Creating Value: October 2009

Decreasing Return To Scale:

The decreasing return to scale prevails when the output increases slower than inputs and vice-versa. Or we can say that when output increases less than proportionately to increase in inputs (capital and labor) and the rate of rise in output goes on decreasing, it is called decreasing return to scale. This can also be explained with the help of the following figure;

In the above figure OA and OB are the product lines indicating two hypothetical techniques of production and isoquants Q₁(10units), Q₂ (18units) and Q₃(40units) indicate three different levels of output. When both the inputs are doubled, i.e. from 1K+1L to 2K+2L the output increases from 10units to18units (that is 80% increase), which is less than the proportionate increase in inputs. Similarly the movement from point b to c indicates the increment in the inputs by 50%, whereas the increment in output is only 33.33%. This shows decreasing returns to scale.

REASONS OF DECREASING RETURNS TO SCALE:

Decreasing returns to scale arises mainly because of diseconomies of scale. Some of the diseconomies which cause decreasing returns to scale are;

Ø MANAGERIAL INEFFICIENCY:

Diseconomies begin to start first at the management level. Managerial inefficiencies arise from expansion of scale itself, which eventually decreases the level of output.

Ø EXAHAUSTABILITY OF NATURAL RESORSES:

It also leads to the decreasing returns to scale. For e.g. doubling the size of the coal mining plant does not double the coal output because of limitedness of coal deposits or difficult accessibility to coal deposits.

Ø INEFFICIENT CONTROL:

When the size of the firm is small the owner can efficiently handle and control all the departments individually. With increase in size of the firm (increase in inputs and outputs), various departments are created. Thereby controlling efficiency may decrease creating hindrances in production.

Constant Returns To Scale:

In this stage the scale of inputs and outputs change (increase or decrease) proportionately. We can also say that when change in output is proportional to change in inputs, it shows constant returns to scale. This can be explained with the help of the following figure;

In the above figure product lines OA and OB indicate two hypothetical techniques of production and isoquants Q₁(10units), Q₂ (20units) and Q₃(30units) indicate three different levels of output. In the figure movement from point a to b indicates the doubling of both the inputs, from 1K+1L to 2K+2L. When inputs are doubled the outputs are also doubled, i.e. from 10units to 20units. Similarly, the movement from point b to c shows the increment in inputs from 2K+2L to 3K+3L, which is 50% increment. This 50% increment leads to the increment of output from 20units to 30units, which is also 50%. This kind of input output relationship exhibits the constants returns to scale.

REASONS OF CONSTANT RETURNS TO SCALE:

The constant returns to scale arise due to the limits of economies to scale. The producers are unable to efficiently manage the inputs with gradual increase in scale. After certain time period when economies of scale end and diseconomies are yet to begin, the returns to scale appear to be constant. Various communication and coordination, management (personnel, financial, marketing) problems increase with increase in input and output, which leads to diseconomies. Constant returns to scale are transitional stage between increasing and decreasing returns to scale.

Increasing Returns To Scale (IRS)

IRS prevails when output increases faster than inputs, i.e., percentage increase in output exceeds percentage increase in inputs. This implies that output increases more than proportionately to the increase in input and the rate of increase in output goes on increasing with each subsequent increase in input. For e.g. if all the inputs of production are increased by 100% the output increases by 150% and so on. In this kind of input-output relationship IRS exists. This can be explained with the help of the following diagram;

In the above diagram Q_1,Q₂andQ₃are the isoquants showing three different levels of output – 10units, 25units and 50units respectively. Product lines OA and OB show the relationship between inputs and outputs. The movement from point a to b indicates the increment of combination of inputs (labor and capital) from1K+1L to 2K+2L. The movement also shows the increment in output from 10units to 25units. This shows that when inputs are increased by double the output increases by more than double, which explains the concept of increasing returns to scale. The case is same in the case of movement from point b to c as well.

