and, if convicted, sentenced to lengthy prison terms.

Only then will the CEO mindset of “We don’t care, we don’t have to” be replaced with: “We care, because our heads will roll if we don’t.”

FEAR WORKS: PART TWO (END)

In Bureaucracy, Business, Law, Self-Help, Social commentary on April 21, 2015 at 12:43 am

Ralph bought a computer security program from SUX.  But then he found he couldn’t download it.

So he contacted the company—whose customer service representative told him: You’ll have to buy another of our products to make the first one you bought work properly.

At that point, Ralph had had enough.

He sent SUX an email via its own website, outlining his problem and asking that the $60 charge on his credit card be removed.

Six days later, Ralph called his credit card company, to see if SUX was still charging him for an item he hadn’t received.

It was.

It was time to play Machiavellian hardball.

Ralph once again dialed SUX to speak to one of its customer service reps.

Calmly–but firmly–Ralph identified himself, then quickly summarized the problem he was having with the company.

Then he said:

“I suggest you contact someone in management and tell them this: I want this charge off my credit card in 24 hours.  If it isn’t, here’s what’s going to happen:

“One: I’m going to file a criminal complaint with the local office of the United States Attorney [Federal prosecutor] for fraud against your company.

“When a company does business in more than one state, that brings it under Federal jurisdiction.  And there are Federal penalties for charging people for products they didn’t receive.

“Two, I’m going to make this situation very well known on social media sites.  That’s going to cost you bigtime on future customers.

“Again, I’ll wait 24 hours.  Pass this on to your management.”

Then he hung up.

Slightly more than 24 hours later, Ralph got this email from SUX:

“Thank you for ordering from SUX.  At your request a return has been initiated.”

In short: The charge would be removed from his credit card.

There are several important lessons to be learned here.

First, before you call to complain, make sure the product isn’t working.

Read the instructions carefully and follow them to the letter.

If you can’t understand the instructions, or if you feel you do and the product still isn’t doing what it’s supposed to do, call the company.

Second, when you reach the customer service rep, be patient and polite.

At best, getting angry and offensive wastes valuable time which could be better spent outlining the problem you’re having.

At worst, the tech might hang up on you, which means you’ll have to go through the whole telephone-tree exercise again.

Third, explain precisely what has gone wrong.  If the tech gives you instructions on how to resolve the problem, follow them to the letter.

Fourth, if you’re sure you want to return the product, say so.

Find out the company’s preferred way to do this.

Fifth, if you’ve paid for it by credit card, state that you want the charge removed from your bill.

You may have to wait until the company receives the product before they take the charge off your bill.  To make sure they get it, send it signed-receipt-requested.

Sixth, wait five to ten days to see if your credit card has been charged. 

Ralph waited six, which is a reasonable number.

Seventh, if the problem hasn’t been resolved, call the company again and ask to speak to someone on its corporate headquarters—the higher up, the better.

You can often find out the names of the top executives of a company by checking its website.  Or by going to a business-rating website, such as that of Standard and Poor’s.

Eighth, be polite but businesslike as you outline your problem.

If you can’t outline it in one or two minutes, ask for an email address where you can send a detailed email.

Ninth, state clearly what you want the company to do for you.

Often, people get so angry at the frustration they’ve endured that they forget to say what action they want the company to take.

Tenth, if the company rep makes it clear they won’t take back the product, give you a substitute, or refund your purchase, it’s time to play hardball.

Eleventh, if you believe the law has been broken, say so. 

And say which agencies you intend to contact—such as the local District Attorney’s Office, Federal Trade Commission, United States Attorney or Federal Communications Commission.

Twelth, have at least one or two consumer complaint websites ready to cite—and contact.

A

Among these:

Businesses fear bad consumer reviews–especially on Yelp! and Facebook.

When I once visited a local animal shelter, a receptionist told me: “If you have a problem with something, please see me.  Don’t go home and post it on Yelp!

Thirteenth, tell the company official what action you intend to take unless your demands are met. 

Offer a deadline by when you expect that action to be taken.

Fourteenth, if that doesn’t prove enough, consider filing a private lawsuit.

FEAR WORKS: PART ONE (OF TWO)

In Bureaucracy, Business, Law, Self-Help, Social commentary on April 20, 2015 at 12:13 am

So you’ve just bought something online, with a credit card–and the item never arrives–or proves defective.

