Avoid overworking your staff – here’s how
Everyone handles life’s pressures differently, which is no exception at the workplace. Some job-related stress may be unavoidable, such as leading a meeting for the first time, pitching new ideas to a client, or handling a difficult customer. However, as an employer, you might unintentionally contribute to your employees’ stress by overworking them, resulting in low staff morale, poor performances, fatigue, and more serious health issues. Unfortunately, many companies overlook these telling signs and act surprised when workers perform poorly due to exhaustion. If you want to avoid burnout among your staff and create an overall happier work environment, here are some causes of employee burnout, how it will affect your business, as well as solutions to prevent or fix these problems. What causes overworking? There can be many causes of overworking, but here are some of the most common practices that burn out your human resources: 1. Expecting employees to exceed the 9 to 5 Having an overtime payment policy in place could ease your conscience, but when your employees work long, irregular hours for an excessive period, it will damage their health and the business. 2. Creating a hostile work environment Being underpaid, having to endure long commutes, annoying co-workers, unapproachable managers, and unreasonable workloads can cause employee stress levels to rise. 3. Lacking growth opportunities When you’re not implementing career-advancement opportunities, incentives, performance bonuses or promotions at your company, your staff will become increasingly worried and stressed about their current positions and their future at the company. 4. Tipping the scales of the work-life balance Overloading your staff’s plates with work will force them to work overtime, leaving little or no time for family, holidays, or hobbies. Your employees will quickly notice that their lives are unbalanced, which will increase their unhappiness. How does overworked staff affect your business? Exhausting your staff can cause several serious issues for your company, such as: 1. Productivity and work quality will decrease When your staff is overworked, their concentration isn’t what it’s supposed to be, which can lead to costly mistakes. Common examples are packing or shipping incorrect orders, deleting important files, frequent accidents while operating machinery, or an inability to serve clients professionally. 2. Employee morale will plummet It’s no surprise that your staff’s morale will take a hit when they have to carry excessive workloads in a stressful environment. When the mood in the office is down, it will cause the tension to rise even higher. 3. The company image will be diminished By rewarding overwork, you’ll likely create a culture of overwork. Personnel will feel inclined to put in more hours to cope with their workload, enabling them to earn more money. The overworking culture will become synonymous with your company and might cause issues when you’re recruiting new staff. 4. Staff turnover will skyrocket A rise in your employee turnover rate, especially among your most talented and experienced members, is one of the most telling signs that your staff is unhappy, likely because they’re overworked, underpaid, and undervalued. 5. Health issues will arise Stress is the root cause of many health issues. When your staff is stressed due to long work hours and unreasonable deadlines, their health will deteriorate. The most common symptoms are insomnia, anxiety, panic attacks, fatigue, excessive weight loss or gain, high blood pressure, or even heart diseases. You’ll start to notice this in an increased number of leave days taken, as well as in your staff’s appearance. Tried and tested solutions to combat overworking It’s vital to have proven strategies in place to avoid overworking your staff or to fix the damage already done. 1. Lead by example When you’re in a leading role and burn the midnight oil every week, your staff will feel pressured to follow suit. By creating an environment based on trust, transparency, and open communication, your staff will feel more comfortable approaching you when they feel overworked or need more time to complete tasks. As an empathetic and involved leader, you’ll also get a better understanding of staff morale and learn more about your employees’ daily struggles. 2. Encourage a balanced lifestyle An unhealthy work-life balance negatively affects the overall wellbeing of your employees and your company’s growth. It’s crucial to spend enough time away from work, and as an employer, you can help improve your staff’s lifestyle, whether it be by implementing regular coffee breaks throughout the day and flexible hours to accommodate those commuting from different towns or encouraging them to take a day off or a long weekend now and then, and plan a proper holiday at least once a year. By respecting your employees’ need to have a work-life balance, they’ll automatically start respecting it themselves. 3. Create a caring culture If it has become normal for your staff to work after hours, on public holidays and during the festive season, something needs to change. Start by introducing one-on-one meetings with each staff member to understand their needs, goals, and expectations. These meetings can be held at least twice a year. You can also introduce a suggestion box in which staff can leave anonymous suggestions that can be implemented. Encourage your staff to give their inputs and show them that they’re taken seriously. Even though changing your company culture from overworked to caring is a long-term project, you’ll also reap long-term rewards, as the work environment will become healthier, and your staff will feel valued and heard. 4. Offer incentives Most companies with a culture of overworking don’t offer any perks apart from monthly salaries and leave days required by law, despite their employees overworking themselves constantly. A happy employee has high morale and is motivated to deliver high-quality work. You can boost your employees’ moods by offering benefits, like performance bonuses, travel and cell phone allowances, medical aid, and free health snacks (fruit) and quality coffee. If done strategically, the money spent will be recuperated through the efficiency and performance of your staff. Is a happy work environment possible? Meeting deadlines and keeping
Improving corporate image by going green
