Cybersecurity

Article Dean Dorton

The United States Department of Education (DOE) has sent friendly notices for two years in a row reminding colleges and universities of their requirement to comply with the strict guidelines for protecting student financial aid information. Cybersecurity should be near the top of every organization’s priority list, but for higher education institutions it should be elevated even further. Given that the DOE has provided two warnings to date, we should assume they plan to take a stricter stance on cybersecurity infrastructure, protection, and controls during compliance audits.

Cybersecurity: A Critical Boardroom Topic

Many organizations quickly punt the topic of cybersecurity to the IT department. While IT plays a huge role in cybersecurity, it is the responsibility of those charged with organization governance to ensure compliance is met. Board members and senior leadership should be asking the questions and confirming that the institution is devoting the proper resources and attention to cybersecurity.

  • It is also critical to understand that cybersecurity is not a one-time project. It is a continual evolution and initiative.
  • Leadership needs to also recognize there can be substantial costs associated with cybersecurity activities and they are not optional. The DOE letter makes this point very clear when they state “The Department understands the investment and effort required by institutions to meet and maintain the security standards established in NIST SP 800-171. Nonetheless, across the public and private sectors, it is imperative that organizations continue to enhance cybersecurity in order to meet evolving threats to controlled unclassified information and challenges to the security of such organizations.”

With the ongoing focus on higher education institution’s bottom lines, it might be tempting to defer projects related to cybersecurity to reduce budgets. However, doing so could put your institution in a position where the DOE finds your organization in noncompliance with your Program Participation Agreement (PPA) with Title IV student financial aid. Cutting corners on cybersecurity compliance could wind up costing your institution more in the long run.

The Time to Act is Now

At this point, most organizations have some form of information security or cybersecurity policies in place, but do yours include the very specific requirements outlined in the Gramm-Leach-Bliley Act (15 U.S. Code 6801) and NIST SP 800-171? When was the last time your institution performed and a thorough IT risk assessment (one that meets the NIST SP 800-171 standards)? Have proper remediation tasks been completed for any deficiencies that have been identified? If you cannot answer “Yes” with 100% confidence to all these questions, it is time to take action, before your institution faces substantial negative impacts.

For assistance in reviewing and determining is your institution’s cybersecurity position, specifically as it relates to compliance with DOE standards, contact Jason Miller at 859-425-7626 or jmiller@ddaftech.com.

Dean Dorton Technology provides specialized cybersecurity services, specific to the unique requirements and challenges of higher education institutions. Our team of IT auditors has an elite background of audit experience combined with practical IT administration and will evaluate information system control environments, identify the risks, provide a basis for reliance on the system, and deliver cost-effective control recommendations for your organization.

Article Dean Dorton

The U.S. and international economies are becoming more competitive every day. Many of us are competing for the same workforce; for others it may be the same customer, but we have to ensure that we continue to respond to the rapidly changing environment in which we operate. Ten years ago, did you ever worry about cybersecurity?

These are a few of the reasons – it is critical to analyze your business risks at least annually. We recommend formally documenting your key risks along with how you are responding to those risks. This can be a very helpful exercise when strategizing how you should be spending your most valuable resources (your people). Below are a few of the key risks that you may want to monitor in 2016.

5 Key Risks Companies Should Monitor in 2016
Plan now to address employment, inflation, currency, cybersecurity and vendor risks

By: Joe Brusuelas and Rob Kastenschmidt of RSM US LLP

The U.S. economy continues its slow but steady improvement. While growth slowed to 0.6 percent in the first quarter of 2015, it rebounded to 3.9 percent in the second quarter, and we expect growth for the year of about 2.2 percent. Unemployment dropped to 5.4 percent by the second quarter and was down to 5 percent by November. Consumer demand, especially for services and autos, is strong; the housing market continues to improve; and energy and commodity costs remain low.

But the international picture is less sunny. While we expect global growth of about 3 percent in 2015, with a slight uptick next year, a variety of issues are affecting international economies. Growth in China continues to slow as it seeks to rebalance its economy from an export-oriented model to a growth model driven by internal consumption. While the long-term outlook for China is positive, its current slowing growth and the related reduction in demand for resources is adversely affecting many emerging economies. The already uncertain economic picture in Europe is being further stressed by the massive influx of refugees from the Middle East. All of this means lower international demand for U.S. goods and services. It also is leading to a divergence in monetary policy between the U.S. and other economies. In the U.S., the Federal Reserve will likely increase the federal funds rate by 25 basis points in December 2015 followed by another 50 to 70 basis points by mid-2016, while central banks in Europe, Japan and possibly even China are pushing rates toward zero.

