Category Archives: business

Technicity2013 Cybersecurity Panel: How Prepared Is Business?

Our afternoon panel was moderated by Pete Deacon of Blackiron Data (another conference sponsor), and featured panelists from private industry: Kevvie Fowler, forensic advisory services at KPMG; Daniel Tobok, digital forensics at TELUS; Jeff Curtis, chief privacy officer at Sunnybrook Hospital; and Greg Thompson, enterprise security services at Scotiabank.

Security breaches happen. And as Deacon reminded us, over 60% of those take months (or years) to detect, and are usually detected by someone outside the organization. What are the real cybersecurity risks, what are companies’ perceptions of the risk, and what are the challenges that we face? Fowler believes that since security is often a low-level IT issue, the security message isn’t making its way up the ladder to the C-suite unless a high-profile breach occurs that requires some sort of executive damage control. Curtis agreed, adding that hospitals are used to dealing with clinical risks right up through the executive levels but that IT security risks are a new topic for their executive risk management participants. Both noted that it’s important to have the right people to carry that message: it has to be technically correct, but integrated with the business context and goals. Thompson added that the message doesn’t need to be dumbed down for the C-suite: their board is very used to assessing complex financial risk, and is capable of assessing other types of complex risk, although may need to become versed in some of the cybersecurity language and technology.

The next topic was BYOD (bring your own device), and Thompson pushed the conversation beyond this to BYON(etwork), where people bring their own network, even if just through a smartphone hotspot. Companies are losing control of where people do their work, both devices and network, and solutions should be designed to assume that all endpoints and networks are potentially hostile. Business and productivity have to be balanced with risk in these cases: people will do what they need to do in order to get their job done, and if you think that you’ve avoided security breaches by locking down someone’s access on their corporate device, you can be sure that they’re finding a way around that, possibly on their own device. Curtis agreed, and pointed out that they have a lot of students and interns who come in and out of the hospital environment with their own devices: the key is to enable workers to get their work done and protect the data, not to hamstring their work environment, so they have a device registration policy for BYOD that is working well. Tobok works with a lot of law firms, and notes a recent trend of new lawyers using technology capabilities (including openness to BYOD) as a competitive criterion when selecting a firm to work for.

Moving on to security analytics, Fowler said that there are few organizations actually getting value from predictive security analytics, versus more straightforward data mining: it’s important to query the vendors providing predictive analytics on the models that they’re actually using and the success rates. Thompson agreed that predictive analytics is a bit of black magic right now, but sees a lot of value in historical data analysis as a guide to improving the security environment. In my opinion, in the next two years, predictive analytical models are going to start to become mainstream and useful, moving out of a more purely research phase; we’re seeing this in predictive process analytics as well, which I still talk about in the context of “emerging technologies”. This is all tied up with reporting and compliance, of course: business intelligence and analytics have played, and will continue to play, a key role in detecting breaches and auditing cybersecurity. Both Curtis and Thompson spoke about the regulatory pressures in their respective industries and the growth of analytics and other GRC-related tools; healthcare is obviously a highly-regulated industry, and Scotiabank does business in 55 countries and has to deal with the regulations in all of them. Auditors and regulatory bodies are also having to step up their knowledge about cybersecurity.

There was a question from the audience on investigations of security breaches in cloud environments: Tobok is involved in cybersecurity forensic investigations including cloud, and discussed the changes that have happened in the industry in the four years that he’s been involved in cloud security forensics in order to provide better traceability and auditing. Fowler added that forensic science is adapting for these type of investigations, and half of the work is just figuring out what systems that the data has been resident on since the typical cloud contract only allows a client to access their data, not the actual servers on which is resides. These can include a number of other factors, such as hackers that use compromised credit cards to lease space in a data centre in order to hack into another organization’s data in that same centre; obviously, these complexities don’t exist in breaches to a company’s own data centre.

