Looking for a SBA Small Business Loan?

Since we’ve been in business we have received calls about helping companies obtain a SBA Small Business Loan.  Our answer is always the same, go to a bank.

You don’t need a consultant.  There is no magic person who can get you that loan.  The only person you may need is your company accountant to assist in filling out the financials.

A short How To

The Small Business Administration has a rather detailed website on what you need to do.  So here are some pointers to ease your way into that SBA Small Business Loan.

Continue reading »

When you mention Business Continuity to a businessperson, the usual response is that the IT staff handles that, because it’s all about computers.

How far from the truth this is… This misconception can lead to a major business interruption.  While IT Data Recovery is an important aspect of any Business Continuity Plan (BCP), how does your company access and deal with the voluminous other aspects of an event?

Aspects such as communication with employees, customers, vendors, financial institutions; daily critical activities as simple as receiving the US Mail, processing checks, shipping product, looking up information from manual/paper filing systems or project management.

Yes, some of these chores are related to IT systems, but not all.  How about if your premises become uninhabitable?  Where do your employees go?  How do they access the company phone system or IT systems.  What is the security like?  How do you notify your employees that an event has happened?

Let’s not forget those industries where BCP is not only mandatory but auditable by governmental agencies that can access fines for shoddy or incomplete plans!

Some of the aspects related to a BCP are:

Business Continuity
GAP Analysis
Business Impact Study
Disaster Recovery
Security (Physical/Cyber/Information)
Document Management
Policy & Management
Strategic Services
Response, Planning & Support
Exercising & Auditing
Education & Training

So you’ve done your analyses and created a BCP.  Did you fall into the trap of not anticipating that the foundation of all plans is based on your current procedures and policies?  And it is these procedures and policies that may not be sound.

With any foundation that has cracks in it, if you add the weight of a stressor, be it a rapid increase in sales, volume of transactions, a major fire or a natural disaster that these events (even good events like sales going through the roof) can cause your systems to break?

Business Continuity Plans need to be built, tested, updated, tested, updated, managed while training all employees and those business partners that have a need to know how the BCP are executed and what their role if any is in the case of an event.

So, while your computing may be in the cloud, your business is still on terra firma and you need to plan around that issue as well.

Tornado’s, flooding, earthquakes, hurricanes and other natural disasters; fire, threats, civil disturbance, accidents, structure failures, are always present and a fact of life.

Survival of your home, family and business is always a paramount issue when events such as these occur.  But are you ready?

Find a location on Earth that is immune for a natural disaster and share it; because I want to move there.  There isn’t.  And because both natural and “man-made” events happen, you as a business person needs to be prepared.

Preparation takes time and thought, patience and practice, but done correctly and continually can mean the difference between being  a going concern and failure.

Are you prepared?

Business Continuity is much, much more than data recovery and backing up your computers.  It’s taking your company’s core business operations from its existing location and making it ready to continue working productively in case of a critical incident that precludes use of your office space or your employees from reaching their office space.

You say you have a plan!  Walk over to the most junior member of your company and ask them what the Business Continuity Plan is or their part in the Plan.  I can tell you the answer without being there – confusion, doubt and no knowledge of what you are talking about.  The same goes for most of your mid and senior level people.

If they don’t know the Plan, or specifically their role and the role of the person above and below, as well as adjacent to them; then you DO NOT HAVE A PLAN!

So you have a Plan, congratulations.  When was it written, and last updated.  More than 6 months… you don’t have a fully functional Plan; or you may not have a plan at all, depending on how stale it is!

 So, you have a Plan, and it was last updated 5 months ago.  When was the last time you fully tested it?  Never?  Then you DO NOT HAVE A PLAN!

Testing a plan is essential for both practice and finding gaps in the plan.  Imagine trying a telephone tree to contact employees, only to find out cell service is out and you don’t have any non-cell numbers at hand!

In a recent survey of Hedge Funds conducted by COOConnect.com, 98% had Plans, but 67% of the Hedge Funds were too far away from the impact of Super Storm Sandy to be affected.  Those who were closer had time to implement remote connection procedures.

That’s great, but did the 98% of the Hedge Funds plan for loss of power, phone lines, cell service, internet service, transportation and all the other effects of Sandy that many areas of the Northeast felt and to some extent, still does?  Without a fully fleshed out and practiced plan, you DO NOT HAVE A PLAN!

What’s important is that all aspects of the Business Continuity Plan be tested, including such mundane issues of how to get to the office, who’s in charge and how do you keep your customers and vendors in the “loop” while you are in your event (and working under your Plan)!

What’s in a Plan?

Business Continuity includes (and this is just a brief listing) of:

1. Risk Analysis

Hazard Vulnerability Assessment
Business Impact Analysis
Mission Essential Functions (Level 1 Revenue Producing Business Activities)
Critical Support Functions (Level II activities in support of core business functions)
Cyber-Risk Assessment
Physical Infrastructure (Security)
Threat Profile e.g. High-Profile Investors
2. Crisis Management

Crisis Management Team
Crisis Management and Business Continuity Plan
Desktop Exercise

3. Disaster Recovery
4. Business Continuity
5. IT Resiliency
6. Incident/Crisis Management Assistance Team

SBA * Consulting has some of the top international professionals in Business Continuity, Crisis and Incident Management, Planners, Trainers, Drill Designers, Cyber Security, Information Technology, and Financial Operations and more.  Let us help you develop, train and assist you should you ever have an event.

Cyber Spying is not used by nation-states alone anymore. As Lisbeth Salander, the character in “The Girl with the Dragon Tattoo” demonstrated, if there is information on a network somewhere, it can be gotten – and not just by those intended to get it!  Today, cyber intrusion leading to crime is a real threat. A threat for all types of businesses no matter who wants to get into your system. As recent statistics from the “2012 Norton Cybercrime Report” show:

•There are 556 Million victims of cybercrime annually which equates to 1.5 million daily or 18 per second. Two out of three adults online are victims.
•The cost of cybercrime is $110 Billion annually.  85% of these direct financial costs result from fraud, required repairs or patching, theft and loss of intellectual property and hits each of these economies annually:
•US – $21 Billion
•Europe – $16 Billion
•China – $46 Billion

Cyber revelations

Almost everyday a new revelation hits the news! Another major player is hacked! It may be President Bush or ARAMCO.  Even the New York Times and the Wall Street Journal , have been victimized with many more victims have not come forward. Damage to these organizations and others can cripple them by destroying or changing data, disabling computers and stealing intellectual property.

As smart and dedicated as your IT people are, they suffer from myopia; that is they are too intimate with your system they believe that the firewalls, anti virus and other tools they have can control or mitigate the threats that are out there. Unfortunately, they can’t see or don’t look past your network and its set of tools. Our Consultants don’t know your culture, your IT dilemma or the intrusions that you have experienced. They do, however, know Security in the most proactive sense and can provide you with a no nonsense appraisal, straight-up, without sugar coating.

SBA * Consulting’s CIO’s and Senior Computer Security and Law Enforcement Consultants can independently review and suggest ways that will add protection to your company’s assets.

Contact us today at +1 (212) 487-5085