What does all this mean for U.S. companies? For 2016, this means you should monitor and be prepared to respond to three key economic risks: a tightening domestic labor market, inflation and the challenges presented by a strengthening dollar. In addition, cybersecurity risks continue to increase and diversify, requiring heightened attention, and the increasing reliance of many companies on third parties raises new risk management issues.

1. Plan for a tighter labor market

An unemployment rate of 5 percent doesn’t tell the whole story. The number of unemployed persons per job opening is down to 1.44 from a peak of almost 7 in 2010. Not only is the overall unemployment rate down, we are also finally seeing stronger growth in higher-wage jobs. Since January 2014, the U.S. has added 2.4 million high-wage jobs compared to 2.3 million lower-wage jobs. While this is helping boost consumer confidence and demand, it also means U.S. employers need to plan for a tighter labor market. The risks of a tighter labor market? Increased labor costs, higher attrition and stronger competition for top talent. To offset these risks, employers should consider the following strategies:

  • Explore automation strategies. Now may be the time to investigate whether the expense of improved automation might be offset by savings in labor costs.
  • Consider offshoring, outsourcing and contractor services. With the U.S. economy outperforming its global peers, offshoring certain functions may offer improved returns given continued low labor costs overseas. Outsourcing non-core functions or increasing reliance on contractors is another way to manage labor costs and can have the added benefit of reducing administrative demands and benefit expenses.
  • Re-evaluate compensation programs. Competition for top performers is heating up. Take a look at your compensation practices to ensure that you are effectively rewarding and motivating your best people. This will also make you more attractive to the candidates you wish to hire.
  • Improve your recruiting practices. LinkedIn and other social media platforms are far more important now than they were prior to the economic crisis, but can’t be relied upon as the sole way of identifying potential candidates. Are your talent identification and recruiting practices keeping up?

2. Manage inflation

  • Inflation is still near historic lows and deflation continues for energy and commodities. But energy and commodity costs are likely at or near their floors, and the Fed is almost certain to start raising rates soon. According to RSM’s Middle Market Leadership Council survey, 67 percent of executives expect increases in their costs over the next six months, compared to just 54 percent in the second quarter. What to do?
  • Focus on efficiency and cost-cutting programs. Decreased costs during the crisis and recession diverted attention from these efforts at many companies. Now is the time to increase discipline.
  • Explore hedging strategies.
  • Shift your purchasing patterns and explore supply chain changes. Global economic conditions are uneven. Weaker economic conditions in other markets may present purchasing opportunities.
  • Audit vendors and monitor margin compression at key customers. Now is the time to reevaluate your vendor relationships to ensure they are delivering real value. And keep an eye on how inflation is affecting margins with your key customers so you can make appropriate pricing and relationship management decisions.

3. Minimize the risks and maximize the benefits of a stronger dollar

  • The U.S. economy is outperforming its global peers. Higher U.S. Treasury rates are spurring an influx of foreign capital and strengthening the dollar. For middle-market companies, this is a double-edged sword. It makes U.S. exports more expensive and diminishes the value of foreign earnings denominated in U.S. dollars. But it also drives down the cost of off-shore sourcing options and can create international acquisition opportunities.
  • Look for global supply chain opportunities. Take advantage of the strong dollar by finding offshore sourcing options.
  • Consider global hedging options to control risks and costs.
  • Consider international expansion opportunities. If expanding through acquisition in new global markets is part of your corporate strategy, the strong dollar could mean a better deal.

4. Increase attention to cybersecurity

No organization can afford lax cybersecurity controls. Many companies think they aren’t large enough to attract the attention of cyber criminals, but the NetDiligence® 2015 Cyber Claims Study shows nano organizations and small organizations actually experienced the most incidents, with 29 percent coming from each of those groups. Your best defense? Make sure you have three layers of cybersecurity controls—preventative controls that make you a hard target, detective controls to timely identify any breach and corrective controls that let you respond quickly and appropriately to intrusions.

  • Preventative controls. Your preventative controls should include a vulnerability assessment, patch management, strong access and authentication controls, a solid intrusion prevention system (IPS), configuration management, and up-to-date anti-virus protection.
  • Detective controls. Most companies choose either to outsource detection controls to a Managed Security Service Provider (MSSP) or to purchase a Security Information and Event Management (SIEM) product. Weigh that choice carefully and be sure the solution you choose is appropriate to your threat environment and internal capabilities. A strong intrusion detection system is also vital, along with compliance and operational monitoring, and anti-virus and network alerts.
  • Corrective controls. Effective corrective controls start with a robust incident response plan. You will also want strong forensic capabilities; anti-virus quarantine and isolation protocols; disaster recovery and business continuity plans; and administrative, legal and insurance protections.

