December 19, 2014
Running a small business is an activity that requires a combination of skills that not everybody possesses. For example, youmust be able to market your idea and/or look for new customers, while making sure that your financial liabilities don’t go out of control. This is especially true if the business is still in its early stage. As a small business owner, you probably know the value of money. Indeed, you need financing to keep your operating cycle running, but it’s not the easiest resource to secure, especially from banks. This article defines working capital finance and identifies some of its sources.
What is work capital finance?
Work capital finance is the amount of money that you need each cycle to run your operations. This amount is calculated by subtracting current liabilities from current assets. Without this capital, you wouldn’t be able to manufacture your products or deliver your services to customers.
How do you secure this financing?
For small businesses, factoring companies are the major providers of work capital finance. To get this financing, small businesses sell a portion of their account receivables at a discount in return for instant cash. As you might know, account receivables are the outstanding invoices that customers must pay to a business within a pre-determined time period usually ranging from 30 to 90 days. But since the selling business can’t afford to wait until its customers settle their invoices, it’ll have to find the money it needs elsewhere, which is where factoring companies become relevant.
What is the cost of work capital financing?
When a small business finds a factoring company willing to buy its receivables, both parties start to negotiate on the discount rate. Usually, factoring firms assess the risk associated with the small business by analyzing its financial ratios such as the account receivables turnover ratio. This metric reveals how fast customers generally settle their outstanding invoice. The higher the ratio, the lower the discount rate.
Factoring is the most popular source of work capital financing, and by far the most preferred among small businesses because of its relatively easy accessibility in comparison to commercial loans.
Please contact us now if you have more questions.
December 12, 2014
The first part of this report covered the increased national investment in cyber security and explored fundamental vulnerabilities in critical infrastructure systems. This section gives insight into how control and command systems are infiltrated and highlights the dangerous capabilities of identified cyber threats.
How systems are penetrated – Trojans and Botnets
Specialized computer viruses, called Trojans, are usually the first line of attack. These viruses have the capability to open up communications channels with remote operations centers. Once communications are established, the remote server can then deploy additional malicious software. This follow-up software is often designed to target specific types of systems, both economic and industrial. These programs frequently include stealth routines, high levels of encryption, data compression. and reactive evasion tools. These features allow sophisticated software to camouflage their activities. Other programs are less subtle in their techniques, but often manage to infect remote systems.
A network of compromised systems is called a bot net, and represents the most dangerous threat vector. Bot net commands may originate from a single web host or may distribute information across a number of machines using peer-to-peer sharing techniques. Systems which are not connected to the internet can be penetrated by using social engineering techniques to physically place software, including communications access, onto an isolated network.
The Trojan can then proceed to deploy tools such as: platforms for denial of service attacks, command hijack tools, and injection tools designed to subtly alter program parameters. Observational tools such as real-time keyloggers, file system cataloging and upload tools, and audio and visual recorders have also been encountered. The possibilities are nearly limitless. Once a hacker takes control of a system and acquires full privileges, the hacker is capable of any task the system operator would be able to accomplish.
Unfortunately, the potential for a hostile force to hijack the control systems of an airplane, hydro-electric dam, vehicle traffic control system, or nuclear facility, have obvious and severe implications.
Energy sector bot nets:
Signatures of several bot nets have been identified as active and present within the energy sector. The following are among the most entrenched within existing installations.
This botnet almost exclusively targets systems in the energy sector and has been identified as being present in several NATO countries. The Department of Homeland Security has issued an unknown number of reports to potential targets. The vulnerability has been found in software issued by private vendor companies to manage internal systems. There are several variants of Black Energy and recently a number of additional countries have reported infections, according to SecureList.
This bot net initially targeted defense and aviation companies, both in the US and Europe. Recently the network appears to have shifted its focus towards energy industry targets. Dragonfly uses remote access tools, such as Backdoor.Oldrea and Trojan.Karagany. Infection vectors include spam e-mail campaigns, exploiting compromised industry websites and using browser weaknesses identified by malicious java script fingerprinting techniques. Attacks appear to be initiated from Eastern Europe, according to a white paper issued by the private research firm, Symantec.