As the risks of climate change become more intense and prevalent in today’s world, businesses are feeling the pressure to adapt and rethink their business models, making sure they align with the needs of clients, employees, as well as the environment. The Main Advantages of a Green Office Why should you invest in a greener business? Well, the benefits to implementing more sustainable practices are numerous. For instance, you will be cutting down on a ton of unnecessary costs around the office, as sustainability is aimed at energy optimisation and a conscious use of natural resources. In other words, you will be saving a substantial amount on your water and electricity bills. Furthermore, creating a greener workplace will also boost your employee performance as working in a pleasant environment is often associated with better concentration and higher performance, leading to successful results, and an increase in profits. In addition, you can be sure that opting for an eco-friendly business model will also improve your corporate image and expand your client base, considering more and more people are becoming aware of the importance of addressing sustainability and care for the environment. If the above-mentioned benefits aren’t convincing enough, the possibility of obtaining tax deductions will certainly boost the business case for the deployment of sustainable business practices. What can you do to help your business become more sustainable? Establish a green team: Identify a few individuals from your workforce who are willing to form part of a sustainability committee and who will take responsibility for implementing eco-friendly initiatives at the office. The committee can encourage their colleagues to adapt their behaviours and adopt new, eco-sustainable habits. Choose to reuse: We all know recycling is a great practice, but even recycling waste has to be kept somewhere. So, ask your staff to bring their own reusable water bottles and coffee mugs, which they can reuse and wash every day. Investing in reusable silverware and cutlery is another way to reduce plastic and paper waste in the workplace. Add some green to your view: Decorating the office with plants is not only aesthetically pleasing, but it also improves the air quality, which helps people think more clearly and boosts productivity. In addition, adding a touch of green to your office setup reduces your employees’ stress levels, and ultimately creates a more comfortable and pleasant work environment. Support local: Sourcing your business’ goods and products from local vendors is a formidable way to help the environment and improve client and consumer satisfaction, as people often prefer knowing where their products are coming from and the idea of supporting small businesses. Not to mention, it’s quite a savvy financial incentive. When you choose to buy from local businesses, you are reducing miles – consequently cutting down on shipping costs and reducing harmful carbon emissions. Cut down on car journeys: As we all know, choosing to use public transport or making use of lift clubs can also help reduce emissions and pollution. Your sustainable committee can encourage employees to use greener forms of transportation, including riding a bicycle or walking to the office if they are fortunate enough to have their workplace close to home. Aside from making a positive impact on the environment, employees will also be shedding calories and improving their health and overall wellbeing. Business leaders can also consider limiting in-person meetings and enabling staff to work from home when appropriate. Choose alternative energy sources: Tired of load-shedding? Well, then it might be time to go solar. If you choose to switch to renewable energy sources, your business won’t have to rely on Eskom’s erratic power supply, and you will reduce overhead costs – all while doing your part in the fight against climate change. Tax Incentives for Saving Energy Over the last few years, a multitude of fiscal measures have been put in place to encourage businesses to switch to green energy. One of these measures has been the implementation of financial incentives. As mentioned earlier, these incentives are one of the main advantages of developing a greener business. In South Africa, the government has been using section 12B of the Income Tax Act (the ‘Act’) to support the deployment of energy-efficient technologies and practices – by businesses, in particular. The Act initially provided for a three-year (50/30/20) accelerated depreciation allowance in respect of movable assets owned by the taxpayer. From 1 January 2016, the Act was amended to make provision for the depreciation of the full cost of a grid-tied solar PV system smaller than 1MW in the year of its commissioning . This means that a grid-tied PV system smaller than 1MW can effectively be purchased by a company (if paid in full) at a discount equal to the company tax rate since there is a 100% tax-deductible depreciation allowance on that purchase. For those purchasing larger systems, the standard depreciation allowance in the year of commissioning (equal to 50%) still applies. If you are looking to invest in renewable energy to reduce your business’s environmental impact on the planet, improve your green corporate image, or simply want to save money in the long run and want to know more about depreciation allowances – contact your tax adviser for detailed information. This article is a general information sheet and should not be used or relied on as legal or other professional advice. No liability can be accepted for any errors or omissions nor for any loss or damage arising from reliance upon any information herein. Always contact your legal adviser for specific and detailed advice. Errors and omissions excepted (E&OE)
Everything you need to know about suretyship agreements
A deed of suretyship is an agreement that is concluded by a creditor and a third party. The essentialia of this type of agreement are that the surety (third party) undertakes to be liable to the creditor for the due performance by the debtor of his or her obligations in terms of the principal debt. This type of agreement is normally only executed by the surety(ies) and not by the creditor or the debtor. Deeds of suretyship are often used in circumstances where a juristic person wants to enter into an agreement and where the creditor requires security for the juristic person’s performance in terms of the agreement. For example, many commercial lease agreements contain a clause which requires that the director(s) of a private company must bind themselves as sureties in favour of the landlord in order for the landlord to enter into a lease agreement with the private company as contracting party. This is to ensure that the landlord can have security for the payment of the rental monies in circumstances where the private company as tenant is unable to pay its debts. Creditors also often request a third party to sign as surety in circumstances where the principal debtor does not have a high-enough credit score. This article will briefly discuss the requirements that must be met in order to successfully hold a third party liable