Companies spend more than $2 trillion on acquisitions every year, according to an article in Harvard Business Review. Yet studies frequently cite failure rates of mergers and acquisitions (M&A) between 70 and 90 percent.
David E. Shaffer, a director in the Audit & Accounting practice at Kreischer Miller, says problems are often the result of poor planning. Companies are enticed by the opportunity to create synergies or boost performance and fail to consider all ramifications of an acquisition.
Smart Business spoke with Shaffer about ways to mitigate the risk and ensure a successful transaction.
Why is the M&A failure rate so high?
Many companies don’t establish a clear business strategy for mergers and acquisitions. Some questions that need to be answered include:
- What are the goals of the merger or acquisition?
- Do you want to leverage existing resources or create a new business unit?
- What is the maximum price you are willing to pay?
- Must the seller agree to some holdback of the price?
- What happens to administrative functions and management of the target company?
- Must key employees sign agreements to stay?
- Will you negotiate between an asset purchase and a stock purchase?
- Is culture important?
You should be proactive in identifying candidates for acquisition. Companies that have done many acquisitions tend to ignore requests for proposals because the sellers in such situations usually go with the highest price. They reason that the law of averages is against them and at least one competitor will overpay.
Instead, companies involved in many acquisitions prefer to target entities and establish a relationship before that stage in order to avoid a bidding war.
How should the due diligence process be conducted?
It’s important that you don’t take shortcuts in your due diligence. Hire professionals who are knowledgeable about the industry; they can negotiate better deals for you because they are not emotionally attached and can push harder for seller concessions.
Due diligence should address internal and external factors that create risk in the acquisition and focus on key factors driving profitability — employees, processes, patents, etc.
The more risk present, the more you should ask for holdback in the selling price. For instance, if much of the profit is derived from a few contracts, require that the contracts be renewed under similar terms if the seller is to receive the full purchase price.
M&A failures often result because buyers concentrate too much on cost synergies and lose focus on retaining and/or creating revenue. Client retention at service organizations is at significant risk following a merger or acquisition, according to a 2008 article from McKinsey & Company. Clients will receive misinformation, so it’s important that the acquiring firm step in quickly to assure clients that service levels will equal or exceed what they have been accustomed to expect.
What needs to be done post-acquisition?
It’s important to have a clear post-acquisition plan, including financial goals, with as much detail as possible. The quicker value is created by the acquisition, the better the result for the buyer.
Key post-acquisition steps to ensure a successful integration include:
- Developing the organizational structure.
- Developing sales expectations.
- Identifying what processes and systems will change, and when.
- Developing performance measures.
Finally, you also need to hold key management responsible for producing results.
David E. Shaffer is a director, Audit & Accounting, at Kreischer Miller. Reach him at (215) 441-4600 or email@example.com.
Social Media: To keep in touch with Kreischer Miller, find us on Twitter: @KreischerMiller.
Insights Accounting & Consulting is brought to you by Kreischer Miller
The Division of Corporation Finance, a part of the Securities and Exchange Commission, issued guidance on disclosure obligations related to cybersecurity risks and incidents a few years ago. Public companies aren’t yet required to disclose this information to shareholders, but they could be at some point, says Brittany Teare, IT advisory manager at Weaver.
“Right now, this is guidance that is in the best interest for your shareholders, but that will likely change. It could become a requirement sooner rather than later,” she says.
Smart Business spoke with Teare about the guidance and how businesses can measure and guard against cyberrisks.
What are the SEC reporting requirements for cybersecurity under this guidance?
The guidance expands upon the existing requirements that public companies follow, but there’s no mandatory piece yet that results in a direct impact if a company doesn’t disclose information.
Basically, the guidance states that if cybersecurity risks and cyber incidents have a material effect on your shareholders — if it could affect how financial information is reported — you have to report them.
How do you know when cybersecurity risks materially impact your company?
The guidance addresses some possible risks and whether they should be voluntarily reported to shareholders. If you don’t have cybersecurity controls around your key financial systems, for example, then the way you record or report your data can be easily manipulated or altered. Even if a cyber breach has not yet occurred, it is very likely.
