How To Quantify & Assess The Financial Impact of Business Closures on Your Bottom Line

How To Quantify & Assess The Financial Impact of Business Closures on Your Bottom Line

The unfortunate reality for businesses of all sizes right now are spontaneous business closures (or deciding whether now is the time to reopen your business!)

And with COVID-19 outbreaks at your physical locations meaning potential mandatory lockdowns, as well as deciding whether to re-open at all it’s important to know the figures and what it could cost you.

We wanted to share how you can use Boardish to quantify into hard numbers what this means for your business.

  • Is it more cost-effective to keep your physical locations closed rather than adopt new procedures?
  • What is the real ‘solution’ cost of implementations? (including the cost of your expert’s hours and time)
  • What is the sales loss for your business closure?
  • What is the regulation impact for remaining closed? (and does this pose a higher risk to you?)

With Boardish you can compare the cost of a closure to your business and the full solution cost to your turnover so that you can decide which areas of the business are still viable. PLUS make a quick decision with all the numbers once you’ve run your simulations.

Once you’ve input your company information you can run several simulations on different scenarios so you can see the full picture quickly, and then use this information to get a fast decision from the board or decision-makers.

Boardish which will give you a snapshot of the information you need on the company right now, and you have complete manual control over the effeciency of your solutions so you don’t have to consider AI learning time, or integration into your systems!

The Boardish Web App is ready to go right now, and you can do all this in the FREE Boardish Basic Tier! 

Take a look at our video above where it runs through the exact process. So you can quantify exactly what you need right now! 

Quantify business closures

And which solutions are cost effective (and which aren’t) 

IT & Cyber Essentials For Working Remotely ​

IT & Cyber Essentials For Working Remotely

*This post is written by our co-founder and originally posted on LinkedIn here

IT & Cyber Essentials For Working Remotely

Allowing remote working is one of the biggest requirements in the IT & cyber world right now.

Our March 2020 Boardish Analytics report (https://boardish.io/monthly-analytical-cyber-reports) shows us that “Immobility” has the highest increase of all threat counts for this month, with an increase of 42%

We decided to share some of the basic essentials to allow remote working in a secure way:

IAM Solutions ( Identity Access Management ):

Mainly when working on Cloud Solutions / SAS – enabling IAM features will make a huge difference between working remotely and working remotely in a secure way.

  • Enable MFA – Multi Form Authentication (if you have done so yet – no excuses – your identity WILL BE HACKED )
  • Use Geographical limitations – enable login only for locations in which you have a “logic” / “need” to work from.
  • Connect DEVICE to a USER – make the connection between the device and the user – when doing this you can even enable some access from BYOD devices if you can verify they have the basic required level of security.

Video Conferencing:

Our March report has also shown us a HUGE spike of 371% in “Video Conferencing” as a solution for most ‘immobility’ threats.

* Note: Before the Coronavirus outbreak – Video Conferencing wasn’t considered a “solution” for IT & Cyber Threats.

Video Conferencing solutions are one of the easiest ways of mitigating the current risk and enable business continuity, both internally and with your clients.

Note: that many of Video Conferencing vendors (Like Microsoft with TEAMS ) are offering free tiers for this Coronavirus period.

VoIP solutions:

Most of the “last-gen” phone solutions support VoIP connections, either via applications or devices, it’s now easier than ever to get you phone extension in any location, including your home if required.

Secure Internet Connection:

This is something that is overlooked in many cases when working from home, in most cases, your home router is just not stable enough nor it is secure enough.

We recommend using business-grade routers for your critical employees that are part of your business continuity program, this will make a huge difference both on the stability of the connection and of course securing the connection from unwanted listeners.

VDI & Terminal Server solutions:

In my professional opinion, this is still of the best ways to allow access to your sensitive programs in a secured and controlled environment, even if you are connecting from a BYOD device.

The ability to isolate specific software for specific users and the combination of VDI solutions with IAM makes it of the best possible remote working solutions.

Even a basic terminal server with a locked-down GPO will provide a much more secure environment than working directly on your BYOD computer and more functionality in some cases than your laptop via remote connection.

Cloud Security:

Cloud solutions like file-sharing platforms and online email platform makes the perfect “work everywhere” solution, the productivity factor is huge.

The same solution requires additional security, mostly to make sure you can differentiate sensitive information from non-sensitive, as well as enforce that only authorized sharing of data will occur,

We see in our Boardish ecosystem that most companies that use Cloud Security combine it with their IAM to achieve user & data visibility and enforcement.

We highly recommend having visibility and the ability to enforce your users ( remote and local) cloud activity.

How can you quantify these solutions ROI? – use the Boardish Methodology, below is a sample dashboard we made.

Immobility is a quantifiable threat.

Quantify it and you’re much likely to get fast approval for solutions. (The free version of Boardish all that you need for this scenario.)

