« September 2009 | Main | November 2009 »
Image via Wikipedia
Short one this week. You want to keep an eye on this news. According to an article in SCmagazine.com there is a bill working its way through Congress that may exempt some small business from the RedFlags rules.
![Reblog this post [with Zemanta]](http://img.zemanta.com/reblog_e.png?x-id=8169725d-7098-4b5b-ac2a-97975a05e25d)
Image via Wikipedia
If so you need to be aware of the new Security of Personal Information Act passed into law in Nevada. In a nutshell, data collectors or merchants who collect card data to do business will be required to be compliant with PCI DSS in order to legally conduct business in Nevada.
I'm not going to spend time writing something up if I find something insightful already available. Read the write up on the Nevada Security of Personal Information Act at InfoSecCompliance.
![Reblog this post [with Zemanta]](http://img.zemanta.com/reblog_e.png?x-id=c7186f6b-5b45-4221-9915-fdafeb755ae3)
Image by zenonline via Flickr
Understand the common threats to your business and think about how to prevent them, detect them and respond to them before they occur
Threat models are commonly used in information security analysis to
illustrate the potential for risks to impact an organization. The threat model
is used to describe the characteristics of a given threat and the harm it could
to do a vulnerable system.
·
Disable
antivirus scanning prior to the download of an emailed MS Office document.
·
Transfer
information from a third-party computer to their work computer bringing in a
virus or other malicious software into the company.
·
With any
number of portable memory devices data is copied from the network and is stolen
undetected.
A disgruntled employee
decides to retaliate against your company:
·
With any
number of portable memory devices data is copied from the network and is stolen
undetected.
·
With a
haphazard termination process the former employee gains access to a company
facility and uses his/her still active network credentials to damage or steal
information from an outside location.
![Reblog this post [with Zemanta]](http://img.zemanta.com/reblog_e.png?x-id=9c826844-be73-4e29-89dd-3da52a8fe1cb)
Do you expect your business to die when you do? If your goal is for your business to thrive, how do you intend to harvest the investment you’ve made? If you want your business to provide a continuous income stream after you’re ready to move on, think out and plan the transfer of ownership. Whether the business is sold to a partner, a competitor, a group of employees or to family member(s), there are four elements necessary for a smooth transition. These four elements include:
As your business has grown, you have developed products and services that your clients need. Vendors count on you for part of their business growth. Your management team helps determine, and employees execute, the business plan. As the business’s life cycle matures, your role has evolved from technician to visionary. Clients, vendors and employees have deepening relationships. You can move on now.
Setting a realistic market price for the business should be determined by a CPA certified in valuation. He or she will analyze the books, economic conditions, market segment and growth potential. There will be questions about anticipated revenue, and new niche markets. The CPA will select which valuation method is most appropriate for your business and set a purchase price and a formula for determining any future purchase fluctuations.
Evaluating a potential buyer is the next logical step in your succession plan. Often, key employees or family members will have already indicated interest in purchasing the business. Do they have all the skills, vision and drive necessary to be successful? To thrive in a competitive marketplace takes more than being a good technician. In addition to figuring out ‘How much?’ and ‘Who?, you might want to invest in training for any deficient skill areas.
The agreements that compel the sale usually take two forms.
The first option is an employment agreement that defines the conditions under which stock, or phantom stock, is transferred to the successor owners. This provides the current owner “golden handcuffs” and the key employees an incentive. Usually the transfer is contingent on reaching certain productivity goals.
The second option is the Buy-Sell document. This describes the transfer of stock upon the death, disability or retirement of the owner. It delivers assets to the owner’s family while removing them from the business. These documents should be prepared by attorneys who specialize in closely held corporations.
In addition, both agreements need to be funded in order to complete the final transfer. This is usually accomplished by purchasing life insurance and disability insurance on the owner, payable to the business or the successor owners. Insurance provides the funds to purchase the stock. In this way, non-participating family members are gracefully moved away from day-to-day operations and dividend expectations.
Good planning pays off for everyone: your clients, your employees, your family, vendors and creditors. They all want to work with a company that will thrive, even through a key transition. With proper tax planning, the business will provide an annuity for the owner for the next five to ten years. Your investment in the succession planning process could pay dividends for years to come.
Patricia Carpenter, CLU, CHFC
Vice President, Business Development
Pat Carpenter has more than thirty years’ experience working for and with emerging businesses. A veteran of three start-ups, she has spent more than thirty years of her career working in the life and health insurance industries as a field underwriter, group representative, broker and consultant. Pat has worked closely with business owners to create custom-tailored succession plans and wealth accumulation programs. She has analyzed financial strategies, plan designs, and employee incentives. In addition, she has educated people from line workers to Board members about how to optimize their employee benefits. Pat has earned the Chartered Life Underwriter and Chartered Financial Consultant designations from the
![Reblog this post [with Zemanta]](http://img.zemanta.com/reblog_e.png?x-id=f65e93aa-fdc2-463d-b1d9-160ed828c809)
Image by Bohman via Flickr
I have read more than my fair share of "how to protect yourself in social media" type articles lately (see a good one with links to other good ones at http://www.nateriggs.com/2009/10/how-to-protect-yourself-from-the-social-web/ ) from none security professionals. These posts discuss protecting your location, creating a family password (like the you say Thunder then I say Flash challenge response) and other very commonsensical kinds of actions to protect your online self. Most of them forget the basic fundamental password.
So without any more preamble. Use strong passwords. They work. And when you don't use them you can be attacked (See a story on Twitter's corporate accounts being hacked all becwith a loss of tremendous confidential data all because of poor password use).
Use passwords that are at least eight characters long and include a mix of at least 3 of the following character types: uppercase letters, lowercase letters, numbers and special characters. (WHY?: Following this practice means that guessing your password means working through more choices making guessing both practically and mathematically more difficult.)
But doing that makes it harder to remember, too, right? And most people don't use good strong passwords because they are hard to remember and so because of convenience (or laziness) prefer to type "1234" or "GOBUCKS!". What to do?
Be thoughtful about how you use and mix these characters (##Pa$$W0rd!! is easier to remember than d$a#aabe and because it is longer mathematically harder to guess):
Have some fun. Use these combinations to create words of phrases that are easier to remember:
And then use your passwords like you do your house, car and office keys:
If you still have trouble remembering you have 2 choices:
This sounds so simple. Yet, it is such a serious topic. It isn't the only line of defense, but it is an important one and because of human nature (entering passwords does feel like such a waste of our time) an underused line of defense.
As an executive and online citizen, don't be a victim because you didn't want to invest a small amount of time to do something simple and highly effective. As a business owner, make sure you have policies in place to expect the proper use of passwords by all of your employees across all of your systems and applications.
![Reblog this post [with Zemanta]](http://img.zemanta.com/reblog_e.png?x-id=bd4b8c43-0236-4bf4-b1a0-395bbdb386bb)
Image via Wikipedia
I have to confess I have had that same "it can't happen to me" attitude about the H1N1 pandemic. I've scoffed at the sterilizers my wife Jodi put around the house, at being taught how to cough and at all of the concerns people have.
But I've learned that if you think "It can't happen" it just might.
I've alluded to the fact that I coach football. I run the defense for the Patriots, a team of 16 fantastic 9 and 10 year old boys, just learning the tackle game. Tuesday night we were down to 9 kids. About two weeks ago, one of our players was diagnosed with H1Ni and we lost his services for a game. The abscenes steam rolled since then. Tuesday night we had 9 boys at practice with the other 6 at home sick. Not all of them had H1N1, but the resulting impact got me to thinking. What if 50% of our company was out sick or quaranteened because of fever?
Great question. And this week we have begun to plan for it. Over the next week or so our management team is going to ask soem questions:
As we go I'll through my thoughts and findings up here to help you along .. because as I have found out it can happen to anyone.
Some links of interest I've already discovered (and which I'll update as I find new ones):
![Reblog this post [with Zemanta]](http://img.zemanta.com/reblog_e.png?x-id=561c0790-2ede-4075-96ec-928bc24bf5de)
