Job Seekers: Can This Company Pay You?

Calculate the current ratio to gauge whether a prospective employer will be able to pay you, says How to Tell if that Company Can Pay You (blog at Harvard Business Review).

current ratio = (current assets) / (current liabilities)

Good and Bad Values for Current Ratio

Good sign: roughly 1.5 to 3. The company’s in pretty good shape, for now. You’ll get paid. (The Wikipedia article says, “Acceptable current ratios vary from industry to industry and are generally between 1.5 and 3 for healthy businesses.”)

Warning sign: about 1.2 or lower. The company is facing some short-term problems in paying its debts. Your salary might be at risk. (The HBR blog says, “If it’s below 1.2, that’s a big red flag.”)

Warning sign: higher than 3. This might indicate an organization that’s just sitting on its money instead of putting it to good use.

As they say, your mileage may vary. Whatever the current ratio is, keep in mind that it’s a snapshot, a moment in time. The company’s fortunes could turn one way or the other. The company could weather a current storm, or it could snatch defeat from the jaws of victory. The current ratio is a hint, something for you to discuss with a prospective employer. Compare the ratios for similar organizations to see if one stands out as especially better or worse than the others.

Finding the Information (in the US)

To compute the current ratio, you need to know the company’s current assets and current liabilities. Where do you get that info? It depends on the type of organization.

Publicly traded company: Do a web search for “balance sheet” and the company’s name or stock ticker symbol. You should be able to find the current balance sheet online. Look for Total Current Assets and Total Current Liabilities, and then do the math: (total current assets) / (total current liabilities).

Non-profit organization: Search for the organization at http://www.guidestar.org/ and look at the organization’s latest Form 990. You’ll need to register a free Guidestar account to see the Form 990. On the Form 990, get the Total Assets and Total Liabilities in Part I – Summary, and then do the math: (total assets) / (total liabilities).

To be precise, this calculation for non-profits isn’t really the current ratio. The total assets and liabilities cover current items (short-term, within the next 12 months) as well as long-term items. If you look on the Form 990 at Part X – Balance Sheet, you’ll find more detail, but it doesn’t distinguish which items are current or long-term. A single line item could mix both together, like investments. Also, Guidestar warns that Ratios Aren’t the Last Word on non-profits, because they don’t tell you which organizations are well-managed or mismanaged, or which ones are fulfilling their missions well or poorly.

Private company: You may have to ask the company for its latest audited balance sheet. I mention “audited” in particular because that will be the latest official balance sheet, verified by an independent auditor. If the company hands you unaudited numbers, the info might not yet be accurate and complete. I’m not saying the company is dishonest, but I know from experience that the audited numbers aren’t necessarily the same as the preliminary unaudited numbers.

Examples

Let’s try a few…

Microsoft (stock ticker symbol MSFT): A web search quickly finds the latest Microsoft balance sheet. As of June 29, 2012, it shows Total Current Assets = $85,084,000 and Total Current Liabilities = $32,688,000. Microsoft’s current ratio is 2.6. As a prospective employer, Microsoft should be in good shape for issuing paychecks.

Apple (AAPL): The Apple balance sheet, as of September 29, 2012, shows Total Current Assets = $57,653,000 and Total Current Liabilities = $38,542,000. Apple’s current ratio is 1.5. Apple seems to be in decent shape for issuing paychecks.

Wal-Mart (WMT): The Wal-Mart balance sheet says that as of January 30, 2012, Total Current Assets = $54,975,000 and Total Current Liabilities = $62,300,000. Wal-Mart’s current ratio is 0.9. Ruh-roh! Is Wal-Mart at risk of not paying employees? How does it stack up against similar companies? If you’re looking at Wal-Mart as a prospective employer, this bears further exploration.

Feed the Children (nonprofit): The 2011 Form 990 found at Guidestar shows Total Assets = $185,587,243 and Total Liabilities = $9,072,846. As I said above, we’re not computing the current ratio because the Form 990 doesn’t distinguish current from long-term. If we compute the ratio of assets to liabilities anyway, we get a ratio of 20.5. That seems very high, but it’s also not really the current ratio. Let’s drill down into Part X – Balance Sheet. I’ll guess that lines 1-9 are current assets, and I’ll leave out lines 10-15 – $112,650,766 in current assets. I’ll guess that lines 17-22 are current liabilities, and I’ll leave out lines 23-25 – $8,298,371 in current liabilities. Result: estimated current ratio = 13.6. That still seems pretty high. On its own, as Guidestar warns, it doesn’t prove anything, but it gives me something to explore and consider. I’d want to compare similar organizations to see if their ratios are also that high.

PricewaterhouseCoopers (privately held): I wasn’t able to find a PwC balance sheet online, but this is no surprise because private companies aren’t required to publish that information. If I were looking at PwC as a prospective employer, I’d have to ask for their latest audited balance sheet if I wanted to compute a current ratio or otherwise see how they were doing financially.

Calculate the current ratio of prospective employers, and maybe you’ll get a constructive dialog out of it.

