Small business owners continue to make the mistake of thinking they are too small and insignificant to be of any notice to cyber criminals. That notion simply couldn’t be more wrong. It is precisely this type of thinking that makes the job of the hacker so easy.
The good news is that small business owners are well poised to stand in the breach of security breaches by just doing the simple things that amount to security best practices even at the consumer level. The real problem is not that security is too hard, or too expensive, or too inconvenient.
The problem is that too many people just fail to do even the minimum. When consumers have this lapse, they endanger themselves and their families. When small business owners have this laps, it endangers the entire system.
As the frontline in this struggle against hackers to keep customer information safe, there are things you can do, and in doing so, help secure everyone. The first step is to know how hackers think, what they are after, and how they plan to get it.
1. Secure BYOD Policies
Bring youR own device (BYOD) is one of the better corporate moves in a long time. But there is bathwater with the baby that needs to be drained. BOYD policies only make sense in the context of strong mobile device management (MDM) infrastructure. For small businesses without an extensive IT department, the better strategy is to keep personal devices firewalled from the corporate network altogether.
Leaving malicious intent aside, it is too easy to start working with sensitive information on a personal device. Of course, you will bring that device home to continue working. that is how many breaches occur.
The better policy for small business is to disallow personal devices on the company intranet. And provide a separate Guest network for personal devices and visitors. Let them check their social media on devices and networks that don’t touch company information.
2. Develop and Stick to a Written Password Policy
If you don’t have a written password policy that is enforceable, then you don’t have a password policy at all. Try using a password policy template to get you started. Your policy should include the following:
- Sufficient complexity, no dictionary words, combine upper and lowercase letters and special symbols
- Each password must be unique, never reused for any other account in or outside the company
- Passwords must be changed on a regular basis
- All default passwords must be turned into unique passwords immediately
- Never use unauthorized password managers
- Never write passwords in plain text to be placed in unencrypted files
- Never write passwords on a piece of paper or sticky note
There is nothing particularly corporate about these policies. They are the same policies you and your family should already be using at home. At work, these policies cost very little to implement. It is more a matter of vigilance and accountability. That is something you are already doing as a small business owner.
3. Physical Access
Cybersecurity is not just about what happens out there, in the cloud, and over the net. Every hacker knows that if they can gain physical access to your system, there is no security model that can keep them out.
The VA incident is one of the early breaches sometimes referred to as the one that started it all. It involved 26.5 million records of discharged veterans including SSN, names, and birthdays. This assault against our nation’s veterans was not a matter of hard computer science. It did not take the resources of a foreign nation. It happened because an employee brought a laptop home, left it unsecured, and had it promptly stolen.
There is still no simpler way to perform a cyber attack than to game physical access to a seemingly insignificant system. Unshredded documents left unattended on a desk is enough to bring a company down. Physical security is still the first line of cybersecurity. Policies should include the following:
- Use Kensington, or other brands of physical locks for laptops and workstations.
- Never leave laptops or papers visible in an unattended vehicle.
- Always shred before discarding papers.
- Work laptops and smartphones should be securely locked away in something like a safe when at home and not in use.
4. Limit Vendor Access
After hackers accessed Target’s network on Nov. 15, 2013, Target claimed they were “the victim of an especially sophisticated cyber heist.” But thanks to Krebs, we now know the cause was “much more mundane and wholly preventable.”
A username and password was lifted, not from Target, but from an HVAC vendor that contracted with Target. This is the textbook example of attacking a small business to get to a big one. The contractor was tasked to monitor temperature and energy consumption at the retail stores. But those systems were not walled off from other systems like cash registers.
Never give vendors permanent access to your network. And be sure that when vendors must have access, it is to systems and functionality firewalled from other critical services. If they must work on critical services, have them do so on premises.
When a tech is on premises working on your critical systems, watch them.. It does not have to be done in a disrespectful way. You don’t even have to understand what you are seeing. About any unscrupulous tech will think twice before trying anything while someone is present.
