We use cookies on this website, just to track how our visitors use this site. To help us give you the best experience of this website please... accept cookies

SFM Consulting Blog

Business information, advice and observations from Sarah Matthews of SFM Consulting

Developing your staff to deliver your brand

SFM Consulting hosts a series of invitation-only business breakfasts at which there’s a presentation from a successful business person based on their experience of a specific issue facing many business.   It’s followed by peer group discussion moderated by Sarah Matthews, Founder of SFM. 

Lizz Clarke, of LCM Logical Creative Marketing was the speaker at our most recent breakfast.  Lizz set up LCM in 1988 when she was offered the position of Marketing Director at a famous international training organisation and being a young, working mum she successfully negotiated to carry out the work as an outsource from home. 
Lizz and her team provide marketing solutions for a wide range of clients, and central to everything she does, both for clients and for her business is the brand.  She’s passionate about branding and she described how she’s developed her team to deliver a brand in 10 key points

1. Know your brand

Businesses can’t be excellent unless every member of the team knows and understands exactly what the brand is.  By involving as many staff as possible in creating and defining the brand it becomes their brand and they will take ownership of it.

2. Keep it simple and specific

A complex mission statement that lives in a filing cabinet doesn’t even play lip service to branding. Once you’ve created and defined a brand it needs to be used, but it needs to be easy to use. A few words are memorable but a lengthy paragraph isn’t.   Lizz stressed that a brand is so much more than the visual aspect so brand guidelines are essential to describe the tone of voice and behaviours which are the brand.

3. Jump on anti-brand behaviour

Lizz explained that some years ago she trained as a Dale Carnegie instructor, and their way of working was not to confront people.   The lesson she subsequently learned by sticking to the Dale Carnegie approach was that things slip if you don’t confront the. It’s what she calls “brand creep” - standards gradually slipping resulting in reduced the brand strength and consistency.  It made her realise that there is a time and place for confronting people so developed a pneumonic - DESCU - which she follows immediately someone displays anti-brand behaviour.

It stands for:
D - describe the anti-brand behaviour specifically
E - explain the effect of this behaviour on the business
S - specify the changes that are needed and that they have to happen from that moment onwards
C - consequences - explain the consequences of failing to make the changes
U - only if it’s appropriate. What do U think? Anti-brand behaviour isn’t up for discussion so Lizz only asks them if it’s appropriate

4. Empower your team members at every level

Everyone within the organisation has a responsibility for the brand and needs to know they have a duty to uphold it. Behaviour creates a brand but can equally damage or destroy a brand.   Lizz referred to a type of individual that can damage a brand. They are the ones that blame everyone else for problems and moan and groan about anything. They get others to join in the moaning and groaning in what Lizz calls “pity parties.” Their negativity can affect others and spread like a cancer through organisations and her advice is that individuals that start, or drive, pity parties need to change or go.

5. Deliver brand messages outside

Lizz stressed the importance of sending very strong messages out about the brand as they develop client expectations.  If client don’t know what to expect then feedback is subjective.  She then used an example of a client in the car servicing business to demonstrate how brand messages can be delivered effectively to staff. LCM had developed a “royalty” campaign for the car servicing business which promised that customers would be treated like “royalty” when they brought their car in for a service. Soon after the campaign was launched the client fed back to Lizz that the mechanics doing the servicing were complaining bitterly about the expectations of their customers. Lizz went over to the client’s premises and met with all the mechanics. She asked them if they liked getting really good service, which they did, then went on to ask what the problem was with treating their customers really well and making them feel like “royalty”. They didn’t think it was a problem!

6. Create an atmosphere in your offices

A marketing agency needs energy and buzz and Lizz has found that having everyone sitting together creates the right atmosphere. 

When she takes on a new member of staff Lizz spends time teaching them to do everyday things like how to word e-mails the LCM way, how to meet and greet anyone coming into the office as it’s everyone’s responsibility to meet and greet visitors. She teaches them how to layout the meeting room with a coaster for everyone’s drink. She teaches them all the systems and processes - even down to details about how to name and save a file. A consistent approach to everything is part of what creates a fabulous atmosphere and efficient working which is the LCM brand. No-one gets upset over trivial things such as not being able to find a file because someone has their own approach to file naming.  It sounds simple but it’s really effective and something that so many organisations overlook.

