Author: Robert Broxup

Coronavirus Loan Scheme Risks

Robert Broxup

At a time of great crisis, with many businesses closing down, people asked to stay at home, protect the NHS and save lives, taking an 80% government-backed business loan offered by the chancellor of the exchequer will naturally feel like an olive branch. Still, things are not always as they seem. After the treasury used taxpayers’ money to bail out the banks in 2008, bailing out businesses and bailing out the people sounds like justice. However, after investigating this as a business owner, I found that the way it works in practice is very different from how the chancellor presented it.

The initial interpretation is that if you borrow £100,000 to support your business, and despite best efforts, you were unable to pay back the loan, the bank could claim £80,000 from the government and potentially lose £20,000. Understandably, the bank would need to exercise some due diligence to mitigate this risk. People will believe this is how it works because this is what Rishi Sunak implied when he announced the scheme to help businesses. Now let’s move on to how it works in practice.

An application is made for £100,000 to keep your business up and running during the coronavirus lockdown. The first thing the banks want to know is how much property the company owns, how much you own personally as the business owner and any other assets available as collateral against the loan – expected, given that the bank will take 20% of the risk. On borrowing £100,000, understandably, you will need to offer £20,000 assets to secure the loan against it, or credible cashflow projections which offset this risk to the bank. However, missing if you don’t ask, is the process followed in the event of your business defaulting on the loan.

Again, back to the £100,000 loan example. The bank asks the applicant about assets, and the applicant reports that his business has no property at all, and very little in the way of valuable equipment with any resale value. However, the applicant has £50,000 equity in his home. The bank accepts the loan application with your home as collateral – more than adequate to cover the £20,000 after the government pays 80%, but this is NOT how it works.

If your business defaults on loan payments, the bank will start by coming after you for the £50,000 equity in your home. Then, and only then, they will go to the government and claim 80% of the outstanding £50,000 of the loan; the £40,000 leaving a loss of £10,000 to the bank. Several journalists and politicians have brought up the subject of why should it be an 80% loan guarantee scheme, and why not 100% with the government taking all the risk. The fact is, changing it from 80% to 100% is useless for businesses and their owners. An increase from 80% to 100% will ONLY take away the remaining risk to the banks. Essentially, it is a loan guarantee for lenders, not a loan guarantee for borrowers.

Security Awareness as a first line of defence

Robert Broxup

Essential security awareness points include:

  • Evolve and establish a security-centric working culture. People are often your weakest link but become your greatest strength with an effective security awareness programme in place.
  • Empower employees to avoid, prevent and report security incidents. Human error is a leading cause of data breaches. Security awareness allows employees to feel confident about their involvement with data and compliance with corporate policies.
  • Write and implement security policies. Implementing policies, establishing working practices, and implementation software to support compliance will help mitigate identified risks. Security awareness training will reinforce the policies.
  • Protect corporate assets and reputation. Loss from security breaches can be far more than data and financial; reputational damage could quickly result in a significant loss of clientele which in some cases could mean the end of the business.
  • Reduce and prevent service downtime and expended investigative and repair effort. Recovering from cyber attacks can be costly, such as needing all hands on deck to get back up and running, losing orders while services are offline, cost of external help and severe disruption to business as usual activities.
  • Implement proactive security practices. Learning about specific risks will help you evolve from a culture of reacting and recovering from attacks to preventing attacks through increased vigilance.
  • Encourage the reporting of observed security risks. With an increased awareness of risk, employees become a valuable source of intelligence and insight throughout the business.
  • Reduce threats and risks by continuously expanding security awareness. Continous training as the threat landscape changes is essential for users to recognise and avoid attacks.

Implementing Risk Management

Robert Broxup

Key Risk Management points include:

  • Identify and manage risk within your business. Encourage your workforce to report threats to your company and maintain the details in one or more risk registers. Audit critical systems and identify compensating control requirements.
  • Evaluate risks in terms of probability and severity. An assessment will allow you to take a risk-based approach to determine the priorities and allocation of financial and human resources to improve your security posture.
  • Decide on the approach to treat identified risks. Reduce the overall risk by reducing the likelihood of an event, reducing the impact, removing the source, or sharing the risk with other parties. If mitigation costs are disproportionate to an event’s consequences, risk acceptance is a viable option for consideration.
  • Mitigate risks with tactical remediation and strategic solutions. Identifying risks and fixing current problems is only part of the solution; it is crucial to have robust systems, policies, and procedures to prevent history from repeating itself during ongoing business as usual activities. Fixing backwards and forwards is essential.
  • Implement governance throughout the business. Establish risk committees in multiple areas of the organisation to discuss the most critical threats, the action plans, stakeholder management, and a robust framework for reporting risks to the directors and board members.

Hardware Asset Management

Robert Broxup

Essential Hardware Asset Management (HAM) points include:

  • Maintain an accurate inventory of hardware. Having a definitive list of hardware assets belonging to your business will allow you to identify rogue devices connected to the network quickly.
  • Identify new assets connected to the network. Capturing data about new assets helps maintain an accurate inventory and helps identify rogue devices.
  • Maintain ownership and responsibility records for portable hardware assets, including tablets, laptops and mobile telephones.
  • Choose the right hardware asset management product to fit your environment. Ensure that the solution works within your technology ecosystem rather than falling into the trap of purchasing and installing a new platform and technologies.
  • Maintain accurate asset valuations for account purposes. An up to date asset register with purchasing information will allow you to generate a current valuation reporting factoring in asset disposal and depreciation. Quickly identify candidates for any hardware refresh projects.
  • Maintain an active support database. Accurate information about each hardware asset, including software installations, will support any troubleshooting activities.