as surety. The first requirement is that there must be a valid deed of surety. A deed of suretyship must adhere to the strict formal requirements as set out in the General Law Amendment Act 50 of 1956 (hereinafter referred to as “the Act”) due to the onerous obligations that it imposes of the surety. These formal requirements are as follows: The deed of suretyship must be embodied in a written document. A person can thus not bind him- or herself as surety in terms of an oral agreement. The deed of suretyship must be signed by or on behalf of the surety. The deed of surety must set out the identity of the creditor, the surety, as well as the principal debtor. The nature and amount of the principal debt must be capable of ascertainment by reference to the provisions of the deed of suretyship. The written agreement may be supplemented by admissible extrinsic evidence in this regard. It is important to note that the deed of suretyship may be supplemented by incorporating another document to comply with the statutory requirements as set out above. This is often the case where a deed of suretyship accompanies a lease agreement, and where the deed of suretyship only meets the requirements when read together with the terms of the lease agreement. There are further requirements that must be met in order to hold a surety liable in respect of a valid deed of suretyship. These requirements are the following: The cause of action must be one in respect of which the surety undertook liability. For instance: a surety who undertook liability for rental monies cannot be held liable for monies that are due by the principal debtor to the creditor in respect of another cause of action, such as monies advanced to the principal debtor by the creditor in terms of a separate loan agreement. The surety’s liability can also not exceed that of the principal debtor. The principal debtor must be indebted. A surety shall thus only be liable once the principal debtor is in default . A deed of suretyship may also have to comply with further requirements depending on the circumstances. For instance, if the underlying agreement (i.e. the agreement concluded between the creditor and the principal debtor) is subject to the National Credit Act 34 of 2005, then the deed of suretyship shall also be subject to this Act. If the underlying agreement is exempt from the Credit Act, then the suretyship agreement shall be similarly exempt. Another example of where other legislation impose further formal requirements is where the intended surety is married in community of property to his or her spouse. The Matrimonial Property Act 88 of 1984 requires that the spouse of such an intended surety must give consent in writing to the other spouse binding him- or herself as surety. Reference List: Amler’s Precedents of Pleadings Drafting of Contracts 2018 notes by Legal Education and Development. This article is a general information sheet and should not be used or relied on as legal or other professional advice. No liability can be accepted for any errors or omissions nor for any loss or damage arising from reliance upon any information herein. Always contact your legal adviser for specific and detailed advice. Errors and omissions excepted (E&OE)
How to future-proof your business before the next crisis
While the possibility of a global pandemic was always at the back of our minds, its emergence still managed to catch us off-guard and wreaked havoc on every aspect of our lives, particularly the world of work. Therefore, it’s safe to say that Covid-19 has been a wake-up call for organisations to rethink their priorities and strategies to ensure their businesses will survive the next disaster. When you fail to prepare, you prepare to fail The current health crisis highlighted the vulnerability of businesses around the globe, exposing the consequences of fragile business continuity plans and executives completely failing to prepare for unforeseen crises. Covid-19 is not the first crisis our world has faced, and it will certainly not be the last. From disease outbreaks to climate change threats, and cyber-attacks, the list of future potential business crises is endless. Now is the time to pay attention to the bigger picture – to learn from global businesses, adapt to create new opportunities, and prioritise business continuity planning. How will an effective Business Continuity Plan (BCP) benefit your business? Business continuity planning is the proactive process of understanding your company’s vulnerabilities and ensures that your business knows what measures to take to keep operating and maximise its growth potential in the face of unpredictable events. An effective BCP minimises losses and costs; protects your workforce, physical assets, and electronic assets; prioritises continuity and recovery of critical business functions and supply chain processes; and reduces recovery periods. While most businesses do have BCPs in place, they don’t always take the time necessary to review and update them. In light of the current global crisis, business leaders can’t afford to make the same mistakes in the future. It’s time to dust off and revise your business continuity plan if you want to ensure that your organisation emerges stronger the next time around. BCP 101: What steps can your business take to better prepare for the next crisis? Identify existing vulnerabilities: How businesses position themselves in a post-pandemic world is critical in building organisational resilience and will determine how well they respond to future disasters. In what ways was your business not prepared for the Covid-19 pandemic? Think about the impact of those pitfalls and the likelihood of it happening again. Focus on what your business can do to mitigate those risks in the face of the next potential crisis. Anticipate financial fluctuations: Cash flow is certainly the biggest challenge that organisations faced during the Covid-19 outbreak. Assess the probable impact of various scenarios and evaluate your company’s working capital accordingly. If your cash reserve is not sufficient, you will need to set aside funds that will help keep your debt low while your business keeps operating. Speak to an accredited financial advisor if you are uncertain about your cash reserve requirements or whether all financial planning risks have been thoroughly addressed in your business. Overcome AI fears: Many employees are concerned that they will lose their jobs once their employers implement Artificial Intelligence, failing to realise how it can empower them to improve their performance. Take remote working for example – if it wasn’t for digital innovation, most businesses wouldn’t have been able to continue their operations. For your business to be well-prepared for unexpected crises, you must recognise that technological