Monthly Archives: March 2018

Tips for Writing a Business Plan

Writing a business plan can seem a daunting challenge. However, this skill is a vital requirement for any entrepreneur or business seeking to increase their chances of survival. Here is a list of my top ten tips for writing that winning plan:

1. Write from the audience’s perspective

The starting point for any business plan should be the perspective of the audience. What is the purpose of the plan? Is it to secure funding? Is it to communicate the future plans for the company? The writer should tailor the plan for different audiences, as they will each have very specific requirements. For example, a potential investor will seek clear explanations detailing the proposed return on their investment and time frames for getting their money back.

2. Research the market thoroughly

The recent Dragons’ Den series on BBC 2 reiterated the importance prospective investors place on knowledge of the market and the need for entrepreneurs to thoroughly research their market. The entrepreneur should undertake market research and ensure that the plan includes reference to the market size, its predicted growth path and how they will gain access to this market. A plan for an Internet café will consider the local population, Internet penetration rates, predictions about whether it is likely to grow or decline, etc., concluding with a review of the competitive environment.

3. Understand the competition

An integral component to understanding any business environment is understanding the competition, both its nature and the bases for competition within the industry. Is it a particularly competitive environment, or one that lacks competition? How are the incumbents competing—is there a price leader evident? Finally, including a thorough understanding of the bases on which you intend to compete is vital; can you compete effectively with the existing players?

4. Attention to detail

Make the plan concise, but include enough detail to ensure the reader has sufficient information to make informed decisions. Given that the plan’s writer usually has a significant role to play in the running of the business, the plan should reflect a sense of professionalism, with no spelling mistakes, realistic assumptions, credible projections and accurate content. The writer should also consider the format of the plan, e.g., if a business plan presentation is required, a back-up PowerPoint presentation should be created.

5. Focus on the opportunity

If you are seeking investment in your business, it is important to clearly describe the investment opportunity. Why would the investor be better off investing in your business rather than leaving money in a bank account, shares, or investing in another business? What is the Unique Selling Proposition (USP) for the business? Why will people part with their cash to buy from you?

6. Ensure all key areas are covered in the plan

Undertake research on what a business plan should contain; one good place to find this is at Bplans . Include sections on the Company, Product/Service, Market, Competition, Management Team, Marketing, Operations and Financials. The plan should also take on board the readers’ various preferences for viewing data. While many plans are predominantly textual, the plan should include some simple colour charts and spreadsheets.

Emergency Exercises Like Just Another Drill

It’s no secret that the world can be volatile and violent. Shootings and bombings in public places. Floods, fires, droughts, and other dangers amid an uptick in severe-weather events. Any of these could be a threat to your organization, its people, its customers, and its suppliers. And although senior executives contemplate the likely impact of these phenomena in risk-analysis meetings, far fewer take the time to participate in real drills, instead designating someone else as a stand-in. After all, it’s tough to get an operational dry run on the calendar of a CEO, CFO, or other executive.

That is an enormous mistake. Executives who let someone stand in during practice set themselves and their teams up for failure when the worst happens: The first crisis may be beyond your control, but that is not the case with the second, highly avoidable crisis that results from a fumbled response. Participating in a rigorous, well-crafted, scenario-based drill is the closest you’ll get to experiencing the emotional tension and challenging ambiguity of an actual event that may involve fatalities, skittish investors, and intense media scrutiny. I’ve seen many occasions in which seasoned executives who start an exercise confident, even joking, wind up sweating amid the flurry of high-stakes decisions to be made in a response drill.

If you are a senior leader, you don’t need to attend every exercise, but you should make time for at least one in your calendar each year. It is the only way you’ll know what to expect in a true emergency — and the only way you’ll be able to judge whether those engaged in the nitty-gritty of the response are capable of succeeding.

An exercise is your chance get to know your emergency team, how it works, and where you fit in. It is also a chance to ask seemingly naive questions. If you are wondering about something, chances are someone else is, too. A drill will likely trigger important realizations or gaps you wouldn’t have known needed to be addressed had you not been in attendance. It will provide a real window into not only what a crisis might look like, but what the recovery will be in the weeks after.

Here are three frames to help you get the most from your investment of time.

Understand the operational rhythm (and how not to impede it). The first 20 to 30 minutes of any response will be chaos. Incomplete and sometimes conflicting information will be flying around. Resist the temptation to try to assert control — the easiest way to create chaos is to take command when you aren’t fully versed in the plans and protocols the response team members are using. Instead, watch to see how long it takes for the team to get into an operational “battle rhythm” in which the team members are effectively processing information, making or elevating decisions, and taking appropriate actions. What you can do at this point is ask how you can be useful.

