2020 was the year the world changed. Paradigms shifted, long standing assumptions were overturned. Business plans were disrupted, and competitive positions were realigned.

New Environment, New Challenges

Businesses were heavily impacted by change. Some were advantaged, others disadvantaged by the disruption. For example, a company with technology to facilitate staff working remotely is better positioned than a company with staff tied to the office. No matter, each is faced with the challenge to evaluate opportunities and threats and take steps to preserve and create value in this new environment.

Mining for Value with Technology

Accelerating digital transformation is a strategy many businesses are taking to build and safeguard value. Changing demands from customers, the work force and all participants in the supply chain are driving investment in and adoption of technology. Advances in technology tools, capabilities, and processes are fueling digital transformation. The pace of technology development is ironically demonstrated in the negative where microchip scarcity is shutting down production of mid-level vehicles to feed the chip requirements of higher profit, top-of-line cars.

Gartner forecasts the overall, worldwide IT spend for 2021 to increase 8.4%, rebounding from a 2.2% decline in 2020. Much of the increase will reflect the adoption of cloud and other (X)aaS technologies. The proliferation of data and investment in analytic tools, artificial intelligence and machine learning will allow businesses to derive actionable information from raw data, gain competitive advantage and increase their value.

The use of these technologies will change from the tactical, IT supporting business processes to the strategic technology as core components of the enterprise. Data will become a value bearing asset.

The Strategic Value of Cybersecurity

Digital assets are not the only source of increased value for an enterprise. Technology and globalization have created an exposure that is an existential threat to businesses of all sizes. Attacks have become daily events as major companies, institutions and municipalities are targets of cybercrime and disruption. Ransomware, phishing in all its forms and similar attacks drain billions from businesses each year. Another class of attack threatens the basis of our societies’ undermining principals of democracy, clouding many aspects of our lives with misinformation, conspiracy theories, “alternative facts”. etc.

In this environment businesses that can build a robust cybersecurity defense increase their value and safeguard their future. Much like the technologies used to leverage data, cybersecurity needs to become a core component of the business, incorporated into all areas and activities. The value of strategic cybersecurity is the responsibility of everyone who comes in contact with the enterprise. Planning and implementing an architecture of cybersecurity will take into account customers (future and active) and all points on the supply chain (not just vendors but all providers of professional services). All staff should know that cybersecurity is valued as a key asset of the organization and the role that plays in the work they perform. All leadership in the organization should provide example of their understanding of, and adherence to, cybersecurity practices. The higher the leadership the more clearly demonstrated the commitment to cybersecurity.

Strengthen and Increase Resilience

PricewaterhouseCoopers (PwC) conducted their Global State of Information Security Survey (GSISS) for 2021 last summer. They surveyed 3,249 C-level executives, worldwide, across a range of industry sectors. The survey confirms that cybersecurity is no longer the sole purview of the IT department. “Although tech is very much in the picture—security leaders are working closely with business teams to strengthen and increase the resilience of the organization as a whole.” 50% of responders say that cyber and privacy will be baked into every business decision and plan”, up from 25% in the previous year’s survey. “Fifty-five percent of executives plan to increase their cybersecurity budgets, with 51% adding full-time cyber staff in 2021 — even as most executives (64%) expect business revenues to decline.”

With businesses, in their entirety, embracing the need for cybersecurity. executives want increased testing across a wide range of scenarios so they can anticipate attacks, plan, and take steps to ensure their critical business function will stay up and running. “It is not possible to forecast the future, but it is possible to plan to address imaginable scenarios.” Disinformation attacks and threats sponsored by nation states are among the scenarios identified as concerns in the survey.

Cyber Assets Future Proof the Business

This cyber threat environment demonstrates the real value businesses can create by developing a broad and deep cyberdefense strategy encompassing all areas of the enterprise. Such a strategy represents a lasting asset, safeguarding the future of the business. This is value, equally as important as intellectual property, new products, research and development, and a loyal customer base.