5. Updates and Patches
Finally, let’s not forget the WannaCry/WannaCrypt ransomeware attack that took down the healthcare system in Britain, and other parts of the world. The attack was only possible on old, unpatched Windows computers. If you are still rocking a beige box under your desk, you are asking for an attack. It can’t be patched to modern-day standards.
Your 5 year old PC is a liability. It doesn’t matter if it still works. The world of cybersecurity has changed since your last computer purchase. Be sure to run your business on the most recent hardware you can afford. Next, be sure to keep it updated constantly as security models constantly change. Finally, develop a backup strategy so that simple attacks like ransomeware can never cripple your business.
No one thing can protect you from every possible cyber threat. But securing BYOD, developing a written password policy, monitoring physical access, limiting vendor access to networks, and keeping systems updated and patched will keep you protected from most cyber attacks for years to come.
Listen to CEO and founder of Marketlend, Leo Tyndall, discuss the balance needed in borrowing and investing to ensure both parties are satisfied. If you want to read the full transcript, please see below.
Well, ’cause they’re gonna have to pay a rate for money sitting in a bank. They’re going to pay the unutilized fee, which is typically 7% per annum, and they’ll be paying that fee whilst the money is not being used. And the reason they’re paying that fee is the investor has actually given the full commitment to the money, and he’s actually placed the money in the bank account saying, “You can use it whenever you want.”
However, you need to get valid invoices, obviously. And in this case, if we turn around and we have too large a limit, they just won’t utilize the facility and it’ll become a cost for them. So what we do is, we look at the fact that we don’t want a situation where the investor’s not getting the return that they expect because they’ll be saying, “Well I don’t want money sitting in the bank and earning 7%,” although these days 7% in the bank is quite a good return.
But at the same time, you don’t want the borrower saying, “Why am I paying 7% for something where that money, sure it’s a commitment but I’d rather only pay it when I use the money?” So we try to run a bit of a balance there and ensure that both parties are successfully happy in the arrangement.
Starting your own small business can be one of the most exciting and challenging of life’s adventures. But as the rates of attrition among news businesses show, it takes a lot of hard work and some savvy decision-making to go the distance.That’s why it’s a pleasure to welcome Kirsty Lamont, money expert at financial comparison site mozo.com.au, to share some financial tips to help budding businesses stay on the right course.
When it comes to making the right financial choices for your business, it pays to get the simple things right early on. That means creating and sticking to a realistic business plan and securing funding with a great value business loan. But what about the traps? Mistakes are inevitable when your business is in its infancy, but by avoiding these four financial traps you’ll be able to focus the funds you have now on growing your business, and setting yourself on the right financial path in the future.
You’ve heard the expression before, but mixing your personal and business finances really is a cardinal sin – and for good reason. Not only will keeping separate finances give you a clearer picture of how your business is actually performing, your accountant will thank you come tax time. That means completely different bank accounts, savings accounts, and credit cards for your business and personal life!
Business bank accounts often come with a greater variety of features than you may be used to with a personal bank account, but the trade off is they also tend to carry higher fees. So make sure you do your research first before diving in by comparing business bank account options to find an account which has the right features for your business needs without unnecessarily high fees.
It’s no secret that Aussie household budgets have been feeling the pain of high energy bills in recent years. But according to the Australian Energy Market Commission (AEMC), small businesses have been hit even worse, as they pay more for every unit of power and don’t have access to the same kind of hardship programs as residential users.
Of course, energy costs are going to vary depending on the size of your small business itself. A cafe, for instance, may use a lot more gas and electricity than a florist, but no matter the size and industry, comparing energy plans and switching to a better deal is a real no-brainer when it comes to trimming unnecessary costs. But just because you find a great value energy plan now, don’t fall into the trap of becoming complacent. Regularly reassessing your deal is a must, especially when there can be thousands of dollars of savings on offer for small businesses willing to change to a better value energy plan.