There was a final panel with five of the vendors who are sponsoring the conference, but my brain was pretty full of security information by then (and I thought that this might be a bit more about their products than I care about) so I decided to duck out before the end.

Another great Technicity conference, and I look forward to next year.

Technicity2013 Cybersecurity Keynote: Microsoft’s Angela McKay

This morning at Technicity 2013, we mostly heard from academics and public sector; this afternoon, it’s almost all private sector presentations and panels, starting with a keynote from Angela McKay, director of cybersecurity and strategy at Microsoft, on managing cyber risks through different approaches to addressing uncertainty. Risk, and therefore answering the question “am I secure enough?”, are quite individual choices: different people and different companies (and cultures) have different risk thresholds, and therefore may have different cybersecurity strategies.

By 2020, we will have 4B internet users, 50B connected devices, and data volumes 50x those of 2010. As users evolved, so have cyber threats: from early web defacement hacks, to worms, to the present day botnets and targeted attacks. There is a spectrum of cybersecurity threats: crime, disruptions (e.g., DDoS attacks), espionage, conflict, war; there is a lot of technological development going on around these, but there are also cultural and policy issues, namely the expectations of consumers, companies and governments. McKay discussed the EU network and information security directive and the US executive order and presidential policy directive on cybersecurity, and the levels of new regulation that are coming.

Reducing the impact of cyber threats involves risk management, information exchange, and effective partnership (both public-private and between private organizations). You can’t do risk management without information, and this means that cybersecurity is a CIO-level issue, not just some technical plumbing. Information sharing, however, can’t be indiscriminate; it has to be focused on specific outcomes. [As an aside, I'm not sure that I agree with this in some situations: open data initiatives work because the "owners" of the data can't conceive of what anyone would do with their data, yet emergent uses happen with interesting results.] Private-public partnerships bring together the policies and goals related to public safety of the public sector, and the technical know-how of the private sector.

She spoke about the shared responsibilities for managing cyber risks: awareness and education, partnering effectively, driving and incentivizing cyber security, adopting best practices, building advancing capabilities, and developing a secure workforce. Furthermore, academia has to step up and start teaching security concepts and remedies at the college and university level, since most developers don’t have much of an idea about cyber risks unless they specialized in security post-graduation.

Microsoft is the premier sponsor of Technicity 2013, although to be fair, McKay’s talk covered very little about their products and services except for some generic discussion about automated cyberdefense at a machine level. Her slides used that ubiquitous font that we see on the Microsoft Windows 8 website, however, so probably some subliminal messaging going on. :-)

Technicity2013 – Focus On Cybersecurity Michael Geist Keynote @mgeist

I can’t believe that it’s been a year since the last Technicity conference: a free conference hosted by IT World Canada, and sponsored this year by McAfee and Microsoft. Last year, the focus was on crowdfunding including some lessons from crowdfunding in the UK and a panel on legalizing equity crowdfunding; this year, it’s about cybersecurity. There’s a strong presence from the city of Toronto here, including an opening address from Councillor Gary Crawford, and the participation of the city’s CIO Rob Meikle on a panel; plus provincial government participation with Blair Poetschke, director of the international trade branch for the Ontario Ministry of Economic Development, and Stephen McCammon, legal counsel at the Office of the Ontario Information and Privacy Commissioner.

Ontario is a hotbed for technology development in Canada, with a large software development community in and around Toronto. Toronto has also been a relatively early provider of open government data and publish a catalogue of online data, which in turn fosters innovation. The G8 countries have now signed on to a full open data initiative, and this is a good thing: we, as taxpayers, pay to have this information collected, and as long as it doesn’t violate anyone’s privacy, it should be freely available to us. Although this conference isn’t about open data, an environment of freely-available government data is a good place to start talking about security and privacy.