Develop a Cyber Secure Architecture but don’t Ignore Infrastructure and Technical Debt
New technologies can increase the value of a business, but it is important to not overlook the infrastructure that supports the business. Obsolescence of hardware or software generates vulnerability and can undermine the efforts and progress made to create a new class of assets. Servicing tech debt by strategic updating, maintenance, and retirement of systems and equipment that is out of date is an essential part of preserving value. Strategies for recognizing and managing tech debt are covered in the book, “Tech Debt 2.0®, How to Future Proof Your Business and Increase Your Tech Bottom Line”, published by the IT Ally Institute in April 2020.

Value for the Future

Investors understand that the value of a business is based on its ability to thrive and deliver returns in the future. Preparing a business for the future in today’s environment depends on assets that promote speed, flexibility and resilience. Emerging technologies can prepare a business to meet future challenges and safeguard against evolving threats.

Michael Fillios is the founder and CEO of IT Ally Holdings, a diversified holding company that provides IT and Cyber advice and consulting to family owned and private equity backed small and medium size businesses (SMBs) and Credit Unions. As a former Fortune 500 global CIO, small business CFO, technology entrepreneur and management consultant with more than 25 years of experience, he is responsible for driving the strategic vision and growth of the IT Ally Holdings companies including IT Ally, CU Ally, fraXtion and the IT Ally Institute.

This article was originally published on Architecture and Governance.

2020 was the year the world changed. Paradigms shifted, long standing assumptions were overturned. Business plans were disrupted, and competitive positions were realigned.

New Environment, New Challenges:

Small and Mid-Size Businesses of SMBs were heavily impacted by change. Some were advantaged, others disadvantaged by the disruption. For example, a company with technology to facilitate staff working remotely is better positioned than a company with staff tied to the office. No matter, each is faced with the challenge to evaluate opportunities and threats and take steps to preserve and create value in this new environment.

Mining for Value with Technology:

Accelerating digital transformation is a strategy many businesses are taking to build and safeguard value. Changing demands from customers, the work force and all participants in the supply chain are driving investment in and adoption of technology. Advances in technology tools, capabilities, and processes are fueling digital transformation. The pace of technology development is ironically demonstrated in the negative where microchip scarcity is shutting down production of mid-level vehicles to feed the chip requirements of higher profit, top-of-line cars.

Gartner forecasts the overall, worldwide IT spend for 2021 to increase 8.4%, rebounding from a 2.2% decline in 2020. Much of the increase will reflect the adoption of cloud and other (X)aaS technologies. The proliferation of data and investment in analytic tools, artificial intelligence and machine learning will allow businesses to derive actionable information from raw date, gain competitive advantage and increase their value.

Asset Creation:

The use of these technologies will change from the tactical, IT supporting business processes to the strategic, technology as core components of the enterprise. Data will become a value bearing asset.

Benefit for the Business and Private Equity Firm owners:

SMB owners and stakeholders will benefit from improved processes, and operational efficiencies. The benefit of increased value will also accrue to private equity firms with opportunities on two axes. The data assets of their portfolio companies will present new opportunities for market creation, synergies, and efficiencies. Also, the acquisition landscape will be enriched as potential targets build and demonstrate value that can be magnified as part of the private equity portfolio.

Create Value but don’t Ignore Infrastructure and Tech Debt:

New technologies can increase the value of a business, but it is important to not overlook the infrastructure that supports the business. Obsolescence of hardware or software can undermine the efforts and progress made to create a new class of assets. Servicing tech debt by strategic updating, maintenance, and retirement of systems and equipment that is out of date is an essential part of preserving value. Strategies for recognizing and managing tech debt are covered in the book Tech Debt 2.0, How to Future your small business and increase your tech bottom line, published by the IT Ally Institute in April 2020.

The Value of Cybersecurity:

Digital assets are not the only source of increased value for an enterprise. Technology and globalization have created an exposure that is an existential threat to businesses of all sizes. SMBs are not immune to attacks that have become daily events as major companies, institutions and municipalities are targets of cybercrime and disruption. Ransomware, phishing in all its forms and similar attacks drain billions from businesses each year. Another class of attack threatens the basis of our societies’ undermining principals of democracy, clouding many aspects of our lives with misinformation, conspiracy theories, “alternative facts”. etc.

