The White Papers by Fergus Media

The White Papers

white paÂˇper (noun)

A white paper is an authoritative report or guide that informs readers concisely about a complex issue.

Featured: G2 OPS p.50 Pender and Coward p.52 Wall Einhorn Chernitzer p.54 Wareings Gym p.56 Planning Solutions Group p.57

W W W. C O V A B I Z M A G . C O M

SPONSORED

WHITE PAPERS

EXAMINING CYBERSECURITY THROUGH A BUSINESS LENS

FIVE BUSINESS CHALLENGES THAT OPEN DOORS TO ADVERSARIES Stephen Watkins Today’s threat landscape demands organizations employ people, process and technology to protect the confidentiality, integrity and availability of critical assets. Relying on Information Technology (IT) or Security teams to shoulder the burden makes it easy to forget that securing critical assets is also a business problem, not just a technology problem. The risk of disclosing personal information, for example, existed long before today’s business climate became dependent on technology. Technology, however, has exacerbated the issue by expanding the accessibility of this information. Business leaders and IT stakeholders should partner together to ensure the organization is securing sensitive information. Here we explore five common challenges businesses face when preventing unauthorized access to critical business assets.

Employees—Before the digitization of business there were “confidence men” or “con men.” Today’s advanced technology environment uses the term “social engineering” to describe what happens when people are the victim of an attacker. No matter the number of sophisticated controls IT or Security teams implement, naïve employees remain a consistent (and accessible) target for adversaries. There is no easy solution for social engineering weaknesses. Nonetheless, there is consensus in the industry that awareness, training and education (i.e., building a security culture) are key to making users high performers when it comes to protecting assets.

Know Your Role Protecting Sensitive Information

FY RI VE S ST UE Q RE

C O VA B I Z

A P R I L / M AY 2 0 1 7

AU TH OR IZE PA RT IES

CLASSIFY DATA

Obsolescence—While there’s a significant technology focus on obsolescence, there is an equal dependency on the business’ ability to change or adopt change. Obsolescence occurs when solutions (hardware or software) are still in production use well past the vendor’s stated end of support date. In other words, the vendor is no longer providing new security (or other) patches or improvements for the solution. Without new patches, security holes remain open and available to attackers. Addressing obsolescence requires a programmatic resolution. Introducing solution lifecycle management gives IT stewards and business leaders increased visibility into the risk that obsolescence introduces to the organization.

ABOUT STEPHEN WATKINS Stephen Watkins (MS, CISSP) has accumulated over 20 years’ information security experience and expertise. He is currently Vice President and Chief Security Strategist for G2 Ops, Inc. and leads their cybersecurity innovation and consulting practice. Stephen holds undergraduate and graduate degrees in Computer Science, and has maintained CISSP credentials for more than 10 years. His contributions have led Fortune 50 companies to improve their security programs through strategic leadership, operational excellence, and education & awareness.

Stephen Watkins VP and Chief Security Strategist

SPONSORED

WHITE PAPERS Building a Bridge Building a Bridge to Better Security to Better Security

Organizational Alignment—Introducing security controls is relatively easy (for IT/Security staff). In truth, security controls may not always be the right solution for protecting digital assets from threat actors or detecting malicious behavior. Absent in many organizations is suitable alignment between business and security leaders. As a result, security leaders demonstrate limited depth in understanding how the business community uses technology. Far too often this visibility gap disrupts processes and procedures causing a self-imposed denial of service. Organizations need to understand that security controls are necessary and that business leaders should influence security requirements using industry or regulatory compliance guidelines. Business leaders must enable technology leaders to better understand business operations so that IT and Security are adequately equipped to secure assets without disruption.

Shadow IT—Businesses often request new resources from IT, and at times, these requests are met with frustrating delays. As a result, and due to a growing landscape of agile cloud services providers, business users turn to alternative technology. These unmanaged resources disconnect IT and Security from solutions and potentially expose sensitive information to adversaries because of lackluster security controls. Repairing relationships after introducing Shadow IT isn’t difficult. Inserting yourself (a business leader) into the IT Services discussion helps reset expectations for both the provider (IT) and the consumer (business). Whatever the chosen technology, the solution must integrate appropriate security controls, even if the solution resides in the cloud.