There are plenty of mistakes that new business owners make when it comes to tax – after all, tax can be confusing enough as an individual. But given the number of tax benefits available to small businesses, it makes sense to make use of them. For example, the $20,000 instant asset write-off alone, which is available to businesses with a turnover of less than $10 million a year, could make a huge difference if you’re just starting out.
And while doing your own research is important, so is seeking outside advice if you need it. The right accountant should not only be able to help you minimise your tax bill for the last financial year, they should be able to provide advice to maximise your benefits and minimise your costs in the years ahead.
Many business owners might not realise it, but business credit scores exist in the same way as personal credit scores. So why does your business credit score matter? Well, while you may already have secured funding for your new business, chances are you might need some more financial help down the track.
So keeping up with your bills, paying back your business loan on time and only opening new lines of credit (like a business loan or credit card) when you absolutely need to are all ways to maintain positive credit health. And with the recent introduction of mandatory Comprehensive Credit Reporting (CCR) the effort you put into maintaining your credit health could really pay off as lenders start to reward creditworthy borrowers with more competitive rates.
Listen to CEO and founder of Marketlend, Leo Tyndall, discuss how to balance the rigorous collection process with caring for SMEs. If you want to read the full transcript, please see below.
The way that we balance our collection process with the SMEs, is what I mentioned before that we contact them in the first day and second day. What happens is that representative calls them. And when he calls them he talks to them, and then he actually puts them in touch with our relationship manager. So we have a single relationship manager that is responsible for the area of post-settlement, and his job is to then communicate with that client and identify what’s going on. And if it’s a simple thing, and we’ve had them before where they’ve had one debtor who’s not paying on time or something similar, then he will work with them on how can we assist.
In some examples, what we’ve done is, we’ve then flown our financial controller, who is a chartered accountant, to go and sit with them and work out what’s going on with their cash flow. Maybe rejig some certain things in their cashflow, and suggest various options.We’ll also look at possibly getting limits against some of their debtors that they haven’t sold us the invoices to, to see if we can improve that position. We’ll also suggest to them to look at other options of possibly pulling on an equity investor, or something similar.
So it’s not as harsh as we turn them off. It’s very much a case of working with them. When I say time is the enemy, time is the enemy if we don’t work with them and we just turn off. And this is something we’ve always had SMEs communicate with us when you can’t pay. The worst event we can have is where they turn off all their phones and it all just becomes too hard and they went, “Uh-uh-uh, I just can’t handle it.”
Overreach is one of the biggest mistakes made by entrepreneurs. Despite the mountains of evidence supporting the concept of niche marketing, startups have a hard time fighting the urge to try and be all things to all people.
The impulse to abandon the niche strategy and go for the bigger prize is understandable. After all, if having a hundred customers is good, a thousand must be better. In this case, intuition is a poor business partner. To suddenly dump 10X the customers on a small business would be catastrophic in most cases.
It might surprise you to learn that the vast majority of small business owners have no desire to grow their business. This was one of the findings from a study by Erik Hurst and Benjamin Pugsley of the University of Chicago. Meteoric growth is not the brass ring for which every small business owner is reaching.
It is more important to be a right-sized business than a growing business. That is true whether you are a software developer or a hairdresser. One of the key reasons startups end up overreaching is they have never considered what the right-sized business looks like for them. Here are a few others:
Many Entrepreneurs dream of becoming the next Steve Jobs. And that’s a real problem because Steve made it look easy. Companies the size of Apple, Microsoft, Google, Amazon, and Facebook seem to defy the rule of finding and sticking to a niche.
However, the appearance of universal appeal is an optical illusion. Each of those companies owes their success to mastering their niche. Apple does not make products for everyone. They have a narrow appeal that happens to run very deep. They are interested in the top of the market, not the fat middle. Microsoft makes their money from enterprise services. Google is an advertising company.
Each of these companies know who they are. When they go off track, it is almost always due to forgetting their niche and reaching for someone else’s piece of the pie. Even the big companies are very focused. So don’t fall for the illusion that they defy the niche strategy. They don’t defy the niche. They define it. Any appearance to the contrary is an optical illusion.
