THINGS ARE GETTING BETTER (?)

Inflation is down. The December jobs report is out, over 216,000 new jobs were created. The stock market has closed repeatedly at record highs at the end of 2023. So, 2024 is going to be a good year for your business and the bicycle industry in general.

I don’t know if I’d take that bet.

To be sure inflation is down. It remains above the Federal Reserve target of two percent but is hovering around three to 3.5 percent. This is a significant improvement from the rates through the previous year, 2022. However, you need to put the reduced rates in perspective.

The inflation rate hit a 40-year high in June 2022 at 9.1 percent. Throughout 2022 inflation fluctuated between 7.1 percent and 9.1 percent. Getting the inflation rate down in 2023 was the intention the Federal Reserve had while increasing interest rates and it seems to have worked. There was a collective sigh of relief that inflation had dropped, yet consumer spending remained cautious as prices remained elevated.

One thing many people overlook is that inflation is usually measured from a point in time from the prior 12 months, i.e., the inflation rate from July 2023 used prices from July 2022 for comparison. Inflation in July 2022 was 8.5 percent. Inflation in July 2023 was down considerably at 3.2 percent, but that was by comparison to prices that were already considerably higher from the previous year.

Another common misconception is that a lower inflation rate means prices are going down. In fact, a lower inflation rate means price increases continue, but at a slower rate. Certainly, some prices do go down over time on individual products, but typically those products are part of a larger bundle of commodities like food or clothing that make up a component of inflation. 

The economy has been creating jobs over the past year. The government reports that 2.7 million jobs were created in 2023, an impressive number.  But like the inflation rates mentioned above, sometimes the numbers aren’t all they seem to be. During the pandemic, millions of jobs were lost as companies closed down and had to lay off employees. Over the succeeding years as the pandemic receded, these jobs began to come back. Were jobs being created? Yes, they were. Were they jobs that were lost initially because of the pandemic? A great many were.

Also consider that a number of people represented getting these new jobs may have been laid off for months, depleting the savings they may have had. To be sure, the federal government pumped a significant amount of stimulus into the economy to mitigate as much economic damage as possible which helped a lot. Still, you may ask, did that stimulus bring forward purchasing decisions allowing people something to do? And what was the impact on 2023 sales and what might be the impact on 2024 sales?

The stock market was setting new closing highs through the last week of 2023, the Dow Jones, NASDAQ, and the S&P 500. That’s impressive and has made a lot of people feel a bit more secure. It is estimated that 58 percent of the population owns equities so they may be feeling pretty good these days. Still, what goes up also comes down.

With the reduction of inflation, the Federal Reserve has indicated they are most likely to stop raising interest rates and could start lowering them in early 2024. The possibility of interest rates coming down has played well with the stock market and may do so in the coming weeks and months too. But as you think about the coming year keep in mind that any uptick in inflation could delay a rate decrease, stopping the climb of stock prices in their tracks.

If there is another ray of optimism for 2024 it might be because it is an election year. To be sure, the current administration will do everything it can to keep the economy on an even keel, to give the impression it is applying the right economic tools with the right amount of leverage to keep things humming along. Conversely, the opposition will try to convince a majority of the population that things would be even better with them in charge. Either way, it is doubtful the economy will get worse than what people perceive it to be now.

That is a macro look at the economy. What about a more specific look at the bicycle industry? The inventory issues continue to weigh heavily on the major brands and distributors. Deeply discounted product offerings are becoming more the norm than the exception. The advertising will drive consumer behavior with expectations holding that prices may continue to fall.

There are bright spots helping but even those come with caveats. E-bikes continue to be big sellers with big price tags, but very inexpensive off-brand direct-to-consumer products are having an impact.

Several jurisdictions are beginning to pass codes relative to the handling, storage, and charging of lithium-ion batteries.

Gravel bikes are another segment that seems to be growing with good consumer demand. These bikes aren’t faced with the regulatory issues e-bikes are facing, but the same inventory issues plaguing other segments are having an impact here too.

Earlier articles I’ve written address some of these issues with suggestions on how to plan and manage the impact of these and other issues. If you haven’t seen or read them, I would recommend you go to the Human Powered Solutions website (humanpoweredsolutions.com) and check them out. If you get nothing else from this article think about this. Even if your distributor offers to hold your margin on a heavily discounted product, the actual dollars to your business will be significantly less.

Is that part of your business plan for 2024? If you plan to be in business in 2025, make sure you do the things necessary to survive 2024.

Contact Steve Bina: steve@humanpoweredsolutions.com.

PLANNING THE YEAR AHEAD

The end of 2023 is rapidly approaching. A lot has happened this year, some things we knew were coming, and some things came as a surprise. I suppose you could say that’s how most years turn out but this year seemed a little more unsettled.

By now you will have a good idea how your business did/will do this year and are probably starting to plan for 2024. Some of those unsettled things wreaked havoc on your business this year and some may still be in play as you build a business plan for 2024.  Let’s take a quick look at a few of the variables.

INFLATION – It has come down from the four-decade high. It is still above the target rate hoped for by the Federal Reserve so more intervention is possible. Regardless, prices have not come down so the things that were costing more are still costing more. You may have built some cost escalation into your 2023 business plan but probably not enough to cover actual cost increases. As you prepare your 2024 business plan and budget you will no doubt take into account continued inflation. The same impact inflation is having on your business, it is having on your customers. As an example, a recent study by Bank of America showed Generation Z (born between 1997 and 2012) nearly 40 percent reported they had experienced a recent financial setback and approximately 25 percent said they have resorted to borrowing money from family and friends.