REASONS FOR INCREASING RETURNS TO SCALE:

The increasing returns to scale is possible because of “economies of scale”. The possible economies to scale are;

HIGHER DEGREE OF SPECIALIZTION:

Due to increase in number of inputs, for e.g. labor and machines, higher degree of specialization of both labor and managerial cadre is possible. The use of specialized labor and management helps in increasing productivity per units of inputs by utilizing their cumulative efforts and thus contributes in increasing returns to scale.

TECHNICAL AND MANAGERIAL INDIVISIBILIIES:

Most of the machines and equipments can be better used only in certain range of output. Such inputs, used in production process are given in a definite size and which cannot be divided into small parts to suit small scale productions. For example, half a turbine cannot be used, a part of locomotive machine cannot be used and similarly, half of a manager cannot be employed. Because of the indivisibility of these inputs, they have to be employed in a minimum quantity even if scale of production is much less than their capacity output. Therefore when scale of production is increased by increasing all inputs, the productivity of indivisible factor increases exponentially, this results in increasing returns to scale.

DIMENSIONAL RELATIONS:

In some cases, due to increased dimensions, output rises faster than inputs, which leads to increasing returns to scale. For instance let us consider an example of a tank manufacturer. When he uses 6 metal plates of 1 square feet each, he can produce a water tank of capacity 1 cubic feet. But when he uses 6 metal plates of 2 cubic feet each he can produce a water tank of capacity 8 cubic feet. In this example when inputs are doubled the output is 8 times, i.e. the concept of increasing returns to scale prevails in this example.

MARKETING ECONOMIES:

The greater requirements of inputs and the corresponding increase of outputs lead to various marketing economies. For e.g. when raw materials are purchased in bulk, the purchaser can purchase them at a cheaper price. Similarly suppliers also favor the bulk purchaser and the good quality raw materials are delivered timely. These factors finally help to increase output fast.

RISK BEARING ECONOMIES:

Big producers can bear more business risks than small producers. With increase in scale of inputs and outputs, risk bearing capacity also increases. Big firms can plan and diversify products and markets fast that are helpful to raise output fast.

LAWS OF RETURNS TO SCALE:

In the long run, expansion of output can be achieved by varying all factors. In long run all the factors variable and we can increase the output by varying the single factor of production or all factors of production. All factors can be varied by the same proportion or by varying proportions. Long run production behaviour is explained with the help of the laws of returns to scale. It is a long term phenomenon. In long run both the inputs (labour and capital) are variable and their quantity is changed proportionately and simultaneously, which eventually changes the scale of production (size of the firm). And the laws that pertain to these input-output relationships under the condition of changing scale of production are known as “the laws of returns to scale”. In long run, supply of both labour and capital are supposed to be elastic and, thus, the firms can employ more of both labour and capital to increase their production.

Scale means a particular combination of inputs, in which scale of inputs is changed keeping their ratio constant. The returns to scale refer to the joint return of all inputs of production.

STATEMENT OF THE LAW:

When quantities of the inputs are increased, keeping their ratio constant, there are technically three possible in which the total output can increase;

i.It may increase more than proportionately (law of increasing returns to scale),

ii.It may increase proportionately (law of constant return to scale), and

iii.It may increase less than proportionately (law of decreasing return to scale).

The 6 Laws of Small Business Advertising Success

Small business advertising is a science and an art. Companies often miss the fundamentals of advertising. Regardless of the size of your business an understanding of the laws of advertising can reap huge rewards.

My understanding of these fundamental laws came years ago when I had the privilege of working for one of the all-time advertising success stories; NordicTrack. NordicTrack's advertising was based on flawless execution of fundamentals.

According to Small Business Administration, 5% of an entrepreneur's gross sales should be budgeted for advertising. A 5% small business advertising budget can only help if you understand the laws of advertising.

6 Laws of Small Business Advertising Success

1. Use One Message: A high response rate ad usually conveys a single message. NordicTrack's message of the "World's Best Aerobic Exerciser" was simple and compelling. Your small business advertising needs to quickly communicate its core message in 3 seconds or less. If you are fearful and overwhelmed by technology, which computer book do you buy? "DOS for Dummies" began a best-selling phenomena because its message was easily understood and to the point.