In this environment businesses that can build a robust cybersecurity defense increase their value and safeguard their future. Much like the technologies used to leverage data, cybersecurity needs to become a core component of the business, incorporated into all areas and activities.

Strengthen and Increase Resilience:

PricewaterhouseCoopers (PwC) conducted their Global State of Information Security Survey (GSISS) for 2021 last summer. They surveyed 3,249 C-level executives, worldwide, across a range of industry sectors. The survey confirms that cybersecurity is no longer the sole purview of the IT department. “Although tech is very much in the picture—security leaders are working closely with business teams to strengthen and increase the resilience of the organization as a whole.” 50% of responders say that cyber and privacy will be baked into every business decision and plan”, up from 25% in the previous years survey. “Fifty-five percent of executives plan to increase their cybersecurity budgets, with 51% adding full-time cyber staff in 2021 — even as most executives (64%) expect business revenues to decline.”

With businesses, in their entirety, embracing the need for cybersecurity. executives want increased testing across a wide range of scenarios so they can anticipate attacks, plan and take steps to ensure their critical business function will stay up and running. “It is not possible to forecast the future, but it is possible to plan” to address imaginable scenarios. Disinformation attacks and threats sponsored by nation states are among the scenarios identified as concerns in the survey.

Cyber Assets Future Proof the Business:

This cyber threat environment demonstrates the real value businesses can create by developing a broad and deep cyber defense strategy encompassing all areas of the enterprise. Such a strategy represents a lasting asset, safeguarding the future of the business. This is value, equally as important as intellectual property, new products, research and development, and a loyal customer base.

security portfolio

Higher Stakes for PE Portfolios:

Private Equity firms face the same cyber threats as individual businesses. Actually, the stakes are higher with PE firms protecting their investors from vulnerabilities that can spring from anywhere in the portfolio of companies. Cybersecurity is only as strong as the weakest link in the portfolio, and then the next weakest, then the next weakest link, and so on.

Momentum Cyber is the premier advisor to the cybersecurity industry and has recently published the “Cybersecurity Almanac for 2021 The report states that PE firms continue to show a strong interest in cybersecurity fueled by the acceleration in digital transformation and the increased vulnerability. PE firms were responsible for 37% of the M&A activity in the cybersecurity sector last year and a 28% (YoY) increase in cybersecurity investment. Private Equity professionals are securing their investments with the same strategic thinking utilized in portfolio planning and acquisitions.PE firms are taking a portfolio-wide approach to managing cybersecurity, benefiting from efficiency and cost-savings, and gaining insight to the security health of their portfolio.

Boosting Portfolio Value:

A portfolio approach to security creates value that is greater than the sum of the security assets of the businesses that make up the portfolio. Firms adopt, portfolio-wide cybersecurity standards. This creates a cybersecurity strategy that aligns with the risk tolerance characteristics of the PE firm rather than the individual portfolio members.
A high threshold of cybersecurity readiness for joining the firm preserves the value of the firm’s security asset.

In addition to shared policies and standards, multiple businesses in a portfolio bring the benefit of multiple eyes and minds to bear on monitoring security as each organization has its own unique sensitivities. A robust council of security resources can boost investor confidence.

Value for the Future:

Investors understand that the value of a business is based on its ability to thrive and deliver returns in the future. Preparing a business for the future in today’s environment depends on assets that promote speed, flexibility and resilience. Emerging technologies can prepare a business to meet future challenges and safeguard against evolving threats.

About the Author

Michael Fillios is the founder and CEO of IT Ally Holdings, a diversified holding company that provides IT and Cyber advice and consulting to family owned and private equity backed small and medium size businesses (SMBs) and Credit Unions. As a former Fortune 500 global CIO, small business CFO, technology entrepreneur and management consultant with more than 25 years of experience, he is responsible for driving the strategic vision and growth of the IT Ally Holdings companies including IT Ally, CU Ally, fraXtion and the IT Ally Institute. His first book, Tech Debt 2.0®: How to Future Proof Your Small Business and Improve Your Tech Bottom Line, was published by the IT Ally Institute in April, 2020.

[This article was originally published on itallyllc.com.]

Open-heart surgery prepped my SMB for the ultimate future proofing.