Cybersecurity is a gray area. Employers typically know that network and perimeter security, access and change controls should be in place, but executives may not consider disclosing vulnerabilities. CEOs and CFOs typically look at balance sheets and see line items for hardware and other things they can touch, but it can be challenging to consider the ways a breach can happen.
How would you advise CEOs to quantify data and see vulnerabilities?
First, designate a person or group of people to be responsible for cybersecurity. They should not only understand SEC requirements and where they are potentially heading, but also must identify specific risks.
There is a central entry point in any network, so key people need to know where the sensitive data is because if an attacker gets there, it could add up to a huge loss. If the company does not store much sensitive information, an attack could impact its reputation, which is more difficult to value.
Another challenge is improving communication from the CIO or IT manager. Often, IT will say, ‘We need X dollars for new equipment, applications and hardware that are going to help make our organization more secure.’ When management hears this number, which can be millions in larger organizations, they want to know the ROI. However, IT personnel typically struggle to quantify that.
A CIO needs to be able to tell other executives, ‘If this firewall, application or system is not installed, a breach would cost us X dollars, or the company could lose X dollars per day,’ for example. Not everything can be quantified, but this gives CIOs a starting point.
What will protect your data and reputation?
Some key, high-level steps to consider are:
• Take inventory of the data systems and gain an understanding of where critical data is located. Then, work to ensure that there is an appropriate amount of security in those areas.
• Use complex, strong passwords to protect the network, systems and data, and regularly change them. Have the system lock out users after a certain number of failed attempts and log all such activity.
• Heavily monitor networks and systems. Check who is logging in and from where, who is successfully entering and who is failing. Then, set a baseline to understand any abnormalities.
• Use the principle of least privilege, especially for critical accounts and functions. This ensures that no single employee has all access; rather, access is tailored to the job function.
There is more companies can do. But by implementing key, basic controls, if a breach occurs, the business can more easily identify what happened and how.
Brittany Teare is IT advisory manager at Weaver. Reach her at (972) 448-9299 or firstname.lastname@example.org.
Website: More information about the SEC guidance.
Insights Accounting is brought to you by Weaver
Government pensions have received significant scrutiny over the past few years, and several studies indicate that the state and local government pension plans are severely underfunded, with cumulative estimates ranging from $1 trillion to $4 trillion in the U.S. New Governmental Accounting Standards Board (GASB) reporting standards will make the problem more apparent by making the shortfalls prominent on financial statements of the government employer. This transparency likely will drive increased scrutiny by legislatures, taxpayers, rating agencies and other stakeholders.
Instead of recognizing pension costs on balance sheets as annual expenditures based on a funding approach, government entities will need to address net pension liability — the difference between present value of projected benefit payments and investments set aside to cover those obligations.
“In some instances, reporting agencies could be required to show millions of dollars in new liabilities on their balance sheets and make sizeable adjustments to their income and expense statements as well,” says Kevin W. Smith, CPA, partner at Crowe Horwath.
Smart Business spoke with Smith about the new standards and how they will affect state and local governments.
How will the new standards take effect?
GASB Statement No. 67, ‘Financial Reporting for Pension Plans,’ and Statement No. 68, ‘Accounting and Financial Reporting for Pensions,’ take effect in fiscal years starting after June 15, 2013, and June 15, 2014, respectively. They replace requirements in GASB Statements Nos. 25, 27 and 50.
The fundamental change is that the previous standards did not require pension benefits to retired employees to be reported as a liability; employers disclosed an estimated amount of unfunded pension liability only in notes to the financial statements and in required supplementary information, but the net pension liability itself was not reflected on the balance sheet.
New standards require government entities to report the net underfunded pension obligations on financial statements prepared under the accrual basis — a statement of net position, for example.
Government entities also will have to adjust their estimate value of assets set aside to meet pension promises. Governments had been allowed to use an assumed long-term rate of return, with current rates of 7 percent or more as expected return on invested assets. If certain conditions are met, that will change to a blend between long-term rate of return and municipal bond rates, currently about 4 percent, which will have a significant impact on the projected liability.
How will local and state governments be affected by the change?
For many governments this ‘new’ liability will completely offset all of an entity’s net assets — similar to equity in a private entity.
