Advisory News

Middle Market Businesses Need a Plan Amid COVID-19 Crisis

Posted on by info

The highly contagious novel coronavirus has endangered countless lives and forced millions of people into self-isolation at home. This public health crisis has also shuttered non-essential businesses and upended economic activity across the country and around the world. These unprecedented challenges have negatively altered the daily patterns of families, communities and businesses alike.

Businesses in most industries must take the steps necessary to ride out this disruption, as the expected scope and duration of the COVID-19 pandemic remains unclear. Businesses suddenly face sinking revenues, which will likely lead to significant cash flow challenges. There are concrete steps that organizations can take to assess their needs, formulate a realistic cashflow forecast for the coming months and take the necessary steps to stem business losses and sustain operations.
 

Symptoms of Distress

Many middle market companies will face significant headwinds due to COVID-19. Key signs of distress to look for include:

Tight Liquidity

  • Business deemed non-essential and forced to close or limit business offerings
  • Insufficient cash on hand
  • Inability to obtain new financing for the business
  • Held checks and increasing payables
  • Slower turning inventory
  • Inability to pay debts as they come due
  • Inability to continue investing in the business


Fully Drawn on Credit Facilities

  • Covenant violations lower borrowing base availability
  • Reliance on “amendments” and/or forbearance agreements to remain compliant with loan documents
  • Deteriorating relationship with lenders


Declining Profitability

  • Business deemed non-essential and forced to close or limit business offerings
  • Significant decreases in revenue, cash flow, and EBITDA
  • Industry challenges magnified by COVID-19 impact and regulations (e.g., retail, restaurants, hospitality, leisure, nonprofits, oil and gas, et al.)


Debt in Excess of Book Value of Assets

  • Current and long-term debt exceeds value of assets (excluding goodwill or other intangibles)
  • Significant near-term debt maturities


Other Signs of Distress

  • Loss of key customers and vendors
  • Layoffs, product line reductions, etc.
  • Service lapses
  • Wide disparity in performance by location

An Action Plan for Companies Experiencing Distress

All organizations should be proactive in assessing their current financial health, and they need to develop an understanding of their future capital requirements to help ensure business continuity throughout these challenging times. There are three crucial steps to take now that provide the framework required to make informed decisions that create a meaningful action plan.

1. Take stock of the immediate impacts
First, examine where the business stands today.

What initial impact has COVID-19 had on business revenue so far? What interruptions to the supply chain and workforce have hindered the ability to generate revenue? Is the business able to negotiate to defer the payment of rent during the crisis? Has the business needed to make emergency expenditures to continue operations? Are there any credit facilities, SBA loans or other government funds available to draw from?

Government Relief for Qualifying Businesses under the CARES Act
Businesses can evaluate the options available to them through the Small Business Administration relief measures and government borrowing programs for economic stabilization in the wake of COVID-19. For example, the congressional stimulus package includes a Small Business Interruption Loan program designed to help businesses that satisfy industry-specific qualifications make ends meet on essential business continuity costs, such as payroll, rent, mortgage and utilities payments. Employers are incentivized to retain staff, with more 7(a) loan forgiveness available to those who do not reduce headcount.

2. Project the near-term cash flow needed to sustain through the downturn
Some businesses felt a sudden impact from COVID-19. Restaurants, bars and retailers were forced to shutter their doors in compliance with social distancing. Others may feel the impact over time as they run low on inventory or see customers tighten purse strings due to rising unemployment and economic turmoil.

Businesses should put together a realistic and detailed cash flow forecast for the next three to six months to get a full picture of what liquidity needs are likely going to be during this period. This will give leadership the necessary perspective on where to cut costs in the short term to try to minimize losses. Consider: What is the expected trajectory of COVID-19 within the business footprint? Does the business anticipate continued revenue reductions due to reduced demand or an inability to manufacture products, procure inventory or render services? How will the business respond if members of the workforce get sick?

3. Evaluate your options to ensure business continuity
Companies negatively impacted by COVID-19 need to take action to mitigate risk in this difficult climate. Those options may include:

  • Pivoting the business model to ensure revenue generation during this time (e.g., restaurants offering new delivery and take-out services, or retail stores moving to direct-toconsumer e-commerce models)
  • Reducing outflows by delaying rent payments, deferring state and federal taxes, and reducing headcount or furloughing workers
  • Reallocating resources to produce personal protective equipment
  • Applying for loans made available through the CARES Act stimulus package
  • Reaching out to lenders to tap into revolving credit, ask for leniency or additional loans
  • Seeking applicable refunds (i.e., tax refunds, or refunds on prepaid workers comp policies)

Once your business has assessed its current state and projected cash flow needs, you can proactively engage with current lenders to seek some level of covenant relief, support and, in some cases, additional liquidity. With the Treasury Department providing support to financial institutions, lenders may be willing to work with existing customers to help them through these pivotal months.

Business leaders should also be prepared to offer what they can do to help the situation, such as bringing in money from ownership, offering additional collateral or implementing a plan to reduce expenses and conserve value.

