The Voice for the St. Louis Construction Industry

 
 
Category archive

Columns

What’s All This Talk About Encryption?

in Columns/Technology

By Joe Balsarotti

What does the Apple­–FBI fight and the ransom paid by a Hollywood area hospital have in common? Encryption.

The data stored on the Syed Farook’s iPhone and the data at Hollywood Presbyterian Medical Center are both encrypted, the former by design and the latter by malicious hackers.

The lure of privacy and keeping prying eyes away makes encryption a tempting solution, even if no encryption scheme has ever been foolproof. The federal government, through the HIPAA (the Health Insurance Portability and Accountability Act), even wants most patient data encrypted, and yet the FBI wants to break the encryption on mass-murderer Farook’s iPhone.

Encryption is a two-edged sword. It can be used to protect a company’s information, but it can also block a company from getting its own information. When a hard drive fails due to a hardware problem, encrypted information is rarely recoverable. If backups fail, there could be irreparable damage to a business because of the loss. Or, the hardware could be fine, but a disgruntled employee can use readily available tools to encrypt a business’s data and leave the company high and dry.

International organized crime has found encryption to be a very lucrative tool, hence the rise of Cryptolocker and like viruses and malware. “Pay us and you get your data back”; don’t pay and you or your business are at the mercy of having backups with enough versions to extend past when the infection first hit your systems. Of course, that assumes your business *has* backups which have been tested and verified.

Without getting to far into the weeds of the Apple vs. FBI saga, suffice it to say that battle isn’t over encryption, it’s over the iPhone’s setting to destroy it’s data if ten incorrect passcodes are entered. Since today’s computers can easily crack any passcode within a couple of days by trying every combination, the illusion of security in Apple products lie in the balance. Give the FBI a way around the self-destruct and the Apple products are no more secure than anything was before the digital age.

Now, back to the encryption conundrum. Until the digital age, nothing was truly private. Any safe or vault could be picked and any code could be broken, eventually. In the digital age, encryption has become both a blessing and a curse, but there’s no denying that it enables a level of privacy that didn’t even exist  fifty years ago. Those who’ve only lived in the digital age take this privacy as a given and don’t want to see it’s power eroded. Those who remember ‘loose lips sink ships’ know that no information was truly safe in the past, and breaking the other side’s code often meant the difference between life and death.

For a company, encrypting data on mobile devices such as notebooks, tablets, and phones is a prudent move as those devices are easily lost or stolen. However, your data should never be only on such devices. Mobile devices should either have to connect to access the data, via a VPN (Virtual private network), remote access tools like Teamviewer, LogMeIn, or Remote Desktop, or to one of the secure cloud based services. In other words, either store the data stored elsewhere, but have it accessible to your mobile device, or encrypt the mobile copy.

Once important data is encrypted, the key to that data is invaluable. If you as a business owner, encrypt your company data and something happens to you, who on your staff also has the key? If you get hit by the proverberial bus, and no one has the decryption key, how does the business survive without the data you deemed important enough to encrypt in the first place? Restoring a backup won’t help as those backup files would be encrypted and also require the key to be readable. In your personal life, does you family have the keys and passcodes to get into your digital files if you’re incapacitated or no longer around?

Everyone can agree that you should have multiple levels of backups for your business. Whether to encrypt some, all or none of  your company or personal data is a much harder question.

If you’re interested in the specifics of the incidents I mentioned, here are the links:

http://www.latimes.com/business/technology/la-me-ln-hollywood-hospital-bitcoin-20160217-story.html

http://mashable.com/2016/02/25/apple-vs-fbi-stakes/#3e3nDPE1hsqd

I welcome your questions or comments at businesstech@software-to-go.com

Joe Balsarotti is president of Software To Go and is a 36-year veteran of the computer industry. He served three terms as chairman of the National Federation of Independent Business’ (NFIB) Missouri Leadership Council, served as chairman of the Clayton, Missouri Merchant Association for a dozen years, and chaired Region VII of the Federal Small Business Regulatory Fairness Board. He currently serves on the Dealer Advisory Panel of the ASCII Group, an organization of over 1000 independent computer and technology solution providers in North America.

Do You Have A Plan to Refresh Your Technology?

in Technology
Joe Balsarotti
Joe Balsarotti

It’s hard to believe any business nowadays not being computerized. After all, without a website or at least email, it would be invisible to the vast majority of the public. Even businesses that get their customers solely from referrals have to be able to communicate in a way that customers and prospects prefer.

Those of us old enough remember the switch to computers. It usually started with an accounting system, maybe BPI, Great Plains, Timberline or Accpac. The time spent on finance and accounting went down significantly as adding machine and ledger paper were replaced. Then came word processing and the days of carbon paper were gone. CAD/CAM drastically reduced time to design and reduced errors. Local area networks started becoming commonplace in even small offices and everyone had access to the data without having to wait for someone to get done with ‘the file.’

Back in the very late ‘70s to the early ‘90s, it was easy to justify the expense of computer technology. The benefits went almost immediately to the bottom line, expanding abilities and reducing labor costs. ‘Selling’ management or the owners on buying equipment and software was an easy task. Technology planning meant calling a rep, getting a quote and saying yea or  nay, then starting the whole process again from scratch five to seven years later.