INTEREST RATES – In most cases, the increase in interest rates may not have an immediate impact on your business. A year ago the prime interest rate was 3.25 percent, and today it is 5.5 percent. The prime rate is what the Federal Reserve charges for money to other banks and large companies. Smaller companies typically pay a rate of two to three percentage points higher. If you have a credit line with a local bank or one of your distributors, you may have already seen an increase in carrying costs. If not, you will. Your business will be impacted by these increased rates in 2024, so no doubt you will build that into your budget for next year.

MINIMUM WAGE – A number of states have passed legislation raising the minimum wage, some with immediate implementation, some with implementation on January 1, some with both. Most likely this won’t be an issue with current full-time employees, though it could have an impact on planned wage increases or wage demands of current employees. If you were planning on part-time or seasonal help these new laws could have an impact and you’ll need to budget accordingly.

SUPPLY CHAIN – The movement of goods, all goods, was very difficult which led to shortages. Shortages led to price increases on items in demand and covered products across the board. Most supply chain issues have been resolved but if you still have products in short supply you need to factor that into your business plan.

Your business plan and budget should factor in the above and more. Just as important is knowing your customers are being impacted just like you. The magic comes from figuring out which ones are in play and gauging the impact on your customer base.

I wrote in a previous article the resumption of the federal college loan program was set for October 1. This will have a significant effect on approximately 43 million people as payments will be between $200 to $300 per month according to the most recent Federal Reserve data. Overall, it is estimated that a combined $10 billion PER MONTHwill be redirected to loan payments according to a recent analysis by JPMorgan. Without doubt this will have an effect on your business in the coming year.

 At a recent conference I had a conversation with an industry analyst about the state of the American economy and how 2024 is shaping up. We discussed the things I’ve mentioned earlier in this article. Then I brought up the impact of the current UAW strike at Ford, General Motors and Stellantis (formerly Chrysler). At this writing, tentative agreements have been made with Ford and Stellantis. While those agreements still need to be ratified, the union has authorized their members to return to work at those two automakers.

What the analyst didn’t immediately see was the impact on other businesses usually frequented by those striking autoworkers and their families. Including restaurants, theaters, grocery stores, home improvement stores, and bicycle stores. Tens of thousands of people are on strike, not receiving a paycheck for over a month. Businesses that rely on autoworkers and their families as clientele are already seeing a decline in revenue, though that impact will be mitigated with the tentative agreements and return work directives.

As trying as managing your business in 2023 has been, planning for the coming year will be equally challenging. Making a plan is important but staying on top of performance and adjusting that plan as necessary is equally important. The variables listed here may not be everything you’ll need to consider but should give you a good start. 

Contact Steve Bina: steve@humanpoweredsolutions.com

CHALLENGES INCREASE FOR FINANCING, SHIPPING AND INVENTORY

My last article talked about the economy not doing what economists think it should be doing given the low unemployment, rising interest rates, lagging wages, consumer spending, and more. Because of these seeming contradictions, it’s becoming harder to predict what will happen next and what should be done to put the economy on an even keel.

To all of this, we can now add the credit rating agencies getting involved. Recently Fitch Ratings lowered America’s Long-Term Foreign-Currency Issuer Default Rating (IDR) from AAA to AA+. While that is something to be considered, it won’t have much of an impact on your business.

What may have an impact is Moody’s Investor Services downgrading the credit rating on a number of regional banks. Specifically, Moody’s downgraded the rating for Amarillo National, Associated Banc-Corp, BOK Financial, Commerce Bancshares, Fulton Financial, M&T Bank, Old National Bancorp, Pinnacle Financial Partners, Prosperity Bank, and Webster Financial Corp.

This downgrade will make it harder for these banks to provide the full spectrum of financial services their customers need. It will make getting loans from the above institutions more expensive if even possible. It means if you are a customer of one of these banks, they will be looking for more financial information about your business before a current loan is renewed or a new line of credit is granted. Indeed, if you are a customer of one of these banks, now is the time to start having discussions about any financing they are providing to your business.

By the way, there will probably be more banks that have their ratings downgraded, so if your bank isn’t listed above, it would be good to start having conversations now, just in case. 

Why are the downgrades happening? Banks use their deposits to make loans to finance business investments and payment of interest. In addition, banks sell bonds to raise additional capital for these purposes. With a downgrade of their credit rating, it will be more difficult to get anyone to buy those bonds so they will have to increase the interest the bonds will pay. For the banks to better protect their investment in business, they are going to be making sure that investment has a high probability of being repaid.

With the continuing increase in interest rates, these smaller regional banks need to pay out higher amounts of interest to hold their deposits.  Other financial instruments have been moving faster to offer higher interest rates, as they don’t have specific deposits to protect; rather these new instruments are seeking “new” dollars to invest at even higher rates of return. This creates a potential drain of deposits from smaller regional banks.

Beyond the threat of deposits leaving the regional banks, they need to pay competitive interest on the remaining deposits. Depending on how those remaining deposits are invested, that too can lead to a drain if the interest being charged is less than the interest paid.

In addition to the pressure of having to pay increased interest, there is also the increased probability of loan defaults. The Wall Street Journal reports mortgage delinquencies in multifamily structures remain relatively low, but are increasing.  Apartment building investors bid up building prices during the pandemic, seeing the rapid increase of rents leading to the prospect of large returns when selling the property. Much of the financing for multi-family structures was short-term, and now property owners can’t afford the revised payments, so a number of properties are going into default.