Some cities, counties, school districts or special purpose governments might be affected by both new standards. As local government employers, these institutions must comply with GASB 68. If they administer pension plans for police, firefighters or others, they must adhere to GASB 67 plan administrator requirements.
The new standards spell out requirements for disclosing related information in the notes with the financial statements, which includes descriptions of plan and benefits provided, assumptions used to determine net pension liability and descriptions of benefit changes. Preparing these disclosures will take a significant effort.
What should be done now in anticipation?
The purpose of the new standards is to provide a clearer picture of financial obligations to current and former employees and to treat net pension liability like other long-term obligations. However, the standards might make government entities appear to be financially weaker, even though their financial reality is unchanged. Financial officers should be prepared to explain the situation to taxpayers, employees and other stakeholders. Management should take a proactive approach and begin now to explain anticipated changes to all stakeholders.
Local agencies also need to be ready to take on the extra workload that will be associated with the transition. The GASB is expected to release implementation guidance this summer that will clarify the next steps for state and local governments.
Kevin W. Smith, CPA, is a partner at Crowe Horwath. Reach him at (214) 777-5208 or email@example.com.
Insights Accounting is brought to you by Crowe Horwath LLP
Can you prove the ROI of employee engagement? According to a Gallup survey, companies with world-class engagement have 3.9 times the earnings per share growth rate compared to their competitors with lower engagement. The challenge is planning a route to get employees engaged.
“Our research has shown that there are three buckets — the engaged group, the disengaged group and the people in the middle. Ideally, we want all employees to be engaged. The first step is to move the disengaged group to the middle bucket,” says Kelly Pacatte, MBA, SPHR, senior human capital consultant at TriNet, Inc.
Smart Business spoke with Pacatte about strategies to move workers forward to becoming engaged employees.
How can companies motivate disengaged employees toward that middle bucket?
There are four basic tips to follow:
- Pay according to market value. Many executives don’t like to hear it and would rather offer training or take similar steps. But paying accordingly is critical in moving disengaged employees up.
- Limit organizational reductions in force. While hard to do, it’s impossible for employees to become engaged if they fear losing their jobs.
- Manage organizational changes. Whether a market change or leadership change, proactively communicate it to move disengaged workers into the middle.
- Increase trust. Make sure all employees see the value in their company and believe in the brand. Executives must be visible and accountable.
While paying accordingly is important, pay isn’t necessarily a motivating factor; it’s a baseline. Employee motivation is like Maslow’s hierarchy of needs. People need to be taken care of, have the supplies needed to do the job, know what their job is and be paid accordingly. Once those baseline needs have been met, you can move employees to becoming engaged.
Does engagement strategy differ by company?
To have an engaged workforce, every company needs to deliver key components:
- Leadership that clearly communicates goals and where the organization is headed.
- Leadership that connects with employees.
- The jobs employees are doing must provide meaningful work.
Implementation varies by company, but those are factors that all companies use to increase engagement. Sometimes, that may mean increasing employee development or focusing on mentoring opportunities; the ways these are done differ by company and industry.
How do you decide which programs will accomplish these goals?
The process starts with an employee engagement survey to determine what areas need work. The survey provides a baseline for how engaged the workforce is. To achieve best results, develop the survey with experts from a third party who understand what motivates employees. In addition, employees are more likely to respond because there’s no fear of retaliation.
When you receive the results, company management needs to realize you can’t change everything. Based on responses, develop a plan for areas that require immediate attention. If there’s something that can be done, work on a plan to change that. If not — and this is key — explain why. It’s important for employees to know that action is taken regarding a survey. Maybe there was overwhelming feedback that more training is needed, but you don’t have the ability to do that right away. Senior leadership needs to let employees know they were heard. While leadership can’t work on a development strategy immediately, it will take specific steps to deliver on the request.
If you’re doing a survey, some changes have to be made. Employees don’t want to spend time filling out a survey, only to find out nothing has changed.
After you implement changes, measure to see if there’s been an increase in revenue or productivity. Generally, a baseline is measured before the survey and six months to a year later to see if those factors increased.