– Eli Migdal – the Founder of Boardish

Quantify Immobility Yourself

Explain why/how your solutions work, to a non-techy audience. 

Which is a bigger risk? Ransomware or lack of IT & Cyber Human Resources (and how to quantify to BOD)

Which is a bigger risk? Ransomware or lack of IT & Cyber Human Resources (and how to quantify to BOD)

This article was written by our Founder and originally published on Linkedin here

too many projects not enough people image

During my consulting sessions on cyber security, I see a recurring theme. There’s usually a skilled team with great ideas and capabilities.

But not enough human resources to execute it.

A CTO or CIO will usually have most of their team already engaged in dozens of IT and Cyber projects. Even the most basic exercises like vulnerability assessments can get delayed just because there are not sufficient team members (or financial resources to use suppliers.)

You may think that if the company has the resources to appoint a CISO, that the CISO will then have sufficient resources, and enough people… think again 🙂

In many cases, the CISO’s team is already caught in several projects as well and entire security teams are not able to perform their required roles.

In this phase, I usually recommend “requesting decision-makers” for more resources, more people or more money so you can use an external company.

Also in this phase, I see how hard it is for the Manager to ask for more resources even if they understand that not asking for more resources will put the company at risk.

I use the BOARDISH methodology to show a clear financial impact of a “lack of resources”,

*See an example of quantifying this via the BOARDISH web app (boardish.io)

Background:

  • The Core issue of the test company is that they have an End of Life server in production, which both contains PII information and also several systems that use old SMB protocols.
  • The CTO, Cyber Team and Compliance all know the risk this server is imposing on the company.
  • It just a matter of time until the SMB protocol will cause Ransomware AND / OR Data Leakage of PII information.
  • Company information – I am using a test company with the following information:

Threats:

This is where we put “Insufficient IT & Cyber Resources” as the main Threat,

And we use info that we know from Ransomware and Data Leakage for this specific company as our “Turnover Days Loss” and “Work Day Loss”

Why ? – because “Insufficient IT & Cyber Resources” will not allow you to even “get to” addressing the actual Ransomware & Data Leakage issues – it will delay and delay them.

Solutions:

In Solutions, we will put 2 options, inputting the yearly cost.

  1. Recruiting a staff member
  2. Using an external company

Threat Protection Factor ( TPF ) :

In this scenario – our solution will “most likely” solve the entire threat, this is why we will input 90%

Experts Costs:

Recruiting in-house VS Outsourced will usually require more resources for ongoing management. So we must account for this time (and hourly costs of this time) in the yearly expert costs.

Regulation impact:

Regulation has a HUGE impact on our scenario, the lack of resources will most likely to a Data Leakage of PII.

And we have a CLEAR FINANCIAL IMPACT NUMBER to show our Decision Makers / Board:

  1. What is the COST of the”Insufficient IT & Cyber Resources” Threat
  2. What are the components of this Threat (Market Loss, Regulation, Salary Loss and Sales Loss)
  3. What is the COST of EACH OF THE OPTIONS of Resolving this Threat
  4. What is the leftover exposure in each environment to consider when looking at further mitigation.

The Boardish Methodology is combining a Risk Assessment exercise with Financial quantification, now your Decision Maker / Board needs to make a very clear decision:

Provide the resources for solving the Threat or accept the Cost of the risk.

Eli Migdal

Quantify your biggest risks

And explain to decision-makers which ones to focus on first…

Quantifying The Financial Impact of Mass Absence From Your Business

Quantifying The Financial Impact of Mass Absence From Your Business

This article was written by our founder Eli Migdal, posted on Linkedin here

woman working from home

In the Boardish community, we have noticed a big spike of companies who are adding the threat of “Immobility” (not being able to work remotely).

I want to help and to show you a basic guide on how to use the Boardish platform* to understand the costs of immobility, for example with situations like the Coronavirus where many people have to self-isolate but are still able to work. So you can get quick approvals on solutions to solve this from decision-makers.

*You can do this with the free version of Boardish also.

Step 1 – Company information:

Fill your company information, all threat impact and solution mitigation are calculated based on the size, type and financial posture of the organization.

INPUTTING company info in boardish

Step 2 – Threats:

Add a custom threat (Go to > Add Threat Type), you can call it “Immobility” or we’ve also seen variations of “Not being able to work remotely” and “no remote working option“.

Then we look at the critical operational information like how much the threat impacts the day-to-day. It’s different for each company, so we recommend involving your Operations, Sales, and Marketing teams.