Recently announced by Symantec, Regin.backdoor is a virus with numerous capabilities. While not yet found in the US or China, this botnet is considered a tier one threat. The botnet has infiltrated telecommunications, energy sector targets and corporate control systems in several countries. While it appears to be currently employed as an intelligence gathering tool, modules designed to take over systems directly have been identified. The originating actor is currently unknown. Like many viruses of this nature, Regin which was launched as early as 2006, remained unidentified for several years.
The industrial control systems cyber emergency team, ICS-Sert, administers alerts and reports on a wide range of vulnerabilities and threats to control systems.
Stay ahead of the competition
Recognition of competitive opportunities in the government sector can result in significant market advantages. To learn how our expertise can increase existing opportunities, and assist your organization in identifying new opportunities, contact us at Financial Engineering Counselors.
December 5, 2014
The prioritization level of cyber warfare technologies, within the government, can be established by comparing aspects of their budget requests. For fiscal year 2015, the Department of Defense sought $7.5 billion in funding for the Missile Defense Agency, which represents a key aspect of global strategic dominance. By comparison, they requested $5.1 billion for funding of cyber operations designed to “enable both offensive and defensive capabilities across the full range of cyber contingencies”. The numbers make it clear, in terms of strategic importance, the DOD has placed cyber defense on par with ICBM delivery systems.
The DOD is not alone in requesting funds in the cyber arena. The Department of Homeland Security, according to the agencies budget-in-brief (see PDF page 20), requested $1.25 billion dollars for safeguarding and securing cyberspace.
These budget requests show a growing recognition of the importance of the global internet in national security terms.
High priority programs
Revelations regarding the extent of electronic intelligence gathering capabilities over the internet reached high levels of national awareness. While it is no longer a secret that DHS has invested heavily in espionage activities, the DOD has a wider range of priorities. These include: cyber security research, cyber ops technology development, and an initiative to consolidate DOD networks under a coordinated cyber command. Development of an integrated cloud based platform for sharing of resources, standardized between military branches, also received significant focus in the Pentagon’s cyber operations FY2015 request.
Hardening key infrastructure
Hardening critical infrastructure was designated as a primary area of interest. Specifically the Defense Budget Priority Choices report indicated a necessity to defend networks, degrade adversary cyber capabilities and support national infrastructure including “federal and critical communications systems” in conjunction with the DHS.
How severe is the threat?
Defense One ran a story with the alarming title of “Major Cyber Attack Will Cause Significant Loss of Life By 2025, Experts Predict“. The report takes the position that, while it was impossible to know when a life threatening cyber security breach would occur, an incident of this nature is an inevitability. Defense one posited that hostile foreign nations, terrorist organizations, and even independent actors could potentially launch a devastating attack that could result in mass casualties. Economic targets were also listed as likely targets.
The reality of the situation
The nation’s infrastructure defenses are incredibly porous. Interconnected networks including telecommunications, energy sector, transportation and essential commercial sectors are extremely vulnerable. The trend towards heightened integration of transit systems, including driverless cars and drones, indicates that as time passes, increased potentials for mass havoc will rise. Systems are highly susceptible to infiltration and compromise by outside actors. What is extremely alarming is that, not only are these types of attacks theoretically possible, many of these systems are already compromised.
The presence of malicious tools, capable of taking over SCADA (Supervisory Control and Data Acquisition) based systems have been identified, throughout the world. Positive threat identifications have been found, not only within the United States, but also in Europe, Russia, China, India, Saudi Arabia and a host of other countries, both friendly and hostile to US interests. These tools, in many cases, are capable of not only observing systems, but actually taking over the command and control functions of their targets.
A deeper look
It is clear that cyber security is a high priority throughout the government. Follow our blog for “Cyber Security and Infrastructure Targets – Part 2 – Critical Systems”, where we take a deeper look at how systems are penetrated. Our report includes an overview of specific active threats which have successfully infiltrated critical infrastructure, including the Dragonfly, Regin and Black Energy bot networks.