Another probable impact on your business is the shutdown of Yellow Freight. They made the announcement they were ceasing all operations in early August. Yellow was one of the largest less-than-truckload (LTL) freight carriers in the country. It is possible Yellow was a favored trucking company used by the bicycle distributors from which you source products. There are other LTL carriers that will fill the void left by Yellow’s closing, but the removal of a major competitor will likely lead to an increase in freight charges, so don’t be surprised when you see an increase in the cost of your landed bicycles.

On top of that, United Parcel Service recently entered into a new contract with the Teamsters. Carol Tome, the CEO at UPS, said the contract provides industry-leading pay and benefits for their employees. As a result, it’s probable you’ll see increases in the rates charged by UPS.

And if all of this wasn’t enough to worry about, the price of oil is once again on the rise. In the last six weeks, benchmark crude prices are up 21 percent, and are projected to go even higher. Already many freight companies are adding fuel surcharges, some updating the amounts weekly.

This is a double-edged sword. With the price of oil going up, meaning gasoline will become more expensive, maybe people will park their cars and buy a bike. However, with the cost more to fill the gas tank, there may not be enough left in the personal budget for a new bike.

Here is one more thing to navigate in your business — inflation shows signs of being on the rise again. The Federal Reserve said the consumer price index rose at a 0.2 percent rate in July, the same increase seen in the previous month. This brings the annual rate to 3.2 percent over the last 12 months, certainly below the 9.1 percent peak from June 2022, but still above the 2.0 percent target. That’s the good news.

The so-called core inflation, sans food and energy, is up at an annual rate of 4.7 percent, and services (less energy) rose 6.1 percent in the last 12 months. The Federal Reserve paused interest rate increases last month, but it seems more increases may be needed.

The average mortgage rate hit a 20-year high, almost 7.1 percent during the week of August 14. Keep in mind, the increase in oil prices mentioned above and rising credit card interest rates are also having an impact; maybe not immediately but that is coming, too.

There is a corresponding pullback in consumer spending. For example, Target reported June sales were down 7 percent year-over-year. Conversely, consumers still seem to be willing to buy discretionary goods as long as they are cheap. Yes, Target’s results last quarter were affected by the Pride Month controversy, but the contrast of 6 percent sales growth at T.J. Maxx last quarter is instructive. Even Target’s first quarter, which wasn’t impacted by the backlash, sales in apparel, electronics, and appliances fell by three percent.  Yet T.J. Maxx and Dollar Tree saw sales increases of three to 3.5 percent. 

What does all of this mean for the inventory retailers have on hand? For the additional inventory distributors would like dealers to take? For terms they are offering? Take a look at your business and its needs. Talk to your banker to make sure your financing requirements remain safe and affordable. Talk to your shipping companies to make sure you understand their thinking about rates, and begin shopping around if necessary. This is not a time to assume all will end well, especially since the things written about here are mostly out of your control.

Contact Steve Bina: steve@humanpoweredsolutions.com

HOW THE STUDENT LOAN ISSUE IS IMPACTING YOUR BUSINESS

In last month’s article, I wrote about the uncertainty in the economic landscape. The issues were the extension of the debt ceiling negotiations, the continuing rise of interest rates, and inflation. Since then, an extension and increase in the debt ceiling has been accomplished. The Federal Reserve took a break from raising interest rates in June, but has given indications there likely will be more rate increases in the coming months. Inflation has slowed, but is still at an elevated level.

All of these things have an impact on your business, either directly or indirectly. Over the coming months, continuing changes to each are certain, so you’ll need to be mindful that your business is doing what it needs to do to thrive, and to survive.

One thing I didn’t include in the last article was the looming resumption of government student loan payments. Part of the debt ceiling negotiation was for student loan payments to resume on August 30. The payments and interest accruals have been in abeyance since March 2020. This was done by the Department of Education to ease the impact of the COVID pandemic, which caused the closure of many businesses, resulting in significant layoffs and an overall reduction in hiring.

An estimated 43 million people, approximately 17 percent of the adult population, have federal student debt. Of those, 26.6 million, about 10 percent of the adult population, had loans that were in abeyance in Q1 2023, according to the National Student Loan Data System. Once payments resume, the average monthly payment will range between $200 and $300, according to the most recent Federal Reserve data. It is estimated that, collectively, borrowers are set to resume paying around $10 billion A MONTH, according to recent analysis by JPMorgan.  

That amount being redirected out of the economy means a number of retailers will likely be negatively impacted. According to UBS, those retailers include American Eagle Outfitters, Carter’s, Crocs, Foot Locker, Canada Goose, Nordstrom, Nike, Steve Madden, Under Armour and Victoria’s Secret. UBS Research did a survey in March 2023 and found the average student loan borrower is younger, likely to be single, female, and earn slightly less than the average U.S. consumer.

Undoubtedly, these retailers will be affected, and so too will your business. And as with these other retailers, the reduction in consumer spending will back up through the channel supply chain, affecting distributors and manufacturers.

On top of the restarting of loan payments and interest accrual, the Supreme Court’s ruling on June 30 declaring that the administration’s plan to forgive almost $430 billion of student debt is unconstitutional, will have a further chilling effect on consumer demand. 

As bad as that sounds, there is a small silver lining. That much money being redirected out of the economy will reduce demand across the board. The Federal Reserve has been hoping that would be one of the results of their raising interest rates. How much and how soon remains to be seen, and is why the Federal Reserve did not raise rates in June, but has strongly suggested additional rate increases may be needed.