Some years ago, I had the opportunity to meet Dan Bricklin at an industry conference. You’ve probably never heard of him, but you certainly know the results of his invention, Visicalc. Yes, imagine a world before spreadsheets. The digital marriage of a sheet of ledger paper and a calculator was the brainchild of Mr. Bricklin. During his presentation, he was asked one of the best business questions I’ve ever heard at a tech event (tech events tend to be very techie rather than bottom-line oriented) “How did you arrive at a price of $499 for Visicalc?” He replied that those were the days of timeshare computing and that an hour of computer time was expensive. So, he calculated the average three-month cost for timeshare services then worked backwards, subtracting the cost of an Apple II computer, monitor, disk drive and printer. The result was a difference of about five hundred bucks, so $499 became Visicalc’s price.

Bricklin wanted the selling of Visicalc (and everything necessary to use it) to be a no-brainer. Why, after all, would any company want to pay to rent computer time when in just three months they could have their own system free and clear?

Nowadays it seems the benefits of newer technology are much harder to calculate. How much productivity does your business really gain if an older machine takes two more minutes to start up in the morning than a new one would, or printing takes an extra minute? Realistically, is your staff ready at the first minute of the workday or are they getting coffee, arranging their desk or hanging up their coat anyway?

The gains of new technology for businesses seem to have hit an inflection point. Now, it isn’t how much more you’ll gain as much as how much your business could lose by not keeping current. All those columns I’ve written about security, backup, and data loss might be coming to mind for you right now (at least I hope so). Downtime is an expense and a costly one. What price do you pay if a machine goes down and leaves an employee unproductive for a day? What if that machine is your server? Hard drives have finite life spans, so do cooling fans. They will eventually fail and that means your staff can’t get work done. Parts availability might become a problem with older systems. Even if the parts are available, how long to get them, have the repair completed, and the data restored? Time is money, after all. What’s your plan to deal with a failure?

Security also is a concern on older systems, as is compatibility with newer systems within your organization or those of your vendors, clients, and prospects. It’s hard to calculate the damage if your proposal looks like gibberish or is formatted wrong, because you were running a five-year-old version of Word or Acrobat, but it’s easy to calculate the loss if you miss a deadline because of system failure.

Businesses should have a written plan for a technology refresh. Some businesses can get by with a once-a-five-year refresh if their systems and internal procedures are very solid and scripted. Others, especially ones with more creative aspects such as design and architecture, need to replace machines along with each new version of their primary design software as each version adds new features and therefore requires more power from the hardware.

Even Internet access requires technology refreshes. How many of you have the same firewall from an old DSL connection running a newer cable or fiber line? If so, you are getting half of the speed you’re paying for because the firewall can’t scan the data at the speed of your line. Security improvements aside, a five year old firewall is a dinosaur and if not costing you money, is keeping you from getting what you’re paying for each month.

So, work with your tech provider, develop a plan and stick to it. If your technology people aren’t proactively working with you already in this regard, it’s probably time to find a new provider who can be a true partner for your business. A tech refresh plan will allow you to budget for necessary improvements and go a long way to keeping your company secure and up-to-date.

I welcome your questions or comments at businesstech@software-to-go.com

Joe Balsarotti, president of Software To Go, is a 36-year veteran of the computer industry, reaching back to the days of the Apple II. He served three terms as chairman of the National Federation of Independent Business’ (NFIB) Missouri Leadership Council, was chairman of the Clayton, Missouri, Merchant Association for a dozen years, chaired Region VII of the Federal Small Business Regulatory Fairness Board, and currently serves on the Dealer Advisory Panel of the ASCII Group, an organization of over 1000 independent computer and technology solution providers in North America.

Preventing Fraud In Your Organization

in Finance/Homepage Primary

It seems that every day we hear a new story of significant monetary loss due to embezzlement or other crimes perpetrated from within a company by a trusted insider. We hope this column from an earlier edition of St. Louis Construction News & Review Magazine will help protect your business.

By Ken Van Bree

Here’s a statistic that will keep you up at night: according to the Association of Certified Fraud Examiners (ACFE), fraud within the construction industry is now costing an average median loss of $245,000 for organizations. Further, ACFE report that the construction industry’s median loss is approximately $90,000 higher than the average fraud losses across all industries.

Type of Fraud Schemes

The threat of fraud can never be wholly removed, but leadership should take steps to identify schemes their organization might face. Below are a number of schemes frequently used to defraud construction companies.

Billing Schemes

The ACFE indicates that billing schemes account for 35 percent of the fraudulent activity within construction companies. Such schemes can be payments to fictitious vendors, overpayment to vendors (often through collusion with an internal employee), and purchase of personal items with company funds.

Bid Rigging & Corruption

The ACFE reports that nearly 47 percent of the fraud cases examined in the construction industry had an element of corruption, whether it is bribery, kickbacks or quid pro quo situations The bid process can be riddled with opportunity for this type of fraud.

Theft

The construction industry is particularly susceptible to theft of materials due to the location of jobs and the difficulty of tracking construction materials. Job sites can be in remote areas or some distance from the corporate headquarters and subject to less supervision.

Additionally, materials on job sites are hard to track and measure during the construction process. Items lying around a job site such as lumber, concrete, copper pipe, wire and cable can create an opportunity for thieves if proper controls are not in place.

Misuse of Company Equipment

Similar to theft of materials, misuse of company equipment can also become an issue if there is a lack of controls present. For instance, an employee could operate a side business using a company’s idle equipment.

Other Fraud

The construction industry is subject to the same fraudulent activities faced by every other industry. These include payroll fraud through fictitious employees, check tampering, and fraudulent expense reports.