advancements will accelerate, and online demand for products and services will increase. “Business as usual” is a thing of the past and business leaders will have to start thinking out of the box. Attract new clients by increasing your online presence and developing new service offerings in a digital world. Provide upskilling opportunities: To remain relevant and gain a competitive advantage in an ever-changing consumer market, it is critical to provide your workforce with upskilling opportunities. Your employees are your most valuable asset, which is why investing in online training should be of critical importance. With the accelerated digitalisation brought about by the pandemic, and the needs of businesses and consumers constantly changing, there is an urgent demand to bridge knowledge gaps and sharpen essential skills among staff to ensure future business success. Establish roles: Build a crisis management team, and determine who will be in charge of what when disaster strikes. This includes clearly articulating which participants will initiate the BCP and who will manage the execution of the activities. Assigning the right individuals to the right roles and informing each person about their specific responsibilities will optimize your business continuity. Conversely, placing the wrong individuals, i.e. those lacking in certain skills and experience, in the wrong positions, can result in poor performance, and ultimately – an ineffective business continuity plan. Test and revise your plan: Once you have updated your BCP, it cannot be considered final until you are truly sure it will work in any situation. Take the time to search for any weak spots in your BCP and rectify them accordingly. Schedule a debrief session with your crisis management team following the test to gather their input and to address what worked and what didn’t. Listening to their concerns and suggestions will help you develop new perspectives that could possibly lead to further adjustments. Only when you are fully confident that your BCP has covered all the bases, you can put it aside until it needs to be tested and revised again. The coronavirus catastrophe serves as an important reminder for business leaders that crises do happen. And they will continue to happen. But ensuring that your business has an effective BCP in place, will make it easier for your business to bounce back when the next crisis hits. Keep in mind that a BCP is not a one-size-fits-all solution and will vary according to each organisation’s unique corporate culture, structure, and operational requirements. What measures have you taken to make business continuity a top priority in your organisation? Speak to your financial or risk adviser as you establish your comprehensive BCP. This article is a general information sheet and should not be used or relied on
Personal liability of directors of non-profit organisations
I am a director of an NPO. Can I be held liable in my personal capacity for damages caused by or debt incurred by the organisation? I thought that I was doing something good. What does it mean to carry on business recklessly? Can I be held accountable if I knew about dodgy transactions but it was not my signature on the documentation? In South Africa non-profit organisation (NPO) can be registered in one of three ways: a voluntary association; trust; or company. If the NPO is registered as a non-profit company, it will be regulated in terms of the Companies Act 71 of 2008 (the Act). In this article, the focus will be on the personal liability of directors of a non-profit company registered in terms of the Act, with specific focus on gross negligence and fraud. Despite the fact that NPO’s generally operate to do good, there is always the off-chance of persons acting contrary to the purpose and goals of the NPO and/or contrary to the law. According to section 77(3)(b), of the Act, a director of a company is liable for any loss, damages or costs sustained by the company as a direct or indirect consequence of the director, having acquiesced in the carrying on of the company’s business despite knowing that such business was conducted in a manner prohibited by section 22(1). What is prohibited by the Act? Section 22(1)(a) of the Act states that: A company must not— carry on its business recklessly, with gross negligence, with intent to defraud any person or for any fraudulent purpose; or trade under insolvent circumstances. In other words, a director of a company can be held liable in his or her personal capacity for damages or costs of the NPO in certain instances. These instances include reckless and/or fraudulent operating or trading (hereinafter, referred to as “misconduct”). Said misconduct need not necessarily be executed by the director personally. Liability may arise from direct or indirect misconduct when it is allowed by the director(s), despite knowing that misconduct is taking place. In which instances did a director “know”? The Act specifies what is meant by “knowing” in section 1 of the Act. A director “knows” about the misconduct if: He/she had actual knowledge thereof; Was in a position to reasonably ought to have actual knowledge; Investigated the misconduct to an extent that would have provided the director with actual knowledge; or If the director has taken such measures that would allow a reasonable person to have actual knowledge. Recklessness There are two ways in which a company can carry on business in a reckless manner, namely, by way of gross negligence or fraudulence. Negligence: For a director to act recklessly, a more severe form of negligence is required, namely gross negligence. A director acts with gross negligence if he/she carries on business and knows that non-fulfilment of obligations of the business agreement would be a “virtual certainty”. The Supreme Court of Appeal (SCA) also held that knowing there is a “strong chance” that duties could not be fulfilled, would also amount to gross negligence. Intent to defraud or fraudulent purpose: An NPO also acts recklessly if it acts with intent to defraud any person or for any fraudulent purpose. Fraud is defined as unlawful and intentional misrepresentation that causes actual or potential prejudice to another. Whether an NPO acts fraudulently is determined on a case-by-case basis depending on the facts of each case. Misrepresentation, on the other hand, refers to the implied or expressed distortion of the truth and can occur in various forms. In determining whether an NPO acted fraudulently there are various factors to consider. It must be determined whether the person making misrepresentations were in fact a party to the carrying of business in respect of the NPO and did so fraudulently or with intention to defraud. Intent is a requirement and therefore actual dishonesty is necessary for