Engagement takes a long time. But if you are genuinely trying to increase employee engagement, you will get a return on your investment.
Kelly Pacatte, MBA, SPHR, is a senior human capital consultant at TriNet, Inc. Reach her at (972) 789-3960 or firstname.lastname@example.org.
See how companies grow their business and engage their employees, or follow us on Twitter: @TriNet.
Insights Human Resources Outsourcing is brought to you by TriNet, Inc.
“Relationship” might be the most overused word in banking these days, but it sums up the difference between providing a commodity and truly serving a customer’s needs.
“It really is about having a relationship with someone who comes to know and trust you,” says Jeffrey M. Whalen, senior vice president in the Specialty Markets division at Bridge Bank. “What we do in this industry is serve the needs of clients.”
Smart Business spoke with Whalen about how banks stay involved with clients and build mutually beneficial relationships.
Where should price fit into the decision when choosing a bank?
Most business owners say that, when it comes to choosing a bank, developing a long-term relationship in which owners feel empowered to achieve their goals is their highest priority.
Sole proprietors, closely held corporations and family owned businesses in particular want to get to know their banker, and they want their banker to know them and the ups and downs of their industry. They still want a competitive price, but more often than not, they are seeking a partner who can add real, tangible value to their business in the form of sector expertise, advisory services, etc.
Certainly there are business owners who do prioritize pricing above other aspects of a banking relationship, but in those instances, the owners shouldn’t be surprised if the relationship with their banker doesn’t yield much in terms of value-added services.
By nature, some businesses are very transactional and may not require value-added services. In those cases, business owners may look to other criteria to evaluate a potential banking relationship, such as how active the bank is in supporting their industry or business ecosystem, or how the bank’s core values align with theirs.
Some also want to deal with independent banks, as opposed to larger national banks, because they often have direct access to decision-makers. At a large bank, your account might be managed from a region far from your own, and local representatives can’t help you if there is a problem. For example, if you want to increase a line of credit or need help optimizing cash flows, a regional or independent bank may be able to respond faster because of its locale and relationship with you.
How can banking relationships provide additional benefits to the customer?
Relationship benefits depend in large part on what kind of bank you have chosen to partner with. Banks with a broad range of capabilities can, for example, accommodate an equally broad range of needs a business owner might have as his or her company moves throughout the business cycle. And banks with broad sector knowledge can bring a unique and valuable perspective to the table when helping a business owner evaluate options for growth and expansion, for example. Also, a bank should be able to bring forward a network of professional service providers who can help the owner with other issues that inevitably arise, such as how to establish an employee stock option plan, tax audit and preparation, etc.
So, the right relationship can yield a multitude of additional benefits, and it is important that these conversations are held prior to committing to a bank.
How frequently should bank personnel and clients meet?
It should be every month for larger, more complex client relationships and at least every quarter for smaller ones. Those guidelines, however, are general. Every business should be viewed as unique — because it is.
Therefore, the frequency of interactions with a banker should be driven by the needs of the client, and the dynamics of its business. It’s important for clients to know that a bank should have their best interests at heart and is there to solve problems. Sometimes a client might have problems it isn’t even aware of, but if its banker has the right experience and perspective, and if the communication in the relationship is frequent, the banker should be able to catch these problems before they impact the client’s business.
Communication in the relationship, combined with expertise on the side of the banker, is the key to getting the most in terms of value for the business owner. It really becomes a strong partnership if that can be achieved.
Jeffrey M. Whalen is a senior vice president, Specialty Markets, at Bridge Bank. Reach him at (408) 556-8614 or email@example.com.
Insights Banking & Finance is brought to you by Bridge Bank
California Business and Professions code section 7159 comprises eight pages of small type covering home improvement contracts, which makes it difficult for contractors to always follow the letter of the law.
“There are so many very technical requirements in 7159, including type size and placement of various provisions within the contract document, that even a conscientious contractor might miss them,” says Kevin P. Cody, a partner at Ropers Majeski Kohn & Bentley PC.
Smart Business spoke with Cody about construction contracts and how companies can avoid problems that void agreements.
When do contract problems arise?