The Importance of Internal Controls

After identifying common fraud activities, an organization should design a control structure that will reduce the opportunity for fraud and increase the chances fraud will be detected. Although there are no guarantees, the foundation to a strong internal control environment is proper segregation of duties.

For example, the person in charge of setting up vendors should not be the same person who approves vendor payments or reconciles bank statements. Proper segregation of duties applies to all areas of business and can be employed effectively at little or no cost.

Here are some other simple yet effective internal controls organizational leadership should consider implementing:

  • Check all estimates for accuracy of calculations, labor rates and correspondence with drawings.
  • Compare job cost estimates with actual costs. Require approvals for cost adjustments or transfers of costs between jobs.
  • Require that estimates for materials above a specified amount include quotes from two or more vendors.
  • Make purchases only with pre-numbered purchase orders, and match them to both receiving reports and invoices before payment is made.
  • Check vendor invoices against estimates to ensure proper discounts and pricing.
  • Always refer to specific job numbers, phase codes or work order numbers in onsite communications.
  • Obtain ink or electronic signatures on change orders before work begins and revise contract values accordingly.
  • Allocate equipment usage to contracts weekly and record equipment maintenance expense in the ledger as they occur.
  • Review all billings for timeliness, accuracy, conformity with contract terms, and correct customer information.
  • Reconcile contract billings with general ledgers monthly, and calculate under-billings and over-billings.
  • Prepare and review monthly financial statements and reconcile them to supporting ledgers, bank statements, and loan schedules

Not all controls are created equal when trying to detect and prevent fraud.  For instance, according to the ACFE, an external audit was performed in 80 percent of the fraud cases reported, but detected the fraud in only three percent of those cases. The majority of fraud was uncovered through tips to a fraud hotline or management, and employees or customers were the leading sources of those tips. A fraud hotline was in place for 54 percent of the fraud cases examined.

Based on this information, it is important not to put too much reliance on a single control, but rather have a series of processes that will prevent and detect fraud.

Know The Signs

The profile of a fraudster can be as important to know as understanding the typical fraud schemes employed themselves. Per the ACFE, fraud typically is not perpetrated by a repeat offender. In fact, only 5 percent of fraudsters had been previously convicted of a fraud-related offense prior to committing fraud crimes.

Additionally, 82 percent of fraudsters had never been punished or terminated by an employer for fraud-related conduct, which shows that while background checks are useful in screening out some bad applicants, they might not be effective in predicting fraudulent behavior.

Most fraudsters were employed for more than one year before committing fraud, but most displayed some, such as living beyond their means, financial difficulties, or having unusually close associations with vendors or customers, that could have served as warning signs. Training management to recognize these warning signs for employees, vendors and auditors is important to help detect fraudulent behavior.

Protect Your Company’s Reputation

Ultimately, knowing the types of fraud, what controls to implement and the profile of a fraudster can help mitigate the chances of a significant fraud loss, but maintaining your reputation is another critical factor.

Reputation is a construction company’s most important asset since the construction industry is small enough for word of mouth to carry great weight in the decision process of sureties, bankers, suppliers or customers. Across all parts of the organization, companies should operate under a code of ethics that builds their reputation in the community.

Ken Van Bree, CPA, is a partner of St. Louis-based accounting firm RubinBrown and serves as the partner-in-charge of the firm’s Construction Services Group. For information, visit

Missouri Appellate Court Adopts Spearin Doctrine

in Columns/Law

By Jim Keller Herzog Crebs LLP

James R. Keller

In one of the most comprehensive and important construction decisions in years, the Missouri Court of Appeals for the Eastern District has found the Spearin doctrine applies in Missouri.  This is the first Missouri appellate court to definitively reach this conclusion.

The Spearin doctrine stands for the proposition that when a governmental entity includes detailed specifications in a contract, it impliedly warrants that if the contractor follows those specifications, the finished product will not be defective or unsafe and if the finished product turns out to be defective or unsafe, the contractor will not be liable for the consequences. The Spearin doctrine is widely accepted around the country, but no previous Missouri appellate court has specifically adopted or rejected this doctrine in a published opinion.

The case is Penzel Construction Company, Inc. v. Jackson R-2 School District, decided February 14, 2017.

This sweeping appellate opinion also discusses expert qualifications and the measure of damages through a total cost approach or modified total cost approach.  Missouri construction lawyers will be citing this case for years to come.

Penzel Construction Company, Inc. on behalf of Total Electric, Inc. brought a breach of contract action against Jackson R-2 School District based on breach of implied warranty for allegedly furnishing deficient and inadequate plans and specifications.

The District had entered into a contract with WNB Architects to build an addition to the Jackson High School. During the bidding process, the district furnished the plans and specifications for the project to Penzel, who gave a copy of the plans to Total Electric.

Neither Penzel nor Total Electric noticed any errors in the plans at the bidding stage. Based on the plans, Total Electric submitted a bid of $1,040,444 to Penzel to furnish and install electrical work for the project.

The district then entered into a contract with Penzel to be the general contractor. Penzel entered into a subcontract with Total Electric to provide electrical work.

Penzel’s claim at the trial court level pursuant to the Spearin doctrine was that the district impliedly warranted that the plans it furnished were adequate for completing the project and that the district breached the contract by providing inadequate and defective plans and specifications.

Alleged defects in the plans included inadequate low voltage switching and wire design affecting the gymnasium and some student areas, incorrect kitchen drawings, failure to specify emergency ballasts, failure to depict all the water heaters and circulating pumps requiring wiring, outdated products, non-compliance with building codes and an incorrect depiction of some site electrical work that actually was to be performed by others.