there to be fraudulent conduct. The party must have no honest belief that the misrepresentation is true and must be aware that it will be prejudicial to the other contracting party. Such conduct may be classified as fraud. The same can be said when there is a duty to disclose information, in which case non-disclosure may amount to fraud. An example would be when a person issues a cheque knowing that they do not have the funds, nor do they foresee that funds will become available at the time the cheque is cashed. When a person honestly believed that they were not making any misrepresentations, or had no intention to defraud, they may escape liability depending on the facts of the case. In summary, if a director of an NPO acts recklessly by carrying on business inter alia in a grossly negligent and/or fraudulent manner, he/she can be held personally liable. There need not be a positive negligent or fraudulent act to incur liability. The mere knowledge of reckless continuation of business is enough to incur personal liability. Reference List: C.R. Snyman Criminal Law 6th ed (2014) Companies Act 71 of 2008 Philotex (Pty) Ltd and Others v Snyman and Others; Braitex (Pty) Ltd. and Others v Snyman and Others (334/93) [1997] ZASCA 92; 1998 (2) SA 138 (SCA) This article is a general information sheet and should not be used or relied on as legal or other professional advice. No liability can be accepted for any errors or omissions nor for any loss or damage arising from reliance upon any information herein. Always contact your legal adviser for specific and detailed advice. Errors and omissions excepted (E&OE)
The A-Z of POPI compliance
The Protection of Personal Information (POPI) Act came into full effect on the 1st of July 2021. If you still haven’t implemented your POPI compliance strategy, it is strongly advisable that you take quick and decisive steps to do so as non-compliance could carry hefty penalties. To ensure that you get your (POPI) act together, we’ve put together a handy list of A-Z* terms that you should consider in your quest for information protection. A – Accountability: One of the 8 conditions for processing personal information, which governs that both the means and the purpose thereof must be determined before processing can take place. B – Big data: With modern data-practices where large quantities of information are constantly being processed in a short time, you will need to ensure that you have infrastructure in place to deal with these kinds of large-scale processes lawfully. C – Consent: You need to provide your data subjects with enough information for them to make an informed decision on whether you may process their personal information. They may only be approached for consent once. D – Data Subject: The legal persons/entities whose information you collect and process are called data subjects. E – Eradication: When information is no longer used for the purpose it was collected, you will need to dispose of that information without a way to recover it. F – Freedom: While POPI does restrict the liberty with which businesses have been processing data in the past, it is in fact aimed at rectifying the lack of freedom and privacy data subjects have been forced to deal with for much too long. G – GDPR: The GDPR (General Data Protection Regulation) is the EU’s data protection law and is similar to POPI in many ways. Be sure to understand by which jurisdiction your data is regulated. H – How: According to the POPI Act, the manner in which you process personal information must be pre-determined and communicated clearly to your data subjects. I – Information officer: Every business should appoint someone to handle their data processes and take responsibility for ensuring compliance with the POPI Act. J – July 2021: The POPI Act is lawfully enforceable from the 1st of July 2021. L – Limitations on Processing: A variety of limits exist on the processing of personal information, including obtaining it from the data subject, gaining of consent, scope (you cannot collect excessive data), and more. M – Marketing: POPI has a significant effect on marketing practices. And as such, traditional ‘grey areas’ in the processing and use of personal information are now much more ‘black and white’. N – Notice: You must provide your data subjects with a notice of how their information is collected, processed, used and disposed of, as well as what the purpose of that information is. O – Openness: The data subjects must always be able to access their data, be able to see what data you possess, and be able to make changes to their data. P – Penalties and fines: Non-compliance is prosecutable, with fines of up to R 10 000 000 and imprisonment of up to 10 years. Q – Quality of information: Personal information must always be kept accurate, complete, and up to date. R – Regulator: South Africa has an Information Regulator who is empowered to monitor and enforce compliance to the POPI Act. It is an independent regulatory authority. S – Security: As a condition for processing personal information, you are required to take all reasonable measures to ensure that the information of your data subjects is protected, secured, and encrypted. T – Third-party processing: Your data subjects have to consent to the use of their information by third-parties and the details thereof must be clearly outlined before you collect their personal data. U – Unsubscribe: Where you previously might have gotten away with sending unsolicited communication with the option to unsubscribe, now you will need to ensure that your data subjects opt in for communication. V – Veracity: All the data you process must be accurate, and it is your responsibility to ensure that you update your databases regularly. W – Why: The purpose for which you collect and process personal information must be clearly defined and communicated to data subjects. Y – Yearly review: You will need to regularly review your POPI plan and ensure that your processing standards remain up to date. Therefore, it is advisable to review your data systems and POPI protocols at least once a year. Z – Zero Trust (ZT) Architecture: As a security measure some companies have implemented ZT Architecture, which ensures that the authority and access to data is checked at every point of access and not just trusted because of the network through which it moves. This is not a requirement of POPI. *Please note there are no entries for K or X. To ensure that you have everything in place to protect yourself (as an information processor) and your data subjects (whose sensitive data you collect) with regard to the POPI Act, please get in touch with your trusted advisor. This article is a general information sheet and should not be used or relied on as legal or other professional advice. No liability can be accepted for any errors or omissions nor for any loss or damage arising from reliance upon any information herein. Always contact your legal adviser for specific and detailed advice. Errors and omissions excepted (E&OE)