2. Add Credibility: It has become human nature to distrust advertising. Claims need to be real and credible. Roy H. Williams, best-selling author of the "Wizard of Ads" says, "Any claim made in your advertising which your customer does not perceive as the truth is a horrible waste of ad dollars."

NordicTrack added enormous credibility from a University of Wisconsin-LaCrosse research study, ranking the cross-country ski exerciser first in the areas of weight loss, body fat reduction, and cardiovascular fitness. Ivory soap's advertising success was attributed to its credible statement that ivory soap is the 99-44/100% pure.

3. Test Everything: Large businesses have a greater margin to waste capital and resources without testing advertising. Small businesses do not have the luxury. Use coupons, codes, and specials to measure the headline, timing, and placement of your ad. Test only one item at a time and one medium. Testing can be as simple as asking every customer for several weeks how they heard of your business.

4. Be Easy to Contact: Every single brochure, box, email and all company literature should have full contact information including: website and email address, phone and fax numbers, and company address. It seems simple but is forgotten by most companies. At NordicTrack, every box a ski machine went into had full contact information and the "World's Best Aerobic Exerciser" tagline. Be everywhere.

5. Match Ads to Target: Successful business advertising speaks to one target market only. At NordicTrack, the ads were tailored to each market. An ad in a medical publication preached the cardio-vascular benefits of cross-country skiing to heart patients. Ads in women's magazines discussed the weight-loss and calorie burn from cross-country skiing. Focus the message to the target group.

6. Create Curiosity: Successful business advertising does not sell a product or service. NordicTrack's ads sold the free video. Once a potential customer watched the video, they contacted the company for more information. The end result, millions of dollars of sales. Create ads that generate interest and make the customer want more information.

Having a poor response is not the medium's fault. Often the problem is the message. Small business advertising is not a quick fix solution to marketing your company. It takes planning, testing and constant exposure to have an impact on your small business. Done correctly, small business advertising can be a winning strategy.

The First Time Small Business Loan

Charting the small business loan market can be scary your first time. The best place to start when it comes to finding your first small business loan or credit is not with your banker, accountant or lawyer but with you. The business is the owner so your personal credit history is an important aspect in getting a small business loan.

How good or bad your personal credit history is can influence your ability to get a small business loan. In the wake of big corporate bankruptcies, banks are carefully reviewing all lending practices and trying to mitigate the risks. Before you go into a financial institution for a small business loan, know your credit history.

Check Your Credit First

Order Your History: Obtain your personal credit history report from the three credit companies; Equifax, Experian and TransUnion. You can also order a triplicate report from one of the companies. You have the option to order by phone, mail or online.
Know Your History: Check your credit history from the big three credit bureaus for missing data, mistakes and omissions. For example, you may have canceled a $2,000 credit card limit years ago but it can still be on file. The bank will view this as available credit and limit or reject your small business loan.
Explain Payments: If you can explain a late payment and know why it is on your credit file then offer your bank a reasonable explanation.

Getting a small business loan isn't and a quick and easy process. You need to know your business and your own personal financial situation. Remember, the first step to getting a small business loan is to have a clean credit report.

5 Small Business Loan Tips

As most business owners will come to know, obtaining a small business loan can be a trying ordeal. Learn what you need to know about getting a small business loan for your business.

An important source of funding for your business in the future can be the bank. Relationship banking has been the cornerstone of small business financing. A good relationship between the business owners and bankers allows for the free exchange of knowledge and the ability to meet the needs of business. A banker informed of your business can not only provide you with a small business loan but also offer practical advice on financial matters.

Banking Relations and Your Small Business Loan

Setting up a relationship with your banker begins with following five tips:

Set up a bank account at a bank that deals with your size and type of small business.

Manage the account effectively and avoid overdraws, bounced checks, and low balances.

Borrow a short-term loan and pay quickly to establish your business credit.

Keep your bank informed of upcoming issues, missed projections, and missed payments.

Get to know your banker and help them to understand your business.

Relationships can be beneficial when it comes time to apply for a small business loan or large credit line. Remember, banks are in business and all companies need to assess risk and make profits.

