Here is my letter to Starbucks Corporate Headquarters. In a day or so I’ll post Part III – what follows the letter below was a bit surprising to me. Customer service, and general communication, is not what it used to be. I suppose we all know that, but I was still a little surprised at the broken process and ultimate result of my contact with Starbucks:
September 7, 2010
Starbucks Customer Relations
PO Box 3717
Seattle, WA 98124-3717
Dear Sir or Madam:
I wish to make you aware of what I believe to be an ongoing bad-business practice at one of your shops. It concerns the [address] location.
I do most of my work at Starbucks: I am a book author, writer (paid technical blogger), and IT consultant by profession. I am a steady customer: Some weeks, I am there working every day; other weeks minimally three times.
I have professional standing for both a complaint, and positive suggestion, that I’d like to make. (You may review my standing by Googling The Business-Technology Weave). Absent treatment of this complaint, I will have to find another location for my business writing. I do not wish to do that.
This past Sunday, September 5th, I was using my laptop, writing my latest article for my blog, when I noticed a large pile of cash on the counter (to one side of the food display, opposite the cash registers). The pile was about 6 inches high – there was also quite a bit of change on the counter. The money was attended only sporadically, when a barista performed some measure of counting. In the course of my several hours of work, the money was there, and primarily unattended – I believe there was a period of at least an hour where no one touched the money at all.
I have noticed this situation several times in the past and a thought occurred to me: It would be easy enough for someone else to notice the situation, and time a return trip from the restroom, swipe up the cash, and exit the store. (In fact, given the regularity that money is unattended on this counter, someone could build courage over the course of weeks, and time a theft). I was the only customer seated in the back on this day, and when I left, the money was still there – making a theft even easier. There were three baristas (that I noticed) on duty, and most frequently they were bunched toward the front of the store, near the drive up window and the cash register opposite.
When I’m writing, I’m focused on my laptop largely to the exclusion of my surroundings. Thus, if the money disappeared, suspicion would fall on whomever was seated toward the back of the store: On this day, me. I decided to speak to a barista about it. I chose someone I know fairly well and that I speak to often.
Our conversation was as follows, and I assure you this is very nearly verbatim:
“Hey, Helen; may I make a kind suggestion?”
The barista answered “What?”
I said, “This pile of money makes me uncomfortable; no one is watching it. Would you be able to…”
I was interrupted, “Dave, I’ve been extremely busy.” The response was snappish.
I said, “But if someone was to breeze by and snatch this, I or anyone sitting back here alone would naturally be under suspicion. This situation makes me very uncomfortable.”
The answer was very curt, “I will take that under advisement,” and the person turned away – leaving the money yet unattended.
I left the store about 10 minutes later, and the money was still there. The baristas were again bunched at the front of the inside counter area, toward the drive up window. No one was even facing the pile of money, about 20 feet away. I don’t think there was even a direct line of sight to it.
If common and, perhaps, corporate sense is violated concerning the day’s profits, it leads a reasonable person to wonder what other violations may be transpiring at the store. Frankly, money is dirty and I’ve seen food and drink mixes prepared at the same counter that the money was directly on.
Please, it is not my intention to get the barista in trouble and that is why I do not mention the name, or even gender, of the person. I enjoy talking with, and the service from, Helen, Janice, Sally, Tim, Jerrold, Sharon, Martha and the other personnel at the store; I also know several other customers and enjoy the atmosphere. My letter is sent so that the manager of the store – Jackie (who was not there on the 5th) – can train staff to a better level of standard regarding simple business security. Perhaps the manager herself needs training.
I’m not privy to Starbucks standard business practices, but is there no office in the back in which to count money? Is there not, at the very least, a table? Certainly there must be a private area, away from general public traffic, for the handling of large sums of money? That would be my first suggestion – and one that comports with common business advisement and secure practices.
Lastly, if a customer makes a good-faith suggestion, in the kindest of tones, service personnel should listen and at least be courteous. A snappish response was a surprise to me.
Clients pay me to advise them regarding security. My counsel: In the realm of risk, unmanaged possibilities become probabilities.
For the [store name] Starbucks, there already exists risk – of theft. It is certainly a possibility that someone can take the money – totally unobserved. Given the unmanaged possibility, I believe the risk of theft is too high for sloppy handling of money at this store. Given the economy and unemployment, the sight of money is too large a temptation. Large sums of unattended money also puts customers at risk. This practice is witless.
