Archive for May, 2016

Let’s face it, when there is a profit motive in business, someone will rise up to the challenge and grab the prize. Alas, ethics sometimes takes second place.

You may have seen it – the hype about the web services claiming to be the world’s salvation from every ill. No more IT overhead, it works all the time, and best of all, you pay as you go.

Sounds impressive, no doubt. But, as the saying goes, you got to follow the money. And the money leads to some interesting observations. Some of which are rather disconcerting to say the least.

As the use of internet access becomes more ubiquitous, so are the number of ways crooks can take advantage of unsuspecting users. None more so than people who sign up for web services without questioning the need, or the real cost.

And the hidden costs could be considerable, especially where business mission critical data is concerned.

Consider the big players in the business software market place. Microsoft, Apple and Google control the major desktop, laptop and mobile computer systems today. These companies have vast engineering resources that they use to develop and implement customer data security.

Specifically, Microsoft now requires Extended Validation (EV) signatures on software products that are sold to Windows users. Extended Validation certificates are issued by security experts like Symantec Corporation, who work together with Microsoft to ensure only reputable companies get to use the EV certificates to sign their software products.

Every one of the software companies issued an EV certificate is known to both Microsoft and Symantec. Any attempt at misuse of an EV certificate is immediately detected and the identity of the software company, its officers and directors, readily established.

Obviously, cyber criminals can’t be part of this transparent system, as they must avoid detection to ply their shady trade.

SmartScreen technology protects your Windows computer

The SmartScreen technology is used by the Windows computers to verify the software publisher’s identify and integrity of the software before the Windows system allows the software to be installed.

To protect your computers, SmartScreen stops installation of any software that is not recognized or is deemed unsafe.

Apple computers are protected by the Gatekeeper

Similarly, Apple now requires that all companies providing software for Apple computers and mobile devices be enrolled in the Apple Developer Program.
Apple subjects all applicants to its Developer Program to screening and extensive background checks before issuing a corporate Apple Identity certificate.

Before any software product is installed, Apple computers and mobile devices use the Gatekeeper technology to verify the Apple Identity of the software
publisher and ensure that the software is safe.

Bad news – lack of protection against fraud for web based software services

None of these rigorous security checks are applied in the case of Web-based software services. The customers merely use their computer browsers to log into the vendor’s system. Sounds handy, right? But if the computers of the software service vendor are compromised by cyber criminals, the customer’s own computers become the target of attack through the browser.

Note that the Secure Sockets (SSL) encryption does not help, as the malware is transmitted to the customers’ computers from the vendor’s compromised servers.

Cyber crooks are increasingly sophisticated in their tactics. They can exploit vulnerabilities in the systems of the web-based service vendors and infiltrate their servers. The malware then finds its way into your computers once you log in to use the service.

Caveat emptor: no security standard to protect SaaS software customers

Most software as a service (SaaS) vendors do not have the vast resources of Apple and Microsoft. As a result, these SaaS vendors fail to implement the security measures required to protect their customers.

Software service vendors are smart when it comes to watching their 6. Taking your money is what they do very well. Yet there is no security standard they are required to follow to protect you the client against data and identity loss. So you should carefully read the fine print in their terms of use before signing up.

SaaS software vendors protect themselves instead

That is why you often find the ‘limitation of liability’ clauses in their Terms of Use, seeking to avoid responsibility in case their customers’ computers get hacked.

Don’t hold your breath – web services get hacked

At the same time, web-based software vendors are a magnet for cyber criminals. The crooks know that the software vendors store customer sensitive data online. This is a gold mine the criminals can exploit to steal the customers’ identity, extort them for ransom, or resell the customer private and business data to the highest bidder.

Did you know that businesses in the USA alone spend billions of dollars on appraisals every year? They need to do so for a diverse number of reasons: getting a loan against business assets, selling or buying a business, to obtain insurance or in cases of legal dispute.

It would seem at first that the financial statements created by accountants should reveal the values of business assets and the entire company. Unfortunately, every one who has ever tried to make a value assessment from accounting statements knows, even the best GAAP compliant financials fail to provide realistic picture of business value.

To make matters even more interesting, business value is truly in the eyes of the beholder. No one number captures this elusive concept. In fact, business value depends upon the purpose of valuation.

For example, your business real or personal property may have an insurable value or the amount of money needed to replace it in case of a total loss. On the other hand, a bank lending against the property would want a different number that is closer to the selling price one can get at a liquidation sale. If you are the property owner, you would most likely try to sell the building at a number higher than a typical buyer is willing to put up.

Every one of these value numbers is different yet all are quite real. The difference is the purpose of valuation. What is valuable to a business owner is not necessarily a factor to the tax man. The amount of customer loyalty your business commands is of little interest to the bank loan officer who must be concerned with the company’s ability to repay the loan. So business value depends on your point of view.

If you are valuing a business, you need to have a special insight to come up with an acceptable answer. The reason is that business appraisals are usually done to address some type of dispute or conflict. So your business appraisal will likely be scrutinized by skeptics looking to tear it apart. Consider just some of the typical scenarios calling for business valuation:

  • Business owners want to minimize gift or estate taxes
  • Tax authorities seek to collect the taxes due in full measure
  • Business buyers want to pay the least amount possible
  • Business sellers want to get the top price

The list goes on.

Even so, the need for business valuation pops up in just about any type of transaction. Both sides must settle the question of value before they close a deal. Knowing one type of value, e.g. how to price your products and services, does not make you an expert in valuing the entire company. A whole new set of assumptions and value drivers comes into play and you need to know how to deal with this complexity.

While pricing assets is a game business people are good at, making an error of judgment when valuing the company could cost you a lot of money. The takeaway is don’t underestimate the challenge of business valuation, invest time and effort to understand the fundamentals involved and get expert help if needed.