Even worse, the online company insists on charging your credit card for the item.

What to do?

Here’s what a friend of mine–Ralph–recently did when he faced just that problem.

One night, while surfing the Internet, he saw an ad for a new computer security product.  For him, its biggest selling point was: “Make yourself invisible to the bad guys with just one click.”

An even stronger selling point for him: The product was being offered by SUX, the company whose anti-virus software he had subscribed to for the last three years.

And, so far, he had never had any trouble with the company.

SUX offered several options for subscription:

  • One month
  • One year
  • Two years

Ralph decided that one month was too short, and two years were too long.  He chose a one-year subscription, intending to renew at the end of the year if he liked it.

He typed in his credit card number and clicked on “Download.”

Soon afterward, he received an Order Confirmation email from the company, outlining the product he had just purchased and the amount he had just paid for it.

He then got into the anti-virus security item on his desk.  A few clicks later a new screen popped up–and the message: “Disconnected.”

Even worse, the screen warned: “Your license has expired.  Renew now.”

The product he had just paid $60 to download hadn’t downloaded.

So Ralph called SUX–and explained to a technician what had happened.

And the tech responded: “We don’t offer phone support for that product.”

Nothing Ralph said could elicit the help he needed.  Furious at the man’s arrogance, Ralph hung up.

To avoid accidentally reaching the same worthless technician, Ralph decided to wait several hours before again calling SUX.

When he did, he reached a technician who was willing to provide help.  The tech said that he would like to run a remote scan on Ralph’s computer to try to find out what was causing the problem.

Ralph agreed.

For the next five minutes he could see his cursor moving around his screen, as the tech checked first one file, then another.

Finally, the tech said that Ralph needed to “clean out” his computer before the SUX product he bought would work properly.

“OK, how do I do that?” asked Ralph.

“You need to buy our BS2U product,” said the tech.

Now Ralph was really steamed.

He had just spent $60 on a product he couldn’t download.  And the tech was telling him he had to spend even more money on a second product to make the first product work properly.

Ralph then said he wanted to contact someone in an executive positon at SUX.  But the rep said he would have to call outside the United States to do this.

Ralph hung up, then got back onto his computer and onto the SUX website.  He drafted a short but detailed message on the problems he was facing with one of the company’s products.

And it ended:

“Frankly:

(1) I am UNABLE to make use of the product I paid $60 for; and

(2) I am UNWILLING to pay MORE MONEY FOR ANOTHER PRODUCT in hopes that this will enable me to use the one I just purchased.

“Therefore, I am requesting that the credit card transaction I had with your company on —- be canceled.  If it is not, I will dispute this via my credit card company when I receive my next statement.

“To enable you to quickly locate this transaction in your files, I am enclosing the Order Confirmation Number:  #———-.

“I am making a copy of this email, so I can establish, if necessary, that I have notified your company that I am NOT receiving the product I paid for.

“I have already contacted my credit card company and informed them that I will contest this charge if your company does not make good on this refund.”

Six days later, Ralph called his credit card company, to see if SUX was still charging him for an item he hadn’t received.

It was.

Luckily for Ralph, he had been a longtime student of Niccolo Machiavelli, the father of political science.

Niccolo Mchiavelli

In The Prince, his treatise on how to gain and hold political power, Machiavelli raises the question: Is it better to be loved or feared?

And he answers as follows:

The reply is, that one ought to be both feared and loved, but as it is difficult for the two to go together, it is much safer to be feared than loved….

“Men have less scruple in offending one who makes himself loved than one who makes himself feared.  

“For love is held by a chain of obligations which, men being selfish, is broken whenever it serves their purpose; but fear is maintained by a dread of punishment which never fails.”

It was time to invoke the spirit of St. Niccolo.

HOW TO BE A SMARTER EXECUTIVE

In Bureaucracy, Business, History, Self-Help on March 13, 2015 at 12:08 am

“The man who builds a factory,” said President Calvin Coolidge, “builds a temple.  And the man who works there worships there.”

Many American corporate executives still feel about themselves–nd their employees.  But those heady days of knee-jerk worship of CEOs and their oversize salaries and egos are over–at least, temporarily.

Americans have reluctantly learned that the robber barons who rule Wall Street arenot God’s own elect.