Stay on top
At Financial Engineering Counselors, our expertise can help your organization access the financial resources to protect and grow your company. Contact us to learn how our experience, reputation and affiliations, can help your enterprise stay on top of the game.
November 28, 2014
Federal contractors looking to take on new business opportunities with government agencies in the 2015 federal fiscal year are looking at the highest contract value opportunity in the past five fiscal years, according to a new report from enterprise software and IT firm Deltek. The federal opportunities for contractors seeking to work with the government in the 2015 fiscal year represents 220.3 billion in total contract value, Deltek says.
Most of those dollars will be available in information technology, which represents a $161.5 billion contracting opportunity. That total makes up 73 percent of the top 20 total contract value, Deltek says. Compared to last year, professional services made up most of the contract opportunities. The increase in the value of IT contracts is due to follow-on contract programs in IT that are expected in the 2015 federal fiscal years. Deltek says that follow-on opportunities account for 99 percent of the value in the top 20 contract opportunities.
In most years, defense contract opportunities outdistance civilian opportunities by a large margin. But Deltek expects that the top 20 opportunities will be split evenly between defense and civilian, in terms of both dollar value and the number of opportunities.
Federal Times notes that the projected total value of defense contracts fell by nearly $7.5 billion compared to the previous year’s list. Meanwhile, the value of civilian contracts more than doubled. The largest contract to make the list is a civilian one: Alliant II Unrestricted. This contract is a government-wide acquisition contract that the General Service Administration will use to bring in complicated IT software solutions. Deltek is estimated the Alliant II Unrestricted contract will have a $50 billion ceiling; Alliant II Small Business will have an estimated $15 billion ceiling.
The GSA contract is as large as the next two contracts put together. The Army’s Responsive Strategic Sourcing for Services, or RS3, is $30 billion; the Defense Department’s Defense Health information Technology Services Generation I IDIQ, or DHITS GEN, is an estimated $20 billion.
Defense and IT aren’t the only opportunities for government contractors. Additional contract opportunities making Deltek’s list include professional services, operations and maintenance, architecture, engineering, and construction. To learn more, contact us.
November 21, 2014
Government contractors might be chomping at the bit to offer their products and services to government agencies. Knowing the potential purchasing needs the government has could put contractors a step ahead when the purse strings open. There is a convergence in services, meaning that contractor offerings are coming together as a package of products and services bundled together. Understanding convergence, and having relationships with government agencies, could facilitate government sales and bring new opportunities for selling to the government.
Many private sector entities have shifted operations into the cloud, where software can be accessed securely online from anywhere. These so-called software-as-a-service, or SaaS, offerings allow customers to save on the costs of maintaining and operating servers. The SaaS model offers customers a great deal of flexibility and a variety of services can be offered in this fashion, leading to the term XaaS, where “X” can stand in for anything.
A recent study by the Professional Services Council and Market Connections found that 64 percent of government contractors see SaaS as a business opportunity. But just 21 percent of government agencies have plans to implement SaaS solutions. Unfortunately for government contractors, the public sector moves more slowly than the private sector. Much more slowly. As a result, contractors can spend time and money developing solutions that government agencies may not buy.
It’s not always possible to make the wheels of government move quickly but there are steps that contractors can do to get them turning. In a blog post, Market Connections suggests that educating potential customers about the solutions is a good way to spark business development. Another way to nudge government agencies into a purchase decision is by conducting a market opportunity assessment, which determines the growth potential of a particular product or service. Such studies can help a contractor and a client understand whether the services offered are adequate and whether any changes or additions need to be made. The bottom line for contractors is that securing government contractors comes down to basic customer service – understanding a government agency’s wants and needs and being prepared to fill those needs. For more information, contact us.
November 14, 2014
It seems like there’s an app for everything these days. Track your caloric intake. Find your favorite coffee house. Deposit a check. Find an alternative route to avoid traffic. Analysts at Flurry estimate that mobile phone users spend two hours and 19 minutes per day using apps. Gartner, IT spending forecasters, estimates mobile app downloads will reach an annual revenue of $77 billion this year. The private sector isn’t the only one partaking of this boom, however. The federal government and numerous states and municipalities are utilizing apps to collect data, provide information and improve customer service. In fact, in 2012 President Obama asked government agencies to create at least two apps to better serve the public. They listened. Here are four of our favorites.