Reducing demand is also a step in possibly helping to lower inflation. The extraordinary post-pandemic demand for consumer goods outstripped most retailers’ ability to supply. The reasons are well known. Shortages drove up prices on everything from printer cartridges to automobiles, in some cases making used cars more expensive than new ones simply because used ones were more readily available.

As noted in my previous article, running your business to your budget in the coming months will be crucial given all the outside influences. Understand and manage what you can control, because a lot of what will be affecting your business you can’t control. Right now, the one thing you can count on is it’s going to be a very challenging selling season.

Contact Steve Bina: steve@humanpoweredsolutions.com

MANAGING YOUR BUSINESS ON A ROLLER COASTER

The economic roller coaster continues. The first quarter brought mixed results from retailers in different industries. The cost of credit continues to increase (with no end in sight). Consumer spending increased significantly in April and inflation accelerated. The Commerce Department said consumer spending increased 0.8 percent, up 0.1 percent from increases in both February and March. The president of the Cleveland Federal Bank said she thinks interest rates should keep rising until the next move is equally likely to be an increase as a decrease. “I don’t believe we are there yet,” she said earlier in May.

While consumer spending is increasing, the rise of interest rates and inflation is making consumers jittery and managing your business more difficult. Lowe’s reported inflation pressures were felt mostly for big ticket items. Spending on do-it-yourself project items was down significantly, according to CEO Marvin Ellis. Home Depot reported essentially the same thing. Costco’s CFO said the company’s average daily transaction amount fell in the first quarter, driven mostly by weaker sales of big ticket items such as electronics, jewelry and home furnishings.

On top of rising interest rates, the uncertainty of the federal debt limit negotiations weighed on the economy. All involved professed a default could be avoided. The administration held a position that a clean debt ceiling bill was what they wanted, and that there would be no negotiation. The House deliberated and passed a bill that raised the debt ceiling, but with conditions. With the clock ticking down, both sides compromised and an agreement was hammered out with a bipartisan vote to raise the debt ceiling. Neither side got everything it wanted, but the threat to the economy was removed, at least until the debate begins on next fiscal year’s budget.  

Tracking spending trends shows consumers are spending a larger share of their budgets on activities that get them out of the house. This isn’t surprising given the sequestration COVID caused. However, that spending has been selective.  Urban Outfitters latest quarter sales rose 17 percent at Free People, a sub-brand which caters in bohemian-chic fashion, and 13 percent at Anthropologie, another sub-brand. Those gains offset a 13 percent drop at the company’s namesake brand.  

Consumer spending trends also show a pent-up demand to get out and express yourself. The going-out trend is evident at Dick’s Sporting Goods. Dick’s reports sales of items sold for team sports stayed strong in the latest quarter.

How might this effect your business as a bicycle distributor and/or dealer? Certainly you will have an understanding of what is selling in your business; high end versus moderately priced product, complete bicycles or accessories to make what they already have perform better or full-priced product or just what is on sale.

Many of you are pressed not only with a lot of inventory, but pressure from your distributors to take more. We are on the cusp of what many hope will be a busy summer selling season, but as noted above there are significant economic headwinds. Things may be getting a little worse, too. Recent data from the Commerce Department shows consumers increased their spending sharply in April, 0.8 percent (kind of good news), but may force a continuing increase in interest rates (kind of bad news). The increase in consumer spending is “… just continuing to demonstrate the underlying resilience of the consumer … ” said Wells Fargo economist Shannon Seery, and may lead to further interest rate increases. However, it seems that underlying resilience has been and will continue to be selective.

As that summer season is rapidly approaching, you may wish to consider some unconventional business changes to help weather these unconventional economic times. Cash flow is critical to any company’s survival, and you should have a budget to help you navigate that, now more than ever. Is your revenue coming in as forecast and covering your costs? Is the business at least at break-even? If not, is it a revenue short-fall or are expenses higher than anticipated? Following are some questions you should be asking to make sure your business is in good shape.

A shortfall in revenue can be tough to correct, and you need to identify the reason. Is store traffic not as high as anticipated? Or, like Costco, has the average transaction fallen? If this is the case can you identify possible causes? Have you changed your marketing and/or advertising tactics? Should you? Has new competition sprung up in your area? Has mail order or direct-to-consumer sales had an effect? How you might respond to each of these depends on your individual circumstance and market demographics. Can you adjust marketing and advertising, or do you/can you offer direct to consumer sales? What might a new competitor offer that you don’t but should?

Is the shortfall across the board or from a specific part of the business such as new/used product sales, service or accessories? Is the mix of what’s sold/billed significantly different that budgeted? Even if the total amount of revenue is meeting budget, you still should understand where the dollars are being generated so you can address any possible lagging performance in one or more areas to take corrective actions before the lag becomes critical.

Sometimes it may be tempting to put product on sale to hopefully increase sales and get revenue back on track. That can also help to lower inventory and carrying costs, converting inventory to either cash or accounts receivable. The caveat is this needs to done carefully. As noted above, with consumers looking to rein in their spending and being selective, you don’t want to condition your customers to shop only when you have a sale. 

Your expenses may be on budget, but if revenue isn’t you still need to take action. On the expense side there are a number of things you can control. If there is a reduction of store traffic are your business hours appropriate? Maybe it’s possible to have a voicemail system to handle calls during off hours. Does your store have an effective web site? Is that web site able to log and report customer contact via e-mail? That capability would allow the customer to establish a connection with your business and allow you interact with the customer in close to real time. It may also allow your business to generate on-line sales. Of course that presumes someone would be available and responsible to answer and respond in a timely manner.