Obviously, if construction goes well, the contract typically isn’t brought up. But when there is a problem, the homeowner or his or her attorney will search the contract for defenses. For example, the entire contract can be voidable or unenforceable if the contractor hasn’t complied with all of the requirements of section 7159, which are numerous and pretty detailed.
California law gives particular protection for home renovation projects because it’s frequently a one-on-one relationship between an inexperienced homeowner and a contractor. Prior to enactment of 7159, a homeowner might find himself or herself in a position where substantial upfront payments had been made, the contractor would only be partway through with work, and all of a sudden the homeowner couldn’t find the contractor. In a commercial setting, where you’re dealing with people who are quite sophisticated and savvy, they do not require the same degree of protection.
However, strict compliance with 7159 will not always work as a defense for the homeowner. A landscape designer/contractor client didn’t strictly comply with all code provisions, and a homeowner, because he was dissatisfied with a few things, hired an attorney and decided not to pay. The homeowner filed a lawsuit, claiming the contractor’s failure to strictly comply with 7159 justified nonpayment. In spite of the landscape designer/contractor’s failure to strictly comply, the court sided with the designer/contractor and awarded it all of the money the homeowner had withheld.
How detailed are the code provisions?
A window company wanted contracts prepared for installations it was going to be doing. On the first page of the contract, you have to mention the date the buyer signed, there has to be a notice of cancellation and a heading that says ‘home improvement’ in at least 10-point, bold face type — that comes straight from the statute. There are a lot of other very detailed requirements.
What should you do to draft contracts that are compliant?
Most contractors already have contracts that comply in certain areas, but in many instances they haven’t updated them. An attorney can go through and make recommendations. In addition to compliance with the technical requirements of 7159, there are other statutes with provisions that the contractor may not appreciate fully, e.g., those dealing with attorney’s fees, or with provisions that have changed in the last few years, e.g., indemnity.
For example, Civil Code section 1717 states that if a contract provision allows one party to recover attorney’s fees, it will be reciprocal to the other party. Without knowing about 1717, the contractor may want an attorney’s fees clause in the contract that only allows the contractor to recover fees if it has to sue to collect payment. But what happens if there is litigation and the other party can recover attorney fees, even if it isn’t mentioned? It becomes an issue of whether the contractor really wants the clause because it might engender litigation.
Similarly, while the law with respect to what general contractors can be indemnified for recently changed to limit indemnity rights, there still are ways to improve the situation. Though a general contractor cannot be indemnified for its active negligence, it typically has leverage over subcontractors to request that the general contractor is named as an additional insured on the subcontractor’s insurance.
It’s a good idea to update your contracts every two or three years with an attorney who specializes in construction contracts. The cost will be relatively modest in the long run, especially considering the benefits of that review.
Kevin P. Cody is a partner at Ropers Majeski Kohn & Bentley PC. Reach him at (408) 918-4557 or firstname.lastname@example.org. To learn more about Kevin Cody.
Insights Legal Affairs is brought to you by Ropers Majeski Kohn & Bentley PC
As an in-law coming into a family business, you’re stepping into one of the hardest working environments imaginable. A family member is held to a higher standard than regular employees, but an in-law has to work even harder than a family member.
“It really takes someone with vision and purpose because there will be a lot of extra challenges,” says Ricci M. Victorio, CSP, CPCC, managing partner at the Mosaic Family Business Center.
If you lay the right groundwork, establish clear expectations, and work with an adviser familiar with the challenges that will occur, she says it can be a productive and joyous experience.
Smart Business spoke with Victorio about how in-laws can successfully enter the family business and thrive.
What challenges do in-laws face when coming into the family business?
The hardest thing to overcome is perception. It doesn’t matter if you have an MBA from Cambridge or a Ph.D. from Harvard. When it comes to in-laws, the fact that you married into the business downgrades any credentials in the eyes of non-family managers or employees. People will tend to judge you harshly, so be patient and don’t take it personally.
How can an in-law successfully enter into the business?
