Skip navigation

QAkenglickman_Body.jpgby Robert Lerose.


Time is the most fleeting resource at our disposal. We each have the same 24 hours in a day, yet some people perform meaningful work and fulfill their goals more than others. One reason for their success is because they've learned how to manage their time wisely and proactively. As one of the leading authorities on time management, Ken Glickman has given over 1,200 presentations and training seminars across the country for companies such as General Electric, FedEx, Rubbermaid, and others. Recently, business writer Robert Lerose spoke to him about some of the core skills and techniques for taking control of your time, your business, and your life.


RL: How would you define time management?

KG: You don't really manage time. You can't really save time like you save dollars. Time is more like a seat on an airline. Once the plane takes off, it's gone. So you're really managing the things you want to accomplish in life and accomplish for the day. You're managing your activities.


RL: What are three common mistakes that people in general and small business owners in particular make with their time?

KG: One is lack of clarity in goals. A goal is knowing where you want to go. I find a lot of business owners get lost in where they want to go. You can have a really productive day—it seems—get a lot done, check off a lot of to-dos, and yet you're not moving closer to the most important things. So you need very, very clear goals. You have to have a clear vision of where you want to go. Now, you can always change that goal. You're not locked into it. But if you are going to change, make sure it's for the right reasons—not because it just got too tough.


RL: A second mistake?

KG: Not establishing boundaries. Setting boundaries is absolutely critical. They need to be clearly stated, they need to be fair, and then they must be consistently followed. If you set good boundaries, people will most often respect them. For instance, my mentor would set aside each morning and say to people: "If you have to see me, stop by then. My office doors are always open. In the afternoon, they're closed, unless it's an emergency." What happened was, he would train people to see him in the morning if they needed to talk with him.


QAkenglickman_PQ.jpgRL: And a third mistake?

KG: Not organizing clutter. I don't mean so much the clutter on your desk, but your mind becomes very cluttered. And when your mind is cluttered, it creates tremendous tension. When you're tense, you can't be as productive. 


RL: After setting goals, what's the next step?

KG: You have to have a plan. Ask yourself: Where are you right now and where would you like to be? That's the vision. Then, how are you going to get there? What are you going to do—each day, each week, each month—to take you from where you are to where you want to go? That's the overall plan. Then you fill in the yearly goals, the six-month goals, and the weekly goals. It gets down to basically your daily to-dos. Then you have to prioritize. Prioritizing is knowing what's most important and taking care of what's most important first. I didn't say important. I said most important. There's a big difference.


RL: Tell me about that big difference.

KG: Let's say you have the list of things you want to accomplish today—your to-dos for today. Take a little time and prioritize them. There's two ways to prioritize. One is by payoff. Go through that list and assign each to-do an A, B, or C. An 'A' is something that has a very high payoff in taking you from where you are to where you want to go. A 'B' has a payoff, but less of a payoff, and a 'C' has little or no payoff at all. Many times, people [focus] on the Cs during the day.


RL: And the second way to prioritize?

KG: Now, look at urgency. A '1' is something that must be done right away—in the next hour, the next day, whatever. A '2' is something that needs be done, but not necessarily right away, and a '3' is something that has virtually no urgency at all. [Combining them], A-1s get done first at the beginning of the day. Once you've done your A-1s, go to your B-1s. If you have time, then do you’re A-2s. And schedule these. This is very important. Anything you want to get done during the day, you must schedule it or chances are it won't get done.


RL: You're saying to put it on your schedule with a specific day and time?

KG: Absolutely. Whatever you've got to do, you make an appointment, and you shouldn't break that appointment as you wouldn't break an appointment you made for an important business meeting, unless something comes up that you really need to do first. But that's a decision you make.


RL: Small business owners have demands made on their time constantly. How do they say "No" to a request without feeling guilty or causing hurt feelings?

KG: When someone asks them do something, most people will [comply] to make this person happy. But the proper questions to ask yourself are: "If I say yes to this, what specifically am I saying no to? And do I want to say no to that?" If you ask yourself this, you're probably going to come up with the right answer for that time. You can't make everyone happy. When people have requests for you as a business owner, you want to make sure it's very to-the-point, that it's very relevant, because people can take forever to say something. During World War II, Winston Churchill insisted that every memo he got had to be on one side of a piece of paper. 