Jim

 

IT Security Trends From 2012

Kaspersky Security Bulletin 2012: The overall statistics for 2012” offers up some very interesting data. Online security threats have evolved, and some cherished myths have been shot to pieces. In particular, 2012 was a big year for attacks on Android devices and Macs.

Mobile Malware – Mostly Android

The report says “99% of all the mobile malware we detected every month was designed for Android.” Each month of 2012 saw thousands of new pieces of Android malware. The main type of Android malware was the SMS Trojan – malware hidden in some app you chose to download. The SMS Trojan quietly subscribes you to a premium-rate number, racking up charges for you and profits for the spammer. Android devices were also subject to adware, like software that redirects your browser. Androids were also attacked by malware that acquired root-level access to your Android’s operating system.

Kaspersky also reported a huge increase in spyware aimed at mobile devices, for tracking the phone’s location and activity, and for transmitting data without the user’s knowledge. They mentioned FinSpy as an example.

Macs – Debunking the Myths

The Kaspersky report says “2012 saw the comprehensive debunking of every myth about the security of Mac environments.” Macs were subject to botnets (especially Flashfake), DNS poisoning, and fake anti-virus software that extorts money from you to handle “detected” viruses.

Vulnerable Apps

Which apps were the most targeted? Java vulnerabilities were the big winner (or actually the big loser). Kaspersky reports that attacks on Java accounted for 50% of all attempts to exploit vulnerable apps. In other words, Java was attacked as much as all other apps combined, and it was attacked on Macs as well as PCs. As of last week, the Department of Homeland Security is still warning people to disable Java entirely.

In second place, with 28% of the attacks, was Adobe Reader. Kaspersky notes that Adobe has taken many steps to tighten up security in Adobe Reader.

Guess what got only 3% of the attacks: “Windows components and Internet Explorer.” Yep, only 3% of the attacks were specifically related to Microsoft. There goes another security myth.

What’s Next?

While attacks on mobile devices rise, because increased usage and lower prices have outpaced improvements in mobile security, my prediction is that the next big growth area for malware will be “connected” devices that didn’t used to be connected.

Examples include telehealth technology, like at-home monitoring of health. Timely, accurate data is a great thing for health care, but the newfound connectivity for protected health information opens new vistas for security problems.

Another example is increasing connectivity for your car, which leads to opportunities for malware in your car.

Iran hacked a GPS signal to capture a U.S. drone. Fictionally, an episode of the Monk TV series (“Mr. Monk Goes to the Ballgame,” 2003) featured a victim who drove to his attacker because his car’s GPS unit had been hacked – fictional, of course, but not inconceivable.

Now that every phone is a camera, there are new risks for spyware using your phone’s camera to see where you are.

Where there’s software and connectivity, there’s malware.

The coolness factor for new areas of connectivity pushes us down those paths faster than we’re securing them. Security that’s baked in from the start is a lot easier to add than security that’s strapped on later, but technology buyers want the latest features, and technology purveyors don’t want to be left behind.

Folk Hero or Wrong-Doer?

I don’t consider “Bob” the programmer a folk hero. He drew a salary for a job he didn’t perform, because he had outsourced his work to China. He goofed off and collected a paycheck, while the Chinese company did his work. Verizon describes how they uncovered the off-the-books outsourcing. “Bob” is the pseudonym Verizon assigned to the programmer.

Those who consider Bob a hero tend to cite two things. First, they claim he was only doing what corporate leaders do when they outsource work. He’s just doing to them what they might do to him some day. Second, they note that the guy got good evaluations. The company liked what his Chinese providers were doing.

Here’s why I don’t consider Bob a hero:

  • He’s been lying. He’s been deceiving his employer about who did the work. That’s unethical and dishonest. If he had been up front about it, and helped his employer arrange to get good results inexpensively, then he could be a hero. But he lied about it. In business as in romance, if you’re hiding a secret relationship and lying to cover it up, you’re cheating.
  • He’s been taking money for work he didn’t do. That’s unethical. If you’re an honest broker, the people who engage your services know it. If you pass off someone else’s work as your own, you’re dishonest.
  • He violated a basic security rule by sharing his login credentials. Just about every set of security guidelines on the planet tells you not to share your login credentials with others. Bob did it regularly and often, shipping his security tokens off to his Chinese provider.
  • He violated a confidentiality agreement, and might have put the US at risk. The Verizon write-up says the company was a US infrastructure provider, and “The implications [of the unauthorized access] were severe and could not be overstated.” Bob was routinely granting access on the sly to people who weren’t entitled to the information. This is bad enough in almost any company, but it’s even worse in this case because he was handing privileged access to a foreign power that might not have the purest of intentions toward US infrastructure.

A disturbing aspect of this is that it’s the reverse of the usual espionage scenario: Bob’s foreign handlers didn’t have to pay him to get insider access to US infrastructure. He paid them. Or you might say they paid him in services instead of money. I wonder if this is a new MO for espionage, getting the dupes to pay the handlers instead of the other way round.

No, I don’t consider Bob a hero.