Hello and welcome to Your Operations Solved, for Wednesday, April 28th, 2021

I'm your host, Channing Norton, of PC Solutions, and this is the 16th episode of our show,
Listen to us Tuesdays, Wednesdays, and Thursdays, or on our Saturday compilation episodes. If you find the show helpful or informative, please do give it a like on your platform of choice, or share it to someone else who might also enjoy it.

With that out of the way, let's get started on today's headlines

First, an update to a previous story. On our very first episode, entitled "What is IT. How can it improve your business," we talked about a proposed acquisition of social media startup Discord by Microsoft. Discord has announced that they are backing out of the deal, and will instead be seeking an IPO. This is likely in part to the discord userbase being generally wary of the deal, as microsoft has managed several platforms with similar formats to discord, and is seen as being unsuccessful in doing so. As a discord user, I do think that this is good for the platform as a whole from a community management perspective, but as an IT provider, I do think that the possibility of integrating discord into the microsoft stack was exciting, and a part of me is sad to see that possibility go away. That being said, I think discord is a great platform, in fact, I met my wife on it, so I am excited for them going public nonetheless, as well as whatever they have in store for us going forward as far as new features and capabilities. Should any of them be relevant to business and marketing, I will certainly update you.

Next, we get onto today's main story. Another day, another major data breach it seems, as 2021 has had quite a few. Australian Developer "Click Studios" was hit by a supply chain attack that compromised their password management tool, passwordstate, the developer announced in an email to its customers on the 23rd of this month. As the tool is used globally, and this announcement was sent via email to only customers thought to be affected, the first press reporting from english sources I have seen of this hit today, as news has been trickling in worldwide. Password state is an enterprise password management tool used by large enterprise customers, including over 100 of the fortune 500 companies, as well as a very large proportion of outsourced IT providers. As such, this breach affects more than just password state customers. The reason for this is that, as password state is designed specifically for IT users in mind, and markets almost exclusively to them, the passwords contained that have been compromised are going to be largely passwords for firewalls and servers. As such, if you are a business owner, you need to check with your IT team, be they in house, or outsourced, and confirm several things.

1. That they do not use password state
2. That no vendor that has access to any of your infrastructure uses password state
3. That if anyone does use password state, they update it ASAP according to the instructions in the email from the vendor
4. That if anyone does use password state, that you change every password that that vendor or department may have had access to as soon as they update it, but not a moment before.

In my opinion, the quiet manner in which this VERY serious breach was disclosed is unacceptable. This is a breach with global consequences, and leaving the world at large in the dark about things, while knowing that this breach affects more than just your direct customers is... disgusting, for lack of a better word. While I can vouch first hand that password state is an fantastic product, I would even argue the best on the market for password control in certain use cases, this manner of breach disclosure makes me unwilling to ever consider click studios as a vendor going forward. The risk of not hearing about another breach like this is far, far too high.

As a disclosure, PC Solutions did previously make use of this product, however, we migrated off of passwordstate in Febuary of 2021. As our password state server was not running at the time the compromise took place, we are not affected by this breach.

Passwordstate developer click studios did not respond to my request for comment on this breach via email prior to recording, and all of their phone lines are busy or out of service at time of recording. Should they respond in future, an update note will be made.

With that done, let's talk about our main topic for today, document and contract management. Depending on your industry, you may spend a lot of time shuffling documents and contracts around. Looking at you, lawyers, but its not just the legal profession that does, many Business to Business companies, companies involved in real estate, or large scale projects like construction also spend a lot of time managing contracts. It's likely that, even prior to the pandemic, such companies were making use of Esignatures on their documents, but most are not utilizing that technology to its full potential. This is where Document and contract management tools come in.

If you're like most companies using esignatures, you send out a contract proposal via email with a link to your document, and get an email back when the recipient signs things. Maybe it even gets fancy and sends out a reminder email or two on your behalf. This works well enough if your volume of contracts is small, perhaps two or three a month, but beyond that point, there's a lot more efficiency that can be gained. Let's examine the workflow around that contract.

Prior to sending out the contract, you have a series of exchanges with the signee to determine some information that will be codified in the contract, say the sale price for a house, or the exact nature of services within your scope of services that they require. You then have a template document that you prepared that you stick that information into, you send the document out via email, you wait, a few hours or days later, you get an email saying the contract has been signed, and then you go into a few different pieces of software to mark that contract as signed, for instance, quickbooks to put in the revenue that that signed deal represents, and perhaps set up an invoice, and your CRM suite to update the status of the customer as a landed deal. Finally, you might send out an email to the office stating that "So and so has signed their contract, they are now a customer rather than a prospect" or "Such and such house just sold, don't show it off to any more potentials." All of this makes the process of sending out a contract take an hour on each end, or more. These are the inefficiencies a document management system is designed to eliminate.

We have a case of double entry here, which is always indicative of inefficiency, It's subtle, and I will admit, I didn't spot it at first when I was introduced to these tools. Can you see it?

We're entering say, a sale cost into quickbooks, but we've already entered it somewhere... the contract itself. If our contracts were more than just... images with signature fields, if they were smart, we'd be able to pull that information out, along with other information in the contract, and push it to our various systems, and this is exactly the idea with contract management tools. Let's re envision the contract signing process.

You negotiate with the other party. As you do so, you are updating a template contract, which can keep track of revisions, in case you need to revert terms, or check your negotiation timeline. Once you and the other party are in agreement about the terms, you can, with one click, render the final document, and send it out to them, potentially from your main line of business tool, rather than a seperate one. You can check the status of your contract from that line of business tool, to see when they sign it, and automated reminders go out. When the contract gets signed, all of that information, those emails to the office, the invoices generated, the statuses in your CRM updated, whatever, happen automatically, saving you time on every single contract. Such tools also keep a helpful repository of contracts in one place akin to an actual file drawer, and easy to back up or export to other tools and media if needed. These document management systems have certainly been helpful in my practice, and I'm sure they can be helpful to a number of my listeners as well.

That's our show for today, thank you so much for listening. Tomorrow, join us for a conversation about a better phone system. In the meantime, check us out on the web at www.YourOperationsSolved.com, where you can join our newsletter, and opt to be notified of all our uploads. I will see you next time.