RL: Managing email and social media can burn through time at warp speed. What's your advice for handling them?

KG: Let people know that you look at your emails and text messages [at a certain time of the day], so they shouldn't expect to hear from you at any other time. You can also have several emails or even several phone numbers. Give one to the people you want to respond to right away—say, your biggest clients—and maybe a different email to your family.


RL: How can you tame mental clutter?

KG: You can really only handle one thing well on the conscious level [at one time]. I carry around several index cards stapled together. When anything comes up that I want to deal with sometime in the future, I write it down and forget about it. When I get back to the office, I take the things I want to keep and I put them on their proper shelf. Then, when I'm planning what I'm going to do next, I simply look at all the shelves and take things down that I want to use that day. So I've organized my mind to get rid of the clutter. 


RL: Final tip?

KG: If you get up early and give yourself an hour to work straight with no distractions—you don't check your email or your texts—and you literally spend that time focusing on the most important things, that hour will probably be the most productive hour of your day.


This interview has been edited for length and clarity.

GuardDuty_Body.jpgby Jennifer Shaheen.

When an unauthorized party gains access to any of your customer’s personal information, this is known as a data breach. Says Don Klaskin, Managing Director of Corporate Resolutions Inc., a security and investigation firm: “Small businesses often don’t believe they’ll be the target of attacks. So they do not invest in their systems as much as larger organizations.” In March 2013, the Ponemon Institute, a research center dedicated to privacy, data protection and information security policy, reported that more than half of the small businesses they’d surveyed had experienced a data breach.

The consequences of a data breach can be significant. The first hit comes to the relationship you have with your customers and business partners; if they do not feel that their private information is safe with you, they may no longer be willing to work with you at all. And the bad publicity that surrounds a data breach can negatively impact your future growth.

There are several ways a data breach can impact you financially. In addition to lost sales, there’s a risk that your intellectual property could be sold or used by your competition. Regulatory fines and lawsuits can result in tremendous expenses.

You’ll also want to have a conversation with your insurance agent. Standard commercial property and liability insurance does not protect you from data breaches, which can mean you’re left trying to cover all of the costs of a catastrophic data breach out of pocket. This can bankrupt a small operation.

Data breach insurance is available from all major carriers. There are several levels of coverage available, making it easier for you to comply with regulatory requirements, restore customer confidence, and defend yourself in case of lawsuits.

Internal and external threats

As a responsible business owner, you want to protect your customers, and you want to protect yourself. The first step to ensuring that you’re doing everything you can to keep customer data safe is to look at how data is being handled within your organization.

The common assumption is that most data breaches are the result of a hacker’s concentrated efforts, but that’s actually not the case. According to the Ponemon Institute, the primary causes of data breaches were employee or contractor mistakes; lost or stolen laptops, smart phones, and storage media as well as general procedural mistakes. Criminals don’t have to steal our data—we’re giving it away.

The problem of Bring Your Own Device (BYOD)

GuardDuty_PQ.jpg“Your company’s data is at risk. But the threat isn’t from cybercriminals. Instead it is your own employees who are often unwittingly putting your data at risk by failing to ensure their mobile devices are safe and secure,” begins “Employees Tell The Truth About Consumer Data”, a report from Aruba Networks. As businesses become more mobile, more and more of us are using our own personal laptops, tablet computers, and smartphones for work. Aruba estimates that half of us will be using personal devices for work by 2017.

While BYOD has some advantages for the small business owner, this cost-savings carries a risk premium. You can’t prevent your employees from losing their laptops, tablets, or smartphones. You can’t control your employees from logging onto unsecure networks, which makes your data vulnerable. You can’t control who has access to your employees’ devices: the manager you trust with everything could very easily have a relative that might create a risk to your business.

While it’s important to understand that, ultimately, you can’t control what your employees will do with company data, it’s still important to have strong, documented policies and procedures in place regarding what types of data employees are allowed to access and how that data must be secured. In a list of best data security practices relevant to BYOD, experts recommend insisting on regular data backups and strong device passwords.