The position, pay scale and responsibility must match the in-law’s experience and education. Thrusting an unqualified in-law upon people, no matter how great he or she is, makes it a much harder road. For example, an in-law was a sales manager making six-figures who was downsized. Now, he’s in trouble financially, and the family is worried. The family can bring the in-law into the business, which might be in another industry, but he shouldn’t start as the head of the sales division. He needs to learn the business and earn his way up the corporate ladder. If parents are still concerned about the financial gap, they can consider gifting additional monies from outside of the business — to help until he earns his way up.
It can be helpful to have the in-law candidate interview with the executive management team to gain support.
How can in-laws overcome the assumption that they have the boss’s ear?
You can’t expect the employees to be your friends, because they are going to assume that anything they reveal will get back to the boss. It can feel isolating and you have to be above reproach. Stay professional and never assume to be the heir apparent.
Also, if you have a problem, resolve things through the proper chain of command. If you’re not reporting to your father-in-law, don’t go to him when you have an issue.
Remember when you come home and complain to your spouse about work that you’re talking about a family member. Your spouse may get defensive, run to whomever you’re complaining about or start disliking that person. Try to share more than just the bad days.
What documentation is needed to protect the business, and the in-law?
Families with a high net worth business typically will require a prenuptial agreement that protects the stock from leaving the family in the case of divorce or death of the blood relative. However, there are incentives such as restricted or phantom stock for high-performing managers, which can provide financial incentives that feel like ownership for growing the company.
It’s also critical to create family member employment and stock qualification policies. These policies define the benchmarks and requirements for all family members, whether an in-law or not, as to how they can become stockowners or hold key executive positions, clarifying the pathway and making family employees more accountable.
Why is having a succession coach valuable?
Engaging a coach who specializes in succession transitions to help employed family members can smooth the predictable challenges along the way. Family employees, including in-laws, need a safe place to talk, and guidance to strategize through the maze of issues that will occur. The coach also can facilitate a family business council, which provides a venue for family members to talk about business related topics, questions and issues that would normally feel inappropriate to bring up in a productive environment.
Ricci M. Victorio, CSP, CPCC, is a managing partner at the Mosaic Family Business Center. Reach her at (415) 788-1952 or email@example.com.
Insights Wealth Management & Finance is brought to you by Mosaic Financial Partners Inc.
With a Google search, there are two sets of results — paid and organic.
Yi He, Ph.D., assistant professor in the Department of Marketing & Entrepreneurship, College of Business and Economics, at California State University, East Bay, says her advertising management students were surprised to see how many people click on the paid ads.
Her students participate in the Google Online Marketing Challenge, where they are given $250 to run a three-week online advertising campaign for a business or non-profit, which is developed using Google AdWords and Google+.
This type of search engine marketing (SEM) truly benefits small companies.
“For smaller companies, in the past, there was no way to compete in the conventional media with big companies. Now, they can differentiate themselves using SEM, just by spending their advertising dollars in a relatively cautious manner,” she says.
Smart Business spoke with He about why small companies are turning to SEM.
Why is SEM so important today?
Most Internet users don’t want to remember a website URL. Eighty-five to 90 percent of people are guided to websites by search engines, such as Google. Also, people usually just look at the first five or 10 search results, and many of those are advertisements. So, once you start running ads, you generate more ways to reach Internet users.
How are SEM and conventional advertising different?
With conventional advertising, print and broadcast, it’s hard to measure whether your ad campaign was effective. However, everything is measurable with SEM — you can calculate how much ROI is generated from every advertising dollar spent.
Conventional advertising also requires a specific set of skills. But a business owner can run a SEM campaign by opening a Google AdWords account and be up within minutes. It may not be a great campaign, but it’s not like creating a TV commercial.
How does SEM differ from Facebook ads?
With SEM, the only way to target ads is geographically. So, a San Jose restaurant owner can specify that he or she only wants the ad to show up for a ‘Thai food’ search in a 15-mile radius from the downtown San Jose area. Google doesn’t charge for the number of times the ad shows up, or the impression, but by cost-per-click. With Facebook display ads, ads can be targeted by age, gender, marital status, interests, education level, etc., and are charged by both the click and impression.
On average, of the 10,000 times a Facebook ad shows up, only five people click on it, because in a social environment you don’t want to be interrupted to buy something. With a search engine, people are looking for a solution to a problem. A search result, whether organic or paid, is like you’re in a retail store and someone offers a helpful recommendation. With Google’s marketing challenge, my students can get a click through rate (CTR) that is 100 times higher than the Facebook average.
Why is SEM more useful for small business?
Smaller businesses typically aren’t as visible on the organic results or with the extremely popular keywords. But they can run a SEM campaign to generate Internet traffic and increase visibility. There’s no entry barrier, too, so they can get started right away.
SEM also can help figure out demand. For example, one student ran two ad campaigns for a local Chinese restaurant and discovered that ‘Chinese dining’ was not popular in either impressions or CTR. However, ‘Chinese takeout’ led to more people clicking the restaurant’s website and calling, which increased takeout orders dramatically.
What ethical concerns come up with SEM?
We don’t know exactly what data companies have on consumers, and what they do with it. All impressions, clicks through and transactions can be tracked. For example, you might go to a website to look at a few items but not purchase anything, and over the next few days you see similar items on your Internet pages. In addition, some argue that precisely targeted results deprive people of the total available information.
Public policymakers have been pushing to protect consumer information with something like the ‘do not call’ list. A ‘do not track’ list would enable people to sign up to keep their Internet Protocol addresses from being recorded.
Yi He, Ph.D., assistant professor, Department of Marketing & Entrepreneurship, College of Business and Economics, at the California State University, East Bay. Reach her at (510) 885-3534 or firstname.lastname@example.org.
Insights Executive Education is brought to you by California State University, East Bay
In this day and age, only a small number of businesses can function without a network of computers. Unfortunately, there are inherent risks to computer usage — hackers, viruses, worms, spyware, malware, unethical use of stolen passwords and credentials, unauthorized data removal by employees with USB flash drives, or servers crashing and bringing productivity to a halt. Owners of small to midsize businesses have to be cautious of cyberattackers, and depending on your industry, your business many be an easier target than larger businesses.
With cyberattacks on the rise, Smart Business spoke with Jalal Nazeri, a certified information systems auditor at Sensiba San Filippo LLP to discuss what business owners can do to protect themselves.
What is the first step toward protection?
The first task in creating a secure network is to draft a security policy, which, if carefully managed, can lower the risk of these threats.
When drafting a policy, consider every perceived threat, no matter how unlikely it may seem. Communicating and monitoring these policies regularly will lay the groundwork for compliance in defense of your network.
There are a number of core ideas to consider in implementing a policy. First, you will need to do a risk assessment to identify risks and determine the best methods to prepare for them. Then you will need to classify data by sensitivity level and develop access restrictions. Consider what the security requirements are of an authorized user and assess the possible risk, both logical and physical. In addition, create a plan to back up each user’s data. Finally, ongoing monitoring and maintenance of your risk assessment and the underlying policies and procedures is a must.
How do you manage employees’ usage of company computers?
An acceptable use policy is a common element to include in your security policy. The acceptable use policy restricts users by giving them guidelines on what they can and cannot do on your company’s network. Adding these restrictions can place an inconvenience on the end user, but it’s imperative to have them in place for the protection of your organization. The end user can be an organization’s weakest point.
Once a user reviews the policy and accepts the restrictions in place, it’s important that he or she sign the policy. Users should be made to re-sign the policy whenever it changes, and at regular intervals even when unchanged. Some companies set a six-month timeline, others vary. The value of the policy depends on the communication and monitoring of compliance. Without enforcement, its value is greatly reduced.
What are other tools business can use?
A few other key items a business can use are firewalls, content filters, encryption, virus protection, and accounts and passwords. Business owners need to maintain these tools, not just put them in place and forget about them.
Firewalls act as a barrier to the internal network, blocking unwanted traffic, while content filters restrict material delivered on the network and control what content is available to users on the Internet. Encryption is becoming more vital for transferring and storing data, whether it is for regulatory compliance or customer protection from theft.
Anti-virus software is a must on all your servers and workstations. A scheduled virus scan should never be missed, and always have automatic updates turned on.
Never use generic passwords or account names, and restrict users to using only their own login. Passwords should follow a complexity requirement, like the use of a mix of letters, punctuation, symbols and numbers, and should also have a limited lifetime and a rotation.
What is the value of taking these steps?
With small to midsize businesses, budget is always a major consideration in what is plausible in obtaining the most secured environment. With a good policy in place, identification of priority spending can be determined and can reduce the need for excess software and hardware.
Cyberattackers look to gain access to networks that have the least amount of resistance. A good security policy protects data against potential threats. Without one, the company may incur significant remediation costs, lose productivity and even lose clients.
Jalal Nazeri is a certified information systems auditor at Sensiba San Filippo LLP. Reach him at (925) 271-8700 or email@example.com.
Visit our blog for more market insights.
Insights Accounting is brought to you by Sensiba San Filippo LLP
If your company makes a product, it’s increasingly likely that someone will copy it or produce counterfeit versions.
“I can’t think of any industry that isn’t being affected,” says Timothy L. Skelton, a partner with Ropers Majeski Kohn & Bentley PC. “I bought a $40 bicycle chain that was a counterfeit. It came in a similar-looking package to the chain I normally buy, but when you looked at it closely it was slightly different.”
One client had a medical device copied by another business.
“It was absolutely identical in every way to my client’s product except one letter in the trademark was changed. So it wasn’t actually a counterfeit because it didn’t use my client’s trademark, but it did infringe on the trade dress and product design,” Skelton says.
Smart Business spoke with Skelton about trade dress and how companies can protect themselves from unfair competition.
What is trade dress and how does it differ from trademarks?
Trade dress is the design and appearance of a product together with the elements that comprise its overall image in identifying the product to consumers. Broadly speaking, it’s the product’s look and feel and can include size, shape, color, or combination of colors, texture and graphics. Trade dress can either be the product itself or its packaging.
A trademark is any word, symbol or device indicating the source of a product. For example, the word ‘Coca-Cola’ and the Coca-Cola swoosh are trademarks, but the bottle is trade dress. The shape of the glass bottle is unique and readily identifiable by consumers as being the source of the product.
Do companies have to take specific action to protect trade dress?
No. Trademark and trade dress are protected when used, not when registered. However, both can be registered, which confers certain benefits. If the trade dress is registered, the burden of proof is in the owner’s favor, and the company may be entitled to remedies that wouldn’t otherwise be available.
Where do businesses run into trouble with product infringement?
There is very thin trade dress protection for websites. Web pages look similar — there are only so many ways to arrange them.
But the biggest problem in the last 10 years is not really a legal change; it’s the business landscape changing because of offshore manufacturing. Counterfeiting touches almost every business. One of the most common occurrences is that a company manufacturing your products will just make more without your name. Those items are sold out the back door of the factory.
It used to be that only expensive items like Rolex watches were counterfeited. Nowadays, it’s almost anything. A current client has a case involving curling irons — a sub-$100 product. Most products are now made overseas and, although laws are changing, historically many foreign countries have not respected intellectual property rights. As a result, many overseas companies don’t even realize when they’ve done something wrong.
How can companies fight counterfeiting and trade dress infringement?
Add clauses in supply agreements that prohibit manufacturers from making your product for anyone else. That may or may not provide protection, but it puts the manufacturer on notice that you’re watching.
If copies of your product are entering the U.S., use whatever business intelligence possible to determine their origin. It’s virtually impossible to shut down manufacturing operations overseas, so try to cut it off at the import stage. Write a cease-and-desist letter to the first link you can find. Make sure that the letter invites a dialogue — it’s always preferable to resolve matters without litigation.
Trade shows are a good place to find the source of problems. An attorney friend goes to a show for automotive aftermarket manufacturers every year and is paid to walk around and look for infringing products.
Counterfeits can slip into the supply chain anywhere. Even the most respectable vendors are having problems. Be reasonable — don’t assume people are acting in bad faith — and in a surprising number of cases you can get the problem resolved.
Timothy L. Skelton is a partner at Ropers Majeski Kohn & Bentley PC. Reach him at (213) 312-2055 or firstname.lastname@example.org. Learn more about Timothy L. Skelton.
Insights Legal Affairs is brought to you by Ropers Majeski Kohn & Bentley PC