Even Ayn Rand disciple Allen Greenspan, the former Federal Reserve chairman and a longtime champion of de-regulation, has admitted he totally underestimated the role greed plays in the making of financial decisions.

It’s thus time for Americans to demand wholesale reforms in the ways corporate executives are allowed to operate. And a good place to start is with the advice of Niccolo Machiavelli.

The Florentine statesman (1469-1527) wrote extensively about how bureaucracies truly work–as opposed to how people believe they do.

Niccolo Machiavelli

Consider the following from his book, The Prince, which offers instruction on how to attain and retain power:

  • IMITATE THOSE WHO HAVE ATTAINED GREATNESS: Not always being able to follow others exactly, nor attain to the excellence of those he imitates, a prudent man should always follow in the paths trodden by great men and imitate those who are most excellent….  If he does not attain to their greatness, at any rate he will get some tinge of it.
  • DON’T RELY ON LOVE:  …I conclude, therefore, with regard to being loved and feared, that men love at their own free will, but fear at the will of the prince, and that a wise prince must rely on what is in his power and not on what is in the power of others, and he must only contrive to avoid incurring hatred….
  • NEED TO BE PRACTICAL:  A man who wishes to make a profession of goodness in everything must inevitably come to grief among so many who are not good.  And therefore it is necessary for a prince, who wishes to maintain himself, to learn how not to be good, and to use this knowledge and not use it, according to the necessity of the case.
  • CAUTION AND BOLDNESS: A [leader]…must imitate the fox and the lion, for the lion cannot protect himself from traps, and the fox cannot defend himself from wolves.  One must therefore be a fox to avoid traps, and a lion to frighten wolves.  Those who wish to be only lions do not realize this.
  • SANCTIONS VS. FAVORS:  [Leaders] should let the carrying out of unfavorable duties devolve to others, and bestow favors themselves.
  • RISK AS A GIVEN: Let no [leader] believe that [he] can always follow a safe policy, rather let [he] think that all are doubtful.  This is found in the nature of things, that one never tries to avoid one difficulty without running into another, but prudence consists in being able to know the nature of the difficulties, and taking the least harmful as good.
  • A RULER’S SUBORDINATES: The first impression that one gets of a ruler and his brains is from seeing the men that he has about him.  When they are competent and loyal one can always consider him wise, as he has been able to recognize their ability and keep them faithful.
  • But when they are the reverse, one can always form an unfavorable opinion of him, because the first mistake that he makes is in making this choice.
  • EVALUATING COMPETENCE:  There are three different kinds of brains: the one understands things unassisted, the other understands things when shown by others, the third understands neither alone nor with the explanations of others.  The first kind is most excellent; the second is also excellent; but the third is useless.
  • OVERCOMING ONE’S OWN NATURE:  No man can be found so prudent as to be able to adopt himself to [time and circumstances], either because he cannot deviate from that to which his nature disposes him.
  • Or else because having always prospered by walking in one path, he cannot persuade himself that it is well to leave it; and therefore the cautious man, when it is time to act suddenly, does not know how to do so and is consequently ruined.  For if one could change one’s nature with time and circumstances, fortune would never change.
  • ENSURING LOYALTY:  A wise prince will seek means by which his subjects will always have need of his government, and then they will always be faithful to him.
  • CRUELTIES:  Well-committed may be called those…cruelties which are perpetrated once for the need of securing one’s self, and which afterward are not persisted in, but are exchanged for measures as useful to the subjects as possible.  Cruelties ill committed are those which, although at first few, increase rather than diminish with time.
  • FORTUNE: I think it may be true that fortune is the ruler of half our actions, but that she allows the other half or thereabouts to be governed by us.
  • I would compare her to an impetuous river that, when turbulent, inundates the plains, casts down trees and buildings, removes earth from this side and places it on the other; every one flees before it, and everything yields to its fury without being able to oppose it.  Still, when it is quiet, men can make provisions against it by dykes and banks, so that when it follows it will either go into a canal or its rush will not be so wild and dangerous.

MACHIAVELLI WAS RIGHT: DISTRUST THE RICH

In Business, History, Law, Law Enforcement, Politics, Social commentary on February 16, 2015 at 2:04 am

As Americans vacation their way through yet another observance of Presidents’ Day, it’s well to remember the man whose name defines modern politics.

In 1513, Niccolo Machiavelli, the Florentine statesman who has been called the father of modern political science, published his best-known work: The Prince.