How you can improve your business’s cybersecurity
As a business owner in the digital age, one of the best things that you can do to gear yourself for the future of your industry is to learn how to protect your business and its interests from cyber threats that could lead to damages on a large scale. One of the most frequent minor inconveniences we face in the modern age is waiting for a program to update before we can use it again. You might find it frustrating if your anti-virus program wants to perform an update every other day, but these updates are vital to your continued safety. These updates are necessary as every moment that goes by is another moment in which a cybercriminal is attempting to exploit vulnerabilities in the digital universe. In fact, everything we know about cybersecurity right now is already outdated. Do not let it come as a shock or induce panic, though, as there are many practices/steps that you can implement to essentially eliminate all cyber-threats to yourself and your businesses. Start with yourself The best leaders learn before they teach others to follow. This is not to say that you need to learn everything there is to know about cyberinfrastructure and cybersecurity before you start speaking to your employees about it. But the only way that those in your employ will trust you enough to listen and take to heart what you say, is if you lead by example. Take time to familiarise yourself with cyber threats to your business. As a business leader, you are best equipped to identify the areas of your business most susceptible to cyberattacks. Once you have identified the most valuable information your business possesses, you can ramp up your security measures in the right areas to repel or prevent attacks against your company. Focus on re-learning As people who have grown up in a society where technology has grown in leaps and bounds over the years, we must not be as naïve as to think that what we knew 10 years ago is still as valid today. Cybersecurity, from now until the indistinct future where we transcend the need for a digital world (which will not be anytime soon), will constantly need to be revised, unlearnt, and re-learnt. Therefore, from the outset, it is necessary to take a systematic approach to cyber education that constantly revises its practices and implements new safety measures against the multiplicity of threats out there. Know about the array of cyberthreats out there To be best equipped for a cyberattack, you need to be aware of the various avenues for attack that exist and how these points of attack may present themselves to your business. Web-based attacks Web-based attacks make up the largest proportion of all cyberattacks (49%). These attacks are conducted while you are browsing the web and can take a variety of forms: from clicking a hyperlink to a malicious website, to enabling malicious web-scripts, to inadvertently installing malware. Phishing The second largest proportion of cyberattacks (43%) is phishing attacks, which often starts over email. Phishing is a method of cyberattack by which cybercriminals entice you to divulge sensitive information while purporting to be reputable sources. Spoofing Spoofing is when someone or something pretends to be something else in an attempt to gain a victim’s confidence, get access to a system, steal data, or spread malware. Malware Malware is a kind of malicious software that compromises a network/device/system. These include, but are not limited to, adware, viruses, trojan horses, and spyware. Put the infrastructure in place to minimise your risk As cyberattacks become more sophisticated, so do anti-virus programs (and other cybersecurity tools). Make sure you have the kind of infrastructure in place to maximise your security. Here are some considerations for improving your cybersecurity: Implementing firewalls between datapoints Investing in reputable (paid) anti-virus/anti-malware solution Encrypting the data you store on your servers Installing a Virtual Private Network (VPN) on your devices Teach your staff cyber (street) smarts The vast majority of cyberattacks require at least some kind of human interaction for it to be successful. While your infrastructure can do a lot to minimise risk, it can never eradicate it. That is why you need to invest in continuous staff training. Make sure to include cybersecurity training as part of your onboarding processes, while continually helping your staff make the best decisions while working online. Cybersecurity smarts are not only worthwhile in the office, but they are also becoming a necessity outside of the office. Promoting cyber-security as a habit could go a long way to protecting your employees and company no matter where they are. Test your security One tactic that many companies have been using to assess their risk of cyberattacks is that of co-ordinating mock security breaches in which employees are targeted with a cyber ‘threat’, which demands a response from them. Those who fail the test must be alerted to the real damages that could have been borne from threats to security and what the consequences of their actions may have been if there was a real security threat. Although it may seem a little drastic, it could very well serve as a much needed wake-up call for those who are naïve in their online activities. References https://purplesec.us/resources/cyber-security-statistics/ https://www.techrepublic.com/article/how-to-make-your-employees-care-about-cybersecurity-10-tips/ https://preyproject.com/blog/en/what-are-cyber-threats-how-they-affect-you-what-to-do-about-them/ This article is a general information sheet and should not be used or relied on as legal or other professional advice. No liability can be accepted for any errors or omissions nor for any loss or damage arising from reliance upon any information herein. Always contact your legal adviser for specific and detailed advice. Errors and omissions excepted (E&OE)
Budget 2021: Corporate tax amendments