The 9 Personality Types of Entrepreneurs

Starting and growing your own business requires many skills to be successful. Take a look at the business personality types and find out what you need to succeed. Are you Bill Gates, a Visionary, or an Improver like Body Shop founder, Anita Roddick?

Your business personality type are the traits and characteristics of your personality that blend with the needs of the business. If you better understand your business personality, then you can give your company the best part of you. Find others to help your business in areas you aren't prepared to fulfill.

There are 9 key types of personality and understanding each will help you enjoy your business more and provide your company with what it needs to grow. This entrepreneur personality profile is based on the 9-point circle of the Enneagram.

Begin identifying your dominant personality theme and understand how you operate in your business.

The 9 Personality Types of Entrepreneurs

1. The Improver: If you operate your business predominately in the improver mode, you are focused on using your company as a means to improve the world. Your overarching motto is: morally correct companies will be rewarded working on a noble cause. Improvers have an unwavering ability to run their business with high integrity and ethics.

Personality Alert: Be aware of your tendency to be a perfectionist and over-critical of employees and customers.

Entrepreneur example: Anita Roddick, Founder of The Body Shop.

2. The Advisor: This business personality type will provide an extremely high level of assistance and advice to customers. The advisor's motto is: the customer is right and we must do everything to please them. Companies built by advisors become customer focused.

rsonality Alert: Advisors can become totally focused on the needs of their business and customers that they may ignore their own needs and ultimately burn out.

Entrepreneur example: John W. Nordstrom, Founder Nordstrom.

3. The Superstar: Here the business is centered around the charisma and high energy of the Superstar CEO. This personality often will cause you to build your business around your own personal brand.

Personality Alert: Can be too competitive and workaholics.

Entrepreneur example: Donald Trump, CEO of Trump Hotels & Casino Resorts.

4. The Artist: This business personality is the reserved but highly creative type. Often found in businesses demanding creativity such as web design and ad agencies. As an artist type you’ll tend to build your business around the unique talents and creativities you have.

Personality Alert: You may be overly sensitive to your customer’s responses even if the feedback is constructive. Let go the negative self-image.

Entrepreneur example: Scott Adams, Creator of Dilbert.

The Visionary: A business built by a Visionary will often be based on the future vision and thoughts of the founder. You will have a high degree of curiosity to understand the world around you and will set-up plans to avoid the landmines.

Personality Alert: Visionaries can be too focused on the dream with little focus on reality. Action must proceed vision.

Entrepreneurial example: Bill Gates, Founder of MicroSoft Inc.

6. The Analyst: If you run a business as an Analyst, your company is focus on fixing problems in a systematic way. Often the basis for science, engineering or computer firms, Analyst companies excel at problem solving.

Personality Alert: Be aware of analysis paralysis. Work on trusting others.

Entrepreneurial example: Intel Founder, Gordon Moore.

7. The Fireball: A business owned and operated by a Fireball is full of life, energy and optimism. Your company is life-energizing and makes customers feel the company has a get it done attitude in a fun playful manner.

Personality Alert: You may over commit your teams and act to impulsively. Balance your impulsiveness with business planning.

Entrepreneurial example: Malcolm Forbes, Publisher, Forbes Magazine.

8. The Hero: You have an incredible will and ability to lead the world and your business through any challenge. You are the essence of entrepreneurship and can assemble great companies.

Personality Alert: Over promising and using force full tactics to get your way will not work long term. To be successful, trust your leadership skills to help others find their way.

Entrepreneurial example: Jack Welch, CEO GE.

9. The Healer: If you are a Healer, you provide nurturing and harmony to your business. You have an uncanny ability to survive and persist with an inner calm.

Personality Alert: Because of your caring, healing attitude toward your business, you may avoid outside realities and use wishful thinking. Use scenario planning to prepare for turmoil.

Entrepreneurial example: Ben Cohen, Co-Founder Of Ben & Jerry’s Ice Cream.

Each business personality type can succeed in the business environment if you stay true to your character. Knowing firmly what your strong traits are can act as a compass for your small business. If you are building a team, this insight is invaluable. For the solo business owners, understand that you may need outside help to balance your business personality.

