Monday, July 25, 2016

Cybersecurity Threats to Organizations


The threat of cybersecurity hacking in organizations, corporations, and enterprises of every type is much greater than most people are aware. Law firms face an exponentially greater risk due to the fact that in addition to the firm’s own vulnerability, their clients’ information is also at risk.

The recent hack of the Panamanian law firm Mossack Fonseca and release of the so-called “Panama Papers,” should be a wakeup call for all law firms. The information exposed in the Panama Papers consisted of 11.5 million pages describing the formation of 214,000 offshore entities for more than 14,000 clients. The exposure could result in financial ruin for some people and has already instigated the resignation of Iceland’s prime minister.

Surprisingly---or perhaps not so surprisingly given the ubiquity of smart phones----the greater vulnerability exists not in legacy client-server systems but in mobile devices facilitated by the use of social media. Cybersecurity guru John McAfee describes how he would hack a digital wallet and empty its contents using a smart phone and social media:

“I will give you an example: Suppose I wanted to entirely empty a person’s [cyber] wallet. Let’s further assume that the wallet is located on a smart phone or other general purpose computing device. In order for the wallet to be used, the device in question must have access to the Internet. These are the only conditions needed for me to empty the wallet, irrespective of the wallet used, whether Myceleum, Samurai or any other software wallet available.

Here’s how I would do it:   I would first plant readily available spyware on the device. I could plant it through an email phishing scheme, or by inducing you to visit a website (A website drive-by is sufficient to set the “download unauthorized applications” flag on Android for example. A subsequent click-through would plant the malware), or using any one of hundreds of other means. If the person owning the wallet was immune to all attempts (extremely rare), then I would use readily available hardware “push” systems and force the malware onto the device from a distance of up to a quarter or a mile away from the device.

Once the malware was installed, it would identify which cybercurrency wallets were being used on the device and log that information. It might also transmit that information to the hacker controlling the malware. It would then install a key logger and a keystroke intercept routine and, possibly, a selective screen capture that captured only the opening screen of the wallets when the wallet applications were executed. This single screen capture, in most cases would contain the amount of the wallets contents. I would need this amount in order to completely empty the wallet. The screenshot would be sent to me at some point. The malware might also contain a “power off simulator” so that after the user believes they have turned the phone off for the night, it is really still “on” but pretending to be off. That way I could empty the wallet while the user was sleeping and would be guaranteed many hours before the user noticed that his wallet was empty.

After the user goes to sleep, I would activate the malware. The malware would execute the wallet app and click the “send coins” button, using the keyboard intercept routine. It would then input my wallet transaction ID, and enter the amount that I had communicated to the device. I would know the amount from the opening screenshot that had earlier been sent to me.

If the wallet required a pin number in order to complete the transaction, I would then wait until the user uses the wallet themselves. My keystroke logger would then give me the pin number. The following night I would have the malware enter the pin number and then complete the transaction as described above.

If the designers of the wallet were clever enough in designing the wallet, I might have to include a software “root” routine, of which hundreds are available, in the malware. Once rooted, I would override whatever keyboard and screenshot precautions had been taken and again proceed as outlined above.

This is just one of many techniques that could be used. All of the malware could be built in a matter of a few hours using off-the-shelf hacker toolkits.”

Solutions to cybersecurity challenges promise to be the “Next Big Thing” in technology development. New companies are popping up all over the horizon to deal with the multifaceted threats which can be anything as simple as denial of service to complex attacks such as that which destroyed the privacy of 14,000 Mossack Fonseca clients’ data.

Wednesday, December 08, 2010


When working with corporate executives in the capital raising process, several told me that, to their knowledge, few senior corporate executives were aware of the opportunity to partner with private equity firms to acquire their own company. Thus, this Guide sets out to help those business executives who want to run their own show or for those corporate CEOs who need expansion capital to grow their business faster than might otherwise be possible using only bank debt or internally generated cash. In both cases, the Guide is aimed at those who need a basic grounding in the equity capital raising process because they may have not undertaken such an exercise before.

For the former group who seek to achieve the American Dream of owning a business, private equity is the only real alternative. With a small amount of personal capital relative to deal size, executives can buy out the company they work for or acquire a company they’ve targeted in their industry and do so with relatively little risk. This is due to the fact that when raising debt capital, banks require a personal guarantee. A private equity partner does not require a personal guarantee, thus eliminating the risk of losing personal assets. Personal risk is limited to the amount of personal capital invested in the deal along with the time invested to manage the company for several years.