As hard as it may be to find qualified employees, you may have to ask if your staffing is appropriate. Would it make sense to offer temporary part time employment to some full time employees? Perhaps have one of the full time employees be responsible for the voicemail and e-mail?

These are some things to consider to make sure your business is one that survives and hopefully prospers. In coming editions I’ll look at the continuing economic issues and how they might impact your business.

Contact Steve Bina: steve@humanpoweredsolutions.com.

HOW INTEREST RATES AND CREDIT POLICIES ARE IMPACTING THE BICYCLE INDUSTRY

The recent failure of two banks, Silicon Valley Bank in California and Signature Bank in New York, didn’t have much of a negative effect on the stock market overall. Yes, bank stocks slid a bit, and were rattled a little more a few days later when Credit Suisse was merged with UBS to stave off a large European bank failure.

Most likely, the market reaction would have been more negative had the administration not said it would cover all depositor losses even if over the FDIC limit. While that was not unprecedented, it does set an expectation going forward, which could become very problematic. Not surprisingly bank stocks, especially the small and regional bank stocks, have taken a hit, but also less than one would have expected had the administration not intervened to cover all deposits. 

While there is an impact overall in the banking industry, it’s interesting to note that big national banks, including JPMorgan, Citigroup and Wells Fargo, just reported increased profits and increases in deposits for the first quarter. JPMorgan reported a 52 percent increase in profit, and estimates it picked up an additional $50 billion in deposits following the March bank failures. Citigroup estimates it netted almost $30 billion in new deposits since March. The banks expect to see moderate declines in deposits, as they compete with each other and smaller/regional banks in the coming months. In addition, some money will move to Treasuries and money-market funds that may offer higher interest. These deposit increases came at the expense of the smaller/regional banks, with customers moving their accounts to larger “to big to fail” institutions. 

This increase in deposits has also helped the big banks profit. The Fed increasing interest rates allows the banks to increase the rate they charge for loans, but the view from depositors as a safe haven means they don’t have to increase their deposit rates. Smaller and regional banks don’t have that luxury right now, putting them under additional pressure. Regardless, clients of all sizes are pulling back. Banks are reporting mortgage underwriting has fallen off significantly because of the run up in interest rates. The same goes for investment banking and M&A (mergers and acquisitions).  

Still, the big three banks are bulking up their reserves. It’s reported these banks have set aside an additional $2 billion to cover potential bad debts, and Wells Fargo’s CFO is quoted as saying the company expects to see more stress in the coming months. First quarter earnings reports will be coming out shortly, and they will tell a very important story on the strength of the economy and projections for the rest of 2023. 

What does this mean for the independent bicycle dealer? Frankly, not much from an investment standpoint, as most probably don’t have a lot of bank stocks in their portfolios. In addition, most IBDs likely aren’t customers of large national banks, more likely to be dealing with smaller regional banks. The bigger concern is the impact on credit availability and interest rates available from the smaller banks. As noted above, the big banks are increasing their “bad debt” reserves, seeing decreasing demand in credit requests, and raising the interest rates on loans commensurate with rates set by the Fed. No doubt smaller banks are doing the same.

The increase in reserves suggests the banks anticipate businesses overall to either fall behind in payments, look to renegotiate current credit facilities, or enter bankruptcy. The interest rate increases further add to those possibilities.

Each of these alternatives may be something your business will face. Financing your business, the inventory, operating expenses, and the kind and amount of credit you offer your customers, are tough enough to manage in good times. Today’s uncertain economic outlook makes those things more critical.

While a credit crunch may have a significant impact on your business, it may also cause the same issues upstream with your suppliers and brands. Will they be able to offer you the same payment terms they have in the past? Will they get squeezed by their lenders to scale back on inventory or operations? Will they force liquidation of inventory at distressed prices to generate quick cash, and possibly distort the retail market with unsustainable discounts? Will they look for new outlets for their products that could bypass your business?    

There are no easy answers to these questions. Your approach to deal with these will undoubtedly focus on the short term to make sure you can open the doors tomorrow. But you also have to consider the longer-term consequences to make sure you’ll be able to keep the doors open into the future.

The next installment in this series will discuss how the economy may impact your business and what strategies might help.

Contact Steve Bina: steve@humanpoweredsolutions.com

RANSOMWARE ATTACKS ARE ON THE RISE

Nine bicycle shop owners or managers were interviewed in a recent issue of Bicycle Retailer and Industry News. The topic was how they protect their inventory and information. It was interesting for me to read these nine perspectives on security.  I was especially intrigued by one of the respondents saying that anyone stealing from them would have some bad karma coming their way.

You may recall that I’ve written a number of articles for The Micromobility Reporter addressing security, most protecting information and data. Those articles discussed different ways to secure and protect systems and data to help ward off hacks and ransomware attacks. Admittedly, I overlooked the karma defense.

Data is critical to the operations of nearly every business. When data is corrupted or lost, the impact on business can be devastating. Data loss can be the result of a hack, ransomware attack, system failure, natural disaster or other causes. Because a data loss can be so devastating, your business should be working with your IT advisors to proactively protect your data and ensure speedy resumption of operations.

Ransomware as a cause of data loss is particularly concerning. The constant threat of new and creative attacks makes being breached more likely all the time. The encryption of your business’s data if you become a victim of ransomware could become a defining moment. Some businesses will survive mostly intact, but others will succumb and be crippled. Many times it’s the businesses that continue to rely on legacy processes that have the greatest difficulty recovering because of the amount of work and resources needed to identify what data was compromised, and how to recover. This can take days or weeks, and the business has to work around the missing and/or corrupted data.      