Niccolo Machiavelli

Among the issues he confronted was how to preserve liberty within a republic.  And key to this was mediating the eternal struggle between the wealthy and the poor and middle class.

Machiavelli deeply distrusted the nobility because they stood above the law.  He saw them as a major source of corruption because they could buy influence through patronage, favors or nepotism.

Successful political leaders must attain the support of the nobility or general populace.  But since these groups have conflicting interests, the safest course is to choose the latter.

….He who becomes prince by help of the [wealthy] has greater difficulty in maintaining his power than he who is raised by the populace.  He is surrounded by those who think themselves his equals, and is thus unable to direct or command as he pleases. 

But one who is raised to leadership by popular favor finds himself alone, and has no one, or very few, who are not ready to obey him.   [And] it is impossible to satisfy the [wealthy] by fair dealing and without inflicting injury upon others, whereas it is very easy to satisfy the mass of the people in this way. 

For the aim of the people is more honest than that of the [wealthy], the latter desiring to oppress, and the former merely to avoid oppression.  [And] the prince can never insure himself against a hostile population on account of their numbers, but he can against the hostility of the great, as they are but few.

The worst that a prince has to expect from a hostile people is to be abandoned, but from hostile nobles he has to fear not only desertion but their active opposition.  And as they are more far seeing and more cunning, they are always in time to save themselves and take sides with the one who they expect will conquer. 

The prince is, moreover, obliged to live always with the same people, but he can easily do without the same nobility, being able to make and unmake them at any time, and improve their position or deprive them of it as he pleases.

Unfortunately, political leaders throughout the world–including the United States–have ignored this sage advice.

The results of this wholesale favoring of the wealth and powerful have been brilliantly documented in a recent investigation of tax evasion by the world’s rich.

In 2012, Tax Justice Network, which campaigns to abolish tax havens, commissioned a study of their effect on the world’s economy.

The study was entitled, “The Price of Offshore Revisited: New Estimates for ‘Missing’ Global Private Wealth, Income, Inequality and Lost Taxes.”

http://www.taxjustice.net/cms/upload/pdf/Price_of_Offshore_Revisited_120722.pdf

The research was carried out by James Henry, former chief economist at consultants McKinsey & Co.  Among its findings:

  • By 2010, at least $21 to $32 trillion of the world’s private financial wealth had been invested virtually tax-­free through more than 80 offshore secrecy jurisdictions.
  • Since the 1970s, with eager (and often aggressive and illegal) assistance from the international private banking industry, private elites in 139 countries had accumulated $7.3 to $9.3 trillion of unrecorded offshore wealth by 2010.
  • This happened while many of those countries’ public sectors were borrowing themselves into bankruptcy, suffering painful adjustment and low growth, and holding fire sales of public assets.
  • The assets of these countries are held by a small number of wealthy individuals while the debts are shouldered by the ordinary people of these countries through their governments.
  • The offshore industry is protected by pivate bankers, lawyers and accountants, who get paid handsomely to hide their clients’ assets and identities.
  • Bank regulators and central banks of most countries allow the world’s top tax havens and banks to hide the origins and ownership of assets under their supervision.
  • Although multilateral institutions like the Bank for International Settlements (BIS), the IMF and the World Bank are supposedly insulated from politics, they have been highly compromised by the collective interests of Wall Street.
  • These regulatory bodies have never required financial institutions to fully report their cross-­border customer liabilities, deposits, customer assets under management or under custody.
  • Less than 100,000 people, .001% of the world’s population, now control over 30% of the world’s financial wealth.
  • Assuming that global offshore financial wealth of $21 trillion earns a total return of just 3% a year, and would have been taxed an average of 30% in the home country, this unrecorded wealth might have generated tax revenues of $189 billion per year.

Summing up this situation, the report notes: “We are up against one of society’s most well-­entrenched interest groups. After all, there’s no interest group more rich and powerful than the rich and powerful.”

Fortunately, Machiavelli has supplied a timeless remedy to this increasingly dangerous situation:

  • Assume evil among men–and most especially among those who possess the greatest concentration of wealth and power.
  • Carefully monitor their activities–the way the FBI now regularly monitors those of the Mafia and major terrorist groups.
  • Ruthlessly prosecute the treasonous crimes of the rich and powerful–and, upon their conviction, impose severe punishment.