PCI Compliance: What you need to know

Protecting credit card information is obviously a top priority for the business owner. If you accept credit cards, you need to operate your business in a way that is PCI Compliant. PCI Compliance means adhering to the best practices for merchants spelled out by the PCI Security Council, a trade group that includes all of the major credit card companies. main thing you need to know about PCI compliance is that your business should not be  storing customer credit card information. Online shopping carts, for example, allow your customer’s credit card information to ‘pass through’ to the payment processor without your staff ever being able to access that information. If for any reason you take credit card information over the phone, data must be destroyed immediately after you’ve entered it in your payment processing system. Be hyper-vigilant about this. Credit card companies aren’t forgiving of mistakes, and your customers won’t be, either.

Be on guard: Best practices to keep your customer data safe

While there’s no way to completely eliminate the chances of a data breach, you can take steps to minimize the risk. The best approach addresses both internal and external threats. Here’s what you need to do:

1. Invest in your data systems and backups. Review your internal data security systems and invest in extended measures for protecting customer and company information. Be sure you’re your backing up your information for extended periods of time. Klaskin explains, “Many small businesses do not invest in firewall protection or extended back-ups due to cost. And this can cost them more in the long run.”

2. Put restrictions on data. Restrict access to essential information only, and let employees know how you expect them to handle that data. Look at restricting export access from your customer data storage applications and adding extended permissions on certain company files that contain intellectual property.

3. Provide regular reminders about data security. You want your team to be mindful of the location of their laptop, tablet, and smartphones. You may even want to look into tools for monitoring these devices, such as Prey Project for various devices or Spector CNE for reviewing desktop computer activity.

4. Double-check your web store’s compliance. If you run an online store talk to your web team to ensure that the shopping cart used on your website is PCI compliant. Visit the PCI Security Standards website for more hints on how to keep credit card data secure.

5. Double check outside vendor policies. Any time you share data with a third-party site, your data becomes vulnerable. Do your due diligence on how the third-parties you work with protect your data, and what actions they will take if your data is breached. Accountability is important.

POS_Body.jpgby Erin McDermott.


Online criminals have been drawing a bead on small businesses’ point-of-sale terminals—what are you doing to protect yourself?


Maybe not as much as you should. A recent industry study by Ipsos Reid showed 40 percent of the small business owners told researchers they have no protocols in place for securing data, a 5 percent increase from 2012. (Scarier: Nearly 70 percent of small businesses surveyed said they didn’t believe that data being lost or stolen would hurt their companies financially or harm their reputation.)


Though point-of-sale (POS) breaches at large companies like TJ Maxx, Subway, and Barnes & Noble have made national news, attacks are adding up at smaller enterprises. Symantec’s 2013 Internet Security Threat Report claims targeted cyberattacks increased by 42 percent last year, with nearly one-third aimed at businesses with fewer than 250 employees. Experts say many more go unreported out of fear of reputational damage or a customer backlash.


Yet mobile-payment technologies are enabling the expanding array of POS registers, from smartphone-based systems and quick response code-enabled purchasing to e-wallets and iPad-based checkouts, with hordes of new users who are often unfamiliar with best practices when it comes to security.


“Part of the problem is that technology seems to be getting ahead of the ability to secure it,” says Jarred White, manager of security engineering services at ControlScan, an Alpharetta, Ga.-based provider of payment-security and compliance solutions. “Technically speaking, mobile’s nothing that we aren’t already accustomed to dealing with, but the distribution model is different, the underlying platforms are a little different, and mobile security professionals haven’t spent a lot of time looking at the security. And that’s what concerns me—how far behind the industry is when it comes to best practices around those technologies.”


And it’s a scary place out there for those with vulnerabilities. The methods of attack seem endless—breaches via WiFi, phony “skimmer” devices, keyloggers, “spear-phishing” emails, and malware, malware, malware.


“We’ve been talking about ‘hockey stick’ growth of malware for a few years, but malware has yet to even slow down a little bit,” says Mark Bermingham, director of global product marketing at Kaspersky Lab. “The guys that write malware are always going to follow the path of least resistance. And one of the challenges for the small business owner is that, for a few years now, many have been saying ‘Why do I have to worry?’”


So what are the best practices to attempt to stay ahead of the bad guys? A talk with a few professionals on the front lines suggests what to focus on.