7. Recruit the right people for the brand

Lizz is a firm believer in recruiting for attitude above knowledge and skills as you can train someone to develop their knowledge and skills but a bad attitude is a bad attitude and it affects everyone.  LCM’s clients expect those working on their business to provide specific answers about their marketing so when interviewing Lizz asks well-structured, specific questions that require specific answers based on the individual’s experience.  During the interview it’s important to see whether the candidate demonstrates the values and qualities of the brand.   She also believes strongly in trial days - does it feel right with the potential employee in the building. Does it feel right for them?

8. It takes two

As CEO Lizz is always prepared to take the blame, but if things aren’t right she says you have to deal with it - promptly. Everyone takes responsibility for the effect they have on others and Lizz makes her staff accountable.   Her approach is not to blame people but to deal with any problems when they arise, in much the same way as she she jumps on anti-brand behaviour.

9. Hire slowly and fire quickly

Taking time to recruit is essential if you’re looking for the right person with the right attitude.   However if something is wrong she looks at the facts and listens to her instincts and if a member of staff is wrong for LCM she moves quickly using lawyers to expedite the exit.    She believes there’s no such word as “can’t” - and that applies to getting rid of staff.  Lizz mentioned that she’s a firm believer in bringing in the right expertise as and when the business needs it.

10. Mix of skills but the brand stays the same

It’s important to have a mix of skills, as Lizz says, a mix of what she calls the “louds” and “quiets.” The “louds” are the drivers, the decision makers and the sunny creatives whilst the “quiets” are the systems and processes people and reliable “doers.”  Whatever their persona it’s essential to Lizz, and the brand she’s created, that they all have fire in their bellies, drive, and a willingness to grow and widen their comfort zone.

0 comments | Add comment >

Cloud Computing - Security scare or scaremongering?

Frank Bennett is a writer and commentator on cloud computing and has published six books on cloud computing, two are available as downloads from the partner portals of Microsoft and Google reaching a global audience of 600,000+ IT businesses. His most recent book "Thinking of…Going Google Apps?  Ask the Smart Questions" published with his co-author Dr. Peter Chadha was specifically written for SMEs. He advises companies of all sizes on cloud computing whether they are a supplier or consumer. He is on the board of EuroCloud and a welcomes speaker opportunities to broadcast the message of cloud computing.

This article was inspired by a conversation between Frank Bennett and Sarah Matthews (SFM) of SFM Consulting who advises SME businesses and noted they regularly have concerns about the security implications with cloud computing.  The question was: "who is informing them?"  So we set about putting the record straight.

SFM: My clients hear about cloud but many have concerns about security.  What is the real story here?

FB: A recent survey by the UK Cloud Industry Forum revealed three things that concern customers considering the cloud: Security, Portability and Trust. To reply to your question; I am aware that there is much misinformation and disinformation being perpetuated about security in the cloud. Setting aside the technology what concerns the customer is; who could access my data other than me and how is my data protected because I really can’t afford any loss of data. 

SFM: In non-technical terms what are the need to knows?

FB: I’m referring now to public cloud services (e.g. Office 365, Dropbox, Google Apps, box) where your data is stored in a cloud service provider’s datacentre and you may not know at any point in time the physical location of your data at rest.  For that matter neither do you know where it is at any point in time when it is in transit over the Internet! 

Let’s break this down.  A cloud service provider’s reputation depends on keeping your and other customers data safe from unauthorised access, corruption and loss. The industry benchmark for this is CIA – Confidential Integrity Availability – Google it for a more detailed explanation.  Second, your service provider should provide a Service Level Agreement; this is their accountability to you. Third, and this where people get hung up, tell you where at a country level your data is held or give you a choice where you data is held. Fourth, be able to demonstrate their compliance to industry best practice such as the Cloud Industry Forum Code of Practice, SSAE 16 / ISAE 3402 and ISO27001. Last and vital to know, is how you retrieve your data from the service provider if you leave the service or upon expiration of contract.

SFM: What about data protection, data privacy and the Patriot Act?

FB: Now we are in a legal domain and this is really important for UK companies, as there are penalties for failure to meet your responsibilities under the Data Protection Act.  Be aware that the EU has this under review; the current Data Protection Directive is to be superseded by a new General Data Protection Regulation that is currently in draft and under consultation with member states.    There is no getting away from the importance of this matter and the UK Information Commissioners Office (ICO) is the reliable source for all you need to know at http://ico.org.uk/  The ICO has recently published ‘Guidance on the use of Cloud Computing’ available as a pdf download from their web site.  Everything you need to know to meet your legal obligations is available online so don’t rely on the hearsay of misinformers.  