Total Electric’s claim was for labor loss of productivity and a 16-month delay in reaching substantial completion. Total Electric alleged that its damages were compounded by slow responses from the district and WNB as problems arose. Total Electric argued that it frequently had to wait weeks to months for a response.

This caused inefficiencies requiring Total Electric to pay workers for being on the project site with little or no work available to be performed. Total Electric also claimed higher hourly costs for manual labor due to trade labor wage escalation.

At the trial court level, the district brought a third-party claim against WNB.  The trial court granted motions for summary judgment on behalf of the district and WNB.

In reversing, the Eastern District concluded pursuant to the Spearin doctrine that if a contractor makes a bid in reliance on a governmental entity’s representations of what a project would entail, that contractor should not be punished—and the entity should not receive a windfall—because the entity’s renderings were defective.

The Eastern District also decided that Penzel was not required to use expert testimony to prove the plans were substantially deficient. Rather, testimony that the plans omitted critical components, called for outdated or non-existent products and failed to comply with building codes were issues that a layperson (or a juror) without any technical training could understand.

Also, Penzel could use two witnesses with 40 and 60 years of construction experience to testify that the electrical plans and specifications were deficient, even though neither one was a registered architect, licensed electrician or licensed engineer.

To prove Total Electric’s loss of productivity claim, Penzel used the total cost method or modified total cost method.

The total cost method requires proof of four elements: 1) the nature of the particular loss makes it impossible or highly impractical to determine any loss with a reasonable degree of accuracy; 2) the contractor’s bid or estimate was realistic; 3) the actual costs are reasonable; and 4) the contractor is not responsible for any added costs.

The modified total cost method is more flexible by allowing for adjustments to the total calculation of damages. The four-prong test is still used; however, it is merely a starting point and subject to adjustments to aid in proving the actual losses.

The appellate court concluded that the total cost method or modified total cost method may be an avenue to establish damages in this case.

James R. Keller is a partner at Herzog Crebs LLP where he concentrates his practice on construction law, complex business disputes, real estate and ADR. He also is an arbitrator and a mediator.

When’s The Last Time Your PC or Server Got an Oil Change?

in Columns/Technology
Joe Balsarotti

By Joe Balsarotti is President of Software To Go

The quick lube places drummed the “three months or 3,000-mile” mantra into all of us some 20 years ago and built an industry around it. Later, autos with 100,000 miles were considered exceptions; now 200,000 miles and more is the norm. Any mechanic will tell you that regular preventative maintenance allows cars to last longer. Computers need constant maintenance, too. A network going down can be far more costly to your business than if a truck, van or car in your fleet malfunctions. After all, you can’t just call up Enterprise and rent a new network for a week.

Far too many businesses see their technology as simply a necessary expense rather than the asset it is. After all, how expensive would it be to do your bookkeeping by hand compared to the cost of merely plugging numbers into your accounting system? Computers, networks and the like should be treated as the integral part of your business that they are. Just like changing the oil in a car or greasing the gears of heavy machinery, regularly scheduled preventative maintenance results in saving money rather than costing your business money.

Computer technology changes constantly. A model year for a desktop computer is about four months; major application programs renew every one to three years. In the software realm, most programs are dependent upon other programs that very likely are produced by another company. One vendor finds a bug, a defect or an entry point for hackers and writes a patch or update to fix it. That, in turn, changes parameters in other programs that communicate with it, requiring updates. On the hardware side, printers, scanners, CNC, robotics, entry systems and other connected devices need software updates when the operating systems running on the PCs are updated. Security updates to anti-virus, endpoints and firewalls are conducted daily, if not hourly, behind the scenes.

All those updates and changes need to be managed by someone. We’ve seen many a business user’s system crash, only to discover that the software is two, three or even five years behind. Companies may unintentionally leave their operations vulnerable and accessible to any kid who searched for “hacking tools” on the Internet. A lack of preventive maintenance and monitoring – what our industry refers to as managed services – leads to unexpected and unpleasant future expenses.

Just last month we heard about the St. Louis Public Library’s entire network being rendered unusable as a Cryptolocker type of ransomware was downloaded and encrypted the data, holding it hostage. The patron machines and back-office machines never should have been on the same network in the first place, but I’m sure someone will argue that it was prohibitively expensive to do it the correct way. Oops. We’re left wondering how much that shortcut will cost taxpayers. Was the library paying for update subscriptions to its firewalls? Was all of the software completely updated and was the network being monitored for a mass change in data? At least we do know that St. Louis Public Library had backups of the data and didn’t pay the ransom.

How would your network fare if it were attacked in the same manner? What costs would your business incur if all computers were unusable for a week? Would the idea of preventative maintenance and monitoring suddenly look like a cheap insurance policy?

Gartner research back in 2010 showed that 43 percent of companies were immediately put out of business by a “major loss” of computer records – and that another 51 percent of businesses studied permanently closed their doors within two years, leaving a mere 6 percent survival rate.

Maybe many of those data losses were caused by a major disaster destroying the surrounding customer base, as one possible example. But ask yourself: even if these are extra harsh statistics, what happens if you lose your customer list, your A/R report and aging, blueprints, plans or schematics for all the projects on which you are working? Realistically, would your business survive, and at what cost? More importantly, could it have been prevented by spending a realistic amount of money on managed service and preventative maintenance?