As a young executive, I received some sage advice from a career coach when discussing the topic of “work life balance.” The advice was simple, but the impact was significant and lifted a burden I was carrying for quite some time. My coach said, “don’t try to come up with a magic formula that allocates a percent to the time you allocate to work, family and yourself, but rather put 100% focus into anything that you do.” In other words, be fully present and commit to those areas individually and you will never feel the burden of work / life balance ever again. He was right!

The Mindset

This gave me a unique perspective and more importantly a mindset that I have applied ever since. This mindset was recently tested when I decided to become an entrepreneur again when I launched IT Ally in 2017. My first tour was 10 years during the 2000’s when I was Chief Solutions Officer at BTM Corporation. So as the saying goes, this was not my first rodeo. As my fellow entrepreneurs know, in the early stages of a starting your business, 100% of your success fully depends on the actions of the entrepreneur. You never feel you are doing enough, there is always more you want to accomplish, and it can never happen fast enough.

However, one additional shift in this case from my role as a Fortune 500 CIO, was on the personal side. Yes, I always worked hard regardless of the job or role I had, but as an entrepreneur, I knew exactly what it is was going to take, the sacrifices I needed to make and how that increased time would impact my work / life balance. With my career coach’s advice in mind, I made sure to apply the 100% percent formula. Being an entrepreneur, outside the structure of the corporate world, there was another dynamic – that is, there truly isn’t a bright line defining what is business versus personal time. My fellow entrepreneurs know this all too well – that line is never clear and tends to shift continuously. In fact, in my experience, it is in most cases nonexistent.

Open-Heart Surgery

In early January 2021, this struggle to define and separate business and personal was “big-time” tested when I learned that I needed to undergo open heart surgery to correct a known defect that afflicts about 1% of the population. The realization hit me when my cardiologist strongly recommended, I address this issue right away, when in my mind, I had about another ten years! Coming off of a record-setting 2020 for IT Ally Holdings and our operating companies, navigating the pandemic and the usual entrepreneurial stresses in an early-stage company, I worried about the impact this would have on my business, my personal life, my health, and my family. I also knew that I would need to apply a different plan and playbook to navigate this process, especially with a relatively compressed timeline of about two weeks before my surgery. I could not, for example, just go out on short term disability and let my corporate HR and benefits take care of the rest. So, let’s just say, we had more questions than answers in terms of getting prepared, not to mention major surgery that was looming!

Needless to say, I treated this situation like many others that I have done before, and became hyper focused on detailed planning and flawless execution at least for the pieces in my control. Oh did I mention, that I managed to schedule my surgery at the top cardiac hospital in the country, the Cleveland Clinic, so I knew that I would be in great hands for my procedure.

Personal Affairs

Although my surgery went as planned and I am in midst of my recovery process now, I wanted to share some of my experiences and lessons learned from a business and personal perspective that might be relevant to other entrepreneurs and business owners and in my case as a husband, father and grandfather, which again reinforced the blurred lines that exist from what is a business versus personal situation.

Getting your personal affairs in order. Having surgery thrust upon us so quickly, it was a great opportunity for my wife and me to update our legal and business documents such as wills, trusts, beneficiaries, insurance coverage, health care proxies, banking and investment portfolio. Having three kids over the age of 18, also meant that our conversations with them would need to be thoughtful and detailed, but hopefully without creating any major sense of panic. Fortunately, we had many of these documents in place, but our personal /business circumstances had changed since their creation and therefore required some significant updating and alignment with my newly formed businesses and financial situation.

Business Affairs

Getting your business affairs in order. Having created and launched 4 operating businesses and a holding company since 2017, it was important to revisit all operating agreements with our corporate attorney. We basically wanted to ensure that these agreements reflected our current ownership structure and aligned with the trust we established to ensure the assets were protected, estate taxes were mitigated and that the business had a clear path forward should I no longer be able to operate it. Although I had these conversations in my mind a thousand times, the process this time around was much more real and, in some cases, required difficult decisions to be made, but once addressed, felt like a major burden was lifted. Not to mention, I knew that my family and my business would be protected and we had a plan to operate from should the worst scenario play out.