POS_PQ.jpgStay compliant with PCI-DSS

This is the heart of the card-payment industry’s defense against crime. The Payment Card Industry Data Security Standard is a list of requirements that apply to all merchants that process, store, and/or transmit cardholder data. The rules are strict, but they’re also the first line of protection for your business, your customers’ information, and a firewall against possible penalties in the event of a data breach, provided that your system is in full compliance. The standards are overseen by the PCI Security Standards Council, a governing body that, among other things, also vets the security of manufacturers’ POS devices and recommends safe payment applications (known as PA-DSS).


ControlScan’s White says trouble often occurs when a business doesn’t make the time and effort to maintain and update their systems. “They make excuses when, say, the system has to be taken down for two hours to implement the changes,” he says. “They say ‘That’s two hours of e-commerce or swiping that we’re losing.‘ Or they don’t want to stay up from midnight to 3 a.m. to do it. For them, their bottom line is running a business, and not being a security expert. But really, there is a balance that needs to be struck.”   


Install anti-malware software and update it

“It doesn’t take much to be secure enough to make hackers want to go elsewhere to find someone who hasn’t chosen to be secure enough,” Kaspersky’s Bermingham says. So, get proactive. He points to a combination of three measures for a semblance of peace of mind: 1) “whitelisting,” security programs that make only an index of known, safe software available for download; 2) application-control management, which employs that same standard for trusted apps on computers; and 3) strong anti-malware that uses cloud computing to offer near-real-time protections. Why? Bermingham says that as the IT security industry has become better at spotting scams in progress, many hackers recognize they could be caught quickly and plan accordingly. “The guys issuing this malware recognize they may only have an hour or two, but that’s enough,” he says.’t forget to patch. Choose security software that offers automatic patch management and vulnerability scanning. This will ensure users and administrators are always up-to-date and fully notified about any newly discovered weaknesses in programs their machines are running, which could potentially be exploited by cybercriminals.


Harden your technology setup

Keep POS systems and guest WiFi networks separate. Better yet, White says, put them on networks on separate routers. In a brick-and-mortar shop, hide all of the gear away in a locked room or large secure container, to avoid snooping visitors and limit access to the equipment. (The PCI-DSS actually requires the latter.)


Use stronger passwords

First off, don’t use one of these top 25 most popular passwords. All the security measures in the world won’t matter much if the simplest step to take is undermined by sheer laziness. Also, ditch the out-of-the-box default passwords immediately on all devices. Passwords for POS registers should be changed every month and should in no way match the business name or public WiFi access codes. Go off-dictionary, work in some numbers and punctuation, and, whatever you do, don’t write it down and stick it in a place where unauthorized people can see it. Have trouble remembering? Here’s a good guide to password managers.


Educate your staff

Employees can be an excellent line of defense. Be upfront about why policies are in place and how procedures are to be followed. Staffers armed with information about possible threats could later save the day with an early warning about suspicious behavior, fishy calls or emails, or something that seems out of place. (Show them this fantastic infographic from Merchant Warehouse.)


How can you put your trust in staffers, particularly in positions with a lot of turnover?


White says he’s seen demand for awareness efforts. “I think there’s a lot of value in training employees and showing them what they’re protecting,” he says. “The business owner has it in his or her best interest to make them aware of what the risks are, but also to the danger to the business. As in: How can a negative incident hurt our business and, in turn, your job? Not just that you made a mistake and could face disciplinary action, but that the business could take a serious hit financially or to its reputation and could have to shutter its doors.”

Penguin_Body.jpgby Jennifer Shaheen.

On May 22nd, the rules of the Internet changed. That’s when Google introduced Penguin 2.0, the latest version of the algorithm it uses to determine website rankings and filter spam content out of search results.

For some small businesses, this was good news.  “I was so happy,” says Sam Spano, the owner of Copper Fields Designs, a Yonkers, New York-based manufacturer of fine art for the garden. “All of a sudden, we had this spike in interest for our products. We started getting all kinds of calls–even though we hadn’t changed how we were using updating our website[DP1] . I asked our new web development team what happened, and they told us, ‘Penguin happened.’”