• • • •

Budget Shortfalls—Historically, IT and Security have not always been prioritized during budget planning. As a result, IT and security leaders often must implement trade-offs with regard to security controls. The consequence of these trade-offs is a reduced security posture where assets are exposed unnecessarily to threat actors. On the other hand, when business and IT/Security goals align, this cooperation may influence supplementary funding. With additional capital or operational resources, IT and security leaders may procure solutions that improve the security posture of the organization. In summary, protecting information assets has always been a core business problem. The implementation of technology across all business functions has complicated providing security and made it easier for adversaries to gain unauthorized access to protected data. This is precisely why businesses must address security within its people, processes and technology to combat adversaries and reduce operational risk. Business and IT/Security staff must join forces to protect the confidentiality, integrity and availability of critical business assets.

Shedding Light on Shadow IT Review Credit Card Statements Identify Technology Charges Report Shadow IT Collaborate with IT/Security

G2 Ops Global, Inc. is a Security Consulting Firm partnering with clients to provide strategic and operational security services. We define clear governance to establish a holistic security program, deliver operational guidance and verify organizational security posture. G2 Ops serves some of our nation’s most sensitive clients, securing critical infrastructure and restricted information from insider threats and external adversaries. Learn more about G2 Ops at www.g2-ops.com.

W W W. C O V A B I Z M A G . C O M

SPONSORED

WHITE PAPERS

DECIPHERING OUR PORT AN ECONOMIC ENGINE Tom Berkley

Since 1950, The Port of Virginia has operated as a political subdivision of the Commonwealth of Virginia. Its pervasive reach stretches across Coastal Virginia, positively affecting employment, revenue and investment for businesses and communities across the Commonwealth. Understanding our port not only provides a deeper understanding of our community but also offers insight into potential business opportunities for growth and development. This article serves as a primer to current port operations and the lingo most common in regional, state and national publications.

DETROIT CHICAGO

NW OHIO

CLEVELAND HARRISBURG COLOMBUS

CINCINNATI KANSAS CITY

SAINT LOUIS

LOUISVILLE

FRONT ROYAL

GREENSBORO

MEMPHIS ATLANTA

The port is composed of six terminals: Norfolk International Terminals (NIT), Portsmouth Marine Terminal (PMT), Newport News Marine Terminal (NNMT), Virginia International Gateway (VIG), Virginia Inland Port (VIP)— located in Front Royal—and Richmond Marine Terminal (RMT).These terminals function similar to small, integrated communities within their host cities. The port is led by an executive director/CEO who reports to a board of commissioners, similar to a mayor-and-citycouncil model. The port’s board is appointed by our governor with its chairman reporting directly to the governor. In addition to its own police force, the port has people working on such things as environmental programs, maintenance, risk management, engineering, marketing and communications and human resource management. Further, our Attorney General’s office, in combination with chosen outside counsel, handle the port’s numerous legal needs. The port’s mission is to “foster and stimulate domestic and foreign commerce.” To that end, in 2013, an economic study performed by the College of William and Mary showed

C O VA B I Z

A P R I L / M AY 2 0 1 7

the port generated more than 374,000 jobs and $60 billion in total economic impact throughout the Commonwealth. These extraordinary figures are just the beginning. Virginia’s port is the nation’s fifth largest, and it has vast potential for growth that competitors lack. Craney Island, for example, offers as much future terminal space as some competitors currently utilize. In addition to its impressive channel depth of 50 feet, our port has federal approval to dredge to 55 feet, and an economic impact study for going deeper is underway. Equally important, the port has just begun a $700 million expansion, the largest in its history. This investment will improve cargo operations, provide room to grow and make this economic engine sustainable for decades to come. To understand the significance of this expansion, we must have a basic understanding of certain transportation lingo. First, we must learn the meaning of “twenty-foot equivalent unit or TEU.” The metal cargo containers that we see on trucks moving across roads and bridges and through our tunnels are known in the transportation industry as a TEU. A variety of goods are shipped in these cargo boxes—

SPONSORED

WHITE PAPERS Virginia’s port is the “nation’s fifth largest, and it has vast potential for growth that competitors lack.