If for some reason you believe the practices at this store to be proper, or if you determine that my concerns are off-target or my observations of the 5th inaccurate, then I need to know that so that I can make a couple decisions. Otherwise, I’d like to know what is being done to address the problem at this store.
Thank you for taking the time to listen to my concerns regarding the [store name] Starbucks store.
I.T. Wars: Managing the Business-Technology Weave in the New Millennium
Blog: The Business-Technology Weave
[phone number] (mobile)
Octorber, 24th: On this day in 1836 the match is patented .
I’ve stumbled on something rather disturbing regarding Starbucks’ business practices. First, let me say that Starbucks is not a client of mine: Therefore, I’m free to speak without fear of divulging any client confidentialities – I would never speak about clients here anyway, without express permission, and an identified reason.
Also, my recent observations and engagements with Starbucks are from a purely business point-of-view on my part. There is nothing personal here, and I harbor no animosity against Starbucks – in spite of some rather interesting customer engagements I experienced. I merely observed an ongoing bad business practice, and expressed some polite concern.
Let me now set the stage (all names have been changed, save mine):
As readers (hopefully) know, I’m a big proponent of security in business and data environments. It would be difficult for any of us business and IT pros not to be – hardly a news bulletin.
Security not only includes computer systems and associated content (central and dispersed), but physical security aspects as well. In fact, the protection of business and all associated assets includes manifestly physical protections: Locked rooms, sign-in and sign-out logs, locked safes and cabinets, careful handling of money, appropriate accounting of money, and so on.
In protecting a business, we also must recognize that customers and staff are also assets, and best business practices are central to protecting those people. Physical business security promotes safety and ongoing surety.
Any security should also harbor a basic, rather simple, concept: We shouldn’t tempt thieves. We don’t want to make ourselves a target. Therefore we don’t “front” certain light, transportable, easily carried and hidden assets. Like money.
Well… most of us don’t.
A few weeks ago, this writer was laboring mightily on behalf of this blog when I noticed something peculiar: There was a large stack of money on a counter. A pile of bills. Unattended. It was at least 6 inches high. Further, it was on the counter next to the food and drink display case, and this counter itself is used to prepare food and drink.
I’m no prude, but my first thought was: Money is dirty. It is generally kept well-clear of surfaces where food is handled. Starbucks uses plates, of course, but still… I approached the counter and spoke to the nearest barista (Starbuck’s preferred term for their customer service folks, for the uninitiated). Very politely I said, “Hey Helen, there’s a big stack of money here…”. I was about to continue that it made me uncomfortable, but Helen snapped, “Dave, I’ve been extremely busy.” I understand being busy, so I merely continued, “Well, it makes me uncomfortable to see it here unattended…”. I was informed that this is where the money was always counted. (This, despite a desk and computer in the back, where I would presume the accounting information would eventually be entered…).
I very politely asked to speak to the manager, “Jackie.” I was told that she was in the Bahamas. I returned to my work. But presently, with the money remaining on the counter for over an hour (and still there upon my departure), I decided to make contact with Starbucks corporate headquarters. Under the Customer Service tab on the website, I was heartened to see that they’re “here to listen” and that they want me to enjoy my trip to Starbucks every time I visit the store. They provided a physical address: Starbucks Customer Relations, P.O. Box 3717, Seatle, WA 98124-3717.
I wrote a very nice letter. I will post the letter tomorrow, and then pick up this series with Part II, and Part III, where I’ll detail Starbucks subsequent interactions with me, and what they told me about the handling of money vis-à-vis business security. There are also a number of other violations of standards as indicated in The Weave, and general common sense business-dictates. I’ll detail those too – there are some great lessons…
You won’t want to miss the discussion of their business posture.
October 22nd: On this day in 1746, Princeton University (NJ) received its charter.
How does the biggest social networking site suffer a data breach?
Breaches are so mundane, and I expect better from facebook: I mean, I rely on banks, universities, government agencies, restaurants, etc.… for breach of data. (Cheesecake Factory, anyone?!? Gosh, how’d you like to be on the same level of security as the Cheescake Factory?).