DATA SECURITY BREACHES: “WE DON’T CARE, WE DON’T HAVE TO”

In Bureaucracy, Business, History, Law, Politics, Social commentary on February 9, 2015 at 2:06 am

Comedian Lily Tomlin rose to fame on the 1960s comedy hit, Rowan & Martin’s Laugh-In, as Ernestine, the rude, sarcastic switchboard operator for Ma Bell.

She would tap into customers’ calls, interrupt them, make snide remarks about their personal lives.  And her victims included celebrities as much as run-of-the-mill customers.

Lily Tomlin as Ernestine

She introduced herself as working for “the phone company, serving everyone from presidents and kings to the scum of the earth.”

But perhaps the line for which her character is best remembered was: “We don’t care. We don’t have to. We’re the phone company.”

Watching Ernestine on Laugh-In was a blast for millions of TV viewers.  But facing such corporate arrogance in real-life is no laughing matter.

Clearly, too many companies take the same attitude as Ernestine: “We don’t care.  We don’t have to.”

This is especially true for companies that are supposed to safeguard their customers’ most sensitive information–such as their credit card numbers, addresses, emails and phone numbers.

An October 22, 2014 “commentary” published in Forbes magazine raised the highly disturbing question: “Cybersecurity: Does Corporate America Really Care?”

And the answer is clearly: No.

Its author is John Hering, co-founder and executive director of Lookout, which bills itself as “the world leader in mobile security for consumers and enterprises alike.”

Click here: Cybersecurity: Does corporate America really care?

October, 2014 proved a bad month for credit card-using customers of Kmart, Staples and Dairy Queen.

All these corporations reported data breeches involving the theft of credit card numbers of countless numbers of customers.

Earlier breaches had hit Target, Home Depot and JPMorgan/Chase.

And on February 5, 2015, health insurance giant Anthem Inc. announced that hackers had breached its computer system and accessed the medical records of tens of millions of its customers and employees.

Anthem, the nation’s second-largest health insurer, said the infiltrated database held records on up to 80 million people.

Among the customers’ information accessed:

  • Names
  • Birthdates
  • Social Security numbers
  • Member ID numbers
  • Addresses
  • Phone numbers
  • Email addresses and
  • Employment information.

Some of the customer data may also include details on their income.

Click here: Anthem hack exposes data on 80 million; experts warn of identity theft – LA Times

Bad as that news was, worse was to come.

A February 5 story by the Wall Street Journal revealed that Anthem stored the Social Security numbers of 80 million customers without encrypting them.

The company believes that hackers used a stolen employee password to access the database

Anthem’s alleged reason for refusing to encrypt such sensitive data: Doing so would have made it harder for the company’s employees to track health care trends or share data with state and health providers.

Anthem spokeswoman Kristin Binns blamed the data breach on employers and government agencies who “require us to maintain a member’s Social Security number in our systems so that their systems can uniquely identify their members.”

She said that Anthem encrypts personal data when it moves in or out of its database–but not where it  is stored.

This is a commonplace practice in the healthcare industry.

The FBI is now investigating the hack.

According to an anonymous source, the hackers used malware that has been used almost exclusively by Chinese cyberspies.

Naturally, China has denied any wrongdoing.  With a completely straight face, Chinese Foreign Ministry spokesman Hong Lei said:

“We maintain a cooperative, open and secure cyberspace, and we hope that countries around the world will make concerted efforts to that end.”

He also said that the charge that the hackers were Chinese was “groundless.”

Click here: Health Insurer Anthem Didn’t Encrypt Stolen Data – WSJ

Meanwhile, John Herring’s complaints remain as valid today as they did last October.

“One thing is clear,” writes Hering. “CEOs need to put security on their strategic agendas alongside revenue growth and other issues given priority in boardrooms.”

Hering warns that “CEOs don’t seem to be making security a priority.”  And he offers several reasons for this:

  • The sheer number of data compromises;
  • Relatively little consumer outcry;
  • Almost no impact on the companies’ standing on Wall Street;
  • Executives may consider such breaches part of the cost of doing business.

“There’s a short-term mindset and denial of convenience in board rooms,” writes Hering.

“Top executives don’t realize their systems are vulnerable and don’t understand the risks. Sales figures and new products are top of mind; shoring up IT systems aren’t.”

There are three ways corporations can be forced to start behaving responsibly on this issue.