A critical benefit of taking part in an exercise is trust building with security and safety managers with whom you might otherwise not have much chance to interact. In an actual incident, you’ll need to count on them, and they’ll need to be comfortable with you.

Learn what questions you’ll want answered. A good drill exposes gaps that lead to learning. For example, in the Deepwater Horizon oil spill response, where I did several days of field research, responders were prepared to provide Gulf-wide information on resource allocation — but elected officials wanted those details on a state-by-state and parish-by-parish level. An enormous effort was required to retool the mechanisms for more detailed reporting on resource allocation. That need could have been learned of and addressed ahead of time had those officials attended more drills.

Reduce Your Investment In Endpoint Security

Trojans, worms and spyware sound like elements straight from a summer blockbuster, but the kind of action/adventure they provide on your PCs, Macs, smartphones and tablets make them more like a horror movie.

By deploying effective endpoint security, you can help prevent attacks and keep your users safe from viruses and other malware, such as spear phishing and advanced persistent threats. Today’s  state-of-the-art endpoint security has come a long way from its early roots in “antivirus” and has morphed into a complex suite of sophisticated protections against modern threats.

 

But good protection isn’t free; so, how can you save money, while still protecting your computers? Here’s how to reduce your investment….

 

Keeping users safe

In an ideal world, users would be perfectly security conscious. These mythical users wouldn’t:

  • Click on suspicious links.
  • Open file attachments emailed by criminals pretending to be their friends.
  • Respond to phishing messages that appear to be from a bank.
  • Disable software updates because warnings and reboots are annoying.
  • Disable a security product because it slows down their PC.
  • Install free software from an untrustworthy developer, because their friend liked it on Facebook.

Sadly, our world is less than ideal. Much, much less: A recent report said that 86 percent of U.S. businesses surveyed had lost sensitive data during the previous year.

User awareness training helps, but it isn’t sufficient. That’s why your endpoints need securing. Doing so helps prevent your users from accidentally exposing sensitive business information, such as your  banking credentials, secret-sauce recipes or future product plans.

 

Save time and money on endpoint security

Your challenge is to protect your users while minimizing costs: How do you save time and money, while keeping your company safe?

Look for a modern endpoint security solution – not one thrown together from an old antivirus program and a fresh coat of paint.

The function that knows your company best

Tax discussions have the rare power to put senior executives to sleep yet keep them up at night worrying.

Business leaders have traditionally compartmentalized tax management as a compliance function, a complex specialty ceded to the experts. Although some C-suite executives have begun to realize that the tax function plays an important role in their overall strategy, it tends to operate relatively independently. When taxes do force their way onto the agenda of the CEO or the board, it is often in the context of bad news. Consider the uproar in the U.S. in recent years over corporate inversions, in which a U.S. company avoids paying U.S. taxes by buying a foreign company and moving its own headquarters overseas. And with the promise of some kind of tax reform under the Trump administration, the only certainty is that corporate taxes will continue to be headline fodder. On the other side of the Atlantic, the European Commission’s rulings against perceived cases of “state aid” in the form of favored tax treatment of certain companies can be costly to companies that are required to pay back their tax savings, as well as damaging to their reputation.

But to assign tax management entirely to a compliance role is to miss an important opportunity. In fact, executives should move quickly in the opposite direction: They should pull the tax function out of its silo and integrate it into the company’s daily operations. This function gathers data on every part of the business, including employees, assets, and intellectual property, in all territories. It’s one part of the organization where, at least once a year, you can be certain to find a comprehensive accounting of the entirety of the business.

This overarching perspective, of course, isn’t just “nice to have”; it’s increasingly necessary if companies are to communicate effectively with regulators and tax authorities. For example, multinational organizations are facing unprecedented challenges in the global tax environment as governments require greater tax transparency in the countries where they operate. Moves toward digitization of the tax system in a number of countries — Russia, Mexico, and Brazil are among those at the forefront — are also giving government tax authorities unprecedented amounts of transactional data about companies, often in real time. Since the tax function is gathering all this information together for regulators, it behooves the organization to use it more effectively in its own right. Thus, it is becoming a best practice to view the tax function as a strategic partner, one helping to set business priorities and giving the company a competitive edge. Otherwise, the tax authorities might have more insight about your company’s data than you do.

Save money with cloud computing

Why move to the cloud? There are plenty of good reasons, but mainly it makes good business sense. You can call it efficiency, or call it doing more with less. But whichever spin you prefer, cloud computing lets you focus on what’s important: your business.