Goals of Business Organizational

Business organizations are economic entities. They are established to make profits. These organization purpose goals, which may be different from other types of organization s. however, most of the features of organizational goals discussed here are common to all organizations. A brief mention of these features of organizational goals is made here in the context of a business organization.

Ø Survival: survival is defined as “the perpetuation of existence”. It is the goal of every organization. Organizations, however, survives and perpetuate their existence only when they are able to meet objectives and satisfy their stakeholders interests.

Staying alive should be the basic minimum goal. Nepal’s carpet industry is pursuing survival goal due to loss of market in Europe. Survival is number one goal of all organizations. It ensures continuity of organization.

Ø Growth and competitiveness: growth is another objective of organizations. Growth indicates expansion in activities, assets, manpower market share, and so on. Organizations can ensure their growth and competitiveness through new ideas, new products, new technology, new market and new investments. Growth is in fact a source of economic, social and political power of an organization. Opportunities are greater in a growing organization. An organization’s growth is tied with its survival and profitability.

It is all-round growth in terms of profit, sales and market share over a period of time. Most organizations have this goal. Competitiveness ensures growth.

Ø Stability: stability is essential for organizations. They need to safeguard and consolidate their existing strengths and capabilities to utilize fully the commitments of resources and to achieve efficiency. A stable organization minimizes tension, reduces conflict, and adjusts with emerging environment.

Ø Efficiency: efficiency is concerned with the balanced use of resources. Organizations strive to attain operational efficiency for their existence. Efficiency lies in rationally choosing appropriate means to achieve goals, doing things in the best possible manner, and utilizing resources in a most suitable combination to get higher productivity.

Ø Profitability: profit is a major goal of a business organization. Profitability guides the direction of every viable business organization. Profit is also the source through which the need for innovation, diversification, creativity satisfaction and social obligation can be met. Profit brings image and status to a business organization. It is, therefore, a hallmark of business success.

It is reduction in cost of operations to increase productivity. Competition is generally based on price. Price is affected by costs.

Ø Social responsibility: organization brings a part of society have responsibility towards its stakeholders. The various groups who have stake in the organization comprise consumers, employees, government, investors, supplies and the society at large. Organizations not fulfilling their social obligation are being criticized and questioned. Organizations, therefore, must be socially responsible for their continued existence.

It is safeguarding interests of stakeholders. They can be owners, suppliers, customer’s employees, government and society. This goal is getting very important for business organization.

Risk Taking

Contemporary theorists stress the role of personality traits in differentiating between people who love taking risks and those who are risk averse. Personality traits are underlying characteristics of an individual that are relatively stable over time, and explain regularities in people's behaviors risk taking is also a willingness to take chance to make any decision by an individual. It basically depends on motivation that is if the person is highly motivated he takes more risky decisions and if the person is less motivated then le is likely to take less risky decisions. Some people are motivated more by fear whereas some people are motivated more by pleasure.

So how do personality traits help us to understand risk taking behavior? Basically we can examine whether these dimensions of personality help us to predict risk taking behaviors, and if so construct a psychological profile of risk taking. A large body of research suggests that risk takers tend to be higher in the narrow "Sensation Seeking" trait, a small element of the broader Psychoticism vs. Humaneness trait. Marvin Zuckerman initially developed the theory of Sensation Seeking in the 1950s following a series of sensory deprivation experiments. He began to suspect that the people who volunteered for these experiments might share a similar set of personality characteristics. These individuals appeared to be especially venturesome and inquisitive, eager to have new and exciting experiences even if they did contain a degree of social or physical risk. A large number of studies have shown that people who engage in a range of high risk behaviors tend to be high Sensation Seekers. Studies involving identical twins that are reared apart suggest that a large proportion of Sensation Seeking is genetically determined (approximately 60%), and exciting new studies have begun to identify the specific genes that regulate this need. On average men tend to be higher in Sensation Seeking than women, and Sensation Seeking also tends to decline with age. This goes some way to explain why many people who take potentially fatal risks are young men. However it should be remembered that many women are high Sensation Seekers, and an increasing number of women participate in high risk sports and take health risks such as smoking and binge drinking.