Once again, I refer you to the Privacy Rights Clearinghouse’s Chronology of Data Breaches for a little perspective.
But facebook? C’mon. You do almost nothing but handle personal details of people. You don’t have much additional challenge – it’s not like you’re balancing our bank accounts, handling sophisticated things like mortgages or something. For that matter, you don’t even have to serve cheesecake. It’s all about sending “winks,” or “pokes,” saying “hello” and slamming teachers, or something like that (so they tell me).
I just noticed something else: facebook is not FaceBook. It’s all lower case. Hmmm. Anyway, just so you know it’s not me that’s driving literacy and solid writing skills down. And – in the interest of full disclosure – I do have a facebook account.
But you know, I can empathize with facebook: Good help is hard to find. Maybe they just don’t have the staff, with the right chops, to keep things secure in a world of “hacktivists” and other ne’er-do-wells.
Which gets me to thinking: I experienced something at Starbucks the other day that was quite surprising. Very surprising. It was what I consider to be a total breach of common sense, sound business practice, and security.
I’ll have a three-part series beginning with my next post, along with a nice letter I sent to their corporate headquarters (After all, Starbucks says right there on their corporate website: “We want to hear from you”).
Until then – stay safe.
October 18th: On this day in 1892, the first commercial long-distance phone line opened, Chicago to New York (and that, my friends, was a milestone in the business-technology weave).
Last time, in Pt. 1 below, I was talking about local businesses (local to me), and a few I consult with out-of-town, lamenting the fact that they were having difficulty finding solid people. This comprises just about all disciplines, whether they’re staffing their Finance and Accounting departments, Sales and Marketing, Retail Sales, Customer Service, production lines, general administrative support, and so on and so forth.
However, when it comes to IT it’s a problem on steroids, apparently. I’ve heard a number of disquieting stories: Network Managers who slide on nightly backups (unheard of in my day, unless it resulted in a firing), programmers who fail to meet critical deadlines for new empiricals (such as price changes, rate changes, incorporation of new data points, etc.), business analysts who fail to analyze, and (the real bellwether of organizational health) even HelpDesk personnel who fail to answer service calls with requisite regularity.
Further, there is a dearth of quality in the outside agencies that any organization relies on: value added remarketers (VARs); solutions-partners, contractors – even regulatory oversight agencies. Consider what’s now going on in the housing market, and the allied foreclosure situation. We’re suffering through a foreclosure-freeze due to bank paperwork that fails to meet some sort of measure. Of course, one could suppose it’s nice that some folks get to remain in their houses a little longer, but the chief problem here is that banks not only don’t get their mortgage payments – they don’t get the asset (the house) either. Further, when the foreclosures ultimately proceed (and they will – estimated to be in the Spring), the dump of houses onto the market will really tank things.
But I digress. Consider: It doesn’t get any more regulatory-dependent, oversight-dependent, details-dependent than a bank, does it? Who are we hiring, to what standards, and who the heck are we graduating to fill critical positions?… Details, details, details. It’s always those pesky details.
However, and as promised at the end of Pt. I, I have a few ideas for improvement to the situation.
First, a question: You know that feeling you get when you encounter an organization that “gets it”? Solid customer service thrust… a sound business footing… attention to detail… things done right, right on time. A certain excellence in every touch you have with that organization. And, a very certain uniformity: Everyone knows what they’re doing, why – and enjoys doing it.
That engenders a very good feeling.
That’s my encounter and feeling regarding my local Business Incubator. If you don’t know what a “business incubator” is, let me explain. It’s a program and a space to improve the chances for new, entrepreneurial, businesses’ success upon startup, to enhance their chances for staying in business, and to help enable their growth. There is collective community benefit as successful startups grow; employing more people, and bringing positive impact to their region through vigorous and natural stimulation of the local economy. Success begets success.
According to some sources, 87% of Incubator “graduates” stay in business.
As Incubator candidates must apply and qualify for admission, and because they benefit from advice and ongoing counsel from qualified business leaders and professional staff, you find allied excellence in these startups. Their ideas, solutions, goods, services, and ethics harbor qualities that match the Incubator itself.
I would suggest that established and successful businesses, as well as individuals, might get to know their Business Incubators, and rake them for any startups that might deliver the very services you’re looking for – to the measure of your needs and standards, and likely at a very favorable cost. Google “Business Incubator” in your town to get started.