Other companies didn’t notice any impact at all. Ken Scarbrough of Ultimate Dive Travel, whose company relies heavily on his search position as a way to promote their dive tour business said, “We’ve checked all our analytics. It doesn’t matter which metric we look at: nothing seems to have changed. Our SEO is still working for us.”

The situation was more disconcerting for other business owners. “We were doing everything right,” says Patrick Weir, CEO of EZTrackIt, a package tracking software company. “It’s very frustrating to see your site fall off the first page in the wake of Penguin's update.”

What is Penguin 2.0?

There are at least 4.85 billion webpages online. Sorting through all those webpages to identify and rank those sites that best meet a search inquiry is a monumental task, especially when you consider that correct results are expected to appear almost instantaneously. The mechanism Google uses to accomplish this task is a very complex, very secret algorithm called Penguin.

Penguin is designed to provide the high quality search results you’re seeking while simultaneously filtering out fraudulent or spam sites that use what are known as black hat techniques to artificially inflate their search engine ranking results. Because spammers are always changing and refining their techniques in the hopes that they can better game the system, Google plays defense by continually changing and refining their algorithm—hence, the release of their latest version known as Penguin 2.0.

It’s an arms race of sorts. This time, some completely legitimate small business websites got caught in the cross-fire, though. Some sites suffered, dropping several positions, or even pages, in search engine rankings, while other sites benefitted from being re-examined by Google using the new parameters for quality set by Penguin 2.0.

Google says that only 2.3 percent of all English language websites will be affected by the changes. Still, approximately 56 percent of those 4.85 billion webpages are in English, which means a 2.3 percent impact rate is fairly significant—that’s 62.5 million webpages.

Penguin_PQ.jpgWhy didn’t Penguin affect all small business websites the same way?

Not all websites were affected by Penguin in the same way because there’s more than one way to build and maintain a website. There are several factors that Penguin considers when determining your site ranking. Links are especially important: sites that added a high volume of inbound links, especially over a relatively short period of time, were the sites that Penguin hit the hardest. For years, spammers have been artificially inflating their search engine rankings by creating tremendous numbers of low-quality inbound links, a strategy you can read about here. If the Penguin algorithm determines you’re using a similar technique on your website, you’ll be penalized.

Aaron Wall, the SEO expert and highly respected tech blogger behind, has been quick to point out that the results from Penguin 2.0 sometimes don’t appear to make a lot of sense. Websites that have no content at all yet have what is known as an authority domain name, he notes, now rank above sites that have pages of content but a less desirable domain name.

Post-Penguin: Slow and steady SEO

If you’re not sure if Penguin has affected your business website, the first step is to do a Google search for your company. Is your site turning up where you expect it? If you’ve gone down in the rankings, you’ll want to take action to recover your status. website content is more important than ever. You need to make sure you're putting up content that will get shared and read by your audience. Social media plays a critical role here. If you’ve avoided Facebook or Twitter until now, it’s time to reconsider these tools.

Examine all the links you currently have on your site. Consider ditching the links that aren’t quality; they have a tremendous negative impact on your site ranking under Penguin 2.0. Build links with credible sources at a steady pace and you’ll find your ranking return.

Were you blindsided by the Penguin update?

We all know how important it is to have our business websites appear on the first page of a Google search. Having your site suddenly vanish from that position can be a very disconcerting experience, and it makes the situation worse if you didn’t know the changes were coming.

Raising your awareness is key for any business owner who uses the web as a central part of their marketing endeavors.  WebProNews is a great, easy to understand resource for the business owner who manages and maintains their own website. For information specifically about any changes at Google, you’ll want to check out Matt Cutts’ blog, Gadgets, Google and SEO.  Matt is the head of the Google Webspam team, and he consistently shares news about any changes that will impact user experiences. This isn’t the first time that Google has changed the Penguin algorithm, and it won’t be the last. But it can be the last time you’re surprised by the Penguin.

WebsiteExpiration_Body.jpgby Heather Chaet.


Milk. Credit cards. Warranties. If you were a contestant on The $25,000 Pyramid, you would guess “Things That Have an Expiration Date”…and move onto the next block to reach those mega winnings. Other items your teammate could also have said? Small business websites. Yes, your company’s virtual hub can expire. Not only is the technology for websites constantly changing, the way customers interact with the web is continually morphing. The result? Your older website becomes a liability rather than an asset for your business. But because websites don’t come with “Use By” dates stamped on them, we talked with some website designers and small business owners to discover how to tell if your company’s website has expired.