According to Enterprise Strategy Group (ESG) research, ransomware preparedness is the most important business priority for 26 percent of survey respondents, and is among the top five business priorities for another 53 percent. Where does ransomware protection rank in your business?    

Ransomware attacks are never-ending. According to ESG’s research, 79 percent of businesses have experienced at least one attempted ransomware attack (successful or not) within the past year. Ransomware attacks happen in the cyber world, though the impacts can potentially extend across all facets of your business, especially data protection.

Regardless, companies must recognize one important fact about ransomware: ransomware payments do not guarantee full data recovery. ESG research shows that 87% of companies that have been victimized by a ransomware attack in the last year failed to recover all their data after paying a ransom. In addition, the possibility also exists that some malware may still reside in your systems that will initiate another attack in the future.

Ransomware puts a tremendous amount of pressure on your business. It is something that requires constant vigilance because once the ransom demand is made, it’s too late to try and fix the problem. Make sure you’re talking to and working with your IT professional now.

Above I mentioned I’ve written articles that covered data protection, data storage, hacking and ransomware. If you haven’t read them I would like to encourage you to do so. If you didn’t save the articles, contact Human Powered Solutions for copies or check the articles archives at humanpoweredsolutions.com.

Hoping you don’t get attacked is not the best strategy.

Contact Steve Bina at steve@humanpoweredsolutions.com

INFORMATION TECHNOLOGY PART 6: PREPARING FOR DISASTER

The last article on information technology (part 5 in this series) addressed the issues of hacking and ransomware. The article discussed some, but not all, of the causes. This time we will look at some of the other causes, and the main issue a business may face regardless of the cause: disaster recovery.

As with all of these articles in The Micromobility Reporter, be aware that there is no guarantee your company won’t suffer an attack or data loss. Hopefully, some of the processes and tips in these articles will help stave off an attack or minimize the disruption.  

Hacks and ransomware as discussed are primarily initiated by individuals or groups seeking recognition and/or monetary gain. Just this week The Wall Street Journal reported that a ransomware attack believed to have been instigated by North Korea targeting healthcare providers and hospitals, was disrupted by law enforcement. Recall in the last article on this subject, I wrote whenever you have evidence of a hack or a ransomware demand, or you think you or your business have been targeted, you should alert the authorities. In this instance, because law enforcement was looking, not only was the attack stopped from impacting others, but a significant amount (about half a million dollars) of paid ransom in cryptocurrency was recovered.

State actors are the top end of hackers, and represent the most sophisticated of external threats to your systems and data. There are also internal threats that may not be as malicious, but can cause as much damage. I’ve already written about employee sabotage. This may come about in a number of ways such as being passed over for a promotion, getting mad at a supervisor or the owner, attempting to prove a point, or an employee taking action to gain access because they believe it will make them more efficient. An employee can lose or compromise data or provide system information to people outside the business, allowing them access to hack or encrypt data. All the more reason. This is why it is important to compartmentalize systems access and use tight password control.

On the other hand, people make innocent mistakes which an employee could do at any time. A mistake is just that, but whether data is lost or compromised, whether it happens maliciously or by mistake, it’s still a problem.

Another thing that can cause data or system issues is hardware and/or software failures. An earlier article mentioned the importance of making sure software updates are installed in a timely manner. It is also important to make sure your system hardware is appropriate to the software requirements. A correct correlation between software and hardware is essential to insure the software can function correctly, and that the suite of systems your business uses can interface and communicate necessary data effectively. When your business upgrades one, make sure upgrades to the other are considered and implemented as needed.

One set of potential problems that tends to be overlooked are natural disasters. Depending on where your business is located (or perhaps with multiple locations), you may be exposed to tornados, wildfires or facility fires, floods, hurricanes, earthquakes, or any combination. You may have some control concerning most of the threats I’ve written about in this and the previous article. However, natural disasters are completely out of your control, and may occur when you least expect them. Nonetheless they are real, and can cause just as much damage as a malicious attack.

Finally, a power surge or outage can do significant damage to hardware. Either could have a detrimental effect on your data and systems as well. Depending on the severity of the surge or the length of an outage, hard drives or other internal hardware devices may suffer failures, making data retrieval difficult to impossible. This scenario brings into focus the previous article in this series talking about backups. Hardware failures often do not allow for data recovery, so a backup could be the only way to restore your data.

For each of these possibilities the best defense is a good offense. Understand the systems used to run and manage your business. Take the time to find out how much data your business has generated. Initiate system user and password protocols to compartmentalize systems access for your employees, and manage how passwords are created. Make sure your data is backed up regularly and with multiple copies. And when disaster strikes, make sure you have a recovery plan.

Recovery failures happen most often because there is no plan in place. Talk with your system administrator to develop a plan to address these multiple threats. In fact, you may need to develop multiple plans, one for reach type of threat. The plans should be documented and updated as your systems, hardware and personnel change. The plans are important, but the planning process is even more so. An out of date plan that won’t work is of no help.

The plans should be simple and straightforward. They should be threat specific, and the steps should have a logical progression. They should be flexible to allow adjustments as a threat that may morph during an attack.

With proper planning, you and system administrator should hopefully be able to minimize any disruption in your systems and protect/restore your data with minimal downtime.

Feedback? Contact Steve Bina: steve@humanpoweredsolutions.com.