Most managed service plans are flat monthly, quarterly or annual fees based upon either the number of users or devices in the business. Your business gets the advantage of peace of mind that your tech provider’s incentive is to prevent problems because repair and remediation takes more time and is therefore less profitable. Additionally, your business gains a far better grasp on the true expenses of your technology because you can forecast and budget far in advance – and you can hopefully eliminate the unexpected, immediate expenses that failures bring.

I welcome your questions or comments at businesstech@software-to-go.com.

Joe Balsarotti is President of Software To Go and is a 37-year veteran of the computer industry, reaching back to the days of the Apple II. Balsarotti served three terms as chairman of the National Federation of Independent Business’ (NFIB) Missouri Leadership Council, as chairman of the Clayton, Missouri Merchant Association for a dozen years, chaired Region VII of the Federal Small Business Regulatory Fairness Board and currently serves on the Advisory Panel of the ASCII Group, an organization of more than 1,000 independent computer and technology solution providers in North America.

Consider Lying to Make Your Personal and Business Data More Secure

in Columns/Technology
Joe Balsarotti

I’ve written about it before, security breaches allow access to personal data. No business is safe. When the ‘big guys’ get hit, it makes the evening news. When it happens to a small business or an individual, it can still be devastating.

The recent Yahoo hack exposed one billion accounts. That’s one-thousand-million users who got their data stolen. What’s really bad about this second exposure at Yahoo is that not only did user names and passwords get out, but also those security question answers. Oops.

With that in mind, here are some tips on how to make your data and your business’s more secure.

In my opinion, the whole idea of a security question as a way to recover forgotten passwords or accounts is just plain stupid. As Sarah Palin found out during the 2008 elections, just about anyone can find out enough about you to answer the questions usually asked and sure enough, her email account was hacked. Which, of course, means that just about anyone can get your data.

So, what can you do about it?  Lie.

Yes, lie when you enter answers to security questions. If the vendor asks for your high school, enter your college. Enter your father’s middle name when asked for your mother’s, etc. The trick, obviously, is to be consistent so you don’t trip yourself up. You might even consider entering the first of your birth month as your birth date, for example, when registering with most sites. After all, you will still get your free birthday desert at the local restaurant if you keep the month correct but might save yourself grief if the restaurant rewards program gets hacked and your birthday gets out.

The ‘keep it simple’ premise can be utilized in your business. Don’t ask your staff, your vendors or your customers for data that you really don’t need. Remember, once you have that data, its safety is the responsibility of your company. That also means the liability for a breach is on your company as well. Maybe your marketing people say sending a birthday greeting or your sales staff knowing a customer’s anniversary is a plus, but does it really matter if you know the exact day? Would more general data serve the same purpose with lower risk?

Remember, the adage of ‘change your passwords frequently’ is not to protect you, the customer, it is to protect the ones holding that data. Obviously, the best security is to come up with a password very hard for someone else to figure out, but that you can memorize. Constantly changing passwords, do the opposite. People forget them because the most secure and meaningful ones have already been used. Therefore their passwords become simpler and simpler and in most cases end up written down on Post It notes, where a cleaning crew, employees, visitors, or family can easily see them.

The reason password changes are crammed down your throat is due to a valid worry that the data holder may have already been breached and doesn’t know it. Changing the passwords regularly renders the stolen data useless, which does protect you, but it’s really done as an attempt to reduce the holder’s liability.

One way to protect yourself with regards to frequent password changes is to come up with some formula only you know which allows a memorizable password, but also makes it unique at every place you use it.  For example, say you decide your ‘master password’ will be the word “memory”. If you have a Yahoo account, make the password “1Memory1-Y”, for a Gmail account, your password would become “1Memory1-G” and for online banking it would become “1Memory1-B”.   In this way, you’ve kept the basic password as something you can remember and not have to write down, it includes letters of both upper and lower case, numbers (not just tacked onto the end) and a symbol, all things that are required by most sites nowadays. You’ve already figured out the last letter is the first of the site, but when hackers try your data at a host of well-known websites, it will fail. They are not going to analyze your individual password for a pattern. They are already onto trying the next million easy targets in their list.

Turning to the business side of the equation, customer data stored on your systems should always be secured with multiple levels of security, which include hardware firewalls, passwords (or better yet, biometrics), endpoint protection, and security training for your staff. All security products should have update subscriptions and only administrators should have access to install software. Every user should have their own unique passwords and your employee manual should make clear that sharing passwords, or using another’s account could be a fireable offense. Don’t ask security questions of your customers. Instead consider having them enter a second phrase, which only makes sense to them, but not one based on a question which could be obtained by a hacker.

Having your personal data stolen is bad, but losing your company because someone stole all your employee or customer data is worse. Take the necessary precautions and consider protecting yourself with a couple little white lies.

I welcome your questions or comments at businesstech@software-to-go.com.

Joe Balsarotti is President of Software To Go and is a 37-year veteran of the computer industry, reaching back to the days of the Apple II. Joe, served three terms as chairman of the National Federation of Independent Business’ (NFIB) Missouri Leadership Council, as chairman of the Clayton, Missouri, Merchant Association for a dozen years, chaired Region VII of the Federal Small Business Regulatory Fairness Board, and currently serves on the Advisory Panel of the ASCII Group, an organization of over 1000 independent computer and technology solution providers in North America.

Missouri’s Supreme Court Reverses $8,000,000 Punitive Damage Verdict

in Columns/Law
James R. Keller

By James R. Keller

Missouri’s Supreme Court weighed in on another construction case in 2016 by a reversing a jury verdict in favor of the City of Harrisonville of $8,000,000 in punitive damages.