Establish a Base
Even if you are planning a meteoric rise, it is important that you establish a solid base. Your base consists of two parts:
- Your first minimum number of steady customers that keep you in business. If you fail to gain other customers in other markets, your base will sustain you.
- Your first business identity, product, and service that gained you your steady customer base in the first place.
A well-established base is a safe place to which you can always return if that becomes necessary. It is your fallback position, and the place from which you can build again. If you do not establish that solid base before reaching higher, you have no safe place to return.
Your base is your first and most important niche. Make sure it is always super-served.
Be an Expert
The way to become an expert is to narrow your niche. Don’t just make candles. Make artisanal, organic candles sourced from local materials designed for religious ceremonies. Now that’s a niche. Not everyone is going to want one of those. But everyone who does will want it from you.
Once you establish your area of expertise, you can slowly branch out. But you might not want to branch out if you find that your niche is satisfying. You might actually make more as an expert in a small niche than you would as a generalist in a large one.
Super-serve, Not Super-size
Success is in super-serving a loyal base, not supersizing your business to an unmanageable level. There are challenges large businesses face with which small businesses needn’t bother. Those challenges come in the form of investors, regulations, employees, and infrastructure.
None of these are bad in and of themselves. But they are challenges that can apply downward pressure to cashflow, life-balance, and focus. Remember Steve Jobs grew Apple to the point where he was no longer welcome in his own company.
You can never reach your brass ring without entering through the golden niche. Every successful company is well-defined, with an established base to count on when times are tough, expertise in an area that makes them unique, and a super-served core that has helped them become super-sized.
Listen to CEO and founder of Marketlend, Leo Tyndall, explain why he created Marketlend. If you want to read the full transcript, please see below.
The reason why I created Marketlend is I saw a gap in the market. What I saw was that at the smaller end of town, the SMEs were finding it difficult to actually obtain extended credit terms. Whereas the bigger end of town was getting those. So what I mean by that was that what we found was that SMEs were actually turning around and having to pay, say, seven days or 30 days net of an invoice. Whereas the bigger end of town was paying 90 days extended credit.
So what we did was, we set up a business which was essentially able to give those smaller end of town clients, and these are SMEs between typically turning over 250,000 and up to 5 to 10 million, the same advantages as the bigger end of town. So that was to essentially enable them that they could buy goods on credit, have 90 days to sell those goods, and within that time then they would have the funds to repay back the 90-day credit or in the case of a debtor finance arrangement where they were able to turn around and fund their working expenses and working capital, and they were able to do that within the cycle that they would have in whilst they’re waiting to be paid by a large debtor.
Terrific to see The Australian covering the launch of UnLock for suppliers and SMEs. UnLock is a first of its kind funding innovation and should help SMEs and their suppliers thrive. To learn more about UnLock click here.
UnLock is also a testament to Marketlend’s commitment to building fair and economical innovations for SMEs, and comes at a time when this under-served, but critical part of our society, is starting to get the attention it deserves. To read the story on The Australian, please click here.
SMEs financing: Online lender Marketlend in ‘buy now, pay later’ push
The battle in the often controversial “buy now, pay later” industry is spilling from the consumer into the business sector, with a new player set to push into the market this week.
The Australian can reveal online marketplace and peer-to-peer lender Marketlend is forging ahead with a venture that connects small businesses and their suppliers and facilitates payment over time.
Marketlend has appointed former local American Express head of strategic alliances Karl Lauxmann to drive its buy now, pay later business and lead innovation, partnerships and sales.
But the venture comes as regulators and politicians take a greater interest in the industry, where listed players including Afterpay Touch Group and Zip dominate.
The Australian Securities & Investments Commission is expected in December to release its deep dive into the sector, with the aim of determining whether customers are at risk of harm or the industry requires further regulation.
It also follows the federal government yesterday announcing several measures — including a $2 billion Australian Business Securitisation Fund for regional banks and non-bank lenders — to boost small and medium business’ access to capital at more affordable rates.