Another suggestion as follow-on to that last post: Professional associations of various stripes abound, but a nice one to examine is the Association of Information Technology Professionals (AITP). Locally, I’m working to bring students into my AITP in realizing fresh actualizations and relationships for everyone’s benefit, including my own. Not just IT students: Obviously, we need all manner of business students too – in tightening and freshening the general Business-Technology Weave.
Students who are otherwise knowledgeable often don’t know about groups like these. I’m on the hunt for the brightest and most motivated – they deserve a place to learn, grow, and as importantly, contribute.
Well, those are a couple of my suggestions and ideas. I’d like to hear yours. What can we do to ensure a qualified candidate pool for all disciplines associated with The Business-Technology Weave?
I think it’s time to get imaginative…
October 15th: On this day in 1951, the television show “I Love Lucy” debuted on CBS television.
Way back in my youth, I was enamored of qualification by way of “rubber meets the road” experience. I was a lack-luster student and formal education was a bit of a challenge for me, so I was convinced that formal education didn’t need to be too heavily weighted in establishing a nice foundation of knowledge, paired with experience.
At one point, someone told me that I was “anti-education.” No so… not even then. I waz educated gooder than most any body around me. (Ok, that was a little obvious, but if I made just one person laugh today, it was worth it).
However, many miles down the road, well-educated and well-qualified (I hope), I am now starting to notice something around me: A difficulty in finding talented, educated, qualified, IT folks. People possessing good judgment paired with sound skills. I can’t afford to be picky regarding the ratio of education vis-à-vis actual experience: Just send me someone who can do the job.
A campus of a major university where I’ve been doing some IT consulting doesn’t even have an IT program. That’s very disappointing.
And now, an Obama administration official has gone on record as saying that unemployment is exacerbated by people’s lack of education and skills. My own political leanings might normally have me countering someone like this person: However, I think she has a point. In my local surroundings, I’m hearing innumerable business leaders lament the dismal talent pool. I don’t have a formal survey or empirical figures, but it’s not their imagination, nor mine. Things are changing, and not for the better.
How do you feel about it? What are the challenges for you in an increasingly technical environment – for both business and IT?
I have a few ideas for improvement which I’ll share over the next few days…
October 9th: On this day in 1930, Laura Ingalls becomes the first woman to complete a transcontinental flight.
Well here’s a twist to security. It seems a law firm, specifically ACS: Law, was targeting certain owners of internet accounts. These accounts were alleged to have accessed and downloaded music and videos that are copyrighted. ACS:Law sought compensation from the owners for remuneration to clients, with ACS:Law keeping up to a third of the payments.
But ACS:Law has its own problems now…
Some of the folks targeted claimed to be innocent – and indeed, it is possible for nefarious online entities to hijack any of our IP addresses. Thus, it can look like a hijacked party is the perpetrator of illegal file sharing, when indeed they are not.
But it seems “hacktivists,” unhappy with ACS:Law’s activity, have attacked their servers, first creating a denial-of-service situation, and subsequently exposing over 13,000 records containing sensitive personal information of the folks targeted; names, addresses, internet activity (yikes), and – in cases where people paid up, bank details.
ACS:Law now faces its own huge fine. And of course, if it is found that they targeted innocent users indiscriminately, that is going to present huge problems of credibility and common business sense.
The lesson? Whether you’re a company mounting action against others (or on behalf of others, for that matter) – or you’re an individual traipsing across the ‘net, enjoying your day – be very careful in what you do, how you do it, and in the actions you take.
Stay safe out there…
October 8th: On this day in 1860, the telegraph line between Los Angeles and San Francisco opened.
It’s being reported that state budgets, increasingly in the red, are impacting cybersecurity – and not in a good way, as you may have suspected.
A NASCIO/Deloitte survey finds that many Chief Information Security Officers are reporting increased reliance on outsourced services – with a resultant difficulty in securing state data environments and associated content, including personal information.
However, the problem is not funding alone: Some of this risk is being engendered by an associated lack of control as experienced by these CISOs: A lack of “visibility and authority to effectively drive security down to the individual agency level” according to Deloitte.