It wouldn’t be a Canadian event about cybersecurity without a keynote by Michael Geist, and he delivered on the topic of “The Internet: Friend or Foe?” (a question that many of us ask daily). Although he started with the answer “friend”, he also immediately addressed the privacy and security concerns that arise from the recent news that the NSA has hacked pretty much everyone on the planet, and the ramifications of Edward Snowden’s revelations: it’s not just metadata (as if that weren’t bad enough), and there are a lot of governments and companies complicit in this, including ours. You can read more about this from a Canadian security perspective on Geist’s excellent blog; as a law professor and the Canada Research Chair on internet and e-commerce law, he has a pretty good perspective on this. Geist and others think that what has come out from Snowden’s information is just the tip of the iceberg, and that we have many more horror stories to come.

A big challenge in this environment is with cloud computing, specifically any cloud storage that is resident in the US or owned by a US company: many companies are now calling for local (and locally-owned, therefore out of the grasp of the US Patriot Act) storage from their cloud providers. It’s a small consolation that I’ve been asking about locally-hosted — or at least, non-US hosted — BPM cloud providers for a number of years now; finally, the general business public has woken up to the potential surveillance dangers.

Encryption is becoming a much more visible issue, whereas previously it was a purely technical concern: cloud providers (Google, Microsoft and Twitter, to name three) are ramping up encryption of their traffic in what is rapidly becoming a technology arms race against our own governments. Similarly, businesses and individuals are demanding greater transparency from cloud providers with respect to the disclosures that they are making to government intelligence agencies. Many international bodies are calling for control of internet domains and standards to be wrested away from US-based organizations, since these have been shown to include a variety of government intelligence and corporate sock puppets.

In Canada, our conservative government is busy sucking up to the US government, so we have seen a number of privacy-busting attempts at an online surveillance bill by positioning “lawful access” (i.e., the government can access all of your information without explicit permission) as “protecting our children” by tossing in a bit about cyberbullying. Geist discussed some of the dangers of this bill (Bill C-13, just introduced last week) in a post yesterday, specifically that companies have immunity against prosecution for violating our privacy and information security if they hand that information over to the government under the definitions of this bill. 

He finished up with a look at Canada’s anti-spam law that is coming into effect shortly; this includes making communication from businesses opt-in rather than opt-out, and also requiring consent before installing computer programs in the course of a commercial activity.

It was great to see Geist in person, he’s a great speaker, full of passion and knowledge about his subject. As always, he inspires me to help make Canada a better place for our online activities.

APQC Process Conference

This week, I started in Vegas with huge SAP TechEd conference, then moved on to Houston for the much more intimate APQC Process Conference, attended by 150 of so quality practitioners who are focused on process. I arrived too late for the first day’s sessions, but caught up with people at the reception, then gave the keynote this morning on how we need to change incentives for knowledge workers within the social enterprise:

This is an area that I’ve been pondering over for quite a while, but the first presentation that I’ve done explicitly on this topic. I’m going to do a separate post on this including all of the research pointers to open it up for more discussion; for a technology geek like me, looking at HR issues such as employee incentives makes me feel a bit out of my depth, but it’s been tapping away at my hindbrain since I first started talking about social BPM more than seven years ago, and I’m intensely interested in some of the research that can start to make its way into enterprise process software.

We had a full 25-30 minutes of Q&A after the keynote; there is a huge amount of interest amongst this audience, and a lot of related experiences to share.

I had the huge pleasure of hearing Jack Grayson, founder of APQC and productivity guru, speak about his ongoing work as well as his skydiving experience at the age of 90 (!), and he graciously gave me a tour of the Houstontonian conference center and the adjacent APQC offices that he has helped to build over the years. Impressive and inspirational, although a bit intimidating to follow onto stage.