“

coffee, furniture, iron, steel, machinery, sports equipment, toys, beverages, plastics, wood, grain, medical equipment, machinery, grains, fruits and even vehicles. A TEU can handle almost any product or raw material. Some TEUs, known as “reefers,” serve as refrigerators for food products. Our marine terminals load and unload TEUs from the largest vessels in Atlantic trade routes. We should soon see vessels that can carry 13,000 TEUs arrive later this year. TEUs must move to and from our terminals via truck, rail and barge with each mode of transportation as important as the next. The ability of TEUs to move by these various transportation modes makes them “intermodal,” and the various modes of transportation are known as intermodal freight transport. In 2016, Virginia exported 1.4 million and imported 1.1 million TEUs. The next important terms are “first-in” and “last-out,” and both terms have favorable meaning. A “first-in” call occurs when a vessel makes Virginia its first US East Coast stop—a “call” is when a ship comes to a port. A “last-out” call occurs when a vessel leaves Virginia for its overseas without another East Coast stop. Both types of calls mean that goods shipped from and to our port get to their desired markets faster. At the end of 2016, two large consortiums of ocean carriers confirmed multiple first-in and last-out calls to our marine terminals beginning in April. Consortiums such as these occur when vessel operators like Maersk or MSC join forces to offer more competitive and comprehensive services. Assisting with the speed of these oncoming deliveries will be a tug and barge service that runs between RMT and NIT/VIG. Coastal Virginia’s unique waterways allow use of barges to reach Richmond and Baltimore, which helps move goods to inland destinations without adding to road congestion. Equally important, if not more impressive, is the port’s relationship with both of the East Coast’s Class 1 railroads, Norfolk Southern and CSX. Having two rail providers creates competition and allows customers to obtain favorable pricing. These rail services lead us to our next term, “double-stack.” Rail accounted for 35 percent of the port’s business in 2016, and it continues to grow. Both rail carriers provide double-stack train service: two TEUs per train car with one stacked atop the other. While other East Coast ports might focus on their natural population base, our port leaders had the forethought to work with the railroads to service the Mid-Atlantic and establish direct transportation corridors with double-stack trains serving the manufacturing and population centers of the Midwest. A train can leave our port and deliver goods to Chicago in 40 hours. Norfolk Southern began double stack service along its Heartland Corridor route in 2010 to Midwest destinations including Columbus, Ohio and Chicago. Our connection with the Midwest continues to grow. On December 23, 2016, CSX opened its double-stack National Gateway route connecting Virginia’s terminals to Baltimore, Pittsburg, Cincinnati, Cleveland and Toledo. These locations supplement existing rail calls to St. Louis and Memphis. Never to be overlooked, the truck operations coming into and out of our terminals move the lion’s share of the cargo: in 2016 trucks moved more than 60 percent of the port’s intermodal freight. This summer, the port will open a new $30 million truck gate at NIT that will give motor carriers 22 additional access points or “gates” into and from the terminal with direct access to I-564 via a dedicated ramp. All of these improvements—wharf lengthening, new truck gates, improved rail access, expanded cargo handling capabilities, implementation of new technology—are directly aimed at attracting more first-in and last-out calls of bigger vessels. When complete, this $700 million investment increases the port’s cargo handling capacity by 40 percent or 1 million combined container units. Our port is growing, and coastal businesses can benefit by better understanding the port’s operations, its development, its future and the positive impact it has on the many industries it supports.

Tom Berkley

Tom Berkley is a shareholder at Pender & Coward focusing his law practice on maritime, admiralty and transportation. He has represented the Port of Virginia for over a decade and routinely advises marine terminals, shipyards, ship lines, trucking and cargo interests on operational, contract, insurance and liability issues. Clients depend on Pender & Coward’s breadth of diverse litigation and negotiation experience as well as historical knowledge and numerous contacts throughout the transportation industries that service Hampton Roads and the Mid-Atlantic. For more information visit www.pendercoward.com.