There is something that CISOs can do, in the absence of their ability or direct authority in leveraging security – we’ll get to that. But first, in my own fact-finding and consulting, I’ve discovered something rather interesting: Most organizations’ Acceptable Use policies have a security hole (You may wish to visit, or revisit, “Check Your Acceptable Use Policy: Is this missing?”. They do not make mention of social networking liabilities; after all, many people avail themselves of social networking from organizational resources (workstations, connectivity, company time, etc.). It is definitely inappropriate and counter to any AU policy to make damaging remarks on company time, but personnel should understand that doing that at any time is counter to their good standing – work problems and conflicts have sanctioned channels for disposition: supervisory, supervisory chain, and Human Resources. ALSO: Ensure personnel understand to not post aggregious material elsewhere: Comments to blogs, news articles, professional sites such as LinkedIn, Monster, and entertainment areas such as YouTube, and so on. It’s a Wild (Cyber) World out there – move abreast of and ahead of potentials.
Further, there is no “Watch what you do in the name of our domain” type of warning in any of these policies I’ve looked at. In other words, don’t post internal proprietary information, inflammatory opinions, rants, etc., under the aegis of JohnQPublic@OurCompanyName.com.” (Check “Social Networking and the Blended Environment: What is Being Done in the Name of Your Domain?”).
There is an alarming number of policies that don’t even address data’s portability, with associated best practices for securing that data against loss: portable drives, flash drives, CDs, laptops – even the carrying of official data on personal phones, etc!
Perhaps the biggest liability: Absense of a User Agreement form at the end of these policies. The form should indicate that personnel a) understand the policy, b) agree to adhere to the policy, and c) are willing to sign their name, indicating understanding and intention of complying. As importantly, this forces an opportunity to ask questions so as to be fully informed and qualified to at least know how to adhere to policy: Expectations and requirements are fully understood by a fully educated and informed employee, contractor, outside solutions partner, value-added remarketer, etc.
Back to those CISOs that are feeling vulnerable and what they can do: They should get the ear of their governance. Establish a protocol: Everyone should read and sign an AU policy, and any other cautionary/controlling policies as appropriate, in ensuring a united security front. A regularized schedule of training should also be considered, for necessary updates to security awareness and practices.
One area that many organizations may wish to check today: Call your insurer. Data breaches are estimated to cost many organizations between $100 and $180 per record. Ask about protections should your organization suffer a data breach, with resultant lawsuits and loss to the business. Make sure you understand your organization’s obligation under relevant policies so as to be qualified for reimbursement should you ever file a claim. Recognize too; money that you consider spending on an insurance plan might be better directed toward security itself. Today’s organizations must qualify themselves for evolving practices and discussions.
But first priority, and as stated before: Most organizations enjoy security as a matter of luck; everyone must be a mini-security officer these days. Evaluate every action and activity through security’s prism.
September 30th: On this day in 1960, The Flintstones premiers. It is the first prime-time animation show.
Best IT success rests on what IT can deliver to customers. Customers can be internal; those allied people and business elements relying on technical enablements and supports – and customers can be those who purchase and rely on whatever business delivers to the outside: Products, goods, and services.
In the case of the latter, IT generally has more of a tangential role – granting and constantly improving business’ tools and opportunities for the doing of business, be it production and manufacturing, marketing, advertising, communicating, researching, educating… and so on.
When delivering enablement in service to business aims, the higher the quality and reliability of tools and services, the better the standing of the IT department and its associated personnel within their business berth.
As importantly, by bringing consistency and quality, IT can build a stock of good will “capital” in terms of credibility and sincerity. When a particularly hard project comes along, or something unforeseen happens such as the absence of critical key personnel, or perhaps an extreme crimp of budget that impacts go-live dates or scale of solution, the organization knows full well IT’s commitment to quality, speed-of-deliveries, accuracy of solutions, and sincere good will and good faith commitment to delivering excellence.
An important concept to remember: When vetting any suspect effort, ask the simple question: “How does this move business forward?” All activity in service to business, whether direct or tangential, must serve business and move it forward. The question is an effective puncture to suspect activity or conversation and in any specific moment, helps to refocus all involved, leading them back to the business of doing business.
September 29th: On this day in 1951, CBS broadcasts the first American football game in color – between the University of California and the University of Pennsylvania, at Philadelphia.
