Why You Should Always Perform a Security Assessment in an M&A


ewefMergers and acquisitions (M&As) are incredibly powerful tools that can, if managed properly, propel a business to a whole new level. That said, they often go horribly wrong as well, and that is mainly because key details are not properly assessed. When you learn more about company mergers, you will inevitably find that it is about a lot more the two companies coming together. Every element of both the individual companies have to be mixed, and turned into a brand new whole. That is very complex, and it is all too easy to miss something. One of the things, strangely enough, that gets overlooked more often than not is the IT point of view. This is quite strange, considering how much of today’s work is done digitally, but the reality is that many companies forget to perform a technical security assessment before deciding whether or not go ahead with the M&A.

What Is a Technical Security Assessment for?

A technical security assessment is designed to make sure there are no IT problems already present that could devaluate a company, or cause other problems further down the line. When performing this assessment, the acquiring company can:

  • Confirm that there are no pre-existing worms, Trojans, spyware, or viruses in the servers, PCs, and overall network. If any malware is found during the inspection, these must be removed before the acquisition can go ahead. It is all too easy for the entire network to become infected through innocuous looking emails, network sharing drivers, FTP protocols, DVDs, USB thumb drivers, and CDs, that officer personnel take with them.
  • Confirm that the company that is being acquired has a proper firewall in place. When a firewall is present, more capacity expansion and flexibility is possible in the design of the network. If internet facing services are required for the operation of the business, then firewalls will ensure that a separate network segment can be created where these servers can be placed, without at any point lowering the security of the network.
  • Assure that no part of the network is currently weak, providing a backdoor for hackers.
  • Ensure that the entire network is encrypted, that no unnecessary services are running, that only authorized personnel can access certain parts, and that there is no non-business software on any of the computers.

Security Policies

The acquiring company should ensure their IT managers are properly involved in the overall M&A process, and that they discuss policies and strategies with the existing companies. By being one of the first teams to work together, they are setting the stage right for all the other teams as well. In so doing, they ensure that there is less stress and that people don’t have to deal with malfunctioning equipment when they already have enough on their plate.

It is vital that a full security assessment takes place before you agree to merge with or acquire a secondary company. Missing this vital part could literally cost you thousands.

Published by Kidal Delonix (949 Posts)

Kidal Delonix is a contributor to Mr. Hoffman's blog. The views and opinions are entirely his/her own and may not reflect Mr Hoffman's views.

Learn more

Leave a Reply