5 Business Books I Recommend

5 Business Books

I have read dozens of business books (yes even for enjoyment) but there are a few that I go back to, refer to, and recommend to clients.


The Personal MBA – by Josh Kaufman

Josh worked in a large pharmaceutical company in sales, and while there concluded that he learned more about business from doing than from going to business school.  He became ‘aware’ and an observer of everything happening around him in business.  The book has those universal learnings in one place so you don’t need to spend thousands of dollars, and hours of time, getting a MBA.  You can get out there, implement the ideas, make more money and have more fun.


The E-Myth Revisited – Michael  E. Gerber

Michael’s bestselling book dispels business myths and commonplace assumptions.  He takes you by the hand through the whole business life-cycle and shows what makes business succeed at each stage.  This book follows the (and my) mantra that to have a successful business you need to work on the business more and in the business less. 


Eyes Wide Open – Robyn Weatherley

This book I bought for the whole Board, their C-level officers and their Board advisors of a national industry association and told them it was mandatory reading before an upcoming strategy day and Board meeting.  Eyes Wide Open is written as a friendly, honest conversation providing first-time directors with invaluable – though not often shared – inside tips and insights about board membership and company directorship.  Saying that I think a lot of seasoned directors should also get a copy and read it on their next flight to a Board meeting (one director I know read it on a flight from Sydney to Melbourne).


18 Minutes – Peter Bregman

Peter writes a column in the Harvard Business Review and this book is based on his column.  Do you get overwhelmed by the 100 and one things you need to do – all at the same time?  18 Minutes shows you how to navigate the clutter and focus on your true priorities – not only in business but in life too.


Small Business CEO – Jenny Stilwell

This book also follows my mantra that to have a successful business you need to work on the business more and in the business less.  Jenny is more eloquent than I am and discusses four different stages of the entrepreneurship journey and then discusses strategies to use, and the strategic priorities, at each stage of the journey.  The first chapter is my favorite – making the shift to CEO (from business owner)

Dutch Disease

This was a blog we posted in 2012.  Did Australia suffer from Dutch Disease?

Dutch Disease


Byronvale Advisors: Posted on 10 September 2012


Is Australia going to suffer from ‘Dutch Disease’?


Evidence is starting to mount that the adverse effects of what is colloquially named Dutch Disease is going to take hold in Australia.


Dutch Disease is the adverse effect on an economy due to the appreciation of the currency due to a booming resources sector and the negative effect on other export sectors such as manufacturing and agriculture.


It is so named after the economic impact in the Netherlands in the late 1950s after the discovery of gas and oil in the North Sea.


A prolonged resource boom can in turn obliterate the non-boom sectors and when the resource boom ends the whole economy could be in trouble.


So, what is the antidote for Dutch Disease? Essentially there are three options: –


Option 1 – a government could subsidise particular industries or firms in the manufacturing or agricultural sectors e.g. the car industry subsidies. This protects this sector during the resource boom and means it is still around after the boom.


Option 2 – create a fiscal surplus with lower interest rates. This is difficult politically as it involves a government cutting spending and/or raising taxes. This fiscal contraction would lower inflation and allow the Reserve Bank to lower interest rates, which in turn would depreciate the exchange rate.


Option 3 – do nothing! – let the market dictate and the strong survive.

A tale about keeping your company details up-to-date


Byronvale Advisors assisted a client recently that got caught out by not keeping its company details up-to-date.  So here’s their story.

The client is an Association and outsourced their operations to a third party.  The third party placed themselves into voluntary administration and this caused a major problem for our client.  They found themselves with no staff, no records and information, no office, and a range of events and professional development services that needed to be provided to its members.  This story is not about how they continued to operate, but about a dispute they subsequently had with the Administrator.

The Administrator believed our client owed them some monies.  Our client both disputed this and had a counter claim for monies the third party owed them.  There was an impasse.  The third party had also been the holder of the post office box key.

The impasse carried on for a while and then our client found out through a connection that they had been issued with a statutory demand.  Our client had never actually received the statutory demand as it had been sent to their registered address – the post office box that the administrator who sent the statutory demand had the key for.

So why is this a problem – well the Corporations Act is pretty clear.  A company is deemed to be insolvent if, after receiving a statutory demand, it fails to pay the creditor or have the demand set aside by the Court.  So our client having not paid or applied to have the demand set aside was now going to be deemed insolvent and could be wound up.

So the statutory demand is a useful way to pressure a company to pay its debts.  There is however a clear set of steps that must be followed.

  • The debt must be for more than $2,000
  • The statutory demand must be on the prescribed form and accompanied by an affidavit verifying that the debt is due and payable.
  • The court can set aside a demand if there is a genuine dispute or offsetting claim (and this is a low threshold). A caveat – only use the statutory demand if there is a genuine dispute else you may face indemnity costs.
  • The service place for the demand is the registered office of the company being served. They have 21 days to apply for the demand to be set aside.

So once your company receives a statutory demand several things may happen

  • The company pays the demand in full;
  • The company contacts the creditor and they negotiate a settlement;
  • The company applied to the court to have the demand set aside;
  • The company does not respond and the creditor applies to have the company would up.

As the statutory demand had been sent to the registered office of our client, our client had 21 days to apply for the demand to be set aside, pay the debt, negotiate a settlement or face being wound up.  This is despite them not actually physically receiving the demand.

