As economic recoveries continue, business values are on the rise. According to recent data, 36% of business owners looking to sell have raised their asking prices to account for increasing demand. Buyers, meanwhile, are willing to pay for great opportunities but also want to minimize risk. The result? Business technology infrastructure is one of the most important — and overlooked — aspects in making a successful sale.
To explore the impact of cybersecurity and business infrastructure on operational performance and overall company value, Aldrich Capital’s Brian Andreosky sat down with Frank Curci, a shareholder in Buchalter Ater Winn’s Portland office and a member of the firm’s Technology and Practice Groups, and were joined by Peggy Kitzmiller, a business advisor at Aldrich.
Here’s what they had to say (edited for clarity, spelling, and punctuation):
Q: How are companies adjusting to challenges caused by the pandemic?
We now see clients recognizing the need to pivot how they do business. These pivots are both driving changes in their business environment and creating new business opportunities.
For example, our online retail clients are seeing a significant increase in online traffic, and many believe that after the pandemic, some of these online consumer habits will continue.
In the high-tech industry, meanwhile, we are seeing companies pivot some of their R&D to meet increased industry demand for more digital solutions, such as more secure videoconferencing technology, enhanced interactivity for remote learning, advanced data analytics tools, and increased privacy and security measures.
Q: How are these changes impacting business technology infrastructure?
The need for robust cybersecurity is on the rise.
IT attacks such as data theft, phishing, and malware have risen dramatically. With many companies having a combination of a remote workforce or a partially remote workforce, having a decentralized system creates an environment where confidential data needs even stronger security protection.
Q: What are some of the primary legal and business issues that companies need to address as these changes continue?
First, we see the need to increase company awareness of data privacy issues, which in turn highlights the need to enhance internal security measures. As you know, California and the European Union have fairly recently enacted much stricter data privacy laws that give significant rights to consumers, both of which impose significant new legal obligations on businesses regarding how they use personal information.
Next, data will continue to be a valuable commodity for all businesses as part of their R&D and marketing efforts. The legal issues that come out of the increased value of data include coming up with legal structures that allow the sharing of data, figuring out who may legally own certain data, and implementing new tools capable of using this data.
Q: What role does data analytics play in driving business value?
The use of data analytics will continue to accelerate. As decisions about new business opportunities or survival are being considered, data analytics is taking center stage, and adoption will accelerate as companies are pressed to make decisions that will affect their viability.
Using data analytics will inform future intelligent and effective business decisions by increasing efficiency and revealing important business opportunities. While companies may feel comfortable dealing with short-term trends and decisions, longer-term, data-driven analyses will prepare them for the future.
Q: How are new data privacy laws impacting business operations?
Two relatively new privacy statutes are the California Consumer Privacy Act (CCPA) and the European Union’s General Data Protection Regulation (GDPR). These privacy laws impose significant new obligations and liabilities on any company that must comply with them.
The CCPA can apply to any company that either has 50,000 California consumers or has $25 million in annual revenues. These thresholds may seem high, but the 50,000 figure for consumers includes all devices that one person may own, meaning companies can meet these thresholds quickly. GDPR, meanwhile, imposes similar notification requirements and security measures on any U.S.-based company that collects personal information of any EU Data Subject.
All of this means that more and more companies will need to substantially update their privacy policies and implement new internal privacy compliance programs to comply with the stricter requirements of the CCPA and GDPR.
Q: What does this mean for data protection?
Data protection is an important topic for all of our clients, whether they realize it or not. Why? Because not all data is created equal. For companies who collect and store data that may contain trade secrets or protected health information about their clients, patients, or employees, the security of that data must be treated in a different way than public-facing marketing content.
In addition, knowing who has access to what data is an important exercise for a company to perform regularly. Often an employee will change jobs in a company, or take on new responsibilities, and their access to company data or applications is not subsequently evaluated and adjusted. You end up with many people having access to data for which they have no need, in turn creating unnecessary risk.
Q: What steps can companies take to create a more secure IT environment?
First is addressing remote work. We recognize that many employees are using their own personal computers to perform their jobs at home, but may also use these devices to enable online learning for their children. This opens up additional security risks to the corporate environment. As a result, we recommend that every company provide training in personal security practices. When people work from home, their personal security practices are the most critical to your company’s overall security.
Next, it’s critical to create effective password policies. Having a complex password is no longer sufficient security. Now, length and technical difficulty are what matters. We recommend passwords should be a minimum of 16 characters, with special characters, numbers, and as few common words as possible.
You can also improve your company’s security by using multiple authentication mechanisms together. Consider adding Multi-Factor Authentication (MFA) to your systems and processes, as well. MFA requires people to know specific login details and have access to a physical device such as a phone or USB token. Single Sign-On (SSO) services or password management services are another option to reinforce remote security measures.
Put simply? While companies want to make it convenient for employees to log into work assets from their different networks and computers, they should take precautions to protect company data.
Improving Operational Performance + Company Value
Whether you’re ready to sell your business to the highest bidder or positioning it for increased growth, Aldrich Advisors is here to help you manage the entire business lifecycle. Our specialists are dedicated to answering your questions and creating an optimal exit strategy.
If you have questions about maximizing your business’s value, reach out to your Aldrich advisor.