  1. Smart attorneys need to start filing class-action lawsuits against companies that refuse to take steps to protect their customers’ private information.  There is a name for such behavior: Criminal negligence.  And there are laws carrying serious penalties for it.
  2. There must be Federal legislation to ensure that multi-million-dollar fines are levied against such companies–and especially their CEOs–when such data breaches occur.
  3. Congress should enact legislation allowing for the prosecution of CEOs whose companies’ negligence leads to such massive data breaches.  They should be considered as accessories to crime, and, if convicted, sentenced to lengthy prison terms.

Only then will the CEO mindset of “We don’t care, we don’t have to” be replaced with: “We care, because our heads will roll if we don’t.”

“YOUR CALL IS VERY IMPORTANT TO US”: PART TWO (END)

In Bureaucracy, Business, Self-Help, Social commentary on December 16, 2014 at 12:00 am

So you’ve spent the last half-hour or more on the phone, listening to one recorded message after another (and probably a symphony of bad music).

And you’re no closer to solving the problem that caused you to phone the company/agency in the first place.

What to do?

  • Go on the Net and look up the company’s/agency’s website.  Look for links to their Board of Directors.  Often enough you’ll get not only their names but their bios, phone numbers and even email addresses.
  • Start looking at the bottom of the website page.  Many companies/agencies put this information there–and usually in small print.
  • Look for the names of officials who can help you.  That means the ones at the top of the  company–or at least high enough so you can be sure that whoever responds to your call, letter and/or email has the necessary clout to address your problem.
  • If you call, don’t ask to speak directly with Mr. Big–that’s not going to happen.  Ask to speak with Mr. Big’s secretary, who is far more accessible.
  • Keep your tone civil, and try to make your call as brief as possible.  Don’t go into a lot of background about all the problems you’ve been having getting through to someone.
  • Give the gist and ask for a referral to someone who can help resolve your problem.
  • If the secretary needs more time to study the problem before referring you to someone else, be patient.  Answer any questions asked–such as your name, address, phone number and/or email.
  • State–specifically–what you want the company to do to resolve your problem.  If you want a refund or repairs for your product, say so.
  • Too many consumers don’t specify what they want the company to do–they’re so caught up in their rage and frustration that this completely escapes them. 
  • Be reasonable.  If you want a refund, then don’t ask for more money than you paid for the product.  If you want to return a product for an exchange, don’t expect the company to give you a new one with even more bells and whistles–unless you’re willing to pay the difference in price.
  • If you want an agency to investigate your complaint, don’t expect them to drop everything else and do so instantly.  Give them time to assess your information and that supplied by others.
  • It’s usually possible to get one agency to sit on another–if you can make a convincing case that it’s in that secondary agency’s best interests to do so.
  • For example: If you’ve been roughed up by local police for no good reason, you can file a complaint with that department–-and the FBI and U.S. Attorney’s Office (federal prosecutor) to investigate.
  • That doesn’t guarantee they will resolve your problem.  But if you can show that the cops have violated several Federal civil rights laws, the odds are that someone will take a serious look at your complaint.
  • If a company/agency official has acted so outrageously that the company/agency might now be held liable for his actions, don’t be afraid to say so.
  • But don’t threaten to sue.  Just point out that the employee has acted in such a way as to jeopardize the company’s/agency’s profits and/or reputation for integrity/efficiency.  Make it clear that the organization is not well-served by such behavior.
  • Don’t try to win sympathy for yourself.  An agency/company doesn’t care about you.  It cares only about its profits and/or reputation.  So if you got a raw deal, but don’t have the means to threaten either, its top executives won’t lift a finger to help you.
  • If you can make it clear that the profits and/or reputation of the agency/business have been compromised by the actions of its employee(s), your letter/email will instantly catch the attention of Mr. Big.  Or one of Mr. Big’s assistants–who will likely take quick action to head off a lawsuit and/or bad publicity by trying to satisfy your request.
  • Give the CEO’s secretary at least one to two days to get back to you.  Remember: Resolving your problem isn’t the only task she needs to complete.
  • If you’re writing the CEO, make sure you use his full name and title–and that you spell both correctly. People don’t get to be CEOs without a huge sense of ego. Nothing will turn him off faster than your failing to get his name and title exactly right.
  • As in the case with his secretary, be brief–no more than a page and a half.  Outline the problem you’re having and at least some (though not necessarily all) of the steps you’re taken to get it resolved.
  • Then state what you want the company to do.  Again, be fair and reasonable.
  • If your main problem is simply getting through the phone system of the business, point out that most customers won’t put up with such rudeness and inefficiency. They will take their business elsewhere.

