Insights For Success

Strategy, Innovation, Leadership and Security

Public

Dramatic drop in the number of US Public Companies

GeneralEdward Kiledjian

Going public was considered the ultimate sign of success for any company in a capitalist market. It meant the company had succeeded and the founders and original investors could reap some of the benefits. Public stock also allows companies to raise money, use stocks as a means to acquire and much more.

Would it surprise you to learn that the number of publicly listed American (USA) companies has declined dramatically?

We are currently sitting at about half the number of public companies, compared to the 80s and 90s. More are taken off the market through mergers and acquisitions. In 1996, 9080 companies were listed in the USA. In 2017, that number fell to 4336 (an almost 50% drop).

We are seeing more and more companies stay private longer. Why is this? Many, like the US Chamber of Commerce, believe overly burdensome regulations like Sarbanes Oxley are encouraging companies to stay private. Going public means spending millions on compliance and executives running the risk of jail time.

The numbers show that the decline started around 1997-1998, Sarbanes Oxley was enacted iJuly 30 2002. So SOX could be partly to blame for an acceleration in the rate of decline but it cannot be the sole culprit. The other half of the decline could be attributed to the end of an era of irrational exuberance (where hundreds of unprofitable companies couldn’t find continued funding and folded).

While the number of publicly listed companies fell sharply, the value of those that remained listed grew dramatically.

In 1996, the market capitalization of listed US domestic companies totaled 8.48 trillion dollars. In 2017, it hit 32.121 trillion dollars (all the while the number of companies listed dropped ~50%).

Many market purists now complain that this illustrates an unhealthy concentration of market power in the hands of fewer and fewer companies. Perhaps there is some truth to these concerns but on the other hand, many of the winning companies did so through technological innovation and global expansion.

Does this concentration mean newcomers are starving for funding? The answer is a resounding no. Look at the company everyone loves to hate, Uber. According to Crunchbase, Uber has raised 24.2B$ through 21 rounds of funding. The same can be said for dozens of other companies.

Innovative startups are still able to secure critical funding to build, grow and expand.

Aren’t public companies more transparent? The belief is that private companies are more opaque because there are less disclosure requirements and in most cases the company is managed by a small number of investors. Although government regulations like SOX impose a higher burden on public companies to be transparent, the truth is that a select group of large investors hold the majority of the shares for most companies (think hedge funds, pension funds, etc). So if we agree that public and private companies can be controlled by a select group of large investors, then the only difference is forced transparency through government regulation.

In addition to being VP Information Security for a large tech company, I am also responsible for many of the company’s compliance activities. Would I love the compliance burden to lighten? Of course, but the truth is that these compliance requirements instill a certain level of trust in the market. It is this forced transparency that makes the Western Markets so attractive to investors. Additionally we saw that the US attempt to lighten the regulatory burden on early-stage companies, through the 2012 jobs act. The JOBS act was designed to encourage smaller companies to go public. The argument was that these organizations were delaying going public because of overly-burdensome government regulations. The JOBS act dramatically reduced this burden hoping to spur a mad dash to IPO-heaven for companies under 1B$ in annual revenue. 12 months after go live, the number of companies that IPOed were just 63 which was down 20% from the previous year. It didn’t really help companies improve their performance and it didn’t spur a mad dash to the public markets as anticipated.

None of the available data shows that a reduction in government regulation or control would lead to a statistically significant increase in the number of IPOs

Conclusion

The moral of the story is that the USA is still a world leader in free markets and has the most valuable public companies of any country. Part of this success is due to the perceived transparency USA government regulation creates and hurting this in any way could undermine US public market leadership.

US pubic companies are raising more money than ever before, US public companies are larger than ever before. Foreign companies looking for cross-border listings are overwhelmingly choosing US markets.

The US remains the most attractive public equity market in the world.

Although there are fewer IPO companies today (compared to 20 years ago), modern companies are more stable, are raising more money and are considerably more sustainable.

How to fix issues at hotels, airports and other public WIFI hotspots

GeneralEdward Kiledjian

A captive portal is the intercept page you see when trying to log into most free public WIFI hotspots (e.g. airport, restaurant, hotel, etc.) You are normally shown a page that collects your email and then asks you to agree to the provider's terms of conditions. 

As browsers adopt more secure protocols by defaults (iPhone, Android, Windows, Mac, iPad, etc.) there are situations when your device may not trigger the portal webpage correctly. The browser may block redirection to the portal page because it is typically transmitted using unsecured HTTP. 

In some cases, devices will attempt to detect and open an unencrypted webpage to allow the public WIFI router to inject a redirect URL. WirelessPhreak has a good technical article that discusses why new more secure tech is causing this issue. 

Each smartphone manufacturer uses a different non-SSL webpage to detect a captive portal:

  • Google Android: http://connectivitycheck.gstatic.com/generate_204
  • Apple iPhone & iPad: http://captive.apple.com/hotspot-detect.html

What do you do if that automated portal detection doesn't work? How to you trigger the captive portal?