- US Census Bureau: Labeled America’s Economy for Phone, this apps says it gives users a “pulse on the U.S. Economy straight from your phone.” The apps provides users with access to 19 real-time key economic indicators from the U.S. Census Bureau, Bureau of Labor Statistics and Bureau of Economic Analysis including trends regarding employment, construction, international trade, manufacturing and retail sales.
- Department of Defense: This government department has 12 different apps that cover simple news and updates, offer access to financial aid resources, provide a portable stress management tool in an app called “Breathe2Relax, and the “mTBI” app, aimed at helping physicians identify patients with Traumatic Brain Injury (TBI) and develop a management plan. Additionally, the Department of Veterans Affairs has an app called “PTSD Coach,” offering sufferers with support, resources and a self-assessment tool.
- Department of Energy: Three apps are available to make “going green” easier. Apps help vehicle operators locate alternative fueling stations, compare the most fuel efficient vehicles, calculate gas mileage, and access the latest science and research.
- Small Business Administration: The SBA app helps users find advisers, SCORE representatives, Women’s Business Centers and Small Business Development Centers nationwide. Additionally, users can calculate start-up costs and receive the latest small business news.
From apps that help track and arrest child predators to apps that help Department of Children and Families representatives in the field find Head Start programs for their clients, mobile apps are shaping our government. You can review a complete list of available government apps at www.usa.gov/mobileapps.
Financial Engineering Counselors prides itself on being a resource for government contractors, commercial companies, banks, other financial institutions and professionals. Let our expertise work for you. Contact us for a consultation.
November 7, 2014
Computer hacking isn’t just a business problem. A majority of Internet experts surveyed by the Pew Internet Research Project expect anticipate a major cyber attack affecting business and government will hit by 2025. The attack will cause widespread harm to business and also threaten national security, causing billions of dollars in data and property loss, damage, and even loss of life.
The expectation of greater cyber security risks to government and business comes as a growing number of devices are connected to and rely on the Internet. The so called Internet of Things means that more services, devices, vehicles, and products will be monitored and even controlled via an Internet connection. But these connections also leave the devices vulnerable to hacking.
“Cyberwar just plain makes sense,” Stewart Baker, a partner at Washington, D.C. law firm Steptoe & Johnson, told Pew. “Attacking the power grid or other industrial control systems is asymmetrical and deniable and devilishly effective. Plus, it gets easier every year. We used to worry about Russia and China taking down our infrastructure. Now we have to worry about Iran and Syria and North Korea. Next up: Hezbollah and Anonymous.”
Much of city infrastructure is already vulnerable. Cities and utilities monitor and manage electricity, water, and sewage infrastructure over systems that transmit data over the Internet. These networks have already been found to have at least 25 vulnerabilities that make them susceptible to attack.
Mark Nall, a program manager for NASA told Pew that he expects the current threats of economic transactions, the power grid, and air traffic control will expand in the future to include self-driving cars and unmanned aerial vehicles, as well as building infrastructure. But Nall left open the possibility for resisting the increasing threats, noting that growing use of artificial intelligence to monitor and diagnose systems will help.
The threat of cyber war is likely to increase the amount of network surveillance to monitor for threats. Defense One cites a recently released paper from the Pentagon outlining cyber threats. The paper mentions “networks” and “the cloud” as potential source for signals intelligence.
“Make no mistake, signals intelligence collection means watching how individuals behave online,” Defense One says.
Growing cyber threats will mean more steps will be taken the government and the private sector to build up protective capabilities. To learn more, contact us.
October 27, 2014
Are you voting in the midterm elections? Because your ballot is particularly important if you’re a government contractor. Several races which could determine the Senate majority and who heads budget committees, remain too close to call. Whether you’re Republican, Democrat, or somewhere in between, the results can determine the fate of government contractors this year. Because in its infinite wisdom, Congress tabled decisions on the following defense legislation until after the national vote:
Trillion dollar omnibus spending bill, which includes $550 billion for defense appropriations and another $60 billion for Overseas Contingency Operations, which supports military operations in Afghanistan and counterterrorism missions, among others, in the Middle East. A continuing resolution that passed on Sept 18 funds the government at previous levels until December 11.
