Is your merger and acquisition process as secure as you think?

 - 
Monday, December 2, 2019

A merger or acquisition is extremely sensitive. You’re looking at millions of dollars potentially changing hands, to say nothing of all the sensitive data and intellectual property. It should go without saying that security should be your number one priority; yet for some reason, many businesses seem to ignore it entirely.  

  • An organization in talks to acquire a startup is one-upped by a competitor that somehow knew the exact value of their offer. 
  • Identified as a redundancy, a disgruntled staffer makes off with their new parent company’s intellectual property. 
  • Immediately after merging with a partner, a company suffers a data breach, the result of a major security flaw in the other organization’s infrastructure.

These are all examples which can, and often do, happen as a result of poor security during the acquisition process. The good news is that with proper due diligence, these problems can be avoided by taking the following preventative measures. 

Document control and file tracking. Most often, the exchange of information during the merger and acquisition process is handled through the use of a secure data room. Unfortunately, this tactic falls apart the moment a deal is finalized. 

In a merger between two larger organizations, there’s a massive volume of information to sift through — Gigabytes, perhaps even Terabytes of files pertaining to everything from payroll information to intellectual property to customer data. Without an efficient means of categorizing, consolidating and tracking all that data, it’s incredibly easy for a leak to happen, either accidentally or intentionally.

A content collaboration platform, such as those covered by Gartner’s Magic Quadrant, is necessary. Not only will it allow you to effectively and efficiently protect your data throughout the merger and acquisition process, but it will also less worry about malicious insiders or simply losing track of important files. 

Cybersecurity testing. Presumably, your business takes security quite seriously. But what about the organization you’re looking to merge with or acquire? What does their network look like and what sort of controls do they have in place to prevent the misuse of systems and data? 

Like it or not, once the deal is finalized, their security problems become your security problems. For that reason, it’s important to bring in a third-party analyst to evaluate all aspects of a prospect’s cyber risk environment. You need to understand the business risk profile, weak points, IT infrastructure and business processes. 

An objective evaluation of both your security posture and that of your target is necessary before moving forward with any sort of deal. Ideally, in the analysis, you’ll want to leverage a security framework, such as the one by the U.S. National Institute of Standards and Technology (NIST). 

Once you’ve completed your inventory of their IT systems and approach to security, be sure to compare it with their own documentation. If things don’t match up, that could be a sign of negligence on their part. 

Existing incidents and issues. Last but certainly not least, what sort of cyber liabilities are you taking on with this merger or acquisition? Are there any ongoing legal problems related to cybersecurity? Any recent data breaches or cyber incidents? 

Once again, their problems will become your problems. So, it’s up to you to decide if the risks outweigh the gains of a partnership. 

Controlling your interests

Even without matters of IT and cybersecurity, mergers and acquisitions are complicated, logistically challenging affairs. Because we live in an increasingly digital world, security is no longer something that can be ignored, either before and after a deal is complete.

Max Emelianov started HostForWeb in 2001. In his role as HostForWeb’s CEO, he focuses on teamwork and providing the best support for his customers while delivering cutting-edge web hosting services.