The case is City of Harrisonville v. McCall Service Stations d/b/a Big Tank Oil and the Missouri Petroleum Storage Tank Insurance Fund, 495 S.W.3d 738 (Mo. 2016), decided August 23.

The project was the cleanup from underground petroleum storage tanks at a service station in Harrisonville. An upgrade of an adjacent sewer system for the City prompted the cleanup.

Missouri, by statute, established the Missouri Petroleum Storage Tank Insurance Fund per Section 319.129. This Fund provides insurance to service station owners for the cleanup costs from spills and leaks from underground petroleum storage tanks.

McCall Service Stations d/b/a Big Tank Oil owned a service station. McCall informed the Fund in 1997 that significant gasoline had leaked into the soil around its tank system.

McCall and the Fund hired Bob Fine, an environmental engineer, to determine the extent of the leak. Fine notified the Missouri Department of Natural Resources that the leak was moving toward a nearby creek.

Fine prepared a plan to contain the leak by installing monitoring wells on streets next to the site. McCall thereafter sold the service station to Fleming Petroleum Corporation.

In 2003, Harrisonville decided to upgrade its sewer system given a growth in population. The City awarded a construction contract, after competitive bidding, to Rose-Lan Construction for a multi-million dollar sewer upgrade per a bond issue for this work.

During construction, Rose-Lan encountered contaminated soil next to Fleming’s service station and notified the Department of Natural Resources.

Fine, who had been monitoring the situation since 1997, confirmed that the underground storage tank was the source of the leak. He suggested that the most cost-effective approach would be to leave the contaminated soil in place and install petroleum-resistant pipe and fittings.

The City’s engineer estimated that to completely remove and replace the contaminated soil would cost more than $500,000. BV Construction submitted a bid of $190,226.38 to install the petroleum-resistant pipe per Fine’s approach.

The Fund obtained a lower bid of $175,161.41 from Midwest Remediation.

There were several discussions between the City and the Fund about the remediation and who would pay for it. Three representatives for the City felt based on the meetings that the Fund would reimburse the City for the remediation costs.

After these discussions, the City’s attorney sent a letter to the Fund’s representative that the City was going forward with Midwest in reliance on the “promise” that the Fund would pay the full amount of Midwest Remediation’s costs. The City then authorized Rose-Lan to subcontract with Midwest Remediation to install the petroleum-resistant pipe.

The Fund did not reimburse the City for the work—thus the lawsuit.

The City sued the Fund for fraudulent and negligent misrepresentation.  The City alleged it hired Midwest Remediation in reliance of the Fund’s representative’s express promise that the Fund would pay for the cost of Midwest’s work.

During trial, the City established that it incurred increased costs of $172,100.98 to complete the sewer upgrade project as a direct result of the contamination caused by McCall and Fleming. None of these costs would have been incurred had the City not encountered petroleum-contaminated soil.

The jury returned a verdict for the City of $172,100.98 in compensatory damages against McCall, Fleming and the Fund, $100 in punitive damages against McCall and Fleming and $8,000,000 in punitive damages against the Fund.

Regarding the Fund’s liability, Section 319.131 states that the Fund will pay all of any participants’ cleanup costs that are greater than $10,000 but less than $1,000,000 per occurrence and the Fund shall provide coverage for third-party claims involving property damage or bodily injury caused by leaking petroleum storage tanks.

The Missouri Supreme Court decided the City’s claims against the Fund did not fall within the statutorily authorized claims set out in Section 319.131.  The Fund is not authorized to provide coverage for claims that do not constitute a participant’s cleanup costs or involve third-party claims. The City’s tort claims were beyond the coverage provided by the Fund.

Despite this finding, the Supreme Court left in place the award of compensatory damages solely because the Fund had not appealed this portion of the jury’s verdict.

But the Supreme Court decided that since the City did not have a claim against the Fund for compensatory damages, even though they were awarded, the City could not recover punitive damages from the Fund.

There must first be actual damages to support the award of punitive damages.  Since the actual damages were not allowed by statute, the punitive damages could not be allowed either, the high court concluded. Thus, the Supreme Court reversed the $8,000,000 punitive damage award.

James R. Keller is a partner at Herzog Crebs LLP where he concentrates his practice on construction law, complex business disputes, real estate and ADR.  He also is an arbitrator and a mediator.

Setting Annual Expectations

in Columns/Sales
Tom Woodcock

By Tom Woodcock

As the holidays pass and we barrel into the new year, companies scramble to forecast next year’s performance. Numbers will be thrown around, projections made, and hopes elevated. Ownership will almost always demand better results in either revenue or profitability, or worse, both. Then the great master plan is formatted and presented at a company meeting. At that point, virtually everyone walks away leaving the sales team to make it happen.

Kinda comical if you really think about it. Marketing budgets get cut, entertainment expenses reduced and owner engagement wanes, yet you’re tasked to increase business. “Do more with less!” is the new company motto. You sit there wondering how you’re going to pull it off, if at all. It might be easier to just start making your excuses now as opposed to when the projections are blown. It seems to be an annual ritual. The real question is how do you project what an upcoming year will hold?