W W W. C O V A B I Z M A G . C O M

SPONSORED

WHITE PAPERS

HOW DO I SELL THEE? LET ME COUNT THE WAYS By Paul G. DiNardo, CPA It’s been said that the best time to plant a tree is 20 years ago—or today. The same applies to your business; the best time to plan the sale is the day you start the business—or today. Deep down, every owner realizes someday she or he will exit the business. The question is, on whose terms will you exit? The U.S. is in the midst of the largest generational wealth transfer in the history of the world as baby boomers retire, sell their businesses and leave inheritances to their children. A January 2017 headline in The Washington Post read, “A Record Number of Small Business Owners are Selling Their Companies.” I would have expanded that headline to explain, “Putting Downward Pricing Pressure on Exiting Owners who have not Properly Planned.”

Will is 64 years old and began a metal fabrication business, MetalCon, 20 years ago. He has a passion for the industry and his company, and he cares deeply for his employees, but he has no children and has not groomed an internal successor. Will has a great reputation in the industry, and while MetalCon is still growing, he feels that if he were younger and not so risk averse, additional capital could help his business grow even faster organically. Furthermore, that capital could allow him to acquire some of his competitors who are struggling with their exits. He would like to slow down but feels that selling now would be premature since there is still solid growth on the horizon. He is troubled by the situation and constantly asks himself, “How do I maximize the value of my business without the energy or capital to execute on the opportunity?” If he wanted to sell 100 percent of his business and didn’t care how his employees were treated after his exit, then he would look for the most money. Will, however, would be better served by finding the best money. A leveraged buyout with a private equity firm or individual with industry expertise could be the perfect play. If structured properly, it could allow him to remove the vast majority of his chips from the table while allowing a mechanism for his key employees to benefit from the increased value of the company. Will would continue to own a significant equity position while someone with deep industry experience, substantial skin in the game and access to capital takes his business to the next level.

The majority of business owners for whom I provide exit planning services start their businesses while following an opportunity or passion. They keep their heads down, working hard for years. One day, they look up and survey the business they have created without any idea of what comes next. Many feel there are only two options: sell 100 percent of the business or, in the event there is no family member to carry the torch, continue to work until they are dragged out feet first. Between those two extremes, there are an infinite number of exit options to explore. Let’s examine just one option for a hypothetical business owner, Will.

C O VA B I Z

A P R I L / M AY 2 0 1 7

Here’s how it might work: Will’s advisors locate a private equity group (PEG, LLC) with experience in fabrication, looking to take a majority control position in a business like MetalCon and place top management talent to run the business. MetalCon generates $3 million annually in EBITDA (Earnings Before Interest, Tax, Depreciation and Amortization), and the negotiations have set the entity value at $18 million. From there, PEG organizes a strategy for capital: · PEG finds a senior lender to loan MetalCon $5 million dollars while giving a security interest in fixed assets and accounts receivable. · PEG finds a mezzanine lender willing to loan an additional $6 million in subordinated debt. · PEG puts $4 million of equity in the deal. · All new money goes to Will in a partial redemption of his interest.

SPONSORED

WHITE PAPERS Each of the above steps changes the enterprise value as well as Will’s personal economic situation. Here’s how the math works:

· The pre-acquisition enterprise value is $18 million. · Will receives $5 million from the senior loan which drives the enterprise value down to $13 million due to the $5 million of new debt. · Will receives $6 million from the mezzanine loan which drives the enterprise value down to $7 million due to the $6 million of new debt. · Will receives $4 million from the equity infusion which has no net impact on enterprise value since the $4 million went in and out as equity. · The original enterprise value was $18 million, and Will has received $15 million, more than 83 percent of the enterprise value in cash while not being a guarantor on any of the debt. · The enterprise value is now $7 million. Will still owns $3 million of equity, and PEG owns $4 million of equity. Will retains 43 percent ownership in the new entity while cashing out more than 83 percent of the negotiated enterprise value. He offers 3 percent of his 43 percent to key employees as a thank you.

ABOUT PAUL G. DINARDO Paul G. DiNardo, CPA has over 30 years of accounting and consulting experience and a passion for startups and closelyheld businesses. He uses his expertise to provide tax solutions, strategic business planning consultation and succession planning consultation services to clients across a broad range of industries, focusing on technology, manufacturing and wholesale distribution, and government contracting. Wall, Einhorn & Chernitzer, P.C. combines the attention of a local firm with national resources to serve clients in Hampton Roads and beyond, helping them to reach financial goals of all sizes and achieve lasting, positive change.