Enter the webpage Never SSL. If you are connected to a public WIFI (that should work) but are not seeing the captive portal, open your browser of choice and navigate to http://neverssl.com/
 

This will fix your issue and you should be bathed in warm loving WIFI Internet. 

Facebook knows more about you than you realize and what to do about it

GeneralEdward Kiledjian

Everyone knows what Facebook is and that it is built on the concept of connecting people together to create virtual communities. What people often don't realize is how much data these sites have about you.

A good example was exposed by Huffington Post in an article entitled "Facebook Can Predict With Scary Accuracy If Your Relationship Will Last".

If you doubt the power of data mining, read this Forbes article entitled "How Target Figured Out A Teen Girl Was Pregnant Before Her Father Did"

The security aspects of Facebook

Social Networking sites (like Facebook) thrive when user bases grow and user bases grow when there are strong repeated interactions among its members. These sites are sneaky and try to collect a treasure trove of data from you (directly or indirectly) without the user realizing it. As a user, you need to make a conscious decision about what you tell them and what you share on the site. 

Although interactions on Facebook may feel more secure because they are in Cyberspace, I encourage everyone to use the same rules of engagement as they would in the real world
  • Understand that you are not anonymous
  • Understand that anything you post cannot be truly deleted and may be shared and reshared without your knowledge or consent
  • Some organizations have privileged access to Facebook information which may come back to haunt you in the future (employment, travel, etc)

Regardless of how rosy you believe the world is, there are unfortunately a handful of bad people that use these sites to collect information about you with the intent to trick, deceive or do other bad things. 

Predators could pretend to be someone else and use these sites to build cyber relationships to encourage you to meet them in person (could be dangerous). A bad actor could use information found on these sites to perform social engineering on you or to someone you know. Someone could user information about your location, hobbies, likes and dislikes to befriend people in your network and then use these relationships to coerce you.

What does Facebook know

Facebook knows more about you than you realize and remember that it doesn't expose everything. A small glimpse of what it knows can be seen in your personal ad preferences (click here).

Expand the sections and see some of the information Facebook has about you and actively uses to target ads. 

Facebook self defense 

Regardless of how many dangers these sites present, they are a fantastic way to stay in touch with friends and loved ones. It is this characteristic that keeps people coming back. So what can you do to protect yourself? It's time to develop Facebook-Foo:

  1. It's public - Regardless of the restrictions you place on your post, assume it is public. A friend can take a snapshot and repost it on Reddit. Even on snapchat, I could use a second device to take a picture of the screen and post the content without you knowing. Remember that anything you post can be public and you'll be much better off.
  2. Don't make it personal - Limit personal information as much as possible. Think before you post. Looking at your feed, people shouldn't be able to determine patterns (which coffee shop you visit every morning) or personal information (picture of your kids daycare). Remember that you want to protect your information from "friends" and also the social network itself. Every smartphone picture you post contains GPS location data. This data may not be shared by the site but is definitely used by the site to build a more complete profile about you.
  3. Stranger Danger - We tell kids to be weary of strangers but we neglect this good information when working online. Remember that anything can be fake online. In social engineering, we commonly copy the profile information of people and use it to make connections to targets. We steal information from LinkedIn, Facebook and any other sources to improve the chance you will connect with us. 
  4. Check your settings - I recommend you periodically check your Facebook profile settings and the permissions you have granted apps to connect to your facebook profile. Most connected apps are fine but a nefarious one may use this authorization to steal your info and use it against you. I wrote an article in 2012 about a service that helps check your site permissions. The service may have changed but it is a good idea to perform this check every quarter.
  5. Be a skeptic - I see dozens of spammy fake posts every day on Facebook shared by friends. People share content without looking into the validity of the articles so be weary. An ounce of prevention is worth a pound of cure. Use fact checking sites like Snopes to validate claims before posting or sharing content.
  6. Use strong passwords - I recommend you use strong unique passwords for every site you register on. I wrote this 2013 article about how to use WolframAlpha to generate strong passwords and I still use this technique today. Generate strong unique passwords and keep it in a password manager like OnePassword or LastPass (which is almost free now).
  7. Keep your computer safe - For most users, I have started recommending the use of a Google Chromebook as their internet browsing device (or a smartphone or tablet). These devices are much more resilient to attacks and provide protection even if the user is less than diligent. IF you use a traditional computer (PC or Mac), make sure you keep your software updated, use a good antivirus and never run unknown third party software.If you receive a file and want to double check it before running it, use a site like VirusTotal to give yourself some peace of mind.
  8. Keep children safe - Talk to children about the dangers of social sites early and help them navigate this maze. They need to understand that anything they post will be with them for the rest of their lives. The internet does not have a delete key.

Related:

  • What is Facebook doing with my data?  (BBC)
  • 98 personal data points that Facebook uses to target ads to you (Washington Post)
  • Facebook Is Expanding the Way It Tracks You and Your Data (The Atlantic)