A common misconception is that in order to participate in a private equity funded transaction, a fixed percentage of personal capital---as with a bank loan which typically requires 20% down payment---must be invested in the transaction alongside the equity group. For example, if a transaction is valued at $10 million, many entrepreneurs believe the equity group will require, say, a 5% or 10% investment by the entrepreneur, thus putting the transaction out of reach of most executives. But that is simply not the case. While equity groups almost always require the entrepreneur to have “skin in the game,” they don’t expect him or her to risk everything they own. Rather, they expect the entrepreneur to have a “meaningful” amount of personal capital relative to their net worth. Thus, someone with a million dollar net worth would be expected to invest significantly more personal capital than someone with a $250,000 net worth.

For corporate executives who seek to grow their business faster, but are capital constrained, private equity is the only answer. Partnering with a private equity group provides additional working capital for every day operation in addition to capital for acquisitions. In exchange for private equity capital, ownership control, but not operating control, of a business must usually, but not always, be relinquished to the equity capital provider. Principals of the equity capital group will become board members to provide guidance and direction in the operation of the business. They will also introduce additional industry resources and relationships, such as attorneys, accountants, joint venture partners and acquisition possibilities. The advantage to current shareholders is the company can grow faster and generate wealth more quickly than if the executive or company goes it alone.

To be sure, private equity is not for everyone or every company. Notwithstanding the substantial ownership control trade-offs, private equity is very particular about who it partners with and where it invests. The private equity firm is charged with investing its limited partners’ (LP) capital in companies in such a way that the return on the LPs’ capital exceeds the return which can be achieved through more traditional and less risky investments. Therefore, companies in which private equity firms seek to invest undergo stringent due diligence and financial analysis with the objective of achieving extraordinary returns at the time of exit three to five years subsequent to the private equity firm’s investment.

On the other side of the coin, the upside potential is significant when partnering with an equity group compared to what an entrepreneur or a company can accomplish using their own, more limited, resources. Once the equity group has made its investment, the CEO has the resources---and is expected---to grow the business as quickly as possible through both organic growth and acquisitions. Growing with acquisitions is the quickest way to increase revenues and earnings. As the firm grows, the integrated enterprise will multiply in value, and, at the time of ultimate sale, equity ownership will be multiplied several times over. This is a true wealth building opportunity.

Please visit our web site:

Saturday, July 31, 2010

IC/IP valuation

See this textbook which provides three standard methods of valuation. Available on Amazon.

"Valuation of Intellectual Capital and Intangible Assets," Gordon V. Smith and Russell L. Parr.

An interesting fact is that when one looks at SEC filings of public companies, many have stated valuations and specific balance sheet line items for "Intangible Capital" or similar. In some cases there are specific line items for such things as Engineering Drawings, Recipes, Customer Lists, and Noncompete Agreements, to name a few. This is real world IP/IC valuation completed by the companies' CPA firms. What are we missing here?

Thursday, July 15, 2010

Marketing "virality"

It has suddenly become very evident to me that the way the world does business is increasingly heading away from

the static web site presence toward the model of business or social networking and virality. (I just coined that word: it’s an adjective describing the viral nature of the new business communication and promotion model). Surprisingly, one can see evidence of this sea change with a subscription to Advertising Age which must keep up with the rapid changes in the ways companies promote themselves.

The gold standard among business networking is LinkedIn which I have witnessed over the last several years as it grew form a startup to a business networking site with over 60,000,000 global members. I am also directly engaged in two real world examples of the old and the new way of doing business.

The old paradigm is exemplified by the business broker I was associated with, which, like most other business brokers, uses the standard modus operandi of obtaining listings of businesses for sale and then describing the company on its web site. Nothing is done to drive potential buyers to the web site. The listings just sit there on the hope that someone will notice. One of the larger brokers I know sends out thousands of snail mails every week to attract buyers and sellers. Again, the old paradigm.

The new paradigm is exemplified by my partner in China. The guy is a serial entrepreneur, having been founder or cofounder of six companies. He is now starting his seventh business, the first time for him in China, and I am sitting on the sidelines watching how he’s going about developing his new business. He uses LinkedIn extensively to contact and attract new relationships that can help get his business off the ground. He is attracting resources who will initially serve as advisors but some of whom may later become board members. These people can connect my partner to other resources, such as financial, legal and accounting help, in the second step of virality. This goes back to the fundamental thesis upon which LinkedIn was founded, that no one is more than six degrees removed from anyone else in the world. LinkedIn has taken that thesis and is gradually changing how the world of business does business!

Companies that don’t adapt to this new paradigm will be left behind. Those that do will see their business expand globally.

Tuesday, May 25, 2010

How does IC/IP identification and valuation affect the bottom line of the business?