INFORMATION TECHNOLOGY PART 5: PROTECTING FROM THREATS

This series of articles has covered issues of managing your business data, understanding how much data your business has, how passwords are created and protected, and how and where you back up your data. These articles have been leading to this: protecting your data from threats, natural, internal and external.

All the procedures and tips I have written about can help you protect your business data. However, there is no guarantee these procedures and tips will prevent a determined attack or natural disaster. The intent is should your business become victim of an attack or data breech, you will be able to recover as quickly as possible.

Previous articles mentioned, in passing, different kinds of data threats, internal and external. This time we’ll discuss a couple of different kinds of threats in more detail.

Hacking

Hacking is gaining unauthorized access to data in a system or computer. Hacking is not always done for malicious purposes, but more and more references to hacking and hackers designate them as cybercriminals and what they do as illegal. They can be motivated by financial gain, protest, revenge, spying, or even just for the “fun” of the challenge.

Hackers may be individuals, part of a larger organized group, or possibly sponsored by a government. An earlier article concerning password protection said you should change all passwords when an employee leaves to protect your systems. The article on passwords suggested that even if an employee left on good terms, that doesn’t mean they will stay that way or that in the future the person may want to try and make some money off of a vulnerability.

Hackers may be looking for specific information, names, addresses and social security numbers of employees, names and credit card numbers of customers, bank account numbers and more. Hackers may be looking for information about your business that would provide a competitive advantage to another business. Hackers may simply make subtle changes within your systems or on your web site to prove they were there.

How do you protect against hacks? The password protection and protocol article was a good first start. Next, download a reliable malware detection product that can both detect and neutralize malicious software. Make sure your software is up-to-date, download and install any software updates, making sure those updates are from a trusted and safe source. You and your employees should avoid unsafe/unknown web sites and should never download unverified attachments or click links from unfamiliar e-mails.

While it may be embarrassing, any hack should be reported. You may think your being hacked is a singular event when it could be part of a larger attack. Reporting the hack will alert authorities to the threat. You should also alert your customers and suppliers so they can be looking for anomalies in transactions.

Regardless, any time you suspect a hack has occurred you should immediately change all your passwords.

Ransomware

Ransomware is malware that prevents or limits users from using their systems by locking or encrypting all data. Often the infecting malware will delete itself after locking up the data, and a ransom is demanded to restore and release the data.

Ransomware attacks are almost universally about extorting money from the victim. Recall in the article about backing up your business data where a comparison was made between your data and your physical inventory. If your business suffered a theft of a number of bicycles that may have an impact on your sales, but you probably have insurance that would mitigate the financial impact of the stolen inventory. The loss of data would have the same impact on your business, perhaps even more so, but likely there would be no insurance to ease the financial impact or cover the ransom payment.

Protection against ransomware attacks utilizes the same tactics as protecting against hacking. Unfortunately, cleaning up after a ransomware attack is much more complicated than a hack. Your data is either locked or encrypted. The quickest way back is to pay the ransom demanded.

On the other hand, depending on how long ago the ransomware attack was, and how often you are doing backups, you may be able to recreate your data set from a previous backup assuming that backup was not affected by the ransomware. (Remember the 1-2-3 rule. If you aren’t sure go back to the article on backups.)

As with a hack, a ransomware attack should be reported to the authorities. In fact, that may become a moot point as many ransomware attacks become known because a specific company probably has become paralyzed because their data is locked up.  

Should you pay the ransom? Most law enforcement agencies say no. A recent survey by CSO of businesses across different industries shows that 66 percent of the respondents say they would never pay a ransom. In a separate survey it was found that 65 percent of companies that suffered a ransomware attack paid the ransom.

Ransomware is a big business. In 2019 ransom payments were estimated to be $7 billion in paid ransoms and time/business lost. This represents a 15X increase over what was determined in 2017. Big ransoms and the large companies involved make the news, and those payments are sometimes in the millions of dollars. Today, the majority of large ransomware demands are in cryptocurrencies making tracing the money and who gets it more difficult.

On the other hand, most ransomware demands are against smaller companies in the range of $2,000 to $2,500 ransom.  The payment of a ransom is often determined by a cost-benefit analysis of the amount of the ransom versus the lost time and business, making these smaller amounts more palatable, and mostly explains the 65 percent payment number above. Still here is the part of the equation that usually gets overlooked. Once a cybercriminal finds out you’ll pay, they probably will be back.

Leakware

Leakware is an offshoot of ransomware. This starts with a ransomware attack, with the attacker threatening to make public personal information from the data unless a ransom is paid. The exposure of confidential data often makes the targeted company nervous about possible liabilities and makes them susceptible to paying the ransom.

The protections and protocols mentioned above concerning hacking and ransomware apply to leakware as well.

The above threats come mostly from external sources. There are other dangers to your business data as well from internal and natural sources. I’ll address those in the next article in this series.

Regardless, the best defense for any of these threats is to not become a victim. The procedures and protocols that have been discussed in this series will help to preclude a successful attack. Your systems administrator should be taking proactive steps to protect your systems and data. Make sure you have that discussion with them. 

Questions? Comments? Contact Steve Bina: steve@humanpoweredsolutions.com

INFORMATION TECHNOLOGY PART 4:
BACKING UP

How you back up your data and how often is as important, maybe more so, than anything I’ve written about so far about information technology in the bicycle business.

This article on backing up data does not mean your company won’t run the risk of losing data or having it compromised. However, taking these steps may well allow you to rebuild quickly or keep your business running should the unthinkable happen.