Finance Minister Tito Mboweni delivered his third annual budget address on 24 February 2021. The corporate tax rate reduction from 28% to 27% for years of assessment commencing on or after 1 April 2022 was arguably the most significant windfall for corporate taxpayers, although the actual cash benefits thereof will only be seen in the 2023 calendar year. Below, we highlight some of the other significant proposals, which will likely be contained in the Draft Taxation Laws Amendment Bill to be published for public comment in June or July this year. Refining the interaction between anti‐value shifting rules and corporate reorganisation rules The Income Tax Act curbs the use of structures that shift value between taxpayers free of tax. The anti-value shifting rules apply to transactions involving asset‐for‐share exchanges. Asset‐for‐shares base cost rules prescribe that a base cost for assets acquired by a company in exchange for its shares should be equal to the sum of the market value of the shares it issued and the amount of the capital gain triggered by the application of the anti‐value shifting rule to ensure that there is no double taxation on the future disposal of the assets. Clarifying the interaction between early disposal anti‐avoidance rules and de‐grouping anti‐avoidance rules in intra‐group transactions In addition to the early disposal anti‐avoidance rules outlined above, the intra‐group transaction rules contain de‐grouping anti‐avoidance rules, which apply when the acquirer and the party disposing of an asset in terms of an intra‐group transaction cease to form part of the same group of companies within six years of the transaction. The de‐grouping anti‐avoidance rules apply to reverse the tax benefit that was obtained in terms of the intra‐group transaction by triggering the greatest capital gain, gross income, or taxable income that would have arisen between the date of the intra‐group transaction and the date of de‐grouping. Because both of these anti‐avoidance rules apply to reverse the deferred tax benefit of an intra‐group transaction, it is proposed that changes be made to the tax legislation so that if one of the anti‐avoidance rules applies in respect of an asset, the other will not subsequently apply. Reviewing the venture capital company tax incentive regime National Treasury has determined that the incentive has not adequately achieved its objectives. The incentive has instead provided a generous tax deduction to wealthy taxpayers and most support has gone to low-risk ventures that would have attracted funding without the incentive. The incentive will therefore not be extended beyond its current sunset date of 30 June 2021. This article is a general information sheet and should not be used or relied on as legal or other professional advice. No liability can be accepted for any errors or omissions nor for any loss or damage arising from reliance upon any information herein. Always contact your legal adviser for specific and detailed advice. Errors and omissions excepted (E&OE)
Take this quiz and test your cybersecurity readiness
How well are you equipped for handling cyber threats to your business? Take the quiz below to test your knowledge on cybersecurity. You just received an email from a client telling you to attend to an urgent financial matter with a link to help you. Do you… ? a.) Click the link provided to sort out the problem as quickly as possible. b.) Delete the email because all emails like these are scams. c.) Carefully assess the sender address and content, and contact the sender via a previously used channel. There are many cybercriminals out there who are intent on gaining access to company secrets and sensitive information. Whenever an email reflects a sense of urgency and demands immediate action, it is usually a good time to pause and assess all the facts. Fraudsters are known to use seemingly legitimate addresses that mimic real email addresses to lure individuals into clicking malicious links and giving away sensitive information. Whenever you receive an email with an unsolicited link or that presents itself with great urgency, it is best to contact the sender through a known channel to ascertain whether or not their request is legitimate (most of the time it will not be). Be vigilant to avoid this kind of cybercrime known as ‘phishing’. A strange pop–up just came onto your browser window. Do you … ? a.) Reach for the“X” (close)button and click it as quickly as you can. b.) Inspect the pop-up without clicking anything, and exit the website if the pop-up is unexpected. c.) Just click accept because you don’t believe that pop-ups can harm your computer. There are many websites that run scripts that are malicious or have the potential to be malicious. While it may feel instinctual to just reach for the first sign of an exit button, be wary not to click on a malicious link. Many illegitimate and fraudulent ads, pop-ups, and notifications exist on the web that mimic legitimate messages. Always inspect a pop-up and if it is unexpected (especially if it relates a sense of urgency) it may be best to exit the website altogether. Many aids, such as anti-virus and anti-malware software, exist to help users identify bad or potentially hazardous sites. You’re setting up a new computer and new accounts for an employee. Do you … ? a.) Only install the operating system, and give your employee easy to remember passwords like123CompanyName and trust the basic pre-set antivirus software b.) Set up the computer with all relevant software, already-strong passwords, and premium security software? Whenever you set up a computer for an employee or set up new accounts for your employees, it may be tempting to simplify the process. However, making sure that you uphold a high level of security from the start is vital to ensure maximum protection. Set up new accounts with strong passwords that cannot be easily guessed and contain an array of lowercase, uppercase, numeric, and special characters. While pre-set antivirus programs like Windows Defender are not completely useless, they cannot provide the same level of security that dedicated anti-virus software can. You’re working away from home and find yourself seated in a coffee shop. Do you … ? a.) Connect upto your own mobile router because you think that is the safest option b.) Connect to the first available open Wi-Fi network with a name like FREE WIFI c.) Use a VPN before connecting to any network in the public space d.) Buy a coffee and just people-watch because you can’t work safely from a coffee shop Open Wi-Fi networks are extremely dangerous as they have no protocols in place to prevent anyone from reading the data shared on the network. It is not advisable to connect to an open network, and where open networks are used, make sure that they are legitimate (in the scenario above, you might ask a waiter for the coffeeshop’s Wi-Fi name and password – if the Wi-Fi is password protected) and use a VPN program to encrypt the data sent from and to your device. It should be noted that although VPNs are largely effective in hiding data from cybercriminals, it is not a failsafe as there may be delays in the connection between the network and connection to the VPN (in which your details could be briefly exposed). It is always best to use a trusted network. A new employee has just joined your company. Do you … ? a.) Educate them on things to look out for online and teach them