The Internet is a global resource connecting datacentres located in all six continents (I don’t know of any in Antarctica).  Many governments are implicated and the USA who are leaders in cloud computing have legislation known as the Patriot Act that vexes many. The Patriot Act allows the FBI to search telephone, e-mail, and financial records without a court order, and the expanded access of law enforcement agencies to business records, including library and financial records.  This has caused a lot of scaremongering!

If your cloud service provider is a U.S company or conducts systematic business (this is the term they use) in the USA then that company is subject to the Patriot Act.  What that means is that the US Government can order the cloud service provider to release data to federal authorities. The extent of theses requests issued as National Security Letters to cloud service providers such as Google is shrouded in secrecy although recent reports suggest the number of requests is between zero and 999 a year.  As I say this is shrouded in secrecy!  As you can imagine this gets many companies and their legal teams in a lather about governance and compliance.  The bottom line is the Patriot Act was the USA’s response to the events of 9/11 and its purpose is not to inhibit the lawful use of the Internet and cloud computing but to catch bad guys such as terrorists.  

If the Patriot Act is a concern then choose a company that is not subject to the Patriot Act and has UK or EU located datacentres. By the way this does not stop the UK Government or a EU member state obtaining a court order for the disclosure of data held by a cloud service provider just as the police or other agency with a court order can seize your computers. If you are going about your lawful business then don’t worry about these things.

Agencies are collaborating to accommodate different legislation and regulation that exist to protect personal data and the U.S Safe Habor is oft quoted due to the dominance of US cloud service providers who operate on a global scale. The Safe Harbor Framework provides guidance for U.S. organisations on how to provide adequate protection for personal data from the EU as required by the European Union's Directive on Data Protection. You can check if your cloud service provider adheres to Safe Harbor by going to http://safeharbor.export.gov/list.aspx

SFM: What is the bottom line?

FB: I defer here to the experts, the European Network Information Security Agency (www.enisa.org).  Here is what they say: “Put simply, all kinds of security measures are cheaper when implemented on a larger scale. Therefore the same amount of investment in security buys better protection.” A cloud service provider has to be expert in security and hangs its reputation on keeping your data secure and that means that security is a focus with an allocation of resources far beyond the means of most businesses.

I would also add that the UK Government has mandated a Cloud First policy for central government departments, so our legislators are using the very services that I am discussing here. Normally government is not a vanguard of technology and ultra-cautious about security while they understand that the cloud delivers much-needed savings and with common sense measures applied provides robust security for all but the most top-secret information.

If you are in a regulated industry check with your regulator they may have other advice to offer. 

At the end of the day you must conduct your own due diligence by following the advice above and decide what is right for your business.  

FB: Turning the tables now, what do you hear are the existing security risks attached to your client’s use of IT?

SFM: This is a specialist area so I would turn to a specialist for advice.  Back to you Frank.

FB: Those that fixate on the risks of cloud forget two things:

1. There are already security risks running your own IT, just because you understand them doesn’t make them less real.
2. Many don’t understand the extent of those risks, see below.

The source of this data is Google and is explained in the book referred to in the introduction to this article.

SFM: Last word on this subject?

FB: IT security needs to evolve to support how we chose to work; anywhere on any device is de rigueur. Most businesses can not support this way of working supported by their own IT infrastructure nor do they understand all the implications of how to deliver security ‘anywhere on any device’. Companies like Microsoft and Google and others employ the world’s leading security experts to deliver the security for ‘anywhere on any device’. So this introduces a risk/reward equation for business and many vote the reward of ‘anywhere on any device’ outweighs the perceived and often misinformed security risk.  


Thank you to Frank Bennett, www.frankbennett.co.uk

N.B. URLs correct at the time of publication 30th May 2013

0 comments | Add comment >


It’s that point in the week when I look back at what I’ve achieved, what hasn’t gone to plan, how I might change that and what my priorities are for next week.

New week, new business opportunity

The week got off to a good start with a new business meeting in Brighton. I felt well prepared with a good agenda and supporting material I’d prepared using Curio - a really clever piece of software from Zengobi - which combines note taking, mind mapping, brainstorming and project task management all in one. The decision is being make next week and because feedback has been very positive I’m feeling buoyant.