I happened to catch Dr. Eric Haseltine, Ph.D., on television the other day. He’s formally trained as a neuroscientist, but was presented as a CTO – a position he held recently. You can examine his bio under this link to his article, “Why our economy is on the brink of going down the tubes…forever.” That’s a pretty dire title, but there is some very real danger - the article relates to the topic he discussed in his TV appearance, and to my concerns here.
While he covers a few different issues – all of interest to me – today I’m concerned with his assertion that only 1/5th the number of American students are entering the fields of science, math, engineering and technology, as in decades past.
Dr. Haseltine calls this a “Silent Sputnik” moment. He quotes Harvard Business School Professor, John Kao. Professor Kao, author of Innovation Nation: How America is Losing Its Innovative Edge, Why It Matters and How We Can Get it Back, says “Fifty years ago the Soviet satellite Sputnik burst the nation’s bubble of complacency and challenged America’s sense of global leadership. But we rose to the challenge with massive funding for education, revamped school curricula in science and math, created NASA and put a man on the moon.” [Emphasis added – DS]. Thus, the Space Race.
Today, both men are concerned that we are facing a Brain Race. However, there appears to be no American training for this race on the horizon. They make the point that American science, technology and math education has been in steep decline over the course of decades – with careers in business, law and media taking priority over high tech jobs. Beyond that…
I frequently make the point that it’s not only the reduced numbers going into these disciplines that is dismaying: Individuals inhabiting technical education programs and career fields comprise a troubling population. They are the product of sliding standards and social promotions. There seems to be a “rounding of corners” regarding empirical measures for qualifications, and in-turn what any specific individual can actually deliver – for fields that are themselves highly empirical. This lack of quality impacts the sustaining of systems and a simple ability to keep environments “whole” and reliable. Now consider that nothing is static: We’ve got to mount and sustain progressions and competitiveness – something quite impossible absent the creation of “better brains.”
Meanwhile China, India, and others are becoming much more “tech savvy.” China measures very favorably against the U.S. and Europe regarding patents and technical publications. No wonder: According to the Paris-based Organization for Economic Cooperation and Development, American teens trail their peers in 23 countries as concerns math, and behind 16 countries in science (“U.S. Teens Trail Peers Around World on Math-Science Test,” Washington Post, Maria Glod).
I’ve noticed a slide in quality of personnel even in Fortune 500 environments. What alarms me in those regards is that these companies, presumably, can attract the best candidates and workers, due to supremacy of salaries and benefits and, I would hope,the attraction of interesting and fulfilling work.
I would be interested in what you are experiencing: Is it becoming more difficult to staff your departments? Do you have to solicit outside expertise more often? Are you providing training to staff for knowledge that used to be considered basic “upon arrival” stuff – basic training that is now pushing back the critical “progression training” for new systems, evolving disciplines, and ever-more sophisticated environments?
September 25th: On this day in 1934, Lou Gehrig played in his 1500th consecutive game.
Being efficient, reducing cost, leveraging effort, doing more with less… ever faster - this is all a part of intelligent business design, and properly sized and executed technology design. In fact, it is an all-important concept within the proper weave of business and technology. Things must be mutually reinforcing, mutually enabling, mutually protected, and must thrust the business of doing things forward.
But what of an efficiency of errors? Oh, that happens too.
What of the IT department that images a PC for propagation to dozens, or hundreds, of PCs… but that original image contains a significant error? Now that error manifests across entire domains, environments… quite efficient… and quick.
What of the higher corporate headquarters I heard about recently: They created a budget template for dissemination to all branches and subordinate business offices and units. It was to bring uniformity and wholeness to the budget process and rollup. Control. Efficiency. Completeness. Except – oh oh: Some critical elements were left out of the template. And, more than a few “local” budget wrinkles were not accommodated in this glorious “uniformity.” A blizzard of notes, requests for special accommodations, and exceptions to policy came back, making the original budget process look like a walk in the park.
Quickness and efficiency here did not serve the realization and finalization of the budget; quickness and efficiency served error and its spawn of negative impacts to the process.
Keep a concept firmly in mind when planning anything; when creating new processes; when writing associated instruction sets:
Errors frequently have efficiencies. Take action with care.
September 21st: On this day in 1957 “Perry Mason,” with Raymond Burr, premiers on CBS-TV.