Keeping focus long enough to blog right after doing a presentation can be a bit challenging, but I sat in on the joint APQC/ASQ breakout session that I attended just after the keynote, discussing their research linking quality practices to quality performance and presented by Travis Colton. Quality measurement systems tend to be related pretty strongly to process improvement and BPM initiatives, and this was a much more detailed view of the process of quality management (as opposed to quality within the enterprise processes) than I usually see, and some interesting points. He finished up, quite by coincidence, with a bit on employee incentives for quality; interesting how much my message from earlier seemed to resonate with a lot of people who I talked to as well as showing up in other presentations. You can see more about their research and results here.

The final session of the day (and the conference) was a wrap-up led by Elisabeth Swan, a process improvement consultant. She applied her background in improvisational comedy to tease out the main themes from the breakout sessions based on post-it notes that people had created during each session, and give an opportunity for people who attended the sessions to speak up about what they heard there. Good interactive wrap-up, and an opportunity to hear about all of the sessions that I missed.

APQC holds a knowledge management conference each year as well as this process conference, plus a number of webinars related to productivity and quality improvement.

Going Paperless On A Small Scale

Earlier this week, I linked to the Paperless 2013 website, a vendor-sponsored initiative that encourages businesses to cut paper, ostensibly for environmental reasons. The products featured by the sponsor vendors – Google Drive, HelloFax, Manilla, HelloSign, Expensify, Xero and Fujitsu ScanSnap – can certainly assist with this, although I run a completely paperless office using only one of those (Google Drive), and that one only in a secondary role. The interesting part was a conversation that ensued with another small business owner, although she was primarily interested in going paperless with personal documents (which I have also done), which made me realize that most small businesses are a bit clueless about how to go about this in a secure and legal fashion. I’ve been involved in large-scale document scanning projects since the 1980s, and I’ve gathered a lot of ideas about how to do this on a scale suitable for organizations of any size, so I thought that I’d lay out a plan suitable for small businesses.

Keep in mind that although I run a single person business, it’s incorporated, so I have the same paperwork requirements as any other private company: invoicing, payroll, government filings, income tax and all. I also do some amount of document collaboration with other small businesses, as well as for some non-profits with which I’m involved.

Here’s how I keep paperless:

  1. If I receive a document in electronic form, I leave it in electronic form unless I absolutely need to print it.
  2. If I generate a document, I leave it in electronic form unless I need to physically sign it (such as a contract) or take it to a client meeting (since many of my clients have not embraced the paperless way). This is not just Microsoft Office documents, but any document including things such as invoices, which I generate from my accounting software (QuickBooks) directly as a PDF and email to clients: I keep a copy of the PDF invoice, but it is never in paper form in my office. Services such as Freshbooks pride themselves on offering electronic invoicing, but you don’t need to switch if you’re happy with what you have, just install a good PDF generator and send it via email.
  3. If something is in paper form but I can get the electronic version instead, I do. Although my bank doesn’t provide electronic bank statements for commercial accounts, many other banks and service providers do. Most of my monthly expenses receipts, including travel and telecommunications, arrive in PDF, since most airlines, hotels and car rentals will email a receipt to you if you ask. My most common question at a client site when they hand me a huge printed document or presentation is “can I get that in electronic form”?”
  4. As a last resort, if I receive something in paper form (or have to print it in order to sign it), I scan it and shred the paper as soon as possible. This is the crux of most document imaging projects, but in reality is a fairly minor part these days if you do most of your communication electronically and can keep paper out of the mix altogether. Yes, it’s legal (more on that below). Since my volume is very low, I use an inexpensive Epson scanner that I picked up at Costco, and the software that came with it. That’s fine for a few pages a day, but anything more than 10 pages at a time gets tedious because it doesn’t have a sheet feeder. I would highly recommend a sheet feeder if you have a backlog of paper to convert, or if you regularly receive large paper documents. For smaller receipts when I’m travelling, I snap a photo with my iPhone, back it up to the cloud, then destroy the paper document.
  5. I use automated backup to replicate everything offsite. This eliminates the risk of losing documents, and allows me to access documents from my netbook when I’m travelling.
  6. I use online backup/sync services for shared content management when I collaborate on a project with other small firms and independents. Even if I were working with people in the same office, I would use the same methods since there’s no need to own your own servers.
  7. I manually maintain retention policies on the electronic documents, and delete them appropriately. In Canada, that means I need to keep all corporate and tax-related documents for six years past the end of the fiscal year: I just deleted my 2006 files and shredded the paper files, since that was the last year that I kept any paper records. For any files with a retention policy, I keep them in dated folders so that I can quickly purge them without having to search through files; this means a bit of electronic reorganization at the year end, but it takes only a few minutes.

The result: I have no paper files in my office, except for a small pile in my in-tray waiting to be scanned. No filing cabinets, no boxes of documents in storage. As an added bonus, I have offsite backup, which most people with paper files don’t.

Quelling the nay-sayers:

  • “I don’t like to read on a screen”. Get a bigger/better screen, or dual monitors, and a tablet for taking it with you. Cheaper in the long run.
  • “It’s not secure”. Back everything up offsite, not just locally, in case of a physical disaster (fire/flood/theft). I use Jungle Disk (a division of RackSpace), which encrypts my data on the desktop, then uploads it to an encrypted Amazon S3 bucket. I hold the key, not them, so they can’t decrypt my data. My backup runs automatically, so I don’t need to do anything to make this happen.
  • “It’s too hard to create electronic documents”. Get a good PDF printer/document assembly application. I use CutePDF Pro, which allows me not only to generate PDFs from any application that can print, but also to assemble multiple PDFs into a single document, rearrange pages and other functions. This is useful when I need to append a timesheet to an invoice before sending to a client, or to concatenate all of my expense receipts to attach to a monthly expense report.
  • “I can find things easier in my filing system”. Easier than searching through full-text documents? I don’t think so, unless you have a really trivial number of files. Learn how to use search capabilities of your desktop environment (built into Windows, for example), install a third-party search utility, or (if your company is large enough) use a shared content management system.
  • “I need to keep these paper documents for legal/regulatory reasons”. Probably not. Most government taxation bodies have long accepted digital copies (scans of paper, or original digital documentation such as an invoice received as a PDF) in place of paper – what they refer to as “electronic record keeping”. You can see the Canada Revenue Agency’s take on this at http://www.cra-arc.gc.ca/tx/bsnss/tpcs/kprc/menu-eng.html, and similar policies exist for the IRS and other agencies. The Canada Labour Code has similar requirements for human resources records. You may need to research for your type of documents in your jurisdiction, but electronic record-keeping is most likely allowed.

If you’re starting from ground zero of a paper explosion, this might seem a bit daunting. Keep in mind that you can do this on a day-forward basis, since many of your old paper files can be shredded as they pass their 6th birthday: just go paperless starting today (or from the beginning of your fiscal year) and let the old paper cycle out over time. If you really love it and want to get ambitious, you can start doing some back scanning, but it may not be worth it. When I started in 2007, I was already keeping everything electronically that originated that way, but added in scanning of expense receipts (my biggest single paper volume) and government documents, which was not a big change. I still didn’t start scanning contracts for another few years, since they’re big and I don’t have a sheet feeder, but eventually went back and scanned all of the old ones just to clean out the last of the paper files.

A lot of these ideas, of course, are not limited to small business, but form the core of any ECM initiative. Things get more complex when you add in automated business processes to move those documents around between people, but the basic concepts, motivations and nay-saying are the same.

Legalizing Equity Crowdfunding In Ontario: A Panel

Following Darren Westlake’s keynote on equity crowdfunding in the UK, Cindy Gordon of Helix Commerce moderated a panel on whether equity crowdfunding should be legal in Ontario, with panelists Peter Aceto (CEO of ING Direct Canada), Brian Koscak (Chairman of the Exempt Market Dealers Association of Canada and a partner at Cassels Brock & Blackwell), Richard Reiner (partner at CC Stratus Capital), Adam Spence (Founder of Social Venture Exchange) and Darren Westlake (CEO of CrowdCube).

Blogging panels is always difficult, and I won’t try to attribute comments to specific people, but here are some of the points covered [my comments in brackets]:

  • Crowdfunding isn’t just for startups; it can also provide significant benefits to small businesses looking to expand or take on new initiatives.
  • Crowdfunding works well as seed funding to get a startup to the stage where it can be considered for larger funding sources such as venture capital.
  • The share structure will need to be considered fair to the early crowdfunding investors and to the later venture investors, in terms of control, returns and liquidity. [This is a major issue.]
  • Social and environmental companies have difficulties with access to capital, and may benefit greatly from crowdfunding. [Many small investors will follow their conscience in crowdfunding investments, as has been seen with Kiva microfinancing.]
  • Canadians are early adopters of financial technology (ATMs, web banking, internet-only banks) and are likely to accept equity crowdfunding quickly.
  • Social media, including some aspects of crowdfunding, encourage/reward transparency. [If you’re going to be successful in raising funds through crowdfunding, be prepared to willingly expose the inner workings of your company.]
  • Crowdfunding would make it feel normal to invest in startups, and tax incentives for small business crowdfunding would support this significantly.

There are some crowdfunding approaches already being tried out in Canada, including debt/bond/co-op structures such as with ZooShare, which provides co-operative investment into a plant that turns Toronto Zoo poo into biogas. ZooShare’s scheme requires that you join the co-op as a member, then can buy community bonds that pay interest over seven years. Obviously, allowing for equity crowdfunding will greatly expand the opportunities for investment, since not everyone want to join a co-op to buy bonds in order to invest in interesting opportunities.

We’re going to be doing a table exercise on benefits and concerns of crowdfunding, then the conference wrapup, so this will probably be the last post from this Technicity conference on crowdfunding. I’m not really an entrepreneur any more – I’ve done two startups in the past, but currently just operate as an independent – but I have a lot of friends with Canadian startups that could benefit from crowdfunding, and I’m fascinated by any intersection of social and business.

Relationship-Driven Customer Service At American Express

Jim Bush, EVP of world service at American Express, delivered a morning keynote here at PegaWORLD to talk about customer service, and how they’re transforming it to provide better value to their customers. 93% of those surveyed say that companies fail to exceed service expectations, which is a complete disconnect with the fact that companies that provide superior service will get 13% more customer dollars because of that. They looked at a new customer service paradigm to deal with the business realities: multiple integrated service touchpoints; experiences benchmarked across industries; consumer choice; increased regulatory scrutiny; and better-informed, more powerful consumers through social media and other means. The customers are back in the driver’s seat in most consumer-facing businesses.

AmEx responded to this by deciding to service customers, not transactions. That’s an important distinction: a specific incident (whether positive or negative) needs the context of the entire customer relationship in order to understand how to best address it. They now consider service to be not a business cost, but an investment in business growth, and focus on respecting and deepening the customer relationship. To do this, they reconstituted their service organization as World Service, with the goal to enable, engage and empower. No small feat, considering that their 20,000 customer care professionals handle hundreds of millions of customer interactions in 22 markets, 15 languages and eight engagement channels.

They have moved past the granular measurement of “how did we do on this transaction” to the net promoter measurement of “would you recommend us to a friend”, which changed how they think about the customer relationship. In fact, they have just trademarked the term “relationship care”.

I’m in the middle of reading United Breaks Guitars: The Power of One Voice in the Age of Social Media – a fantastic and funny read about one man’s journey through a customer service nightmare (and if you haven’t seen the “United Breaks Guitars” video, get on over to YouTube right now) – and one of the points that author Dave Carroll makes in the book is that managing customer service on a transaction basis tends to make companies ignore what they think are statistically insignificant events such as a specific bad transaction with a customer. That, in short, is exactly how not to treat a customer if you want to foster a relationship.

Thinking about the customer relationship rather than just servicing a specific transaction puts AmEx on the right track towards service innovation. They’re also looking at engaging customers through the channel of their choice, from paper to telephone to SMS. If a 162-year-old company can do this, every company has the potential to do the same, and yet many continue to put their head in the sand on turning their customer service around to actually serve the customer in the manner that the customer wants to be served. To serve the global citizen, AmEx combines relationship care with channel convergence, integrated technology, and a global scale with borderless solutions. Through that, they want to turn indifferent (although satisfied) customers into promoters and advocates for the brand. Not many of those customers will end up with the AmEx logo tattooed on their arm, but a single voice can go a long ways these days.

Oh yeah, and they use some Pega software.

What Price Integrity?

As an interesting follow on to the previous session on blog monetization, I attended a panel on maintaining integrity on blogs when you do advertising or promotions on your site, featuring Danny Brown, Gini Dietrich and Eden Spodek. A lot of this is about transparency and disclosure; one audience member said that she writes paid reviews on her blog but that although you can buy her review, you can’t buy her opinion: there’s a fine line here. This is particularly an issue for lifestyle bloggers, since they often receive offers of free product in exchange for a review; this might be seen as being less of a “payment” than cash, although it still constitutes payment.

When I write a product review here, I am never compensated for that, although arguably it can impact my relationship with the vendor and can lead to other things, including paid engagements and conference trips. That’s quite different from being paid to blog about something, which I don’t do; I’ve had offers of payment from vendors to blog about them, and they don’t really understand when I tell them that I just don’t do that. Of course, you might say that when I’m at a vendor’s conference where they paid my travel expenses and I’m blogging about it, that’s paid blogging, but if you’ve ever spent much time at these conferences, you know that’s not much of a perq after a while. In fact, I’m giving up potential paid time in order to spend my time unpaid at the conference, so it ends up costing me in order to stay up to date on the products and customer experiences.

By the way, my “no compensation for blogging” doesn’t go for book reviews: it is almost 100% guaranteed that if I write a book review, the author or publisher sent me a free copy (either paper or electronic) since I just don’t buy a lot of books. I currently have a backlog of books to be read and reviewed since that’s not my main focus, so this isn’t such a great deal for either party.

The key advice of the panel is that if you do accept free product or some other payment in exchange for a product review, make sure that you remain authentic with your review, and disclose your relationship with the product vendor. In some countries, such as the US and the UK, this is now required; in places where it isn’t, it’s just good practice.

I was going to stay on for a session on webinars but the speaker seems to be a no-show, so this may be it for me and PodCamp Toronto 2011. Glad that I stopped by for the afternoon, definitely some worthwhile material and some food for thought on monetization and integrity.

Blog Monetization

The next session that I attended was Andrea Tomkins talking about how to make money through advertising on your blog. She started with ways that blogs can pay off without direct monetization, such as driving other sorts of business (just as this blog often drives first contacts for my consulting business) and leveraging free trips to conferences, but her main focus was on how she sells ads on her blog.

She believes that selling your own ad space results in higher quality advertising by allowing you to select the advertisers who you want on your site and control many of the design aspects. Plus, you get to keep all the cash. She believes in charging a flat monthly rate rather than by impressions or clicks, and to set the rates, she looked at the rates for local newspapers; however, newspapers are very broad-based whereas blog audiences are much more narrowly focused, meaning that the people reading your blog come from a specific demographic that certain advertisers would really like to have access to. Andrea’s blog is a “parenting lifestyle” blog – a.k.a. “mommyblogger” – and she has 1,300-1,400 daily views, many of whom are local to her Ottawa area.

She started out charging $50/month/ad, and bumped it for new clients as well as an annual increase until she reached a sweet spot in the pricing (which she didn’t disclose). She doesn’t sell anything less than a 3-month term, and some advertisers have signed up for a 12-month spot. Her first advertiser, who is still with her, is a local candy store that she and her family frequented weekly – she felt that if she loved it so much, then her readers would probably enjoy it as well. She approached the store directly to solicit the ad, although now many of her new advertisers come to her when they see her blog and how it might reach their potential audience.