There seems to be a huge disconnect between the academic and intellectual discussions on this and similar sites and the real world of business. A business owner is interested in IC/IP identification and valuation only to the extent that they positively impact the bottom line, reduce taxes, or, at the time of sale, increase the value of the firm.

Economic theory teaches that business owners should make decisions that maximize the value of the firm. This theory could be extended to maximizing profits of the firm as well. That is the ideal but, for numerous reasons, rarely accomplished in the real world of small to medium sized businesses (SMB).

The typical SMB owner is more concerned with minimizing taxes, keeping customers, assuring that his banker is happy, and having sufficient cash flow to meet payroll.

Unless the identification, valuation and monetization of IC/IP can be brought down to the ground level of the firm, unless IC/IP identification and valuation has a direct impact on those issues foremost in the minds of SMB owners, there is no way SMB business owners will care a hoot about intellectual capital or intangible assets.

At my current level of understanding of this very complex issue, which I have been studying and researching off and on for the last five years, it seems to me that the institution having the most impact on this issue for SMBs is the firms’ accountant. For the typical SMB, that accounting firm is a local or regional firm which may or may not be up to speed on the issues revolving around identification and valuation of IC/IP.

Rather, the accounting firm works at the direction of the client who is most interested in minimizing the amount of taxes owed which thus controls the entire directional thrust and activity of the relationship between accountant and client. It is unimaginable to me that a CPA, while auditing the books or preparing taxes of a SMB client, would take the time to explain the complex issues of IC/IP and its potential impact on the client’s business.

Furthermore, with the accounting profession continuing to operate as if we were still living and working in the 19th Century, there is little chance of this issue ever being brought to the fore by the accountant on duty. His job is to bill the most amount of time he can reasonably get away with and still keep the client happy.

Thus it falls on the accounting profession itself to change its thinking, which in turn will affect the rules promulgated by the Internal Revenue Service, which will then trickle down to the level of the firm and guide the accountants’ work for clients who wish to minimize taxes under generally accepted accounting principles while complying with IRS regulations.

It is a fact that public companies already recognize IC/IP on their balance sheets. It only takes a quick perusal of balance sheets on the SEC’s Edgar site to confirm how widespread that recognition is among publicly traded companies. Could it be that the leading international CPA firms do, in fact, recognize and value intangibles? Perhaps we should ask them.

I have personally been engaged in M&A transactions where millions of dollars of value was stated on balance sheets of several companies for such things as recipes, brands, customer lists and engineering drawings; all of which, by the way, are recognized by the IRS as Section 197 intangible assets which can be depreciated under current IRS regulations. See this link under the title: “Section 197 Intangibles Defined”

The only grey area remaining in my mind is if such intangible assets can be depreciated when internally generated rather than acquired. The IRS does not allow depreciation of internally generated IC/IP assets; they must have been acquired. Yet, again, in the same M&A transactions previously cited, at least one company had millions of dollars of value on the balance sheet for intangibles and had never completed an acquisition!

While the intellectual discussions of these issues will go a long way to changing the accounting profession’s treatment of intangible assets, it remains for practitioners to raise the level of awareness among SMB owners so they can, indeed, benefit from the recognition of intangible assets that often make up the majority of their company’s value.

Saturday, January 30, 2010

Critical questions to prepare for private equity group interviews

When interviewing private equity groups during the capital raising process, there are certain critical questions that will be asked and that you should be prepared to answer.

These questions are from a recent interview our client had with a private equity firm. We provided guidance to prepare answers in line with what the equity group expects to hear.

Q: “What was some of the high priority stuff you worked on?”

A: What roles, responsibilities did you have that you liked and where you excelled?

Q: “How do you get into the business, what’s actionable?”

A: Actionable means companies that are available at the right valuation, in the right space, are the right size, the right fit., etc. What action steps do you take to make the first acquisition?

Q: “How do you see this working, how do you put it together?”

A: What are the action steps required to make the transaction happen; what do you see as your role and your strategy to make your idea real?

Q: “How do you see the near term risk?”

A: What threats, what pitfalls do you foresee that will prevent the deal from happening or that may arise post-transaction? What are the risks going forward?

Q “What do your customers look like.”

A: Who, specifically, are your customers? Who will buy your products or services?

A: “What are the key roles you would want in place?”

A: What jobs and people are critical to execute your strategy? Who are the people you will put in place in the key roles?

Q: “What is the value proposition to the target companies?”

A: Why would the target company want to sell to you? What’s in it for them and their shareholders? What do you offer to make them want to be part of your organization?

Wednesday, November 18, 2009