1. It just looks outdated— especially compared to other sites

There is one simple way to know if your website has expired: go surfing. Log on and see what other websites in your industry look like. Spend a few minutes on each of your competitors’ sites, and note what your site has and—especially what it doesn’t have—compared to them. “It always helps to keep an eye on the competition,” says Jonathan Passley, president and CEO of the web design company PDR Web Solutions, “A simple visual comparison of the sites will give you an idea whether you have fallen behind in terms of web design.” 

2. Your brand is nowhere to be seen

As your company has grown, you’ve honed its look and focus. Think about when someone stumbles onto your seven-year-old site. Does your unique company brand pop off the screen? (Hint: it should.) “If the first impression of your website does not resonate with your demographic, you have lost their attention at kickoff,” says James Trumbly, managing partner of the web development agency HMG Creative, who has written extensively on the impact of a good (or bad) website. “A cohesive brand image and identity is essential to gain credibility among your consumers or clients.”


Zane Schwarzlose, search marketing specialist for web design company Fahrenheit Marketing, notes that most small business websites appear boring and generic because they don’t identify their company’s unique selling propositions [USP]. “Your USP are the positive things you can say about your company that your competitors can't—[what] truly sets your business apart from the crowd. Emphasize these traits throughout your website,” offers Schwarzlose.


WebsiteExpiration_PQ.jpg3. Your site doesn’t have a blog (or it does, but the last post is five months old)

If you only have an “About Us” page and a few testimonials on your site, you’re missing out on a vital way to engage potential customers as well as drive traffic to your site. “Adding a blog to your site brings huge SEO benefits,” says Jessie-Lee Nichols, marketing manager at Quintain Marketing. “Every time you publish a blog post on your site, another page is added to your site map. It is one more page for Google to index and shows Google that you regularly update your site. This boosts your rankings.” Josh Waldron, website designer and founder of Studio JWAL LLC, agrees. “Outdated websites provide basic information about a business, but they rarely offer any information of value. Figure out the questions that your audience has and address them via a blog post or a video,” suggests Waldron.


4. Customers don’t know where to go on your site

Nothing will turn off a potential client faster than a website that is complicated or frustrating to navigate. Test how many clicks it takes “Patty,” your next-door neighbor, to find what she needs on your website. If it is more than three, you need a revamp. “Ease of navigation is key to pull readers into your content,” notes Trumbly. “Think of your layout like a game plan of where you want clients to look and click. A simple, organized layout wins hand over fist against dense copy, dozens of tabs, and multiple, competing messages.”

5. Your site has features customers don’t want or need

If it’s been two years since your last website overhaul, reach out to customers to see what they like and don’t like about your company’s website—and be prepared to be surprised. Elaine Costa, managing partner for Plush Swimwear, recently redesigned her company’s site, but made sure to survey customers before diving in. “Ask your customers what they want to see and what’s not important to them,” says Costa. “There are so many technologies out there these days, you can get lost in trying to guess what is critical or not. We were surprised to learn from our survey that the Live Chat and a Personal Stylist feature were not at all important to our customers, so we didn’t include these in our revamp plans.”


6. Your homepage gives your life story, your co-founder’s life story…

The most up-to-date website is clean and simple. Be honest: are those words you would use to describe your website? “The most common thing I see when clients come to me to redesign a website put in place 10 or more years ago is that their site is trying to be everything to everyone,” says Nichols. “Your homepage should be visual. It shouldn't tell your life history. Create engaging content that will lead a viewer further into your site. Learning to self-edit and letting go of wordy descriptions and corny stock photos will serve you well.”


7. Your site doesn’t cooperate with your phone

Think about your website beyond the laptop—how does it work? “All sites should be optimized for smartphones and tablets, so much Internet traffic is now originating from those sources,” Waldron points out. “Design your website using a platform that facilitates growth instead of hindering it.” Nichols agrees, noting that mobile users account for the majority of web browsers these days and if your site isn't mobile friendly, you have lost that market.”

Filter Article

By tag: