Author:
Kenneth Hofsommer, CPA Partner Sax LLP who has partnered with Safari Solutions Did you know that most cyber security breaches are caused by humans. Humans make mistakes and humans can be tricked and manipulated by professional criminals and amateurs alike. Of course the errors are most often unintentional actions taken or lack of action by employees and owners. You might have read that Uber got hacked. For users, you might not need to worry about your personal data being stolen. Uber has reported that they haven’t seen any evidence of user data being compromised. So does this mean Uber caught the hack in time? Or that the hacker wasn’t after user data? Uber reported they still aren’t sure of the hacker’s goals. But regardless of the hacker’s goal, the situation proved to be a wake-up call for Uber—and every company and individual who uses the internet. The hacker, confirmed to be a teenage member of the Brazilian hacking group Lapsus$, didn’t “break into” Uber’s internal systems using high-tech software or super-specialized knowledge like hackers in movies. Instead, they used a social engineering attack—a common strategy hackers use to gain access to sensitive data like passwords and login credentials. What is a Social Engineering Attack?A social engineering attack, also known as a social engineering campaign, is a hacking strategy that involves manipulating people into sharing confidential information. Often, this is achieved by posing as a trustworthy figure like a longtime vendor or a colleague. In doing so, the hacker builds familiarity with their mark, causing the mark to let down their guard and voluntarily share information. With the Uber hack, we know the hacker targeted Uber employees through a social engineering campaign. Allegedly, it was an Uber contractor who provided the information necessary to access the VPN (virtual private network) that made it possible to access Uber’s internal programs and systems. They reached multiple code repositories and accessed the admin credentials for Thycotic, the Privileged Access Management (PAM) system Uber uses. From there, they were able to access Uber’s internal Slack, Google Drive, Amazon Web Services, and other tools used exclusively by Uber employees. If you’ve encountered a phishing email in your inbox, you’ve encountered a social engineering attack. Phishing emails typically mimic emails from senders like your bank, a pharmacy, or even a government agency like the IRS and ask for confidential, personally identifying information like your online banking password or your social security number. They often include links to fake login pages that look nearly identical to the real thing. Ransomware, Data Poisoning, Phishing and Spear PhishingSocial engineering attacks come in a few different forms. They include: Phishing. Phishing attacks most often involve posing as a reputable company or individual and asking users to provide information like their login, password, or credit card information. Sometimes, the hacker uses this information themselves and in other cases, the acquired information is then sold on the dark web. Spear phishing. Spear phishing is the same strategy as phishing, but instead of a fraudulent email being sent to hundreds or even thousands of users, it’s sent to a specific individual or group of people in an effort to gain their sensitive information. Ransomware. Ransomware is software that blocks access to a specific program or network, locking users out until they pay the hacker. Essentially, ransomware holds access “for ransom.” Data poisoning. Data poisoning is a bit different in that its goal is to change a dataset. If your company uses AI or machine learning, you could be at risk for data poisoning. With data poisoning, the hacker injects samples of their own choosing into the machine training data, warping the machine’s understanding of that data, and causing it to misclassify certain test samples. What Can Happen If My Company is Hacked?If a hacker gains access to your company’s internal systems, sensitive data like customer and employee information can be stolen. Depending on what the hacker manages to access, actual money can be stolen and/or you can lose access to your accounts. You might be pushed to pay significant ransom fees to have your accounts returned to you—or to keep the hacker from broadcasting their stunt, destroying your company’s reputation with its clients. The costs of being hacked go beyond this. They also include:
Handling (and Preventing!) HacksThe easiest way to protect yourself from hacking is to take preventative measures against it. To prevent malware and ransomware attacks, invest in a firewall that blocks threats before they can reach your team. Additionally, depending on which tools you use, you might be able to migrate them to the cloud and take advantage of the security measures your cloud hosting provider uses. This also ensures your tools are updated regularly, which typically means improved security measures. Your industry might require you to adhere to certain cybersecurity regulations. Review these regulations regularly and when necessary, work with your IT team to ensure that you’re up to date and in compliance. These are just part of a cybersecurity strategy, though. The other half is training your team to recognize social engineering attacks, because these slyly slip past firewalls and reach unsuspecting users. Host regular cybersecurity training and make good security habits part of your company culture. This is especially important if you have remote workers, as you might need to make adjustments to your network to ensure they’re as protected as the workers in your office. During your security training sessions, cover basic security measures like the importance of a strong password and the importance of changing your password regularly. Other important topics to cover include knowing how to spot a phishing email and recognizing which kinds of information a legitimate vendor might ask for versus the information they would never ask for. You should also conduct regular network security assessments to catch any potential weak spots or software that needs to be updated. Finally, there’s the component of ensuring that if you are hacked, you can respond promptly and minimize the damage. Purchase cyber liability insurance to cover any losses you incur as the result of a hack. Just like every other kind of insurance, you never want to be in a situation where you need to use it…but in the event you are, you’ll be so glad you have it. Kenneth Hofsommer, CPA is a partner at Sax LLP which has partnered with Safari Solutions to create S2 Technology Solutions, LLP. Any questions please contact him at [email protected] or 973-472-6250. S2 Technology Solutions, focus is a big-picture, goal-oriented approach to client service
0 Comments
Author:
Michael Richmond Managing Director The DAK Group The economy has been reeling from a challenging 2022, and the predictions for 2023 are uncertain, many business owners are asking themselves “should I sell my business this year, or wait for a better time?” The answer will depend on multiple factors, including the motivation for selling and does the owner have a limited timeframe to monetize their business. Deciding if now is the right time will be dependent on certain elements of the business and personal factors that come into play as they make their decision. Facts and Factors Impacting a Decision - What History Tells Us After the 2008/2009 recession, valuations dropped significantly, and it took 5 -7 years for valuations to fully recover to pre-recession levels. If that historical pattern repeats, are you as a business owner, willing to wait that long to sell your business? The good news is that historically, middle market M&A has less pricing and activity gyrations than the market for the mega Wall Street deals. In 2022, the number of mega M&A transactions plummeted, yet the flow of deals in the middle market remained relatively strong. During the current business cycle, valuations for middle market businesses increased, but never reached the peaks of the larger deals and following the pattern of the last recession, are not predicted to dry up like the market for larger deals. The middle market M & A trends have been consistent, and so has the demand for good companies to invest in. The Impact of Higher Interest Rates and the Challenging Economic Outlook Higher interest rates and economic worries will result in lower leverage and a likely drop in valuations of ½ - 1 times in lower EBITDA multiples. Fears of recession could have a larger impact on companies that typically perform poorly during a down economy such as housing, construction, and retail. However, offsetting these headwinds is the near record level of “Dry Powder” (cash) in the hands of private equity firms, as well as strategic or corporate buyers, who have large reserves of cash ready to deploy to grow their businesses through acquisitions. With a continued demand for solid middle market companies, it is very important for business owners to understand where the “true value” in their business lies and what buyers are looking for. Owners will need to create a vision for perspective buyers that goes beyond the numbers. This could include attributes such as a unique product or service offering, a solid customer base, valuable intellectual property or technology, a reliable and diverse supply chain and perhaps most importantly, sustainability of financial performance. Impact Of Expanded and Extensive Due Diligence Buyers are spending more than ever to ensure that they are appropriately evaluating all aspect of a business’s performance so as to avoid the mistake of buying the wrong company or significantly overpaying. The costs for this due diligence can easily range from $250,000 to $500,000, or more. Before buyers start spending this money, they want to be reasonably confident that the target company they are considering buying can stand up to this scrutiny. We often advise owners selling their companies to perform a Sell Side Quality of Earnings Analysis on their own business. This is done by an outside accounting firm which analyzes the quality of a company’s earnings, adding back one-time expenses, deducting one-time gains and other modifications if necessary to provide a more accurate picture of a company’s ongoing financial performance. This not only helps prepare a company for sale but provides a buyer with the comfort and knowledge that an earnings analysis was already prepared and scrutinized. It also gives the business owner a “heads up” on situations that may require adjusting their operations and gives them time to make the necessary changes. Impact of COVID-19 and Supply Chain Issues – Sustainability of Earnings Supply chain and Covid disruptions negatively impacted many businesses. It appears likely that most of these businesses will return to historical performance levels. After they recover, they should be valued based on their historical performance. Until that occurs, valuations will be remain lower or the purchase price will include a “structured” component or “earnout.” The company will have to achieve certain agreed upon performance targets in order to receive a full payout. On the other hand, some businesses were uniquely positioned to benefit from the disruptions. Over time, they too will return historical financial performance and a corresponding valuation. A third group of companies performed well despite all of the external disruptions. For this latter group of companies, in order to achieve the higher valuations they merit, they must prove that their current strong performance is sustainable in the long turn. Conclusion Selling your own company — is often the biggest financial decision of a lifetime – and not a task you want to take on without the assistance of experts who understand the steps and can navigate the process while maximizing the value to you. This team should include investment bankers, attorneys and accountants who can help guide you through the process — and bring optimal value to the most important decisions regarding your company’s future. For many businesses, a divestiture represents a great opportunity for an owner in 2023. With sound advice, good planning, and a strategic approach, you can make the right decisions for you and your business. About the Author Michael Richmond is a Managing Director at The DAK Group, a leading investment bank specializing in middle market, privately-held companies. Mike works directly with middle market business owners as they explore the sale of their companies or consider an acquisition and assist entrepreneurs in determining the most advantageous method and most profitable time to exit their company. Email Mike directly at [email protected] By: Hemant P. Singh