“We’ll encourage any government (support) to the market as long as it is to responsible lenders,” Marketlend founder Leo Tyndall said, cautioning that lenders benefiting from the measure should not seek to profiteer from a lower cost of funds.
“When they’re identifying non-bank lenders they have to make sure these lenders are prudential and providing a rate that is economical to the SME and tax effective — not like many of the lenders that are out there who seem to be unscrupulously taking advantage of the tightening of credit for the SME,” he added.
Mr Tyndall’s buy now, pay later division is called UnLock and is based on a model where suppliers and businesses register and Marketlend pays the supplier upfront, less a percentage discount, assuming credit and fraud risk. The business customer doesn’t pay interest.
The term for amounts of as much as $75,000 is up to 90 days, while a large proportion of suppliers typically give business customers 30 days.
“They are able to capitalise on that cashflow … It is an untapped market and these small businesses need these sorts of products,” Mr Lauxmann said.
“You’ve seen the big four (banks) sort of withdraw (from parts of the small business market) and there is a further widening of the gap.”
The buy now, pay later industry has, however, raised the ire of consumer groups over high late payment fees and lax identity checks by some players. Afterpay just this year had to add external identity checks to its proprietary platform checks, after an under-age customer gamed the system to buy alcohol.
Mr Lauxmann said UnLock used a closed-loop system which included credit assessments and identity checks. He admitted if business customers missed direct debits they would be hit by a $25 fee but said it wasn’t a “revenue-generating” grab by the company.
“This is purely about business they are already doing,” he said. “This program doesn’t work if small business is getting into trouble on it.”
Marketlend will also have other players nipping at its heels as it pushes into buy now, pay later, while some businesses may prefer to stick with traditional invoice financing.
Cloudfloat, co-founded by former Telstra project manager Aleem Habibullah, is another player preparing to launch in December. It will initially focus on business customers before weighing an expansion.
Listen to CEO and founder of Marketlend, Leo Tyndall, discuss the biggest mistake an SME can make when it comes to its financial health, and why time management and decision making are critical. If you want to read the full transcript please see below.
I think it’s difficult to say it’s a mistake. I think it’s, it’s unfortunate to say a mistake. I think what’s happened is that SMEs don’t have a lot of time to actually make decisions. And the biggest problem they have is that the options for them to pick the right financier are just not in their face, so the mistake they do is not enough due diligence.
Now, is it a mistake or is it just a difficulty? I think it’s more like a difficulty they have in their space that the first thing most SMEs think when you’ve asked them about finance is “The bank.” And then they’ll go to their bank and they could waste a lot of time where they could find they don’t have probably collateral and can’t even get a loan, or you have this thing that they go on the web and they see an SME lender, and they click a few buttons. Go, “Whammo, I’ve got my money.” But they don’t look at the implications and how that affects their business as a whole.
So the biggest problem that I think we have in Australia, which is a very unusual problem in Australia, is that we don’t have a very deep equity market for small SMEs and we don’t have a very deep debt market for SMEs. So, as a result of that, they don’t have the option say like in the US or something similar where they can actually bring on venture capitalists, or they can bring on other funders to help them with the funding. They have to essentially just take what’s right in front of their face, and the problem being what’s in their face is whoever makes the biggest noise. It’s the SME lender that’s charging 40%. He’s the one who’s going to get the biggest, you know, hits because he’s the one that’s in everyone’s face. They’re not doing enough due diligence.
This week The Fifth Estate is reporting about Marketlend’s new clean energy funding option GreenLend, which has garnered the participation of leading Australian renewable energy company Planet Ark Power. The new funding plan is on track to connect more environmentally conscious investors with green businesses.
Investors are increasingly looking to invest “beyond” their checkbooks and with their consciences, but they can also find it difficult to find and fund businesses that align with their values. In particular, many investors are seeking to invest in solar and renewable assets, while also looking to avoid big banks and high interest rates.
That’s where GreenLend offers a solution since it was designed to accelerate the expansion of solar capacity and other clean energy in Australia. It helps sophisticated and wholesale investors directly fund clean energy SMEs by offering them a special interest rate on loans from Marketlend’s investors.
According to founder and CEO of Marketlend, Leo Tyndall, Marketlend has always taken a long-term view when it comes to financing SMEs.
“We want businesses to thrive long into the future,” he says. In fact, since its launch in 2014, Marketlend has funded over AUD$56 million to Australian SMEs. But GreenLend specifically targets Australia’s energy future by “ensuring today’s energy innovators get the access to capital they need so they can continue addressing one of the world’s most pressing concerns – climate change.”
SMEs can apply for funding on Marketlend’s online lending platform, and those businesses in the clean energy space will be marked with a special badge to help investors identify them. This will be based on criteria that will include supporting SMEs largely or wholly focused on clean energy, sustainable products, recycling and energy efficiency. Once identified as ‘green’, these borrowers receive an attractive interest rate of 8-9 percent while investors in these clean energy businesses will typically earn a return of between 5 percent and 7 percent.
The funding plan’s first borrower, Brisbane-based Planet Ark Power, has received a $500,000 loan from fifty investors through GreenLend. It will be use the money to improve cash flow, trade credit, and working capital. Planet Ark Power’s mission is to help businesses, governments, and individuals reduce their impact on the environment. Executive Director Richard Romanowski explains that the energy provider’s main focus is making renewable energy as efficient and hassle free as possible. The greater the uptake of renewables, he explains, the greater the benefit to the planet.
But in the past financial hurdles had hindered growth plans, which is why Marketlend’s GreenLend can help the company. The funding plan connects Planet Ark Power directly with investors, and helps the company rapidly increase recruitment and installation of more rooftop solar panels across Australia.
“In turn, we’re able to save households and businesses millions of dollars while reducing our carbon footprint – it’s game changing stuff,” Romanowski says.
While Planet Ark Power is one of the first companies to receive funding, Marketlend is uniquely placed to connect more SMEs with needed funding, helping them progress across their growth curve and achieve scale in ways they couldn’t before.
Listen to the CEO and founder of Marketlend, Leo Tyndall, explain Marketlend’s collection protocols and emphasize the importance of communication. If you want to read the full transcript, please see below.
Marketlend has discovered over time that – and it sounds strange – but time is your enemy when it comes to collections. The longer it takes for you to collect, the higher risk you have that there’s no assets left. So as a result of that, what we typically do in collections is this: If someone fails to pay, we actually have an alert system. We have three alert systems. We have an alert systems where we tell the client before it’s due to pay. We send them an SMS, we send them an email. If it doesn’t pay, they also get another alert, an SMS. On top of that, we will have one of our representatives call them and say, “Hey look what’s going on”, and understand it. That’s on the first occasion. If the representative can’t get through to them, we then have a second representative call them. So we have two of them chase them up.
Then after that, that’s within the one day. When it comes to the second or third day, we will try to rerun the direct debit, ’cause everything is paid through direct debit. And if that direct debit fails on the second occasion, then it moves to what we would say a more severe collection event. They are then put on what we call an alert system, which sends them out a message saying, “You’re on second direct debit. You do realize that you’re trading in solvent.” And then what we will do is within the next few days we will try to resolve it. If we still can’t get in touch with them, we forward it across to a collection agency, which is a subsidiary of QBE, and they will then take over the collections process.
If we think it’s futile even sending it to them, we will then do a thing like issue a statement of claim or a statutory demand which takes legal proceedings. And we move very quickly. We’ll have that done within 30 days. Depending on the amount, we’ll also investigate whether it’s worthwhile for us to actually send one of our representatives up there. Or if it’s a lower amount, we will send, we have an agency that sends a, what we call a field agent, and that field agent would go out there and do a report and tell us what’s going on. So what we do is- so that’s in the event that they’re not communicating. If they’re communicating, we will then see where they’re at. And if they make a promise, we will follow that promise. If they keep to their promises, great, they’re back on track. If they don’t keep to their promises, well then we escalate it further. And we engage our legal department and also an external lawyer.