Keeping your systems and data secure is as important as making sure your inventory is secure and accurate. In some ways managing your inventory is easier. It has a physical presence. You can see it, touch it and count it. Your business data is a non-physical asset. Like your physical inventory, your data takes up space albeit in a much more compact form than a back room filled with bikes, parts and accessories. Knowing where specific parts of your data are stored and how often inventory is “counted” (updated) is just as important, and maybe more, than your physical inventory itself. Having an accurate and timely backup of your businesses data not only prepares you for a time when your systems go down, but can mitigate other data threats (which I’ll talk about in the next article).

How often should your business data be backed up? Let me expand on the comparison I’m making between your business data and your physical inventory. If you’re like most businesses, you have different categories or types of physical inventory based on value and/or usage. You also likely do inventory counts on a staggered basis. Some items may get counted on a weekly basis, some monthly, some quarterly, and some annually. You do this to insure your inventory is accurate, so that you can correctly calculate the cost of sales and profitability and prepare an accurate balance sheet.

Business data can be viewed the same way. You can, and should, determine what data needs to be backed up and how often.

Important data, (sales receipts, employee time/payroll, etc.) should be backed up every day. Employee records, inventory counts and values and other less critical data can be backed up less often, but probably not less than weekly. A general rule of thumb is to err on backing up more often rather than less often.

If you have software that helps manage your business data, it likely has an automatic backup facility that will perform at regular pre-determined intervals. If you aren’t using data management software, you can still do manual backups. Manual backups should also be done at regular predetermined intervals. Most always backups are done when systems are not in use, meaning after business hours, so having automatic backups scheduled means you don’t have to spend extra time at your place of business.

When you perform backups, the recommendation is the 3-2-1 rule: three copies of your data, two local (on different devices) and one off-site. For most businesses, this means the original data on your computer, a backup on an external hard drive, and another on a cloud backup service. A mix of internal and external/cloud location is critical to make sure your data is protected and can be quickly retrieved if necessary. 

While it is generally agreed that backups need to be done at regular intervals, the next question is what type of backup is appropriate. There are four basic types of backup: full, incremental, differential and synthetic full. Let’s look at each and define what they are.
 
Full Backup

A full backup is exactly what the name implies. It is a full copy of the entire data set of your business. Although a full backup usually provides the best protection, many businesses do not need to do them on a daily basis. The files that are to be copied during the full backup process are designated beforehand by a backup administrator or other data protection specialist.

If you haven’t been doing backups in your business, a full backup is the place to start. The first full backup becomes the baseline against which subsequent backups will be compared and applied.

Full backups consume the most tape or disc capacity and are time consuming, as they back up the most data. Full backups only need to be done once though you may decide that on occasion a new full backup should be done. But keep in mind the 3-2-1 rule. You shouldn’t be making just one copy, and each copy will require adequate storage. The second article in this series addressed finding out how much data you have, which was leading to this, so you would know how much storage, both internal and external (cloud), would be required. 

Incremental

Incremental backups are a way to increase backup speed and decrease storage space compared to doing a full backup. Incremental backups only back up data that have changed since the last backup.

As an example, suppose you created a full backup on Saturday evening, and used incremental backups for the rest of the week. The backup done Sunday evening would only capture the data that changed since Saturday. The backup done Monday evening would only capture data that changed since Sunday, and so on.

The primary disadvantage of using incremental backups is they can be time consuming when a restore is required. Using my previous example, suppose you wanted to restore the backup from Tuesday. To do so, you’d have to restore Saturday’s full backup. After that you’d have to restore Sunday’s backup and then Monday’s backup.
Additionally, if any of the backup is damaged or missing, you will have an incomplete data recovery.   

Differential

Differential and incremental backups are similar as both start with a full backup, and subsequent backups contain only data that have changed. The difference between differential and incremental backups is that an incremental backup only includes data that have changed since the previous backup, while a differential backup contains ALL of the data that have changed since the last full backup.

As an example of a differential backup, suppose you wanted to create a full backup on Sunday evening, and differential backups the rest of the week. Monday’s backup would capture all the data that have changed since Sunday. At that point it would then be identical to an incremental backup. However, on Tuesday the differential backup would back up any data that had changed since Sunday as well.

The advantage a differential backup has over an incremental backup is shorter restore times. Any scenario where downtime is critical, such as disaster recovery, rapid restore is important. Restoring a differential backup never requires more than two backup sets. Incremental backups could require numerous additional backup sets. The tradeoff is as time progresses, differential data can grow and contain much more data than incremental backups and require additional storage resources. 

Synthetic Full

A synthetic full backup is a variation of an incremental backup. The backup routine begins with taking a full backup followed by a series of incremental backups. Synthetic backups take it a step further.

What differentiates a synthetic backup from an incremental backup is the backup server actually produces a full backup. This is done by combining the existing full backup with data from the combined incremental backups. This creates a synthetic backup that is indistinguishable from a full backup created the traditional way.

The primary advantage of a synthetic full backup is it significantly reduces the time needed to do data restoration. Restoring a synthetic full backup does not require multiple tapes or disc sets like an incremental backup. 

What type of backup you choose depends on how often you want to do a backup, what your need is to possibly restore data, and how much capacity you have, internally and externally, to store the backups. This is a conversation you should have with your system administrator. It’s also important to periodically review your backup requirements and protocols as your business needs may change. 

You also should be doing backups on other devices used in our business. Your smart phones and tablets also need to be backed up to make sure all the data you depend on can be restored when needed.

Next time I’ll discuss the data threats to your business and devices.

Comments? Contact Steve Bina: steve@humanpoweredsolutions.com