Tuesday, February 11, 2020

To Safeguard Your Company's Data, Consider a Cybersecurity Assessment


As data breaches continue to make headlines at an alarming rate, no business can afford to ignore cybersecurity. To ensure that your company is taking appropriate steps to protect sensitive information — both its own and that entrusted to it by customers and business partners — consider conducting a cybersecurity assessment or audit. An added benefit of these assessments is that it sends a message to your customers and others that you take their data security seriously, which can provide a competitive advantage.
The first step the auditor will take is to take inventory of all your data and determine where it's located. While much of your data is housed on your on-site network or private cloud servers,  you might be surprised to learn how much of it resides on the networks of third parties — such as internet service providers, vendors, customers, financial institutions or business partners — or is accessible by them. The auditor will also take inventory of your hardware and software and map your network, data flows, and entry points. As the workforce becomes increasingly mobile, it's particularly critical to examine the ways in which your employees gain access to your network. As the number of entry points increases, so does your risk.
It's equally important, if not more so, to evaluate your policies, procedures, and internal controls related to information security. The majority of data breaches involve social engineering — that is, hackers who take advantage of weak passwords or lax security protocols or use phishing or other techniques to trick personnel into downloading malware. A cybersecurity assessment can help you identify potential vulnerabilities and implement policies, procedures, and controls designed to minimize the risks of a data breach and mitigate the damage should a breach occur.
Depending on your industry, you might consider going a step further and obtaining a certification that your company complies with an accepted cybersecurity standard. A number of organizations have promulgated such standards, including the National Institute of Standards and Technology (NIST) and the International Organization for Standardization (ISO). Getting certified can give your company a competitive edge. Plus, in some industries, the government and other organizations are increasingly demanding that their partners obtain such a certification as a condition of doing business with them.
Once you conduct a cybersecurity assessment, you can't simply put it on a shelf and forget about it. Hackers and other cybercriminals are continually coming up with new, innovative techniques for bypassing companies' security measures, so it's important to monitor the performance of your information security system and periodically re-assess your risks.

Ben Kinsey, CPA of Small Business Group works with owners of closely held corporations in the Northeast Florida region.  If you work in the North Florida area we offer a FREE initial Consultation at our office, please contact Small Business Group if you would like to know more about strategies for your business.


What's Your Business Worth? Beware Rules of Thumb!

There are many reasons you may need to know the value of your business, such as pricing it for sale, seeking financing, tax and estate planning, or even divorce. Many business owners use rules of thumb to gauge their businesses' values. But while these “cocktail napkin” estimates can be a good way to get a general idea of what your business is worth and begin the planning process, they're no substitute for a thorough analysis by a valuation professional.
The Trouble With Rules of Thumb
Rules of thumb are easy-to-calculate valuation formulas, typically tied to some multiple of earnings before interest, taxes, depreciation and amortization (EBITDA) or some other measure of earnings, revenues or cash flows. Often they're derived from data about actual business sales in your industry, which gives them an air of legitimacy.
The problem is that rules of thumb are usually based on industry averages. But most businesses don't possess characteristics that are identical to the hypothetical “average” business, so applying a rule of thumb may lead to inaccurate results. Consider this example:
Company A and Company B each have EBITDA of $2 million per year. According to a popular valuation rule of thumb in their industry, each company is worth five times EBITDA, or $10 million. The two companies are similar in many ways, but a closer look reveals that Company A relies on a single customer for more than 80 percent of its sales. Company B has a much more diverse customer base, with no single customer accounting for more than 10 percent of its sales. Any prospective buyer that does its due diligence would view Company A as a substantially riskier investment and adjust its valuation downward to reflect the additional risk.
Professional Valuation: There is No Substitute
The example above is a bit oversimplified, but it illustrates how rote application of rules of thumb can distort a business's value. In practice, each business possesses numerous characteristics that drive its value and may or may not be captured by a rule of thumb. Rules of thumb provide a handy way to get a rough estimate of your business's value or to serve as a “sanity check” against more sophisticated valuation methods. But only a professional valuation can provide the accurate information you need to achieve your goals.


Ben Kinsey, CPA of Small Business Group works with owners of closely held corporations in the Northeast Florida region.  If you work in the North Florida area we offer a FREE initial Consultation at our office, please contact Small Business Group if you would like to know more about strategies for your business.