Getting out of my comfort zone

I’m researching a marketing idea through a number of face to face meetings and people are liking my ideas. The marketing idea was suggested by my mentor and doing it is a step out of my comfort zone. I’ve set the project up in Basecamp (cloud-based project management system) and my mentor has access so he know’s if I’m not getting on with it.  He hasn’t said anything if I’ve missed a self-imposed deadline but his e-mails praising what I have done have given me the motivation and confidence to get around to making a couple of cold calls asking for favours. And guess what - I’m still alive and haven’t been harmed by the experience! Plus I’ve got times in the diary to meet them.

Give before you take

Twice this week I’ve initiated introductions to people in my network and in the follow up after another new business meeting yesterday I’ve recommended two companies who may be able to add value to a project this potential client is looking at. Whilst none of the introductions will add anything directly to my revenues it continues to grow my social capital.

My highlight

The highlight of my week was seeing the press coverage I initiated in the Chichester Observer for my mentee Lucas Mitchell who has just got a Government-funded start up loan.  The opportunity to apply for the loan was a direct result of a networking conversation. 

I give my time free as a mentor for Mentor-net who are partners with Start Up Loans - the organisation managing £100m of Government funding to help 18-30 year olds start a business.  At a recent Chichester Chamber of Commerce breakfast I was sitting next to business manager from a high street bank. Sadly she has to remain anonymous because the moment will be lost if we get this blog approved. When telling her about this Government funding her eyes lit up as she had a young client who needed money for his business but with no trading history or credit rating the bank couldn’t lend to him. She passed the Mentor-net details onto him and shortly I was working with Lucas to get his business plan ready for submission.

Last week we heard Lucas’s plan had been accepted so I drafted a press release and yesterday it was published with a super picture of him and his jewellery which goes by the brand name Lucas Alexander (www.lucasalexanderjewellery.com)

Next week

My priorities are written down and time allocated in the diary.  The organisation for the breakfast I'm hosting on Friday is nearly complete and my head is buzzing with ideas for a proposal I'm writing on Monday morning. There will be calls and the diary will change but at least  I know what's moveable, whats imoveable and the goals I'm aiming for.  As for the near misses this week - there are some, I'm learning from them, but not sharing them ..... yet.  

Enjoy your weekend

0 comments | Add comment >

It won’t happen to me

The second in the series of business breakfasts hosted and moderated by SFM Consulting, saw Chris Goodban of Worrell Fry speak about the new risks facing many businesses as our use of, and reliance on, the internet grows in volume and diversity. The following blog highlights the key risks businesses need to consider.

The risks facing businesses are changing

Chris started by noting that most businesses considered fire, theft, flood and injury as as the main risks to their business.   However, advances in technology, flexible working and a more liberal and social approach to communication has dramatically increased the likelihood of “digital” risks causing damage. 

Reputation risk

The most obvious contemporary risk is reputational. It used to take days and lots of hard work for even a hundred people to hear about a bad service experience, whereas today it takes seconds for hundreds of thousands to hear.  And even if the complaint is exaggerated, damage is done - fast. 

Insecure WiFi

One of the most significant new risk facing many businesses is cyber crime - significant because its risks are far reaching and include data loss, damage to client systems from passing on viruses and hacker damage.  Wireless internet connections make our lives so much easier allowing us to work virtually wherever we are yet the number of businesses that don’t have their Wi-Fi router protected and encrypted is staggering.  This was supported by one of the guests sharing an experience. Whilst on holiday in Cornwall, a part of the country not renowned for widespread 3G connectivity, he had driven around an industrial estate looking for an unsecured network so he could download his e-mails. He was aghast at the choice of networks open to him.

If someone unscrupulous uses open Wi-Fi to access your system, you are responsible for the consequences: stolen client data; fraudulent transactions; viruses; etc., etc

The Cloud, home working and on the move connectivity

The way we are working adds risk. More and more people work away from the traditional office and as a consequence many use the Cloud as an alternative to their own dedicated server. Smart phones have become a way of life.  There’s data everywhere and we can access it everywhere but how secure is it?  Is your smart phone password protected and encrypted?  Chris shocked the audience when he pointed out that the top three passwords, namely 1234, 1111 or 0000 account for a staggering 18.6% of all passwords in common use. So if you use these or any other obvious password, chances are that crooks - who know about such things - stand a great chance of accessing your password “protected” device, in only three attempts.

