Thursday, February 2, 2017

CyberSecurity—It’s a People Problem

Most companies have had a cyber hack—or if they haven’t yet, they soon will, according to a panel of experts at the January 31, 2017 European American Chamber of Commerce’s symposium on The Shifting Paradigm of Data Security. It’s not a question of if it will occur, but rather, when. And when it does, it’s expensive.  According to Stewart Rose, President of ThreatReady Resources, a Boston-based cyber security awareness training firm serving top corporations in the US, "The average cost a company incurs is $6.5 Million, including expenses associated with brand, reputation, and litigation."

We’re all too familiar with the more common ways hackers grab our data:  phishing, rogue emails, and links containing embedded malware or ransomware.  What we’re not prepared for is how hackers are using human behavior to penetrate security, pointing to the need to “think diabolically, just like hackers do,” says Philip Kibler, who was a Global Partner in IBM’s Cyber Security Practice and now heads Cyber Risk Consulting at AIG. For example, social media outlets, such as LinkedIn and Facebook, are easy entry points for hackers to obtain email addresses, and they’re learning how to bypass even the most sophisticated spam folders.

Cyber hackers are growing more savvy, often targeting third parties as a way to access company data.  Companies mistakenly assume their third-party business partners have strong controls, only to discover that's not the case, leaving them vulnerable.  Global regulations are still in flux (after all, the cyber industry is somewhat nascent—only 30 years old), making compliance challenging.

One trend that is gaining hacker traction is acquisition targets.  These companies may have lax defenses as they focus on getting the deal done and containing expenses, with employees scurrying to find new jobs, which can leave the organization exposed.

A solution that could help is for companies to have the equivalent of a cyber FICO score—with a defined road map outlining what must be done to improve it. Also, recognizing that most times, cyber hacks can be traced back to failure at the human level.  “No router is malicious, but people can be foolish and careless when it comes to how they handle data,” says Joseph DeMarco, partner at DeVore &DeMarco LLP, a litigation and counseling boutique law firm dedicated to the protection of intellectual property, emerging e-commerce, and Internet law

Vendors have culpability, too.  According to one statistic, 30% of breaches in a major US government organization could be traced directly to the products it purchased to guard against vulnerability, shining a spotlight on the need to prove these products are secure before they're installed.   

Most software companies issue patches to fix problems, but the problems they address are often the direct result of having discovered a vulnerability, tantamount to locking the barn after the proverbial horse is stolen. Instead, patching should be rigorous and diligent, driven by guarding against potential susceptibility, rather than by corporations' drive to save money and improve the bottom line.

There is no magic bullet to prevent a hack, but training employees how not to make silly mistakes can make a company less vulnerable. As Rose explains, most employees don’t sit at their desks planning how they can hack their companies’ data. But these same people may nonchalantly plug a thumb drive into a corporate computer’s USB port—a simple act that can have disastrous consequences. ThreatReady Resources employs instinctive, active learning techniques designed to change human behavior permanently.

And if your company does get hacked?  “Your first call should be to your lawyer, so he or she can guide you on your legal rights and obligations as to the protection of your systems and sensitive data, says DeMarco.

Tuesday, January 31, 2017

Investing in the World of Trump

No matter whom you voted for in November,few can argue that the election result has been a bonanza for the stock market. As it continues posting a 19,000-plus close, pundits are out in full force to opine on where we go from here.  Some say a further climb is in store—others predict financial Armageddon.  What should investors do? It may be wise to revisit investing 101.

Attempting to predict the market’s move can be a fool’s game—witness what happened after Brexit, and more recently, on November 9.  What does make sense is having a long-term strategy and sticking with it.  That means a diversified portfolio weighted according to your own risk profile and time horizon.
It also means dusting off some basic tenets of successful investing, starting with being smart about managing gains. As the old adage goes, ‘No one has ever gone broke taking profits.’  Many traders have a different view, but they aren’t long-term investors, and that’s an important difference.  Being invested for the long haul means taking gains when a stock position has appreciated—selling half to protect the profit and letting the remainder continue to grow is one strategy—thus generating liquidity to purchase new investments or having cash on hand to take advantage of lower prices when the market turns (and it always does—but we never know precisely when).

And it includes watching investment costs, something the sage of Omaha, Warren Buffet touts.With the proliferation of index funds, ETFs, and on-line trading platforms, investors can keep transaction costs to a minimum.  Knowing when to quit is another one of his rules—the sell decision is often the hardest one for an investor to make.

Finding good businesses at good prices will pay off over time (the operative word), something Buffet advocates.  “It is far better to buy a wonderful business at a fair price than a fair business at a wonderful price.”

Energy and infrastructure are hot investment areas because the new administration is committed to both.  And so long as people drive cars and need heat and electricity, energy companies will provide them.  But energy can be fickle—and prices to a large extent are a function of global supply, which is beyond our control. Yes, OPEC has agreed to cut production to stabilize the market, but getting member countries to comply is a different story.  Domestic producers, on the other hand, are taking advantage of higher oil prices to increase rig count, so may represent shorter-term investment opportunities.

Infrastructure will likely be funded by bonds, and now that interest rates have finally begun to rise, the returns are at least palatable, although no one could argue with a straight face that even a prospective 5% coupon holds a candle to the potential profits of the stock market.

But therein lies the rub—bonds stabilize a portfolio against the volatility of stocks. As the stock market moves higher, the FOMO trade—fear of missing out—picks up steam.  The market always has and always will be driven by fear and greed. And sometimes both at the same time.

Long-term growth in the stock market is grounded in a healthy outlook for corporate earnings.  As of January 20, 12% of S&P companies had reported, and of those, 61% beat average estimates.  Sam Stovall, Chief Investment Strategist at CFRA, makes the case that 4Q 2016 earnings could be up by 8%.

If that trend continues, we may see even more positive momentum in the stock market. Buying companies with solid earnings performance has always been a good strategy, along with a suitable allocation to bonds as a buffer.

Rather than attempting to invest by figuring out the new administration’s investment plans, paying attention to basic investing principles may be a better path.