National Defense Authorization Act. Which covers the budget and spending of the U.S. Department of Defense. This has been past every year for the past 53 years, albeit with much last-minute suspense.
Authorization to train and equip Syrian rebels who are vetted, a Pentagon program that also expires on December 11.
In the best case, Congress passes these legislative issues at the requested levels. Government contractors will benefit because more money will be available for projects and bills for current programs will be paid on schedule.
In the worst case, Congressional wrangling could shut the government down before anything is passed, which is what happened last year. Government contractors stand to lose as funds disappear and current bills to the government remain unpaid for months.
If you need more information about how the elections or the budgets in defense legislation could affect you, please contact us.
October 24, 2014
Google has been nothing but a boon for your small business. It offers storage, email, and distribution of graphics and videos at no cost, which helps put your bottom line in the black. And the ability to access your Google accounts while working from home, commuting to your business, or at work improves your productivity tremendously.
Lurking behind these positives, however, is the fear of what would happen to your digital life if someone stole your password. Google defends that possibility with two-step verification. If you set this up, the service not only requires your memorized password for access, it also sends a one-time code to your smartphone. You must enter this code or be denied entry. So, unless a digital criminal has stolen your phone, he can’t mess with your Google accounts even if he has your password.
To set up this additional form of protection, do the following:
Sign into your Google account as you would normally. The Google home page is displayed.
Click your email address drop-down in the upper right corner and choose “Account” to display your Account page.
Choose “Security” from the top to display the Security page.
Click “Setup” next to “2-Step Verification” under “Password” to display the Setup page.
Click the “Start Setup” button to display the Phone page. Enter the number of the phone to which the verification code is sent. Select whether you want the code sent in a “Text Message” or “Voice Call.” Then click the “Send Code” button.
Google sends a test code to the number you specified. Enter that code in the Verify page and click the “Verify” button. The Trust page is displayed.
If you’re using a desktop or otherwise secure computer, leave the check mark by the “Trust This Computer.” You then don’t have to keep entering code when you use this computer. Otherwise, leave the check mark off, such as for mobile devices that might be more easily stolen.
Click the “Next” button to display the Turn On Verification page. Click the “Confirm” button. Optional screens appear asking you to specify a backup number in case you lose your primary number. Fill them in as needed. You’ll also receive a list of backup codes that you can use in case your phone is not handy. Print these out and keep them in a safe place.
Two-step verification is now activated. You can turn it off from the same Security page you used to set up the protection. If you want more information, please contact us.
Older Posts »
JPMorgan Chase, Target, Home Depot, and the U.S. Office of Personnel Management are just some on a long list of organizations that have been recently hacked. You presume that they have state-of-the-art network security systems and dedicated cyberstaff. But if they can’t protect their digital information with all their resources, what chance does a small business like you have?
The fact that you are small is a point in your favor. Hackers prefer to go for bigger fish. But if you’re a government contractor, that’s a point against you. Cyber-criminals may target you just because you work with the government. So continue to take your standard precautions of using long, unbreakable passwords and update your anti-virus software.
One other way to beef up your digital security online is to dedicate one computer only to online financial access. Use it solely for your financial activities such as checking your back accounts or paying bills. Never use it to post your Facebook status, upload selfies, access emails, or browse the web. Such activities are common pipelines for transmitting viruses. Hook it up to your Internet Service Provider only via cable and turn off any wireless access to avoid WiFi spying. Don’t allow any external media or devices, such as flash drives to be plugged into its ports.
Add an extra layer of security by relying an operating system that isn’t well-used. Hackers prefer to target into Windows or IOS. A Chromebook may be ideal because you can get one for under $200 and it runs a little-used operating system called Chrome OS. Just make sure it has a Local Area Network (LAN) port for hooking up to the Internet with a cable.
For more information on protecting your small business or on government contracting, please contact us.