M&A Software Security Should Be a Top Concern

Article revisited on July 3rd, 2017 

For all companies working in the M&A space, security is currency. 

That goes for solution providers, as well. One thing we know at Midaxo: it’s absolutely essential that we handle matters of customer data security with the utmost care and technical savvy.

Why exactly do we push this to the forefront of the M&A conversation? The answer is simple. 

Companies with a sophisticated acquisition strategy and M&A pipeline brimming with new opportunities need to know their confidential plans and data are not going to leak and fall into the wrong hands. 

The world of M&A relies on security to maintain accord. Thus, acquirers should rely on the right software solutions providers to facilitate security on their behalf. What many M&A Heads and Integration Managers may not realize is that the current way of managing data security throughout the M&A process simply doesn’t cut it. Not even close. 

Security imperfections in today’s M&A space 

What is the present way many companies handle M&A software security? Unfortunately, despite that security is certainly considered to be a priority, the security measures taken aren’t reflective of the risks incurred by the very nature of the typical company’s M&A process structure. 

A large number of companies manage their process with multiple applications that are not connected – very much like a jigsaw puzzle of disparate apps, where the pieces simply don’t fit together. The glue that manages to keep this system from falling apart is comprised of hours upon hours spent by integration teams and consultants. And what happens because of this? 

  • More often than not, M&A stakeholders and participants communicate via email, regardless of whether or not they are internal or external stakeholders. The primary problem with email communication is: the data in an email is readily accessible – and “hack-able”. What’s more, messages can be easily forwarded – even by accident! And with one click of your mouse, important M&A plans, data and other company confidences can show up in the wrong recipient’s inbox due to user error. 
  • Moreover, company hard drives and shared folders used to track all the questions, answers, and findings that come along with M&A communication exchanges pose their own security threat. When you replace these devices with newer versions, or perhaps upgrade to another system entirely, where exactly will the devices go when they’re disposed of? The vast majority of M&A departments don’t take this into account – and what it boils down to is: they never really know. 
  • And of course, our experience in the industry has showed us that many firms have placed too much trust in their own server and network. There is still some general hesitation that the cloud is more insecure than a company’s internal firewall solutions. However, it’s actually more difficult to execute and view a clear audit trail via on-premises networks, and managing communication with external users (lawyers, consultants, auditors, etc.) still requires resorting to insecure practices, such as sending content-sensitive email. 

Particularly for mid-sized companies (relative to the market), investing all the money and resources required to keep up with security measures is going to be a challenge in itself, let alone cultivating (or hiring) the internal know-how to do so.

Fortunately, there is a rapidly growing consensus that the cloud is as secure as can be, resulting in an increased level of comfort with storing data utilizing this method. Today’s technology users shouldn’t be questioning whether or not they should use the cloud. It’s more important to consider how they will be using it. 

What security game changers should M&A teams be on the look-out for? 

Software solutions – and the processes to develop and manage them – particularly those that are used by companies navigating very high financial stakes, MUST be secure. Buyers should expect that each of their provider’s design functions and architectural choices have been made from a security-centric point of view. 

Here’s more on what to look for when considering your M&A software solution options and their respective levels of security: 

  • An end-to-end solution: By having all team members carrying out all M&A tasks and communication within the same portal – emails and collaboration included – there is no spread across a number of detached applications, and the risk of misplacing, losing or sending data in the wrong place is mitigated. All users will be able to access information in real-time, drastically decreasing inaccuracies and team member mistakes. 
  • Strict permission controls: First of all, when utilizing a cloud-based solution, customer data from one company’s account must not have any opportunity to intermingle with data from another company in the system, and your provider should be able to acknowledge the steps they’ve taken to ensure this does not happen. Of course, each platform user should have specific access to only what they need to see via the implementation of strict permission controls. That includes the provider’s tech support team. Your company’s data is strictly confidential – and it should not be accessible to external users without explicit permission. For example, to moderate tech support issues, Midaxo reps ask our clients to share their screen when explaining a question, as opposed to diving right into the portal themselves (they simply cannot do this as a function of the software’s design). 
  • A detailed audit trail: Who participated in any given task? Who said what to a particular stakeholder? Who looked at this document and that document – and when? A detailed and flawless audit trail capturing any action associated with the M&A software should be seamlessly incorporated into the program. 
  • Official security certifications: Sure, it’s understandably important to look for certifications when determining a software company’s credibility. But ideally, you should partner with a provider that has been ISO 27001 Certified. Not ISO 27001 compliant or consistent with ISO 27001, but audited and certified. Very few companies in the M&A space pass this internationally sanctioned audit addressing how well a company executes processes around their technical application. So keep this in mind when hunting for the right merger and acquisition software.

If your company’s data and acquisition plans are important to the success of your business and its development (and our guess is that they are!), security must remain top-of-mind when looking for deal management software solutions.

Though discussion about security during an initial discovery call with a sales representative may sometimes feel like a formality, it’s important that your prospective M&A partner can answer your questions and thoroughly explain how their product will be an advantage – and not a hindrance – when it comes to security.

See our Resources Center for more content.

Latest Materials