She controls the overall ad design: the ad space is a 140×140 image with a link to their website, with the images being updated as often as the advertisers wish. New ads are added to the bottom of the list, so advertisers are incented to maintain their relationship with her in order to maintain their placement on the site.

She also writes a welcome post for each advertiser; she writes this as her authentic opinion, and doesn’t just publish some PR from the advertiser since she doesn’t want to alienate her readers. Each advertiser has the opportunity to host a giveaway or contest for each 3-month term, although she doesn’t want to turn her blog into a giveaway blog because that doesn’t match her blogging style. She also uses her social network to promote her advertisers in various ways, whether through personal recommendations, on her Facebook page or Twitter; because she only takes advertisers that she believes in, she can really give a personal recommendation for any of them.

Before you call a potential advertiser, she recommends understanding your traffic, figuring out an ad design and placement, and coming up with a rate sheet. Don’t inflate your traffic numbers: you’ll be found out and look like an idiot, and most advertisers are more interested in quality engagement than raw numbers anyway. Everyone pays the same rate on Andrea’s blog; she doesn’t charge more for “above the fold” ads or use a placement randomizer, so sometimes has some new advertisers (who are added to the bottom) complain about placement.

A rate sheet should be presented as a professionally-prepared piece of collateral coordinated with your business cards, blog style and other marketing pieces. It needs to include something about you, the deal you’re offering, your blog, your audience and traffic, and optionally some testimonials from other advertisers.

Handling your own ads does create work. You need to handle contacts regarding ads (she doesn’t publish her rates), invoice and accept payments, track which ads need to run when, set up contracts, and provide some reporting to the advertisers. Obviously, there has to be a better way to manage this without resorting to giving away some big percentage to an ad network. She also writes personal notes to advertisers about when their ad might have been noticed in something that Andrea did (like a TV appearance) or when she is speaking and hence might have their ads be more noticed. She does not publish ads in her feed, but publishes partial feeds so readers are driven to her site to read the full posts, and therefore see the ads. She has started sending out a newsletter and may be selling advertising separately for that.

This started a lot of ideas in my head about advertising. I used to have Google ads in my sidebar, which pretty much just paid my hosting fees, but I took them out when it started to feel a bit…petty. As long as I get a good part of my revenue from end-customer organizations to help them with their BPM implementations, it would be difficult to accept ads here and maintain the appearance of independence. Although I do work for vendors as an analyst and keep those parts of my business completely separate, with appropriate disclosure to clients, it is just as important to have the public appearance of impartiality as well as actually be impartial. An ongoing dilemma.

Psychology of Websites and Social Media Campaigns

I arrived at PodCamp Toronto after the lunch break today; “PodCamp” is a bit of a misnomer since this unconference now covers all sorts of social media.

My first session of the day with Brian Cugelman on the psychology of websites was a bit of a disappointment: too much of a lecture and not enough of a discussion, although there was a huge crowd in the room so a real discussion would have been difficult. He did have one good slide that compared persuasive websites with persuasive people:

  • They’re reputable
  • They’re likable with personality
  • They demonstrate expertise
  • They appear trustworthy
  • You understand them easily
  • What they say is engaging and relevant
  • They respect your time

He went through some motivational psychology research findings and discussed how this translates to websites, specifically looking at the parts of websites that correspond to the motivational triggers and analyzing some sites for how they display those triggers. Unfortunately, most of this research doesn’t seem to extend to social media sites, so although it works fairly well for standard websites, it breaks down when applied to things such as Facebook pages that are not specifically about making a sale or triggering an action. It will be interesting to see how this research extends in the future to understand the value of “mindshare” as separate from a direct link to sales or actions.