What effect does positive and negative feedback about past risk taking have on the future risk taking of decision makers? The results of an experimental study show that subjects who are led to believe they are very competent at decision making see more opportunities in a risky choice and take more risks. Those who are led to believe they are not very competent see more threats and take fewer risks. Hence risk can be categorized into two that is :

a) Higher Risk Taking

b) Lower Risk Taking

Differences between Higher risk taking (HRT) and Lower risk taking (LRT):

HRT	LRT
Higher risk taking person are willing to take more chance.	Lower risk taking person are willing to take less chance
Higher risk taking person use less information and usually take rapid decision.	Lower risk taking person acquire more information and make less risky decision.
Higher risk taking person exhibits better performance on job which require rapid decision.	Lower risk taking person are much more involve in job which require less rapid decision.

IT security: Training staff & business conrunity and planning

Training your staff

Even with the best policies and technical controls in place, the security of your IT systems can still be breached by your employees.

Most breaches are caused by a user's lack of understanding of basic IT-security issues. Therefore, you should at the very least carry out some general awareness training in order to ensure that your staff:

understand the importance of effective security to your business
are aware of the need to work responsibly and not do anything that might cause a security threat, such as opening an email attachment from an un-named source
understand how they are to respond in the event of a security incident such as a virus infection

The better trained your staff are, the less likely you are to have a security breach. For some IT-related positions, more advanced training may be necessary.

Certain users, such as network operators or system administrators, have privileged access to your systems. Such people are uniquely placed to damage or misuse your systems, either accidentally or maliciously.

Therefore, you may want to take special precautions when appointing such people. For example, you might want to carry out extra checks on them over and above the usual written references by actually telephoning previous employers to confirm their reasons for leaving.

Business continuity planning

Information security breaches may threaten the entire operation of your business. Therefore, it's important that you have a business continuity plan (BCP) in place.

The aim of a BCP is to enable your business to restore business-critical systems and infrastructure as soon as possible after a 'disaster' event takes place. The plan should encompass all systems used within the business, not just IT, as well as facilities and resources for staff.

Organisations constantly evolve and recovery strategies must evolve with them. This means you need to monitor your BCP and make changes to it as and when necessary. For example:

Business processes change and people join, transfer and leave organisations on a regular basis. Plans should be updated to reflect changes in recovery teams.
New IT systems are introduced to support business activities. As these may be essential to your business, before you implement them you should consider your ability to recover them following a systems failure.

There are real business benefits to be gained from having a BCP. These include:

Regulatory requirements - in some industries, eg financial services, regulators stipulate that organisations have sufficient continuity and security controls. Failure to have such controls - and have them tested - could result in heavy fines.
Positive marketing - if you have a BCP to show to potential customers, this may help you win - and retain - business.
Insurance - having a BCP demonstrates to insurers that you are proactively managing risks to your business - and may help reduce your insurance premiums.

Developing an effective information security policy

The key to effective IT security is a sound information security policy - a document stating how you plan to protect your IT assets.

The policy should be endorsed by senior management and continuously updated as your technology and employee requirements change.

As a minimum, your information security policy should include:

the scope, objective and importance of information security to the business
a statement of intent from management supporting the goals and principles of information security
a brief explanation of minimum standards, procedures, requirements and objectives of particular importance to the business
definitions of roles and responsibilities for information security
details of the process for reporting, responding to and resolving security incidents
references to supporting documentation, such as more detailed security policies, procedures, implementation guides or security specifications and standards

The security policy should also address:

your business' use of the internet, and the related threats
the internet services that can be used
who authorises connections
who is responsible for security
what standards, guidelines and practices should be followed

You should also consider setting up an acceptable use policy as part of your security policy. This should describe how the business plans to educate its employees about protecting its assets. It should also explain how security measures will be carried out and enforced. See our guide on how to introduce an internet and email policy.

Tools and techniques for countering security threats

Just as there are many threats posed to your IT and e-commerce systems, there are also a number of different countermeasures available to you. It is important to consider the options for countering threats and put appropriate systems in place.