Cloud computing can be used for almost all types of applications, not just business security. While the idea of cloud computing can sometimes seem hard to grasp, it’s clear that it saves its users money – especially SMBs, including small office/home office (SOHO).

 

Plenty of oh-so-clever industry people will tell you what cloud computing is and isn’t. Here’s my simple view: It’s what we used to call software as a service (SaaS), but it’s set up so it’s easy to switch on, simple to expand and contract, and usually has a usage-based pricing model.

Read on to discover why moving to the cloud will save you money in five ways (six, if you’re picky)….

 

1. Fully utilized hardware

Cloud computing brings natural economies of scale. The practicalities of cloud computing mean high utilization and smoothing of the inevitable peaks and troughs in workloads. Your workloads will share server infrastructure with other organizations’ computing needs. This allows the cloud-computing provider to optimize the hardware needs of its data centers, which means lower costs for you.

 

2. Lower power costs

Cloud computing uses less electricity. That’s an inevitable result of the economies of scale I just discussed: Better hardware utilization means more efficient power use. When you run your own data center, your servers won’t be fully-utilized (unless yours is a very unusual organization). Idle servers waste energy. So a cloud service provider can charge you less for energy used than you’re spending in your own data center.

 

3. Lower people costs

Whenever I analyze organizations’ computing costs, the staffing budget is usually the biggest single line item; it often makes up more than half of the total. Why so high? Good IT people are expensive; their salaries, benefits, and other employment costs usually outweigh the costs of hardware and software. And that’s even before you add in the cost of recruiting good staff with the right experience.

When you move to the cloud, some of the money you pay for the service goes to the provider’s staffing costs. But it’s typically a much smaller amount than if you did all that work in-house. Yet again, we have to thank our old friend: economies of scale.

(In case you worry that moving to the cloud means firing good workers, don’t. Many organizations that move to cloud computing find they can redeploy their scarce, valuable IT people resources to areas that make more money for the business.)

 

4. Zero capital costs

When you run your own servers, you’re looking at up-front capital costs. But in the world of cloud-computing, financing that capital investment is someone else’s problem.

Sure, if you run the servers yourself, the accounting wizards do their amortization magic which makes it appear that the cost gets spread over a server’s life. But that money still has to come from somewhere, so it’s capital that otherwise can’t be invested in the business—be it actual money or a line of credit.

 

5. Resilience without redundancy

When you run your own servers, you need to buy more hardware than you need in case of failure. In extreme cases, you need to duplicate everything. Having spare hardware lying idle, “just in case,” is an expensive way to maximize uptime.

Instead, why not let a cloud computing service deal with the redundancy requirement? Typical clouds have several locations for their data centers, and they mirror your data and applications across at least two of them. That’s a less expensive way of doing it, and another way to enjoy the cloud’s economies of scale.

Rethink Your Endpoint Security Strategies

For those reluctant to say goodbye to signature-based malware protection, read on for the first of a four-part series that delves into why small and medium-sized businesses should rethink their current solutions and explore cloud-based strategies for endpoint protection.

 

We are gathered here today, with not-quite heavy hearts, to say farewell to a constant companion. Our “friend” was part of our daily lives, popping up at the oddest times, seemingly just to say “hi,” or – as in any other high-maintenance relationship – demand we drop everything to give it some attention right now.

Imperfect, needy and often intrusive, we nonetheless tolerated its presence as a necessity in this cruel, crazy world full of bad guys – until something radical came along that made our “friend” a casualty in the unceasing conflict that can be called “The Malware Wars.”

The radical new element in the fray? The cloud. So, join us in saying, “Rest in peace, signature-based antivirus program,” and, “Hello, cloud-based endpoint security strategies.”

 

The changing world of web threats

Signature-based antivirus protection arguably peaked in the late 1990s and has been playing catch-up with the blackhats ever since. File injection and other basic virus types were mostly supplanted by Trojans, worms, backdoors and other stealthier nasties, which the big antivirus companies responded to slowly, as these threats did not fit their model of a virus.

Demonstrating how ineffective some solutions are to this day, the notorious 12-year-old Back Orifice 2000 Trojan is still infecting machines, and one out of three web malware encountered in 4Q 2011 were zero day threats, which are completely undetectable by signature-based schemes.

Hackers are also increasingly using social media scams and phishing, with even LinkedIn notifications becoming fair game for delivering exploits. It is clearly a more complicated world in the security space, and only getting worse.