WILL’S SECOND VICTORY Make no mistake; there is still risk on Will’s $3 million of equity, but he can rest easier knowing that an outstanding management team has a huge investment in MetalCon. By focusing on finding the best money, Will is in a unique position to ride the coattails of an organization with deep pockets looking for growth by leveraging his contacts. This plan seems like a great solution, but there’s still icing to put on the cake: Eight years from now, PEG will exit MetalCon for $35 million, giving Will a second bite of the apple, which is just as large as his first.

For more information, please contact Paul at pdinardo@wec-cpa.com or 757-425-4700.

W W W. C O V A B I Z M A G . C O M

SPONSORED

WHITE PAPERS HOW TO MAKE THE MOST OF YOUR TIME AT THE GYM By Chris Ullom

n his book, Making Money in the Fitness Business, Thomas Plummer writes that “time is the enemy of fitness.” In an age where there are more and more demands placed on us and our time, the last thing we should do in the fitness industry is expect people to come in for a two-hour workout. Most of us are in similar situations—husband/wife, father/mother, executive/entrepreneur, etc., and yet we still need to find time for ourselves. How can we possibly handle all of our responsibilities outside of work and still be productive at the office? While many of you may see this as a need for time management, it’s actually a matter of managing your energy. In his article, “Manage Your Energy, Not Your Time” for the Harvard Business Review, Tony Schwartz writes, “The core problem with working longer hours is that time is a finite resource. Energy is a different story.” So then the real questions is not how to effectively manage your time but rather how do you manage yourself so that your energy remains high as well as your productivity. The process of sustaining one’s energy is quite simple—give some focus to the things that keep us energized! This includes nutrition, sleep and exercise, among others. If you are going to make the gym a priority and fit it into an already full schedule, simply utilize the same tools that make you successful in business and apply those to your fitness routine—establish goals, come up with a plan of action and put your gym time on the schedule. Maximizing your time in the gym requires that you determine why you are going there in the first place. Without a clear picture of your end game you will be one of those people I see that wander around the weight room, trying different things that look interesting and then leaving without accomplishing much. When you know exactly what you want to accomplish, all of your efforts can be directed toward achieving your goal in the most efficient manner possible. Once your fitness/health goals are firmly established, you can then make a weekly exercise schedule. An individual looking to improve their body composition might come up with the following:

MONDAY

TUESDAY

WEDNESDAY

THURSDAY

FRIDAY

SATURDAY

SUNDAY

STRENGTH

HIIT

CARDIO

STRENGTH

HIIT

RECOVERY

REST

HIIT = High Intensity Interval Training Simply knowing the purpose of each day’s gym visit increases your efficiency by focusing all of your efforts toward the task for that particular day. Obviously, your schedule might look a little different depending on your individual goal. Once your weekly schedule is in place, you can now come up with a plan for each workout. That’s easy enough if your plan that day is a yoga or HIIT class, but what if you plan to work out on your own? If you don’t know exactly what you are going to do before you get to the gym, please ask for help! Left to your own you will probably be as successful as me when I try to fix my own car. Let’s just say it’s not pretty. The last thing I want you to consider is what is most important to you? Everyone has different priorities, but right at the top of your list should be your health. I’m always amazed at the excuses people give me for not having the time or money to go to the gym. Think of the things you spend money on or how you spend your time, and ask yourself if they are more important than your health. Yes, your job is important, but is it the most important thing? In the book, Top Regrets of the Dying, one of the biggest regrets people had on their deathbed was, “I wish I hadn’t worked so hard.” The most important thing for your personal success and your family’s wellbeing is your health. And in the words of my friend Bill Parisi, always make the most important thing, the most important thing. Chris Ullom is the director of training at Wareing’s Gym.