Data Protection legislation could have an unforeseen impact on many businesses use Cloud servers to store data, many of which (unbeknown to them)  are in the US.  Which exposes you to US, not EU legislation - did you realise that? Have you told your clients where their data is being held? Do they object? Will they sue you if a US Government agency accesses their data against their wishes?

And what about the financial stability of our cloud provider. Outages are one thing. What happens if they go bust - where’s your data (and your clients’ data) then? How long could you run your business for without access to your files? Are you insured for that risk?

Another area where businesses encounter problems is with backing up data.  Once a back up system is in place, it tends to be forgotten about thereafter.  Not enough businesses take the time to check the back up is actually working properly and that the data can be restored if needed. If you’re part of a large organisation the chances are that you have a department taking care of this. If you’re an SME - that’s unlikely. And if you have not checked backup robustness and you cannot recover the data, your insurer probably will decline to help.

Identifying potential risks of these types, minimising the likelihood of their occurrence and insuring against them is just another learning curve the management team have to get over.

The cost of putting it right

One of the most damaging aspects of cyber crime is the cost of putting it right - if you aren’t appropriately covered.

Many people think that the risk from hacking is only business interruption and damage to reputation, but as Chris explained there can be a considerable uncovered cost.

For example, if you sell on-line and your account is hacked (if, for example, by what appears a minor breach of your firm’s security), the banks will recover any loses THEY incur, from the site owner.  If you run a considerable on-line business and the bank regards the hacking as serious, they will set up a call centre to handle queries and complaints and the business owner will be responsible for the costs.  Chris reminded everyone of the hacking of TK Maxx in the US in 2007. The hacker managed to gain access to the decryption tool for their encryption software. They lost information from about 45 million payment cards in the US. Fortunately many of the cards had expired. At the time they estimated the breach would cost £500m excluding any litigation costs. In most of the US states it is compulsory that if there is any breach the organisation has to  notify every customer individually which is estimated to cost $20-$160 per customer. We don’t have to do that in the UK yet, but the  EU are currently discussing whether this should become compulsory. Are you prepared for that?


We’re all familiar with identity theft but tend to associate it with individuals. Another area of cyber risk is on-line retailers having their sites mimicked and the original site hacked to divert purchasers to the fake site. That’s dangerous, because it could take you some time to spot what’s going on. Have you protection in place to prevent this happening to you?


Many businesses use photos and images on their websites, newsletters, mailshots etc but fail to check the licensing arrangements for their use. Organisations such as Getty Images have computers trawling the internet to identify any unlicensed use of their images .... because it pays! You could find yourself facing unwelcome and stiff costs if you have used an image where the license has expired. Do you know the expiration date of all your image licenses, by the way?

Following the presentation there was a facilitated discussion.

What I took away

The two important things that impact on any business:

  1. The presentation and discussion firmed up what I had suspected - that many businesses don’t know what to look for in an insurance policy and the role of the broker is to understand your business, outline the risks and what protection you need. As legislation and risks change buying an insurance product on line because it’s easy and seems good value is risky itself.
  2. Regardless of your size it’s essential to have a business continuity plan in place. Not only will it help you get back to work sooner but you’ll probably find the insurers are on your side because you’re complying with the small print.

0 comments | Add comment >

Using public speaking as an effective marketing tool

Public speaking is a great way to buid your network and put yourself in front of potential clients, but before you say “Yes” to the next invitation follow these tips:

  • be very selective. Only accept invitations to speak to an audience that's right for your business
  • prepare thoroughly. Research your audience so the presentation is tailored to meet their needs. Rehearse, rehearse, rehearse
  • deliver an interesting, useful and engaging presentation
  • follow up, follow up, follow up etc. Quality, personalised follow up is what builds relationships and makes you remarkable.

And finally, remember that everything you show, say or do whilst presenting gives your audience a hint about what you're like to work with.

Click here for further information about presentation skills.


Thanks to Gareth Sear, Dome Enterprise Centre Manager at the University of Chichester, whose discussion on LinkedIn inspired me to write this.

0 comments | Add comment >

Next Page > | Page 1 of 13 pages  1 2 3 >  Last ›