Projections can be very strategic or de-motivating in nature. Most are unrealistic in scope and cause unnecessary sales stress. Many have no formulation on how to achieve the numbers. Whether revenue, profitability or expansion of customer base, projecting results without having a plan is a shot in the dark at best. There are a few key areas related to sales that will require a strategic approach. Otherwise, reaching a projected goal will be a seat of the pants proposition. Hitting these main points will at least allow you to hit the basics:

  1. Market Conditions: Understanding and calculating what is taking place in your specific markets is paramount to setting your company’s sales rudder. Is demand trending up or down? Are there economic factors that dictate market direction? Has the customer base shifted in need or demand? These are important questions to answer. These influences can send you in the wrong direction if not addressed.
  2. Historical Sales Data: I find many organizations evaluate their sales teams via gut reaction. You “feel” like someone is doing a good or bad job and approach that person accordingly. The sales data may reflect the opposite of your impression. It’s impossible to project where you’re going without knowing where you are. What’s the starting point? What increases have you been averaging year to year? If historically you’ve realized a 5 percent increase year over year, you’d better have some strong data supporting an expectation of a 20 percent increase for the projected year. Unrealistic growth is never realized.
  3. Ability of Sales Personnel: Being realistic with the talent and work ethic of your sales team can assist in determining what you can truly expect that team to produce. Are they seasoned veterans? Developing rookies? Maybe a combination of both? Break the team down by individuals and measure the past contributions of each to your sales total. Use that as a baseline then incorporate the information you attain in the first 2 points and project growth. Combining the individual results will give you a company wide It’s useless to predict a high level of growth when you don’t have the players to get there. It’s like expecting your nine-player baseball team to hit 90 home runs when no one has ever hit more than five. It is just not possible.

If you’re diligent in at least these three areas, you can expect to make reasonably educated forecasts. Hitting projections will fuel the motivation tank. Over analyzing causes paralysis, insecurity and mistrust. Set your direction and stick with it. Be sure everyone clearly understands the requirements and the result of hitting or missing goals.

Recognizing that your company can fall into the trap of letting external factors dictate your success will keep you working on your strategy. You really do control your growth, not Wall Street or the next President. Rising above circumstances requires more than effort. Having a strong sales strategy tied to that effort has virtually a zero percent chance of failure. Of course each company has its own idiosyncrasies that can affect success, but having your sales ducks in a row can mitigate the negative and extenuate the positive. You are in control.

I’ll be sitting with the companies I work with over the next few weeks setting projections. Owners will argue with me and want to push the numbers. My response will be; “Okay, how are you going to pull that off?”. That will at least light the fuse. From there, reality will kick in and we’ll end up with a good, aggressive, yet achievable projection. Which, truth be told, is exactly what both they and you need. Don’t give in to the wishful thinking of pie in the sky expectations. The eventual result is a bad taste in your sales mouth.

Tom Woodcock, president, seal the deal, is a speaker and trainer to the construction industry nationwide. He can be reached at his website: www.tomwoodcocksealthedeal.com or at 314-775-9217.

Don’t Accept the Slow Season

in Sales
Tom Woodcock
Tom Woodcock

By Tom Woodcock

Winter is approaching. Work conditions will decline, ground will harden and everyone goes from holiday mode to winter blah. No one is spending any money and projects are scarce. Time to hold your breath and ride your line of credit through this annual recession.

Not so fast!

Throwing in the towel before the season even changes is awfully defeatist. The real course of action is to dig down deep and drive your sales effort. Opportunity may slow down, but it doesn’t disappear.

I’ve worked with enough contractors to know the difference between those that thrive through the winter and those who starve. The firms that go hungry are those that resign themselves to the norm and do nothing to move the bar. The true winners are those that look for every sales vehicle possible to get in front of the customer base therefore, opportunity. They gain a presence physically, electronically, and proactively. They’re not sitting by the phone waiting for it to ring or surfing the Internet for hours at a time. They understand that it takes work to find the projects that break over the winter. Not just those that bid this time of year, but also those that begin.

There is always pressure to go with the historical processes that the construction industry has sustained. Get fat over spring and summer then hibernate over the winter.

I refuse to let my clients accept this logic. We sit down and develop aggressive sales schedules and implement them. We keep the company accountable and review the results. Areas that we feel are the most likely to produce opportunity get the greatest sales attention. We then attack from a selling perspective and don’t let up. These opportunities may take more face-to0face customer time but often we’re the only ones actively pursuing them. This presents a great opportunity to steal a regular customer from a competitor.

Most people think that when they are actively engaged with a customer on a project, they’re selling. Not true. That’s servicing.

It’s what you do with customers when there isn’t a project on the table that falls into the sales category. It’s easy to communicate with a customer in the middle of a summer project. There are details to cover and schedules to meet. That’s a main component of a contractor servicing their client. It’s much more difficult to communicate when you’re not reviewing those elements, to actually talk to your customer on another level. Because of that difficulty, few people actually do it.

So this is the scenario: few people are actively calling on customers, you have time, and projects exist. Seems like an ideal situation for securing some business.

The challenge is to have the discipline and the plan to go after it. The first step is eliminating the “slow season” mentality. I’m not sure about you, but I prefer to be busy year-round. It can make sales projections easier and growth more possible when you gain business every month of the year instead of just nine.

Once this becomes part of your sales program, it tends to grow stronger year after year. You begin to recognize the vertical markets that produce opportunity during the winter months. You can then continue to develop your approach and marketing efforts to capitalize on the seasonal opportunities.

It is kind of like landscaping in the spring and summer and plowing snow in the winter, a common practice in property maintenance. Translation in construction terms: ground up in the spring and summer then renovation in the winter. That is just an example.

You can superimpose that formula on almost any construction trade of dynamic, if you’re willing to. That’s the rub. It’s easier to simply ignore this opportunity and kick back. Some see it as a time to catch their breath business wise. In reality, it’s more like holding your breath.