In our example company below we have:

  1. Set the Chance of Losing Marketing position to Medium
  2. Included 25 Turnover Days Loss (days you are not selling because of a mass absence of staff and your company doesn’t have remote working capabilities in this case)
  3. 50% of Sales Loss in these days (because not all functions are impacted, some are automated etc.)
  4. 14 Workdays Loss is predicted for High, Medium and Low impact users. (for example, a self-quarantine period of two weeks.)
input threat info in boardish

Step 3 – Solutions:

We will add 3 possible solutions that help us with the threat of “not being able to work remotely

  1. Video conferencing tools – Note that many companies are now offering a free option as well (due to the Coronavirus outbreak). So for this example, I made the cost of video conferencing free.
  2. Advanced identity management tools – Tools that help you to protect remote identity, by adding “Device Identity”, MFA, Geographical restrictions and other abilities thathelp you to work remotely and securelyThis is also very important for BYOD capabilities which are a big part of working remotely. For this example, I made the cost $7 per user.
  3. Cloud security solutions – When working remotely, tools like Dropbox, OneDrive, Box, Google Drive etc. will be used more. So we will need tools to secure them in the business. Particularly to make sure we can differentiate between sensitive and non-sensitive types of files being worked and shared remotely. So in this example, I made the cost $6 per user.

For the purpose of this example, I’m staying vendor-neutral but I will be using the solution type field.

solution input on boardish

Step 4 – Threat Protection Factor (the efficiency of solutions against threats)

In this section, we are setting the effectiveness of the 3 solutions against the same threat. The TPF section is where you can use your experience and knowledge of solution efficiency to have manual control.

Based on my experience, I have used the following info:

  1. Immobility and Video Conferencing – 80% on Prem, 0% Cloud
  2. Immobility and Advanced Identity Management – 0% on Prem , 75% Cloud
  3. Immobility and Cloud Security – 0% on Prem , 70% Cloud
TPF in Boardish

Step 5 – Expert costs

This is section is very important when showing solutions to your decision-makers. Video conferencing solutions may be free to use but they will require resources from IT to train and support, these resource requirements and costs need to be quantified.

I have used the following info:

  1. Video Conferencing – Will require 100 hours yearly of 1st Level IT – mainly for support setups or connection issues.
  2. Advanced Identity Management – Will require 50 hours of your Cyber Staff to configure and 100 hours of your 2nd level IT to support
  3. Cloud Security will require the same as Advanced Identity Management ( for this example)

*Again you can use the figures for ongoing support if you know them for a solution you’ve used previously or are benchmarking.

Expert costs input in boardish

Step 6 – Regulation

In this step, we will set the GDPR impact for this threat. Immobility doesn’t have a direct GDPR impact unless there is a security issue that is not taken into consideration, and this is likely to be caused by something specific other than lack of mobility.

So, in this case I have configured GDPR regulation impact as none.

Dashboard:

Once completing the dashboard, you will get clear figures on the following:

  1. Cost of the Threat – $39.92M
  2. Cost of Solutions: $64K in total

This is “decision making” knowledge provided to your stakeholders. If your’s company information is as clear as in this example – you will get your budget request approved for solutions that combat an immobility threat. Particularly in cases of mass absence.

To quantify immobility in your organisation, you can run the same simulation using your information in Boardish.

Learn more here: https://boardish.io/

Sign up here: https://app.boardish.io/

 

Quantify quickly to decision-makers

Explain why/how your suggested solutions work, to a non-techy audience. 

CyberTech 2020: Insights From Eli Migdal (Part 1)

CyberTech 2020: Insights From Eli Migdal (Part 1)

Our founder Eli Migdal attended the CyberTech 2020 event. In this video, he is discussing the biggest issue cybersecurity is facing right now – response times to new threats. 

He explains that the issue isn’t in lack of solutions and that there are numerous vendors that are working on different solutions for the same problem. He further stated that he counted at least 15 cybertech companies that are working on solving fraud detection and breaches, which gives him the perfect opportunity to address a rather pressing issue – choosing the right solution.

“How can we quickly choose between them if there are so many solutions?”

Eli argues this is the tricky part of the cybersecurity business. There are different solutions that all work well for a particular issue, but which one is best? 

“As professionals, we still need to investigate those solutions.”

While a solution might sound good on paper, it will be clearer if it’s the right choice after having a proof of concept and evaluation. 

This process of determining the best solution cannot be sped up, but the process that follows can be. The solution cybersecurity experts choose needs to be presented in front of the board of directors. 

“We must make it quicker,” he says about the process of getting approval for the solution cannot wait, especially when there are so many threats to address and so many solutions to choose from. 

He explains that the risk of security and breach issues can be mitigated greatly if organisations move quickly enough. This means that the decisionmaking process of the board “must be quicker than the bad guy’s”. 

“We don’t have a technical solution problem […] the cybersecurity community can solve the majority of the problems; we just need to move quick enough.”

This means that we need to have the means to speed up the decisionmaking. When the decisionmaking is quicker than the bad guy’s decision-making process, we’ll be able to address cybersecurity before it becomes an issue. 

React quickly to cyber threats