Communicate

Communicate, communicate, communicate. We knew that we needed to communicate my situation, but wanted to be thoughtful and deliberate in terms of our message and timing for when and who to deliver it to. Like many transformational or significant projects that we assist our clients with, we needed a plan to manage this process and the various business and personal communications. As we contemplated the plan, it turned out to be a fairly comprehensive list that included my team, current and potential new clients, partners, children, family members, and close friends. Armed with this list, we defined, sequenced and executed a communications plan within the two week window and got the job done.

Trust

Trust your team, trust the process. Since the formation of IT Ally in 2017, I always viewed this as a scalable business rather than one that was centered just around me. Because of this strategy, I created a business and operating model to achieve this vision. In fact, one of our first podcasts, Inside the IT Ally Business Model, explained more about this.

Having to leave the “business office” for this surgery and with a lengthy and somewhat uncertain recovery period to follow, I was able to test or perhaps retest and validate this model given the reliance needed on my team to sustain our operations during this period. For example, our Monday staff meetings that we instituted some time ago, meant that the team was highly informed and aware of all current clients, new business opportunities and key strategies that we were pursuing.

From the beginning, I had also been very disciplined about taking a product management mentality in the way that we deliver our services. This enables repeatability, consistency and scalability of our services as well as a way to manage quality control over our deliverables. By having a defined set of packaged, and tool enabled services, we are also able to make our proposal pricing and client agreements more standardized and use these templates to streamline and simplify our client acquisition process.

Key Takeaways

Having navigated this harrowing experience for myself, I realized the lessons I’ve learned extend to my business and to SMBs who are my current and future clients. In many of our IT due diligence engagements, we often come across the topic of key man risk which in too many cases, highlights the dependency on one or a short list of a few key resources that have deep knowledge of the business, systems and typically a long history with the company.

Needless to say, whether this is the owner, executive, manager, or your administrative assistant, having a game plan for key members that you can’t live without” needs to be understood and comprehended in a plan. The plan should be formalized and communicated to those who are involved and should include documentation of passwords, procedures, practices, responsibilities, and confidential information essential to the business. Below are a few others to consider regardless of whether being brought on by a major surgery in my case or because you want to take stock in your business and personal affairs.

  1. You can never be prepared enough, but need to be aware of the implications and burden as an entrepreneur and the blurred lines between personal and business.
  2. You can’t do it all alone, rely on and trust your team and communicate with intent to all key parties including essential staff, clients, partners and other key stakeholders.
  3. Don’t underestimate the legal and tax side of things. This input and expertise are extremely valuable so make sure that you have trusted partners on your side.
  4. Don’t wait for a crisis to validate and pressure test your business and operating model. Plans should be subject to periodic review and adjustment
  5. Identify your “key man” risks as it relates to your business and put in place a contingency plan to prepare for the unexpected.

The Cyber Readiness Institute (CRI) asked its Small Business Advisory Council, a group of 15 public and private organizations that serve SMEs in various capacities, to identify key tips to help SMEs become more secure and resilient. The Council developed the following seven fundamental cybersecurity actions. While each enterprise’s individual circumstances will dictate the specifics of its cybersecurity program, the tips below serve as guardrails toward making your organization more cyber ready.

Every organization needs to take cybersecurity as seriously as other mission-critical functions, such as operations and finance. Cybersecurity is not just an IT issue; first and foremost, it is a people issue. These seven tips apply to your organization, no matter the size.

Tip 1: Pick a Cyber Leader

It’s important to have a designated person spearhead your company’s cyber efforts. Assigning a person with authority to be your “Cyber Leader” highlights your commitment to cybersecurity and provides an additional professional — and relevant — experience for the individual. In addition to ongoing cybersecurity management, the Cyber Leader can adopt and share best practices that employees can implement and be the point person when employees have questions or when cyber incidents occur.

Tip 2: Create a cyber aware culture

Creating a culture of cyber awareness means ensuring that all employees know they play a fundamental role in your business’s cyber resiliency. You need to make sure they have the knowledge, skills, and commitment to play that role. This culture can be facilitated through education and training, but it takes leadership to create and sustain a cyber-aware culture. With a remote work environment, regularly review cyber policies with your employees and ensure they understand their role in keeping the organization “cyber-safe.” In your workplace, consider posting your Remember, culture is created through your employees having a common behavior.