“YOUR CALL IS VERY IMPORTANT TO US”: PART ONE (OF TWO)

In Bureaucracy, Business, Self-Help, Social commentary on December 14, 2014 at 9:08 pm

How many times have you called a government agency or company and instantly found yourself put on hold?

To add insult to injury, you usually wind up serenaded by recorded music that would be totally forgettable if it weren’t so unforgivably irritating.

And every 30 seconds or so a recorded voice comes on to assure you: “Your call is very important to us.”

Have you ever wondered:If my call is so important to you, why aren’t you answering it? 

The truth is that most companies and government agencies don’t want their employees speaking with the customers who make their existence a reality.

Having your questions answered by another human being requires the company/agency to assign–and pay–people to do just that.

Most hiring managers don’t want to hire any more people than they absolutely have to.  Assigning people to answer customers’ calls means that many of those calls will take time to answer, because some problems can’t be solved in a matter of seconds.

This is especially true when the problem involves technology.

(Technical support employees of computer/software companies are notorious for advising customers to “just put the Restore Disk back into your computer and restore it back to default.”

This wipes out your problem–and everything you’ve saved on your computer.  It also gets you off the phone quickly with Tech Support.)

To a bean-counting executive, time is money.  And that’s money that won’t be going into the pockets of some already overpaid CEO.

Even government agencies like police departments don’t want to spend any more time than necessary taking the calls of those who need to reach them.

Even calls to 911 can leave you talking to no one, with only a recorded message telling you to wait until someone deigns to speak with you.

That’s why many bureaucracies arrange that when you call for help, you’re fobbed off with a recorded message telling you to visit the company’s or agency’s website.

This assumes, of course, that

  1. You have a computer;
  2. If you do, you also have Internet access; and
  3. All the answers to life’s problems–including yours–can be found on that website.

If you

  • Don’t have a computer;
  • You have a computer but don’t have Internet access;
  • You do have Internet access but the service is down;
  • Can’t find the solution to your problem on the agency/company website

you’re flat out of luck.

And the agency/company couldn’t care less.

But it need not be this way.

Companies and agencies can treat their customers with respect for their time and need for help.

That’s why companies that genuinely seek to address the questions and concerns of their customers reap strong customer loyalty–and the profits that go with it.

One of these is LG, which produces mobile phones, TVs, audio/video appliances and computer products.

LG actually offers an 800 Customer Care number that’s good 24-hours a day.

Its call center is staffed with friendly, knowledgeable people who are willing to take the time to answer customer questions and guide them through the steps of setting up the appliances they’ve bought.

Another company that dares to have human beings stand behind its products–and explain how to use them–is The Sharper Image.

Recently, Dave, a friend of mine, bought an electronic alarm clock that allows you to wake up to a variety of exotic sounds–such as a thunderstorm, the seashore, chirping birds or foghorns.

A brochure on how to set the alarm and sounds came with the clock, but Dave couldn’t make sense of it.  Luckily, there was an 800 number given in the brochure for those who needed to be walked through the necessary steps.

Dave called The Sharper Image and quickly found himself connected with a friendly and knowledgeable customer care rep.  She clearly and patiently explained what he needed to do to choose which sounds he wanted to awaken to.

And then she just as patiently repeated that list of steps while he quickly typed them up for future use if he forgot what to do.

Such an approach to customer service is not new–just extremely rare these days.

In his 1970 bestselling primer on business management, Up the Organization, Robert Townsend offered the following advice to company CEOs: “Call yourself up.”

“When you’re off on a business trip or a vacation,” writes Townsend, “pretend you’re a customer.  Telephone some part of your organization and ask for help.  You’ll run into real horror shows.

“Don’t blow up and ask for name, rank and serial number–you’re trying to correct, not punish.  Just suggest to the manager (through channels, dummy) that he make a few test calls himself.”

So how do you cope with agencies/companies that don’t care enough to help their customers?

I’ll address that in my next column.

Follow

Get every new post delivered to your Inbox.

Join 2,110 other followers

%d bloggers like this: