How Prepared Is Your Board for Cyberspace?

While cyber security is an important issue for boards, it has not always been top of mind. Because a major corporation like Equifax had a breach in its IT system, many companies are rethinking how to secure cyber security.

Boards around the world are examining the Equifax case to determine how to best secure their organizations valuable information stored in their IT systems. So who is responsible? Since the CEO has stepped down, it is apparent he was being held accountable. However, where was the board of directors?

In today’s world of cyberspace, corporate boards have to think about more than governance, CEO compensation and strategy.

As it stands, it is in the board’s best interest to ensure the company is not exposed to debilitating risks. Companies have workplace safety standards and sexual harassment policies to mitigate lawsuits. They even have disaster recovery plans in the event of natural disasters or occurrences like the World Trade Center plane crash. These plans and policies are in place to keep business running smoothly and perpetually. It protects customers and employees.

However, with sophisticated computer hackers around the world, it is no news that computer systems and valuable information can be breached and stolen. There are hackers who breach computer systems as a business. They ask for ransom in the amount of tens of millions of dollars. If it is not paid, they threaten to release the companies secure information, which sometimes could contain private email communication from top executives.

While many enterprises as large as Equifax may have disaster recovery plans for their physical operation, they may not have the same plan for cyber breach. The disaster recovery policies would include immediate action steps based on size of the breach, who made the breach, what information was taken, were company smart phones breached, what to communicate to employees, the public and shareholders as well as other important factors.

In some cases, it may make sense to inform the FBI. In other cases, it may be better to pay the ransom. The challenge with calling the FBI is that the hackers could be in countries like Russia. In Russia, the FBI may not pursue them. Why? Because the Russian government is always looking for good hackers. If the FBI exposes the hackers in Russia, the government may hire them, which can present long-term problems for the US. When it comes to paying ransom, it’s tricky. If you pay, they may hack you again as though you are an ATM machine. If you don’t pay, they may expose confidential information. These are also the kinds of challenges that directly involve the board.

What’s most important is that the board is talking about cyber security before there is a problem. There should be constant audits of the cyber security system to mitigate any risks. In addition, as a board, they should hold the CEO accountable for that security. Furthermore, there should be clear policies to guide the board and the executive team on how to handle the various moving parts in a delicate situation. Boards with disaster recovery plans and high accountability with the CEO are more likely to be forward thinking about cyber vulnerabilities and proactive about updating the security system.

Estate Tax Planning & Family Limited Partnerships

The general partner(s) manage the assets contributed to the family limited partnership. Limited partners generally have no rights with respect to the assets held by the FLP. The lack of Marketability and the fractional ownership of the limited partnership interests held by the limited partners are two of the well-established reduction principles that diminish the value of the taxable estate. The discounts allowed by the restricted rights provides for the reduction in the value of the assets held by each limited partner, but also increases the amount of annual tax-free gifting that can be attained. The current high marginal estate tax rates allow for wise and prudent planning which is necessary to preserve the family’s wealth.

Centralized Management of Family Assets
When using a corporation as the general partner, the general partner controls all of the assets in the partnership. This corporation can also employ family members and others. It will call meeting, conduct training sessions and facilitate wealth management. With a corporate general partner, continuity must be ensured even in the event of the husband and wife.

Minimize Probate
By using an FLP, the time and expense of probating an estate can be greatly reduced. When a Living Trust is also used, then there is no probate. Living Wills are not public record and therefore no one but those involved in the family know of its contents.

Cure Title Defects
The procedure for transferring assets to an FLP can help with the discovery of title defects. This can be a significant issue for real estate assets if not discovered and corrected.

Five Things You Are Messing Up in Team Building

There are a number of reasons why nearly every organization encourages teamwork. Research has proven that team building activities offer a good platform for companies to enhance high-impact learning, improve communication, boost employee morale and enhance overall productivity. Workers who embrace teamwork usually benefit by enjoying a sense of satisfaction in functioning a single unit to complete potentially challenging organizational tasks. What’s more, team building gives employees an opportunity to go back to the office with the new skill set and feeling reinvigorated as well.

It is also critical to mention that researchers have proven that having a strong team can potentially result in major gains for both small and established businesses. These long-term gains may include an organization’s ability to maximize profitability by enabling individual employees to better combine their skills to achieve improved results, being able to respond reasonably quickly to rapid structural changes, meeting cross-functional challenges. Team building provides an ideal chance for teams to participate together in a world where each one begins with an equal amount of knowledge about a given task. Equally, team building allows workers to become mission-oriented, a phenomenon that makes them achieve ideal results with minimum resources.

Most organizations will confirm to you that team building is always a daunting task to accomplish. It not only requires an experienced managerial team but dedication, sacrifices, time and energy. Even some of the best companies out there periodically make mistakes when dealing with people. In fact, it is quite common to find companies treating employees like kids and then ask why such workers so frequently fail to fulfil their potentials. What’s more, a significant number of organizations usually invest untold energy and massive resources in actions which ensure workers are unhappy! It is important for organizations to find effective ways of exhausting all the available strengths and abilities of people they employ.

Today in this post, we want to discuss in excruciating details, the five things organizations usually mess up in team building. Read on and enhance your knowledge.

5. Is your organization lacking leadership?

Quite often, discussions about team building revolve around effective communication, sharing a common goal and solving complex business problems. Even though these three factors are absolutely essential, one key factor which is often ignored is leadership! To come up with a strong and successful team, your employees must trust your judgment because this is when they will work efficiently even when you are not available. Of course, this doesn’t imply that you’ll have to be authoritative, instead, focus on fostering trust through humility, transparency, accountability, and honesty. If you didn’t know, it is too easy to dodge responsibility in team settings because you can easily hide in your sea of colleagues. This is where a leader comes in. In organizational settings, true leaders usually take full responsibility for a group’s final results. This means that the leader will be highly motivated to keep members accountable for their every action.

4. Neglecting your workers’ input.

This is a huge mistake a number of organizations do. Apparently, firms must connect team building with critical business drivers. Equally, you must set clear and achievable goals. However, organizations must understand that teams consist of human beings who have personal and different development needs which when fulfilled can potentially enhance the overall efficiency. Research has shown that focusing on the individual needs of a team strengthens your organization as a unit. On the other hand, putting much emphasis on the objectives of your business will only lead to short-lived benefits but does not foster sustainable development due to ineffective teamwork.

3. Unrealistic organizational objectives.

To create a strong and focused team, you must first set clear goals and share with them your objectives. Explain to your team members what you expect of them. Many businesses usually fail to set realistic goals thus leaving employees figuring out the likely outcomes. Set your goals according to your potential. Carry out an analysis of your available resources, assess the ability of your staff and set clear and achievable goals. To create a functional and reliable team, you must set clear goals and inform your employees about those goals. When every worker knows what is expected of her/him, teamwork becomes a success!

2. Failing to seek the opinions of your employees.

The key to team building is to understand and embrace this term: None of us is as smart as all of us’. Teams enable individuals to achieve things far much beyond every member’s individual potential. Bring every team member on board by asking for their ideas, opinions and suggestions. Equally, you should be able to implement those continuous improvement suggestions and empower them as well. Finally, you must provide relevant feedbacks regarding whether those ideas were implemented or rejected. Always make decisions after asking your team members for their input.

1. Failing to celebrate successes while acknowledging failures.

Recognizing and celebrating your business successes and milestones not only brings your team together but allows your employees to realize that people can achieve great things by working as a team. Learn to congratulate a team member who does something extraordinary. This helps members to feel visible and loved and acknowledge that their contribution is appreciated. On the other hand, if your team fails, come together and direct your thoughts and efforts at solving the problem. Remain positive and never turn your team discussion into a blame game. If you want your team building journey to become successful, you must avoid these five things at all cost.

The King James Onlyists’ Nightmare

Last Sunday night’s big event came as a shock to the small church – the St James Congregational Baptist Church in Silock, Alabama. An elderly group of five men and women were participating in a Bible class when a young preacher ran and told them to leave their class and walk with to the nave.

“What is it, Pastor?” one of the ladies asked the question everyone was wondering. “Just follow me as quickly as you can!” he said urgently. “You’ll be in for a shock.” As they approached the door to the right side of the nave, everyone could see a bright light beaming radiantly from the square mirrors.
As they went in, they looked and saw a bright angel. Everyone fell on the floor and began worshipping him. “No!” the celestial being said in a booming voice. “You must not worship me for I am only a servant of the Lord, much like yourselves.”

The angel turned down his brightness gradually so that he appeared as a human being. “Is this better?” he asked the stupefied congregation. “Please. Everyone sit. I have come on a mission. Your little group has been chosen to come with me in a time machine to watch some of the greatest events in the Holy Bible.”

Everyone sat up in astonishment as a large translucent box gradually appeared behind the angel.
“I know all of this is hard to take in, but the Lord has scheduled three events of the Bible that you as a group must choose… What scenes do you want to see?”

Although the five people and the pastor still had their mouths and eyes were stretched open as wide as possible, one of the elderly women asked, “Can I see when God found out Adam and Eve sinned in the Garden?”
“So be it,” the angel said.
“I’d like to see is Moses parting the waters.”
The angel said, “So be it!”
Then a man said hesitantly, “Can I see Jesus as He was being tempted by Satan?” “So be it,” said the angel. “Now, let’s all get into the time machine and watch these scenes.”

All five parishioners and the pastor got into the machine together with the angel and they suddenly vanished. In a matter of moments, the time machine arrived in the Garden of Eden. They stepped out into the garden, they saw Adam and Eve looking down in shame before God who was in the form of a mist. The angel told them they would be invisible where they went.

As the scene unfolded God spoke to Adam and Eve in a language, the elderly travelers couldn’t understand the language that they were speaking. The angel knew what they were thinking and said to them, “They are speaking in an ancient form of Hebrew.” Suddenly, the group stared at each and they looked upset and the angel knew why.

Thirty minutes later, after they saw the two other Biblical scenes, they looked extremely discouraged and all looked a little depressed. One of the elderly ladies got angry and said, “Why wasn’t everyone in the scenes speaking in English straight from the King James Bible?” An elderly man shouted, “This setup must have been a scam! Those people from the Bible must have been actors!” “Everybody knows everyone in the Bible spoke old English from the King James Bible – the perfect Word of God!”

Disaster Recovery Plan

A disaster recovery plan is a documented process to recover and protect a business IT infrastructure in the event of a disaster. Basically, it provides a clear idea on various actions to be taken before, during and after a disaster.

Disasters are natural or man-made. Examples include industrial accidents, oil spills, stampedes, fires, nuclear explosions/nuclear radiation and acts of war etc. Other types of man-made disasters include the more cosmic scenarios of catastrophic global warming, nuclear war, and bioterrorism whereas natural disasters are earthquakes, floods, heat waves, hurricanes/cyclones, volcanic eruptions, tsunamis, tornadoes and landslides, cosmic and asteroid threats.

Disaster cannot be eliminated, but proactive preparation can mitigate data loss and disruption to operations. Organizations require a disaster recovery plan that includes formal Plan to consider the impacts of disruptions to all essential businesses processes and their dependencies. Phase wise plan consists of the precautions to minimize the effects of a disaster so the organization can continue to operate or quickly resume mission-critical functions.

The Disaster Recovery Plan is to be prepared by the Disaster Recovery Committee, which includes representatives from all critical departments or areas of the department’s functions. The committee should have at least one representative from management, computing, risk management, records management, security, and building maintenance. The committee’s responsibility is to prepare a timeline to establish a reasonable deadline for completing the written plan. The also responsible to identify critical and noncritical departments. A procedure used to determine the critical needs of a department is to document all the functions performed by each department. Once the primary functions have been recognized, the operations and processes are then ranked in order of priority: essential, important and non-essential.

Typically, disaster recovery planning involves an analysis of business processes and continuity needs. Before generating a detailed plan, an organization often performs a business impact analysis (BIA) and risk analysis (RA), and it establishes the recovery time objective (RTO) and recovery point objective (RPO). The RTO describes the target amount of time a business application can be down, typically measured in hours, minutes or seconds. The RPO describes the previous point in time when an application must be recovered.

The plan should define the roles and responsibilities of disaster recovery team members and outline the criteria to launch the plan into action, however, there is no one right type of disaster recovery plan, nor is there a one-size-fits-all disaster recovery plan. Basically, there are three basic strategies that feature in all disaster recovery plans: (a) preventive measures, (b) detective measures, and (c) corrective measures.

(a) Preventive measures: will try to prevent a disaster from occurring. These measures seek to identify and reduce risks. They are designed to mitigate or prevent an event from happening. These measures may include keeping data backed up and off-site, using surge protectors, installing generators and conducting routine inspections.

(b) Detective measures: These measures include installing fire alarms, using up-to-date antivirus software, holding employee training sessions, and installing server and network monitoring software.

(c) Corrective measures: These measures focus on fixing or restoring the systems after a disaster. Corrective measures may consist keeping critical documents in the Disaster Recovery Plan.

The Plan should include a list of first-level contacts and persons/departments within the company, who can declare a disaster and activate DR operations. It should also include an outline and content stating the exact procedures to be followed by a disaster. At least 2-4 potential DR sites with hardware/software that meets or exceeds the current production environment should be made available. DR best practices indicate that DR sites should be at least 50 miles away from the existing production site so that the Recovery Point Objective (RPO)/Restoration Time Objective (RTO) requirements are satisfied

The recovery plan must provide for initial and ongoing employee training. Skills are needed in the reconstruction and salvage phases of the recovery process. Your initial training can be accomplished through professional seminars, special in-house educational programs, the wise use of consultants and vendors, and individual study tailored to the needs of your department. A minimal amount of training is necessary to assist professional restorers/recovery contractors and others having little knowledge of your information, level of importance, or general operations

An entire documented plan has to be tested entirely and all testing report should be logged for future prospect. This testing should be treated as live run and with ample of time. After testing procedures have been completed, an initial “dry run” of the plan is performed by conducting a structured walk-through test. The test will provide additional information regarding any further steps that may need to be included, changes in procedures that are not effective, and other appropriate adjustments. These may not become evident unless an actual dry-run test is performed. The plan is subsequently updated to correct any problems identified during the test. Initially, testing of the plan is done in sections and after normal business hours to minimize disruptions to the overall operations of the organization. As the plan is further polished, future tests occur during normal business hours.

Once the disaster recovery plan has been written and tested, the plan is then submitted to management for approval. It is top management’s ultimate responsibility that the organization has a documented and tested plan. Management is responsible for establishing the policies, procedures, and responsibilities for comprehensive contingency planning, and reviewing and approving the contingency plan annually, documenting such reviews in writing.

Another important aspect that is often overlooked involves the frequency with which DR Plans are updated. Yearly updates are recommended but some industries or organizations require more frequent updates because business processes evolve or because of quicker data growth. To stay relevant, disaster recovery plans should be an integral part of all business analysis processes and should be revisited at every major corporate acquisition, at every new product launch, and at every new system development milestone.

Your business doesn’t remain the same; businesses grow, change and realign. An effective disaster recovery plan must be regularly reviewed and updated to make sure it reflects the current state of the business and meets the goals of the company. Not only should it be reviewed, but it must be tested to ensure it would be a success if implemented.