C O VA B I Z

AP PR R II LL // M MA AY Y 2 20 01 17 7 A

Chris Ullom is the Director of Training at Wareing’s Gym in Virginia Beach. He is an Athletic Trainer and a Strength and Conditioning Specialist that has been working in the fitness/health industry for 23 years. His career includes 10 years working in physical therapy, four years as the Head Strength and Conditioning Coach for the US Women’s National Field Hockey Team and 13 years at Wareing’s Gym where he has served as the Director of Training since 2013. He currently lives in Virginia Beach with Paulette, his wife and best friend for the last 26 years, as well as their three boys and two dogs.

SPONSORED

WHITE PAPERS FRINGE BENEFITS FOR YOU AND (MAYBE) YOUR EMPLOYEES By Donald S. Hannahs

sing your business for personal benefit is an advantage of owning your own business. Using company dollars to provide fringe benefits that benefit you personally is very satisfying to many business owners. Picking up valuable tax deductions, tax credits or tax benefits (tax deferral, partially taxable, favorable tax calculations) makes the cost of these desirable benefits less expensive. Some benefits must be offered to all employees while many others only need to be offered to the owners and/or selected employees. What is a fringe benefit according to the IRS? A fringe benefit is a form of pay (including property, services, cash or cash equivalent), in addition to stated pay, for the performance of services. Under IRC 61, all income (pay) is taxable unless an exclusion (from taxation) applies.

Partial list of Useful Benefits: Accident and Health Benefits (includes short- and long-term disability insurance) Achievement Awards (up to $1,600 is exempt from taxation per year) Adoption Assistance Athletic Facilities Automobile Reimbursement Plan (includes leases, mileage reimbursement or company vehicle ownership) Board of Director Fees (paid to board members who could be family members) Business and Professional Organizations (not country club dues but business-related use of club) Deferred Compensation Plans (includes Excess 401(k) plans, Rolling Bonus plans, SERPs) Dependent Care Assistance (up to $5,000 is exempt per year) Educational Assistance (up to $5,250 is exempt per year) Employee Stock Options (includes incentive stock options, employee stock purchase plan, options and non-qualified stock options; very useful in succession planning and key employee retention) Flexible Spending Account (FSA) (allows employees to reduce salary to pay expenses on a pre-tax basis generally within that calendar year) Flowers or Fruit (for special occasions) Group-Term Life Insurance Health Reimbursement Accounts (HRA) (100 percent employer paid and can be carried over from year to year) Home Office Deduction (includes office furniture, pro rata taxes, utilities, insurance, cleaning, etc.) Health Savings Accounts (HSA) (employee can contribute up to $6,750 per year; can act as another retirement plan and be carried forward) Lodging on your business premises (includes business use of your vacation home or boat) Long-Term Care Insurance Meals on your business premises (group meals and employee picnics) Medical Expense payment or reimbursement (100 percent allowed) Retirement Plans (includes 401(k), profit sharing plan, defined benefit plan, SEP, SIMPLE IRA, money purchase plan) Sale/leaseback arrangements (includes property or equipment you or your children own and lease to your company) Theater or sporting events tickets Travel and convention reimbursement (combination of personal and business travel, includes costs to travel, transportation costs, lodging, meals, cleaning, laundry and other miscellaneous expenses) Tuition Reduction ($4,000 and only applies to undergraduate education)

Donald S. Hannahs, CFP is a founding partner of Planning Solutions Group, a wealth management firm with offices in Virginia and Maryland. Don has over 20 years’ experience working with successful professionals and business owners. He is on the Board of Advisors of the CEE Fund at Christopher Newport University and is an adjunct professor at Montgomery College in Rockville, Md. Reach Don at Dhannahs@ PSGplanning.com, call 757-271-8824, or visit PSGPlanning.com to learn more or sign up for their free monthly newsletter on tax, financial and business strategies.

No doubt there are many rules, exceptions, tax considerations and limitations that apply to these benefits. Contacting your CPA is critical and always encouraged. Planning Solutions Group can help you understand how selected fringe benefits might apply to your “unique” situation.

Securities offered through Triad Advisors, Member FINRA / SIPC. Advisory Services offered through Planning Solutions Group, LLC. Planning Solutions Group, LLC is not affiliated with Triad Advisors.

WW WW W .. C CO OV VA AB B II Z ZM MA AG G .. C CO OM M W