to practice online safety b.) Let them read through a policy and hope they understand the security measures that you have in place c.) Trust them to know good security practices because their generation knows internet security a lot better Proper cyber-security in your business relies on adequate training and retraining — regardless of age and experience, you cannot rely on the new employee to be aware of all the security threats that your business may face. While online safety policies may provide guidance and give you a method of keeping employees accountable for digital safety, it doesn’t physically provide that safety. Always keep educating and retraining your employees (even established ones) on cybersecurity practices, thereby establishing a company-wide reverence for digital security best practice. Your employee does not have a personal computer and wants to use their work device for personal purposes. Do you … ? a.) Tell them that the device is only for work purposes and is not to be used for personal tasks, leaving them disappointed b.) Avoid being a spoilsport and let them go to town with the device c.) Tell them that it’s okay to use it for personal tasks as long as they take strict security measures Even if you want to exude a ‘cool’ attitude and have your employees like you, letting them use work devices for personal use is highly irresponsible. If you do not set strict boundaries regarding the use of company assets, you open up yourself and your data to a world of unnecessary risk. Even if you have the utmost faith in your employees, you should always designate company devices for strictly professional work. You may also want to add administrator privileges to ensure that your employees are unable to install/uninstall any software that you have not
A few handy growth tips for sole proprietor business owners
Running a business as a sole proprietor, especially in a highly volatile economy, is a momentous task. You started your business because you believed that, at least to some extent, you could make the world a better place and provide a service/product that would benefit others. Unfortunately, running a business is about more than just owning your area of expertise; it’s about knowing how to manage your finances, how to stay within your legal limits, and maintaining a reputation for excellence. These arenas do not necessarily come easy to many business owners, and so they need to make a decision to either grow their own prolificacy in these areas (at the expense of time and energy put into their speciality) or to utilise alternative resources and services to focus on their speciality. Here are some ideas to help you make that decision: Consider the opportunity cost There’s a saying as old as time, which states that time is money. And really, at the end of the day, it all comes down to opportunity cost. Anything you decide to spend time/money on now means that you won’t have that time/money to spend on something else. This is basic economics, but it is something you should think long and hard about (not too long, though – remember opportunity costs). You need to take stock of where you want to invest your resources to get to the best outcome possible. Sometimes this means spending money to free your time or spending time to free your money. Outsource the detail While it would be great to have 36 hours in a day, we only have 24. And this means that you cannot do everything alone. Consider what your strengths are and focus on what you do best and then consider how you can outsource the rest. There are many service providers out there who are more than capable to help you maintain a rein on your finances, business structure, or legal requirements. Some of the basic elements of running a business, such as accounting or contract drafting, are specialist items for which ‘winging it’ cannot be recommended. You want to have the detail in place so that you can do your work to the best of your ability, and often this means outsourcing that detail. Fine-tune your goals If your business is younger than 3 years old, chances are that you still have a lot of untapped potential. But success isn’t measured by potential; it is measured by what you manage to achieve day by day. This means you need to set clear, manageable goals in the short-, medium-, and long-term, frequently taking stock of your progress. Ambition is fantastic, but it should not guide your action, as taking on too lofty a target could spell disaster. Therefore, it is advisable to surround yourself with trustworthy friends and advisors to help you determine what your best course of action is. Perfect the art of saying ‘no’ There will be many opportunities to grow your business as you work it from the ground up. Knowing which opportunities to take a hold of is another ballgame altogether. Enthusiasm and capacity are enemies. For small business owners (especially sole proprietors), growth is also a component of your business to be managed. The worst thing you could do is to over-promise and under-deliver in your dealings with your customers/clients. Be honest with yourself when the next business opportunity comes along and ask yourself, “Do I have the capacity to take this on right now?”. If the answer is no, it may be best to say “No”, then to consider what would be necessary to take on such opportunity in the future and work towards it. Learn your niche and get specialist advice Let’s say you’re starting an e-deli delivery service. You’ll need to know which products sell best and which don’t. If you start receiving a lot of orders for fruit, it may be that you’ve discovered your niche. Naturally (no pun intended), you will have to comply with laws regarding the quality of fruit and safe delivery from the farm you are purchasing from – things that you may know nothing about. Having the right lawyer to help you navigate your niche is pivotal in claiming a portion of the market your competitors may not have access to, or do not have the means to grow into. So, how do you plan to make the most of your limited time and resources? Get in touch with us and see how we can help you achieve your goals and keep you on the right track. Additional Resources https://www.coxblue.com/8-essential-tips-for-small-business-and-startups-from-expert-entrepreneurs/ https://www.uschamber.com/co/start/strategy/small-business-tasks-to-outsource https://sba.thehartford.com/business-management/tips-from-successful-small-business-owners/ This article is a general information sheet and should not be used or relied on as legal or other professional advice. No liability can be accepted for any errors or omissions nor for any loss or damage arising from reliance upon any information herein. Always contact your legal adviser for specific and detailed advice. Errors and omissions excepted (E&OE)