Investigating which market segments are progressing indicate where projects exist. Developing a sales approach to those markets and enacting it can unveil opportunities. Few people do this kind of sales work in the proverbial slow season.

The size of your company is irrelevant if you truly prioritize the sales effort. Breaking the trend is the most difficult part in conjunction with extending patience till results begin to occur. Selling is never a situation where you simply snap your fingers and the business magically appears. It requires planning, effort, and diligence, especially in a season that traditionally is not productive.

Anyone can secure business when there’s plenty for everyone. The real sales professionals secure it during the leaner times. When the bit players disappear and the field opens up, more commonly known as the Slow Season!

Tom Woodcock, president, seal the deal, is a speaker and trainer to the construction industry nationwide. He can be reached at his website: www.tomwoodcocksealthedeal.com or at 314-775-9217.

 

Subcontractor Denied Bond Claim Against St. Louis County

in Law

By James R. Keller

James R. Keller
James R. Keller

The Supreme Court of Missouri recently ruled that a subcontractor cannot pursue a bond claim against St. Louis County, but may pursue its mechanic’s lien claim against the leasehold interest of a company that acted as St. Louis County’s agent. The Missouri Supreme Court rarely decides construction cases involving bonds and mechanic’s liens, making this decision significant in how subcontractors will pursue future claims.

The case is Brentwood Glass Company v. Pal’s Glass Service, Inc., Clayco, Inc., Cornerstone VI, LLC, St. Louis County, National City Bank of the Midwest, N.A., Paul M. Macon, UMB Bank, N.A. and Victor Zarilli, 2016 WL 4444039, decided August 23.

St. Louis County had purchased property known as Six CityPlace Drive in Creve Coeur, Missouri, which the County had planned to develop as the headquarters of Smurfit-Stone Container Enterprises, Inc.

The County entered into a contract with Cornerstone to construct the project on the County’s behalf. Cornerstone acted as the County’s agent.

Clayco, Inc. was the general contractor for the project. Clayco entered into a subcontract with Pal’s Glass to supply glass and glazing work. Pal’s Glass entered into a sub-subcontract with Brentwood Glass for some of this work.

No contractor on the project obtained a bond that would comply with Section 107.170.2 of the Revised Statutes of Missouri. This section provides that all public entities (such as St. Louis County) must require every contractor for work on public property to furnish a bond to cover materials and labor.

Brentwood Glass filed a mechanic’s lien on the property in the amount of $1,061,464.08. Brentwood Glass then filed a nine-count petition against Pal’s Glass, Clayco, Cornerstone, St. Louis County, as well as various banks and individuals, seeking recovery on its mechanic’s lien and in one count pursuing an action against St. Louis County for its alleged failure to require a payment bond under Section 107.170.

Pal’s Glass admitted it owed $593,261.47. It consented to a judgment for that amount plus costs.

Because the property was owned by St. Louis County at the time Brentwood Glass began working on the building, Brentwood Glass could not pursue its mechanic’s lien against the County. Public property is not subject to a mechanic’s lien.

Cornerstone, however, held a leasehold interest in the property. Cornerstone is a private company and not a public entity.

The Supreme Court reversed the decision of the trial court and found that Brentwood Glass could pursue its mechanic’s lien against Cornerstone’s leasehold interest. The Supreme Court of Missouri sent back for further consideration by the trial court whether Brentwood Glass’s lien statement properly complied with Missouri law, which requires a “just and true” account of any money that is due.

The lien statement included potentially non-lienable items. Brentwood Glass admitted that its statement incorrectly included efforts to recover for payments that Clayco had paid directly to Brentwood Glass’s subcontractors and material suppliers.

The Missouri Supreme Court determined that the trial court must decide whether these non-lienable items were included in the lien statement with an intent to defraud or were honest mistakes. If honest mistakes, presumably the trial court will determine that the mechanic’s lien is proper.

Regarding the public bond claim against St. Louis County, Section 107.170.1 requires a bond for any “contractor” that “provides construction services under contract to a public entity,” but not a party that merely arranges for such services to be provided by others. The Supreme Court decided that Cornerstone did not provide construction services under its contract with the County. Therefore, Cornerstone was not a contractor within the meaning of Section 107.170.1.

The Supreme Court of Missouri also decided that even if this section required a bond, Brentwood Glass’s claim must fail because it did not name as a party in its lawsuit any individual officials of St. Louis County, but instead named as the defendant only St. Louis County. The court held:  “The decisive fact is that the County—a political subdivision—is immune from suit under the doctrine of sovereign immunity.”

The Missouri Supreme Court’s decision was far from unanimous. Two of the Justices, including the Chief Justice, filed concurring/dissenting opinions.  They believed that Cornerstone was a contractor within the meaning of the statute and therefore Brentwood Glass should have been able to pursue its bond claim. They also believed that Brentwood Glass should have been given the opportunity when the case is sent back to the trial court to amend its petition to name individual officials as defendants.

Three other Justices filed a different concurring/dissenting opinion. They believed that Brentwood Glass did not demonstrate substantial compliance with Missouri’s mechanic’s lien statute that requires a “just and true account.”  These three Justices believed that Brentwood Glass should not have been allowed to pursue its mechanic’s lien claim.

James R. Keller is a partner at Herzog Crebs LLP where he concentrates his practice on construction law, complex business disputes, real estate and ADR.  He also is an arbitrator and a mediator.

 

1 2 3 5
Go to Top