5. Control your third-party risks

Corporate boundaries are getting fuzzier as businesses of all kinds explore a wide range of third-party relationships that allow them to focus on their core business while leveraging outside expertise in areas like logistics, technology and a variety of other specialized functions. That creates efficiencies that drive growth, but it also gives rise to a wide range of new risk issues. Your ability to execute your strategy now hinges partly on the performance of third parties. You could face liabilities stemming from non-performance by your vendors. Connections between your systems and those of your vendors create new security risks. And the web of social media and other connections between you and your vendors can expose your organization to reputational risk due to the failings of third parties. Here are six third-party risk questions to consider in 2016:

  • Do you know where all your contracts are located? Are they stored electronically?
  • Do you understand and are you fulfilling all of your contractual responsibilities?
  • Have your contracts been updated to reflect new regulations for privacy and data security?
  • Are you adequately monitoring the IT risks associated with your third parties?
  • Is the insurance coverage maintained by your third parties sufficient to cover losses in the event of a data breach?
  • Are your audits of the contract performance and related invoices sufficient to ensure alignment with acceptable risk levels directed by your senior management and board of directors?

If you have any questions about the key risks above or how to perform your own formal risk assessment, please contact:
Lance Mann: lmann@deandorton.com or 502.566.1005
Jim Tencza: jtencza@deandorton.com or 502.5661071

View Lance Mann’s Bio

View Jim Tencza’s Bio

Article Dean Dorton

Risk factors impacting the mining industry during 2016:

  1. Production Management
  2. Pricing
  3. Customer Concentration
  4. Declining Capital Sources
  5. Regulatory Changes and
    Political Uncertainty
  1. Global Competition
  2. Cost Management
  3. Modernization
  4. Cybersecurity
  5. Social Awareness
  1. Production Management
    Maximizing the economic efficiency of production is a competitive advantage for mining companies that do it well. Production is impacted by financial, geological, and even social factors. Mining companies that effectively manage these factors and maximize production in areas that return the most value to their company will be more successful. Additionally, companies that invest in maximizing the efficiency of their production abilities will be most prepared to take advantage of market improvements in their industry.
  2. Pricing
    Contract prices continue to be extremely volatile. Mining companies may be forced to service unfavorable contracts in order keep cash flowing and to maintain relationships with customers. Moreover, companies may want to “keep a toe” in the water to monitor contract prices as they are negotiated for short and long term orders. The best way to understand the existing market is to be in some form of sales negotiations with the customers.
  3. Customer Concentration
    Many mining companies sell most of their products to a small number of customers, which creates a significant risk to the companies’ revenue streams. The coal mining sector ships coal primarily to power plants or industrial sites. Environmental regulations have made the economics of running a coal burning power plant very difficult. Economic fluctuations, both domestic and abroad, make industrial applications unstable. Limestone producers are impacted by governmental contracts and proximity to construction projects. Companies should offset this risk by seeking to diversify their customer base through geographic expansion or alternative uses for their products.
  4. Declining Capital Sources
    Certain segments of the mining industry have lost favor with public investors and, consequentially, many financial institutions. Finance arrangements are difficult to obtain, and when obtained may come with high fees and interest. Companies should consider alternative capital sources such as international institutions, brokers, and even customers. These alternative capital sources may offer a form of strategic alliance, such as in marketing existing products, or helping to develop additional assets.
  5. Regulatory Changes and Political Uncertainty
    Regulatory and political issues can be a significant obstacle in the mining industry. Environmental agencies can block or hamper access to strategic mining areas. Certain regulations threaten the way in which extracted minerals are used, thus decreasing demand. Changing tax laws, such as Tangible Asset Regulations, can have a significant impact on companies if not properly considered.
  6. Global Competition
    Mining has grown from a local market to a national and now global market. As domestic demand declines, U.S. companies are forced to look internationally for revenue opportunities. This requires an understanding of historical relationships, trade barriers, currency values, and international regulatory requirements. Mining companies must follow and understand international markets in order to compete at the global level.
  7. Cost Management
    Failing to budget and monitor costs properly is a significant risk. Successful companies monitor their costs in great detail. It is very important for the accounting department and the production teams to be in sync in order to maximize the value of financial data given to management in a timely fashion. Companies must also manage legacy costs such as reclamation and employee benefits, which may not impact current operations, but do impact current cash flow.
  8. Modernization
    In various sectors of the mining industry, external factors impacting performance are changing very rapidly. Additionally, the average age of a mine worker across most sectors has increased for several years in a row. This indicates that the industry is not hiring and retaining young workers. Technologies used today are often similar to those used a decade ago, and often by the same people. By the nature of their operations being capital intensive, mining companies are not very nimble organizations. Companies that can modernize operations to the specifications of their market through new technologies and innovative tactics will be positioned to recognize cost savings and improve their market position.
  9. Cybersecurity
    Operators need to be proactive in cybersecurity by implementing effective controls to prevent and detect cyber-crime. Potential effects of an operator network infiltration can include theft of customer payment information, employee identify theft, and shutdown of operations.
  10. Social Awareness
    Mining companies have a unique role in the local, state, and national community. Worker safety should always be top priority, and companies must consider the impact of their actions within each unique community. Illegal or unethical practices will damage a company’s reputation and may make national headlines, and legitimate closing of a project due to financial reasons may generate significant reputational damage as well. Mining companies should consider the impact that closing a project will have on that community and the local economy.