Tip 3: Communicate, communicate, communicate

Awareness is built through frequent, short communications. Weekly newsletters, regular emails, posters, or screensavers can all be vital to keeping your employees aware of the dangers of cyber breaches and how to prevent them. The CRI Starter Kit has eye-catching posters to communicate important reminders to your employees. Identify what is relevant to your organization, and tailor communications accordingly. Some of our suggestions include picking a cyber theme of the month to focus on – for example, recognizing phishing attempts or using strong passwords. Many governments and organizations offer free monthly awareness newsletters that businesses can share with their employees. Examples include the State of Mississippi and SANS’ Ouch!

Tip 4: Protect the Crown Jewels

You cannot protect everything equally. You should identify which data and systems (e.g., website, email, accounting, customer information) are most important to your ongoing operation. As part of the risk assessment, think about what would happen if you lost important data or your system went down. This preparation will help you prioritize what to protect. Every organization, no matter how small, should identify the so-called “crown jewels,” and make sure security controls protecting the “jewels” are appropriate to the task. Regularly assess how well protected your most critical data and systems are and proactively take the necessary steps to improve security. CRI’s “Ransomware Playbook” offers helpful guidance on prioritizing your assets.

Tip 5: Have a plan

Having an incident response plan to direct your actions when a cyber incident occurs is vital. The incident response plan should cover preparation in case of an incident, response during the incident, and rapid recovery from the incident. It should include considerations for business continuity, data loss, and back-ups for recovery. Given that many small businesses are forced to cease operations within one year of a cyber attack, it is especially important to have a recovery plan that is communicated to all employees. Furthermore, conducting exercises or drills that test the incident response plan (known as tabletop exercises) will help employees identify their responsibilities during incidents, and allow them to act effectively and securely when (not if, unfortunately) cyber attacks happen. The most important part of preparation is having current back-ups that you have tested – especially for your most important data (aka “crown-jewels”).

Tip 6: Understand the basics

There are many technologies, activities, and services that you can focus on when it comes to securing your IT infrastructure. It is important to have someone in your organization (the Cyber Leader) who knows what questions to ask and can understand the answers. Examples include keeping a current inventory of the devices people use to connect to your network, ensuring your software is routinely updated, using multi-factor authentication (MFA) for email, online banking, and other sensitive services, using a properly configured virtual private network (VPN) for all remote access, adopting mobile device management, enforcing strong employee passphrase policies with length and complexity requirements, and automating secure storage backups. Whether your IT is in-house or you use a Managed Service Provider (MSP), it’s vital to make sure your IT is being securely managed.

Tip 7: Be compliant

Data regulations vary across industry and region. Depending on the location of your business and the locations of your customers, you may need to change the way you handle personal data or face penalties and fines. Two examples are the General Data Protection Regulation (GDPR) in Europe and the California Consumer Privacy Act (CCPA) in the US. These regulations focus on Personally Identifiable Information (PII) (e.g., full name, social security number, email address). If you collect credit card information you should also be familiar with the Payment Card Industry (PCI) standards. Taking the time now to research security requirements to make sure you are data compliant is important and can save you a lot of time later.

Tip 8: Choose third parties carefully

When you share information with third parties, allow vendors to connect to your network, or rely on them for technical services, you often increase risk to your business. Ensure you choose third-parties carefully. Ask whether they have any security certifications or attestations, like ISO 27001, FedRAMP, or Payment Card Industry (PCI). Ask whether they are audited regularly to ensure their cybersecurity safeguards are appropriate and operating as expected (and ask to review a summary of their audit results). Include cybersecurity-related clauses in contracts, such as the third party agrees to use reasonable security precautions or comply with a set of security safeguards, to mitigate critical security vulnerabilities within a specific timeframe, and to notify you within a specific timeframe if they have a breach.

[This article was originally published on cyberreadinessinstitute.org]

Michael C. Fillios is the founder and CEO of IT Ally, LLC., a C-Suite IT and Cyber Advisory firm for small and mid-size businesses. He is a four-time CIO and senior global business and technology executive with 25 years of experience in transformation, change leadership, and operations management in the Pharmaceutical, Industrials, Automotive, Banking, and Consulting Industries. His first book, Tech Debt 2.0®: How to Future Proof Your Small Business and Improve Your Tech Bottom Line, was published by the IT Ally Institute in April 2020. In 2020, he formed the IT Ally Institute to provide research, best practices, thought leadership, and peer to peer programs for business and IT leaders at small and mid-sized businesses (SMBs).

His CIO responsibilities have taken him around the world including living in Shanghai, China where he served as Vice President and Divisional CIO at Delphi Automotive and led global IT operations for over 100 plants in 30 countries. At the multi-industrial giant ITT Corporation, he was part of the transformation team that led the successful tax-free spinoffs of ITT’s water and defense-related businesses to shareholders.

Michael also spent ten years as an entrepreneur at tech startup BTM Corporation, where, as the Chief Solutions Officer, he advised CxO’s on implementing transformative technology management practices in the public and private sector. Earlier in his career, he led the Finance, Human Resources and IT functions at Penwest Pharmaceuticals and worked at consulting firms Grant Thornton and Ernst & Young.

Find out more about Michael and Tech Debt 2.0® at:
www.ITAllyInstitute.org
www.ITAllyLLC.com

[This article was originally published on leadershipphalanx.com]

Michael C. Fillios is the founder and CEO of the IT Ally Institute, a nonprofit organization providing small and medium-sized businesses access to knowledge, research, and practical tools to improve their tech bottom line. A senior global business and technology executive with more than 25 years of experience in IT, finance, operations management, and change leadership.

In this episode, I speak with Michael Fillios about his mission and the impact he is making in the world.

Let’s dive in!

[This article was originally published on podcasts.apple.com]

 

Merger and acquisition impose great challenges for small and medium size businesses (SMBs). Successfully executing the M&A transaction is difficult but the reward can be great, a singular milestone in the life of a business. Determining the value of a business today includes far more than what’s revealed in a company’s financial documents.

Data as an Asset – Creating Tech Equity

The data assets of an organization are major components of the current and future value of the enterprise. Technology provides vast amounts of data that become valuable assets when standardized and enriched by a business’s development of the products, processes and services that meet the needs of customers.

Emerging data analytic technologies that have been used successfully in other aspects of business, are now being used in M&A. These tools greatly reduce the time and effort to gather and organize data and increase the discovery of value or identify risks. Artificial intelligence, data analytics and machine learning are being incorporated into platforms that let M&A teams ingest and standardize large data sets with processing power to rapidly evaluate numerous potential scenarios.

Speed is an important capability during due diligence. It is not uncommon for the process to take 60 to 90 days to complete. During that time key staff, leaders and subject matter experts are diverted from the day to day important functions of the business to spend hours in meetings. The longer this process takes the more likely the deal will be derailed as patience decreases and frustration mounts. The automated application of AI and data analytics can accelerate the process and free up staff to concentrate on the business.

A greater benefit than speed is the insight these new platforms can provide. For the SMB this insight exposes a layer of value – the digital data asset, equity that is increasingly important to the future of the business. With focus beyond company financial data, AI and data analytics enable a new tier – Data Due Diligence. These tools can combine and analyze data to provide insights that will be the basis for new products, services and revenue streams.

SMB leaders and their C-Suite team will be able to use AI powered data due diligence to fully and accurately demonstrate the value of their business and to identify the value of potential acquisition targets.

Automation Leveraging the Playing Field for SMBs

To take full advantage of these technologies, SMBs can look to external partners.

These firms have developed advanced automation capabilities and employed people with the mindset and expertise to use these tools for maximum benefit in due diligence for M&A. The major consulting firms and partners who focus on particular industry sectors offer services based on these new platforms. They have established practices that look at M&A in a new way and take into account the full potential of businesses. They evaluate a business’s approach to data and level of digital maturity, how companies normalize their data and use it across all aspects of the business to take advantage of its current and future potential.