Luckily our client discovered they had been issued a statutory demand and negotiated a settlement but they came out of the situation whereby they ended up paying monies to the Administrator rather than receiving monies from the administrator.  It also cost them some legal costs, and time.

This could all have been avoided if one simple administrative item had not been overlooked – they should have changed the registered address as soon as the third party went into administration.  They would have then received the statutory demand if they had changed the registered address and then would have applied to the court to have the demand set aside as there was a genuine dispute.


The information given above is not to be considered as advice, is general in nature. No information should be accepted as authoritative advice and any reader wishing to act upon the material contained in this blog should first seek properly considered professional legal advice, which takes into account specific situations.

Those that have been hacked and those that will be hacked

“There are only two types of companies: Those that have been hacked and those that will be hacked.”


“There are only two types of companies: Those that have been hacked and those that will be hacked.”  Robert S. Mueller, III, Director FBI made this famous quote but almost by the time he made the quote it was out of date – it should be ‘There are only two types of companies: Those that have been hacked and those that don’t know they have been hacked.’


The message is that no one and no company is immune from cyber attacks – even Byronvale Advisors!  Recently one of our computers got a virus resulting in an ‘unusual’ emails being sent to people – some known and some unknown (our sincerest apologies).  While highly annoying and embarrassing there were lessons to be learned.


Lesson 1 – what is the new ‘normal’

The world and environment which business operates is changing at lightning speed.  Defending against cyber threats is no longer sufficient.  Even though it slows our systems down Byronvale Advisors runs a dynamic virus protection software on its computers.  In addition Byronvale Advisors runs a secondary daily scan.  The traditional protect and control mentality though is no longer sufficient – attackers have increasingly turned to exploiting people and not just technology.


Lesson 2 – IT security needs to focus on the response rather than the protection

Spending time on creating an impenetrable barrier to cyber attacks is no longer sufficient.  Companies need to prepare for the inevitable reality that they will be attacked.  You may ask these questions in anticipation of an attack

  1. Do you know what you have that others want?
  2. Do you know how your business plans could make these assets more vulnerable?
  3. Do you understand how these assets could be accessed or disrupted?
  4. Would you know if you were being attacked and if the assets have been compromised?
  5. Do you have a plan to react to an attack and minimise the harm caused?

If the answer to any of these questions is “no”, that is where to focus cyber security and where changes need to be made.


Lesson 3 – People are your biggest strength and biggest weakness

No matter how good or strong your technology defences are – firewalls, anti-virus software, intrusion detection systems, or how robust your internal controls and processes are your staff remain the weakest link.  It is analogous to driving a car – there are road rules, line markings, warning signs – or policies and procedures – and yet people still ignore them or disregard them.  There is no security patch for stupidity – either deliberate or not.


So why are companies targeted – especially small companies which may only have a little general information on their website or in their systems?  Well most companies have more information than they realise – and a few large company attacks gives an insight in the type of information cyber criminals are after.

  • Sony – 47,000 records stolen with proprietary and employee details (employment, health and emails). Sony initial costs were over $100m (reduced to $15m after insurance payout), but resulted in an 11% sales decline and 7% fall in share price.  Co-chairs resigned after ‘racist’ and other offensive emails released.
  • Home Depot – 56 million credit card numbers and 53 million email addresses stolen – cost Home Depot $109m to fix
  • JP Morgan – email addresses and physical address of 76 million households and 7 million small businesses costing JP Morgan $83m
  • EBay – hackers took customers’ personal information affecting 145m active users. Cost to EBay was $145m
  • Target (US) – hackers stole credit card details. Credit card issuers had to reissue credit cards costing them $200m.  The mid-range ‘price’ per credit card on the black market was estimated at $26.85 – so generated the cyber criminal $53.7m for six months work.  The CIO, CISO, and CEO all lost their jobs and seven of ten Directors were pushed for re-election for failing to provide sufficient oversight.

The above cases also highlight three important facts about cyber breaches.  Firstly 69% of all cyber breaches the victims are notified by an external entity.  For example a victim may receive a ransonware message from the criminal, or have people calling and advising the company, or customers querying suspicious transactions on their credit cards.  Second, the median number of days that a threat is present on a network to its earliest detection is 205 days (source Madiant M-Trends).  The longest known threat present is 2,982 days.  The cyber criminal is patience, watching and waiting, gathering information and preparing for the greatest impact.  Thirdly, poor handling of cyber incidents (both internally and externally) have led to harsh impacts on many companies.


I was going to write about some common ways cyber attacks are carried out but it is almost the case that they would be out-of-date by the time this blog it posted.  But cyber crime is big – it is the new ‘drug’ for organised crime.  It is less labour and physical inventory intensive than any actual drug, can be carried out anywhere and anytime, and is easily scalable.  If it hasn’t already cyber crime will surpass any other organised crime activity.


My advice, and one takeaway though is – be aware, be mindful, and be prepared.  It is not a matter of if you will be a victim of a cyber attack, but when (if you haven’t already).  Prepare yourself for this unfortunate reality.


Stephen Barnes

Managing Director

Byronvale Advisors



The information given above is not to be considered as advice and is general in nature. No information should be accepted as authoritative advice and any reader wishing to act upon the material contained in this blog should first seek properly considered professional legal or accounting advice, which takes into account their specific situations.

Thanks to the EY Cyber team with help with some of the information above

MIDANZ birthday