Director & Certified Financial Fiduciary KS Capital Management, Inc “It was the best of times, and it was the worst of times.” This Dickins quote is certainly reflective of the 2022 stock market as it went down in the books with that moniker. For the year, the equity markets had to deal with a shooting war, inflation, an oil price shock, rising interest rates, a recession risk, and a political division presided over Jan 6th events. The Fed, China, and the Ukraine war provided a difficult backdrop leaving the equity markets down for the 4th worst performance year since 1945 and the worst since 2008. The Best of times- 2023 Outlook_ The issues that plagued the markets can be placed squarely at the feet of the US Federal Reserve as their aggressive rate hike cycle was explicitly designed to reduce asset and inflation bubbles. That was then and this is now. It’s been 12 months since the Fed started and we believe there is enough evidence in the economy to help the Fed not just Pivot but Pause this rate hike stance. When this happens we believe the markets are poised to recover their deficit, aggressively. History is a guide. We are sharing our Annual Presidential Chart that shows the market has never had a negative 3rd year of any President’s term. No one predicted the Pandemic in 2020, so history can be repeated or made. We are in the camp of the known and have spent the past several months re-investing the portfolios to the highest conviction and objective-based ideas. We have attached an S&P Total return chart to illustrate that the 3rd yr. of a President has always been a positive return. Please note the 3rd year performance when the 2nd year is negative. It’s very impressive and relevant !! By: David H. Nachman, Esq., Ludka Zimovcak, Esq., Snehal Batra, Esq.
and Samantha Oberstein, Esq. Nachman, Phulwani, Zimovcak (NPZ) Law Group, P.C. Immigration Attorneys Trying for an H-1B visa can be very frustrating. As one of the most popular work visas in the U.S. for professionals, many pursue the H-1B visa, but many are disappointed. You see, the majority of H-1B vias are subject to an annual quota. This annual quota, known as a “cap,” means that many pursuing an H-1B visa will likely be disappointed. Because there is a limit on the number of H-1B visas, USCIS puts applicants in a lottery in order to select who will have their H-1B visa application processed. The lottery is already filled for this year. For employers pursuing H-1B visas for foreign employees, they have been left wondering whether they are out of luck until October of 2023. Fortunately, many employers, particularly those in specialized industries requiring many workers with advanced degrees, such as those in the healthcare and biotech industries, there are alternatives that could potentially allow them to circumvent the H-1B cap problem. H-1B Cap Alternatives for Healthcare and Biotech Companies For those healthcare and biotech companies looking to hire and retain foreign employees to work in the United States, do not be disheartened by the limited supply of H-1B visas. You likely have other visa options that are not is often pursued for other H-1B visas and may not even be subject to the annual fiscal year cap. Some visa alternatives may include but not be limited to: ● TN visas: These visas are only available to Canadian and Mexican citizens pursuant to the U.S.-Mexico-Canada Agreement (USMCA) and only to those in certain occupations. Qualifying occupations include those in the healthcare and biotech industries where many occupations require a bachelor’s degree, at a minimum. The added good news is that this type of visa is not subject to the annual fiscal year cap. ● F-1 visas: This is a student visa which usually permits the student to work for 1-year after graduating from college in order to gain experience and training in their field of study. Usually, employers will apply for an H-1B visa on behalf of F-1 visa, but the cap limits have thrown a wrench in this. Students with a STEM degree, however, may have other options. Those students with degrees in Science, Technology, Engineering, or Mathematics (STEM), may be eligible for a STEM extension of their F-1 visa for up to 2 additional years. This extension can allow employers to pursue an H-1B visa for three consecutive lotteries. The extension is not subject to a cap. ● O-1 visas: This may be another option for employees in the healthcare and biotech industries, but there are added requirements for this visa. In particular, this visa is geared towards individuals who have achieved some level of acclaim or distinction in their academic field. This would include individuals who have made significant and original contributions to their field, published peer-reviewed articles, and made other noteworthy contributions. Generally speaking, accomplished scientists are eligible for O-1 visas, which are not subject to an annual quota. A full analysis of an individual’s academic and experiential credentials would be necessary to analyze an individual's ability to obtain an O-1 visa. ● J-1 visa: The J-1 visa has a number of sub-categories and will allow temporary employees to work for a specified period of time in order to gain practical experience or training when early on in their careers. The maximum allowable period for this visa will vary depending on the subcategory, but run a range from one to 7 years. Immigration Law Attorneys If you have any questions about how the immigration and nationality laws in the United States may impact you or your family members or if you want to access additional information about the United States or Canadian immigration and nationality laws, please feel free to get in touch with the immigration and nationality lawyers at NPZ Law Group. You can send us an email at [email protected] or call us at 201-670-0006 extension 104. In addition, we invite you to find more information on our website at www.visaserve.com |
Guest Blog
Archives
August 2024
Categories |