With the recent expansion of social distancing and other guidelines from the Centers for Disease Control and Prevention that impact the business landscape throughout the U.S., it is never too soon to develop an action plan to mitigate risks and continued losses.

Create a Preparedness Plan to Ensure Business Continuity

Posted on by info

Critical events, such as an infectious disease outbreak, are not always preventable and may be difficult to anticipate. That’s why being ready with a business continuity plan is half the battle. The goal of business continuity management planning is to get businesses back on track following a disruptive event.

Maintain Business Continuity

Start by identifying which organizational processes will be most affected by a disruptive event. Anticipate the types of disruption that pose the greatest risk, and proactively implement policies and procedures to mitigate their effects.

Follow these essential steps to create the foundation for a Business Continuity Plan:

  • Conduct a thorough risk assessment to identify critical processes and functions that would be impacted during a business disruption
  • Identify compliance requirements
  • Identify essential employees to deliver critical processes and functions
  • Determine the agility of the workforce and what resources may be needed during a disruption
  • Review current or develop policies regarding remote work, paid or unpaid sick or personal time
  • Review policy to encourage sick or unwell employees to work remote or separated from other employees
  • Align business travel to align with government mandated travel restrictions
  • Discuss protocol for the safe evacuation or quarantine of employees who are traveling
  • Define internal and external stakeholders for conveying communication
  • Develop strategies and vetted holding statements to communicate with employees, customers, consumers and the media
  • Review supplier service level agreements to consequences for not abiding by contracts
  • Review supplier business continuity plans to determine whether they align with your businesses expectations
  • Define the capabilities of the upstream supply chain to determine their capability to provide your business what it needs during a disruption
  • Consider increasing inventory to extend operations if the upstream supplier is not capable of delivering needed goods
  • Define the capabilities of the downstream supply chain to assess impact to your customers if operations are no longer feasible at normal capacity
  • Communicate business decisions to appropriate audiences
  • Train response team members on responsibilities during a disruption
  • Test the Business Continuity Plan by conducting tabletop exercises

Maintain Employee Safety

Every organization has a duty to protect the health and safety of its employees. That duty is even greater during a critical event involving infectious disease. OSHA recommends taking a systematic approach to planning for employee safety during a disruptive event.

Issues to consider and plan for:

  • Be aware of and review federal, state, and local health department recommendations, and integrate into your plan.
  • Prepare and plan for operations with a reduced workforce.
  • Identify possible exposures and health risks to your employees.
  • Plan for downsizing services but also anticipate any scenario which may require a surge in services.
  • Recognize that in the course of normal daily life all employees will have non-occupational risk factors at home and in community settings.
  • Stockpile items such as soap, tissue, hand sanitizer, cleaning supplies, & recommended PPE.
  • Provide employees and customers with easy access to infection control supplies.
  • Develop policies and practices that, if necessary, can be introduced to separate employees from each other, customers, and the general public.
  • Identify a team to serve as a communication resource so that employees and customers have access to accurate information throughout the crisis.
  • Work with employees & their union(s) to address leave, pay, transportation, childcare, absence, & other human resource issues.
  • Provide training, education, and informational material about business-essential job functions and employee health and safety.
  • Work with your insurance company, and state and local health agencies to provide accurate information to employees and customers regarding medical information specific to the event.
  • Assist employees in managing additional stressors.

This article originally appeared in HUB International’s “HUB Insights”. Copyright © 2020 HUB International Limited. All rights reserved. www.hubinternational.com

Mitigating Cyber, Business and Health Risks of COVID-19

Posted on by info

Overview

CyFIR Enterprise—and its on-demand, instantly-available variant CyFIR Investigator available on the AWS Marketplace—provides fully remote incident response, forensic investigation, insider threat, and eDiscovery collection capabilities to IT security organizations, including those currently under work-from-home or travel restrictions. Built with an enterprise-first architecture, CyFIR was designed for forensic-grade remote access of corporate computing assets, either down the hall or across the globe.

COVID-19 Disrupts Normal Workplace Functions

To “flatten the curve” of the spread of the novel coronavirus COVID-19, many businesses and organizations are asking employees to leave the normal confines of their offices and work remotely from home. Even with strict VPN-access policies, computing assets in the wild are less protected than those internal to a company’s defenses. When employees are working remotely, their computing systems are subject to the potentially questionable defenses of their home’s network configuration and defenses.

Several cybersecurity firms are reporting increased attack activity against a range of targets using the COVID-19 pandemic to dupe their targets into launching malware as large portions of the world have their attention turned toward the virus. With employees being distracted by juggling unanticipated work from home, closed schools, potentially sick relatives, and limited office resources, they may be less vigilant in ensuring that every link in a multitude of email messages is a safe one.

Additionally, the COVID-19 virus has impacted travel capabilities for IT security units that often work on-site with customers, such as Incident Response (IR) and eDiscovery collection teams. Traditional IR models often call for a team to fly to a customer’s location, work on-site with employees to collect disk images of computing resources, and then fly back to their corporate offices to begin analyzing the content of those images. Not only does this approach expose an IR provider’s employees to potential threats of COVID-19 in both travel and working in unknown environments, but it also reflects an inefficiency and of the Incident Response market driven by the limitations of common software platforms in the field.

Further exacerbating the issue of providing incident response and investigative services to a “work from home” workforce is the reduced internet connection speeds of home broadband service. Many forensic investigation platforms rely upon the support of a high-speed network connection, assuming that they are being used within the confines of an office. This essentially renders IT Security teams incapable of addressing their company’s security concerns while its workforce is practicing social distancing and isolation to combat COVID-19.

CyFIR Allows IT Security and Incident Response Functions to Continue Remotely—Without Access Limitations or Risk of Viral Exposure

Internal IT Security Teams

With the immediate mandate to work from home established by many organizations in the face of the COVID-19 pandemic, many IT Security teams will find themselves unprepared to handle their job functions with the majority of the computers under their protection being removed from the corporate network and exposed to a wide variety of home networks with differing security postures. While this may be “business as usual” for modern distributed companies, factors involved in ensuring security for remote computing assets often have not been thoroughly considered or prepared for by traditional organizations.

With the CyFIR Smart Agent deployed to computing assets, IT Security, Insider Threat, and eDiscovery collection teams can remotely access endpoints with forensic fidelity to perform their critical job functions, unaffected by the location of either their analysis workstation or the targeted computing endpoints. With appropriate permissions, security staff can review detailed information about running processes, search for files of interest across all endpoints simultaneously, dive deeply into an endpoint’s file system or email storage, examine open network connections for signs of data exfiltration, extract files or processes of interest for storage or further analysis, and more—regardless if those endpoints or analysis workstations are inside or outside of the corporate firewalls.

Incident Response Companies

Because of the limitations imposed by both common incident response investigation software platforms and unchallenged legacy procedural thinking, most companies engaging in incident response work send teams of individuals—billable by the hour—on-site to create tens, dozens, or hundreds of image copies of potentially affected computer systems which they then bring back to the lab for analysis separately or in small batches. This methodology puts a company’s staff and customers at risk during a viral pandemic.

With CyFIR’s enterprise-first, fully remote architecture, a CyFIR installation can be set-up on customer premises, at corporate headquarters, in a corporate data center, or in the Cloud. For short-term, immediate-need engagements, CyFIR LLC also offers CyFIR Investigator on the Amazon Web Services Marketplace. Using CyFIR Investigator on AWS, within fifteen minutes, Incident Responders can create an appropriately sized CyFIR server for engagements from five to 2,500 concurrent endpoints and begin deploying CyFIR Smart Agents to computers in need of incident response investigation or remediation. This can all be done remotely, from any location, to any region served and supported by the AWS Cloud. In doing so, this protects IR staff from traveling and being exposed to unknown conditions on-site, allowing them to be effective, productive, and responsive while meeting the CDC’s recommendations of social distancing and protective isolation. With additional CyFIR Investigator instances, numerous individual customers can be handled from one analyst using a single workstation connected to the AWS Cloud for everything from making a live, remote, forensically-sound disk image to performing a full Incident Response investigation and remediation across thousands of endpoints. Five-day free trials—often more than enough time to complete an investigation with the concurrent endpoint processing offered by CyFIR—are available on CyFIR Investigator instances of 250 endpoints and larger.

CyFIR Operates in a Low Bandwidth Environment

Unlike most “enterprise” forensic analysis platforms, CyFIR is able to function in a remote, low-bandwidth environment. CyFIR’s remotely deployed Smart Agents contain the forensic processing functions of the CyFIR platform. The Investigator’s interface simply provides commands to the endpoint Smart Agents, and the Smart Agents return a small amount of data with the resulting information. Investigators can then choose which files or processes to preview, review, remotely acquire, and more. While CyFIR cannot image a hard drive faster over a low-bandwidth connection than its competitors, the live nature of CyFIR’s forensic investigation and incident response capabilities allow investigators to complete their work without requiring that a disk or RAM image be made.

In short, using CyFIR Enterprise, IT Security staff can successfully complete incident response, internal investigations, and endpoint remediation safely and remotely, even over slower, “work from home” internet connections.

Conclusion

Whether business operations are disrupted by COVID-19 or it’s business as usual, CyFIR’s remote, enterprise-scale forensic investigation, monitoring, and malcode detection capabilities can be deployed from any location to meet enterprise needs of any size. For rapid incident response, internal investigation, or eDiscovery collection matters, CyFIR Investigator on AWS Marketplace provides broad forensic investigation capabilities across five to 2,500 endpoints concurrently, and subscribers pay only for the time needed to complete the task at hand. Within fifteen minutes, IT Security personnel can be ready to deploy CyFIR Smart Agents to meet the unanticipated cybersecurity challenges currently unfolding from COVID-19 without risk of exposure to potentially infected coworkers, travelers, or customers.

For more information, please visit our website at https://www.cyfir.com or contact Gary Mellott at gary.mellott@cyfir.com.