As we approach the end of the year, and are seriously thinking that adding rum to out-of-date egg nog is a good idea, it might be good to look back and review the lessons we learned from some bad decisions. We can only hope that someone will learn from them instead of repeating them (that’s my Christmas wish, by the way). So let’s talk about the big takeaways.
Hiring a CEO from a different industry with little experience will end badly
From Carly Fiorina to Marissa Mayer, the one big lesson we should finally get is that an inexperienced CEO who doesn’t even come from the same technology area doesn’t magically become successful if they are a minority. I get that we don’t have enough women in tech, I do, but sticking a woman in a job she can’t succeed at is just as stupid as sticking a man in a job he can’t succeed at. You don’t get a pass because you were an equal opportunity screw up.
Seriously, either pick an experienced CEO or pick someone that understands the industry, don’t go for the trifecta of lack of experience in both and adding diversity for that little extra degree of difficulty. We go through a lot of trouble to pick qualified people for far lower-paying less critical jobs, maybe we should do the same for the top spot? Then again we’d likely miss all the drama.
[ Related: 4 attributes that make a CEO successful — What Fiorina and Trump can learn from SWOT — Meg Whitman’s 4-step guide to killing acquisitions ]
Being a public corporation is suicidal
We saw a number of companies go private over the last few years. Pretty much all are in far better shape now than they were when public. You’d think that would give folks a tad more pause when it comes to going public in the first place. I get that this seems like easy money, but the massive cost of regulatory compliance plus having to deal with “activist investors” who want to spike valuation at the cost of long-term survival isn’t worth that benefit.
Being public seems to lead to just really stupid things, like breaking a company painstakingly built over decades apart, or spending the firm’s cash reserves on dividends or stock buybacks. Either resist the stupid stuff, Google and Facebook were structured to avoid this kind of foolish influence, or don’t go public in the first place. Trading off a firm’s future for a few points in temporary stock value isn’t particularly brilliant.
Not closely managing permissions
From the Sony breach to Eric Snowden, we should get that permission management is a critical survival skill. The inability to effectively manage permissions cost the Sony pictures CEO her job and set U.S. diplomacy back more than the Trump candidacy has (though that’s getting close to changing).
[ Related: Awareness lessons from the Sony hack — Intelligence Community Works to Get Beyond Snowden Stigma ]
Given the goal of most attacks is to gain access to our critical customer, intellectual property, financial or personal data, and that firms large and small and governments have been hit you’d think everyone and their brother would have some form of robust permission/access management service or product in place to protect aggressively against this kind of attack. But nope, this is still more of an exception than a rule even though a breach like this could cost a CEO his or her job. There aren’t a lot of CIOs who survive getting their CEO fired.
[ Related: How to stop the security breach tsunami ]
Putting data acquisition before analysis
One of the most annoying things to watch this year was the San Bernardino attack post analysis. It turned out that much of what law enforcement needed to prevent the attack was on social media and not protected. Yet instead of focusing on doing more with what it legally has access to, the U.S. government focused on collecting more information. This, unfortunately, is far from uncommon because big data as a concept got well ahead of intelligent timely analysis.
Here’s a thought, before you spend massive amounts of money collecting more data, why not spend a little analyzing better what you already have? The group that collects the most data doesn’t win, the group that makes the most informed decisions wins — this is true for business as well as government. Most firms would be far more successful if they focused more on quality results and less on capturing more data.
IoT is stupid
Here is why we aren’t secure enough and we are in a cyberwar. If you can’t adequately secure what you currently have why the heck would you connect a whole bunch of critical systems to the Web? This just seems like we are asking for an apocalyptical end. Security needs to come first and yet, and we saw this with the Chrysler hack, we are still connecting things more effectively than we are securing them.
Can you imagine what would happen if say a million self-driving cars successfully received the command to suddenly turn? We’d be raining cars off the Golden Gate Bridge, 9/11 would look almost insignificant by comparison. Rather than connecting stuff directly to the network maybe consider connecting them to a secure hub instead?
Rethink executive compensation
From Golden Parachutes in the tens of millions to bumping someone up 10x or more in full compensation for a promotion it shouldn’t have taken Martin Shkreli (the problematic now ex-CEO of Turing Pharmaceuticals) to point out that excessive compensation leads to stupid behavior. These mammoth sums of money become huge distractions and often lead to really bad behavior.
The CEO needs to be focused on running the firm, not distracted by his or her own massive compensation package. Giving a new untested CEO tens of millions of dollars just seems whacked.
Time to stop repeating mistakes
It just seems we can look back at the last several years and watch the same mistakes made over and over again. Granted, the vast majority of us will have no control over any of this stuff, but many of us can pick and choose the firms we work for or contract with. Simply looking to see if the board and CEO are repetitively doing stupid stuff should be a natural test before we put our careers or major projects at risk with them.
Maybe if we make better decisions with regard to who we work for or employ then boards will get the message. But given these stupid things are company killers anyway I have little real hope that will happen, but at least we can protect ourselves better.