You can minimise the risks posed by unauthorised access through a combination of technology, procedures, policies and user awareness. Just as a start you should:

install a properly configured firewall for your internet connection
make sure you have virus, spyware and email attachment content scanners in place
ensure your systems (especially operating systems and firewalls) are updated on a regular basis with service packs, patches and hot fixes to counter the latest known intrusion techniques - see our guide onapplication security

See our guide on information security best practice.

You can minimise the risks of viruses by a combination of user vigilance and awareness, and the use of anti-virus software. You should:

Install anti-virus software on all desktops, laptops and servers and update it on a regular basis. Consider anti-spyware components if available.
Treat email attachments with caution, as they are a common means of spreading viruses. Staff should not attempt to open any suspicious email attachments and should treat emails from anonymous senders as suspicious.
Consider subscribing to a hosted email spam and virus scanning service.
Consider restricting the use of USB flash drives and implementing appropriate security measures for their use.

If your business uses wireless technology, it is important to protect files and information with appropriate security. For example:

Wireless equipment often has security settings turned off by default or default settings that may not be appropriate for your needs. Always ensure that such settings and configuration files are checked and changed where appropriate. See our guide onsecuring your wireless systems.
If you are handling sensitive information across a mobile connection, consider using a virtual private network (VPN) to ensure privacy. For more information on VPNs, see our guide on how to get the most from your network.

Managing the risks to your IT systems

Risk management is a structured way of analysing and controlling the risk to your IT systems.

Risk analysis involves determining what those risks are and developing a plan to deal with them.

A risk analysis process typically involves:

understanding threats to the business - these are identifiable through research
determining which parts of your business are vulnerable to each threat - this can be determined through review, testing and audit
assessing the likelihood of threat actually affecting your business - this can be determined based on statistical research
understanding the potential cost to the business if a security breach does occur
identifying suitable and effective measures to minimise the likelihood of occurrence
identifying suitable and effective measures to prevent the threat or, should the threat occur, measures to detect it and enable appropriate recovery action

The security threats to your IT systems

There are many threats posed to your IT and e-commerce systems. This section looks at a few of the more common risks you may encounter, and why they can be so damaging to your business.

People from both inside and outside your business - employees and hackers - may try to gain unauthorised access to your applications and information. Once they have accessed your systems, they can compromise your data and applications, either unintentionally or maliciously. See our guide on application security.

One of the biggest causes of security breaches in the workplace is the mishandling of log-in details or passwords by employees. Typical instances of security breaches occur when passwords are:

written down
shared with other people
not changed frequently enough

Other risks are computer viruses, which are programs that alter the way a computer operates, without the knowledge or consent of the user. Viruses are often contained in email attachments. These are often seen as '.exe' (an executable file) or '.scr' which is the file extension used for Windows screensavers. These files can contain viruses, worms or Trojans that can infect your computer.

These have to be opened in order for the virus to infect any computers, but may also be picked up when visiting malicious websites. Viruses can also be transferred between computers via infected USB flash drives and other external media such as infected CDs.

There are huge numbers of viruses in existence. Some are extremely malicious, with the ability to delete or damage files and programs. Others are less destructive, but can jam resources, causing systems to crash with a consequent loss of data.

Some viruses can be used by hackers to take remote control of computers, turning them into what are known as bots or zombie computers. Collectively, these groups of computers are known as botnets and they can be used for malicious activities, such as denial-of-service attacks, click fraud and identity theft. See our guide on keeping your systems and data secure.

Increasing numbers of frauds and illegal scams are directed at small businesses and individuals. This increase is largely due to the widespread use of the internet.

Another potential risk can come from the use of social networking websites. These have been targeted by hackers who add links in their posts that point to high-traffic current events or entertainment news websites. These links can then take you to phishing websites and have the potential to infect your computer with viruses, worms or Trojans. They can also contain keyloggers - software that records your keyboard strokes as you type. This way, your personal details can be stolen for malicious purposes. See our guide on avoiding scams.

Creating Value