For more information, contact Bill Kohm at bkohm@deandorton.com or (859) 425-7625, or Justin Hubbard at jhubbard@deandorton.com or (859) 425-7604.


View Bill Kohm’s Bio

Article Dean Dorton

Owners need to monitor the following risk areas to stay competitive in 2016:

  1. Cybersecurity
  2. Social Media
  3. Volatility of Gas Prices
  4. Mobile Technologies
  5. Food Service Competition
  1. Wage Rates
  2. Regulation Compliance
  3. Asset Theft
  4. Changing Demographics
  5. Increased Fuel-Efficiency
  1. Cybersecurity
    Cybersecurity involves the need to comply with PCI standards to protect cardholder information.
    This also includes skimming, in which devices are placed on pumps to steal credit card information. Procedures should be implemented to monitor the pumps and prevent and/or remove these devices.
  2. Social Media
    Social technologies are increasingly becoming a part of everyday life. Incorporating social media communications into the business model can improve customer service and provide a low-cost alternative to traditional advertising.
  3. Volatility of Gas Prices
    Decreases in gas prices nationwide have led to consumer confidence in the health of the economy, which will also benefit convenience stores with increased sales. However, the converse is true as well: should gas prices significantly increase again, then in-store purchases of snacks and drinks will drop. Additionally, Congress is looking at raising federal gas taxes to fund the nation’s aging highway projects.
  4. Mobile Technologies
    More than half of all buying is expected to occur on mobile devices; therefore, having mobile applications is crucial to achieving success. In addition, these mobile applications will provide ways of saving money and reducing human error.
  5. Food Service Competition
    Convenience stores that don’t invest in food services create the risk of losing out on business. The market for convenience store prepared meals is increasing as consumers desire diverse, affordable, convenient, and healthy food options. Convenience stores are uniquely positioned to meet this growing need if an adequate investment in food service is made.
  6. Wage Rates
    The growing pressure to raise the federal minimum wage will increase the number of part-time workers, so businesses can keep the cost of labor low and avoid certain benefits. Additionally, there is a federal proposal that salaried individuals who earn less than approximately $50,000 per year be potentially eligible for overtime, which will impact convenience store managers and raise labor costs. This change to overtime pay should be in place by 2017.
  7. Regulation Compliance
    There is an increase in regulations in a variety of categories, including e-cigarettes and other vapor products, diet drinks, energy drinks, and dietary supplements. Increased regulation may result in higher prices for those products or a ban on the products altogether. In addition, menu-labeling regulations taking place in 2016 will require increased menu-labeling that will likely cause consumers to avoid lower quality or less healthy food options, thus decreasing food sales. Convenience stores must also comply with regulations regarding sales of alcohol, tobacco, and lottery tickets or face serious fines and penalties.
  8. Asset Theft
    A persistent threat to convenience stores is employee theft of cash from registers and customer theft of inventory from the shelves. Review and monitoring procedures should be implemented to prevent and detect these threats.
  9. Changing Demographics
    The workforce and general population are becoming more ethnically diverse and growing older. Demographics will change dramatically in the future as people live and work longer and as the percentage of other cultures in the U.S. increases. This will affect how convenience stores operate internally and how they reach a much more diverse marketplace.
  10. Increased Fuel-Efficiency
    Vehicles are becoming increasingly fuel efficient, which means fewer stops at gas stations to fill up the tank. This results in fewer opportunities for consumers to visit convenience stores and make purchases. The use of reward programs and other tools are needed to drive inside sales.

Sources:
www.csnews.com
www.nacsonline.com
www.petrolplaza.com

For more information, contact Bill Kohm at bkohm@deandorton.com or (859) 425-7625.

View Bill Kohm’s Bio