External partners can help SMBs avoid the cost of developing or employing due diligence expertise. SMBs though can take steps to prepare their organizations to benefit from automated due diligence.

  • Become familiar with advanced automation, AI, data analytics and machine learning.  Attend conferences to see how these technologies are benefiting your industry sector.
  • Conduct pilots and proof of concept initiatives.
  • Identify individuals at different levels in your organization. Prepare them with the skillset and mindset to work with and help develop the latest digital M&A tools. Those people will help select the right partner to assist with a transaction.
  • Step away from reliance solely on the traditional M&A due diligence playbook. Use a shadow process to gain experience with new tools and data sources.
  • Become familiar with new pools of information. Data sources such as third party data and social media. They can provide a more complete picture for decision making.
  • Incorporate analytics as a core capability. Don’t use it merely as a decision aid. Use analytics as an ongoing capability for valuing your organization and potential targets.

Evolving Importance of Data Due Diligence

As an SMB, be aware of a growing trend among Private Equity (PE) firms to use AI and data analytics to continuously scan the environment. Their objective is to discover target acquisitions and to find potential synergies with sister companies in their portfolios. Analysis of the data equity a company has built combined with that of other portfolio companies will create new revenue streams or potential for cost efficiencies through consolidations. This is an opportunity for SMBs to leverage their data assets. To the extent that you can use advanced analytics, AI and ML to increase your digital maturity, you can increase your valuation and present as an attractive target.

The COVID-19 pandemic has added tremendous disruption to the M&A landscape.

Covid-19 slammed the door on M&A in February 2020. Transactions were halted in mid-process. Seller and buyers fled the marketplace. As the economy worsened, the basis for valuations eroded and traditional due diligence lost credibility.

A year into the crisis, activity has begun to return. The paradigm shift has opened up opportunities for some companies and left others in shambles. Bargain hunters are busy snapping up distressed businesses and using advanced analytics to try to discover who the winners and losers will be in this new environment and the environment that will emerge down the road.

Interestingly the pandemic has had an accelerating effect on the M&A process. The remote, work-from-home technologies used by us and our children (Zoom, Skype, et al.), along with abandonment of travel, group meetings, and social contact have streamlined the process.

Firms that once had to focus on one transaction at a time now can process multiple transactions simultaneously, in their pajamas!

Drone videos are now taking the place of plant tours and the long days that used to involve parties on both sides of a transaction and their costly consultants.

The increased volatility, accelerated pace and the discounted value of years of historical business data present challenges for advanced technologies and the M&A participants who deploy them. These challenges will, however, be met and overcome. Data due diligence as an integral part of the M&A process enabled by AI and similar tools will play a central role in defining the future business environment.

SMBs should prepare now to build data equity and to partner with the service providers who can maximize its benefit.

[This article was originally published on www.cdomagazine.tech.]

Click here to listen to the podcast. Please skip to the 34th minute to listen to Michael.

Michael Fillios – Founder of IT Ally and Author of Tech Debt 2.0®

The first line of defense against cyber attacks is your employees and they are the ones that can give away the keys to the kingdom,

Michael C. Fillios, Founder and CEO of IT Ally, LLC., is a global business technology executive with significant IT transformation, change leadership, and operational experience. IT Ally, LLC. is a C-Suite IT and Cyber Advisory firm for small and mid-size businesses. In 2020, Michael founded IT Ally Institute, a nonprofit organization providing small and medium-sized businesses (SMBs) access to knowledge, research, and practical tools to improve their tech bottom line. Michael is a four-time CIO and senior global business and technology executive with 25 years of experience in industries spanning pharmaceutical, automotive, engineering, software, and management consulting. In his first book, Tech Debt 2.0®: How to Future Proof Your Small Business and Improve Your Tech Bottom Line, drawing on his expertise in IT, finance, and change leadership, Fillios explores why SMB leaders often overlook IT as a strategic asset, and shows how to prevent tech debt from escalating.

In this three-person panel, Michael Fillios joins Kelly Hellickson, and Hilary Reed to discuss how small and medium-sized businesses have been affected by the challenges of COVID-19.

Click here to listen to the podcast.

The year 2020 has presented significant challenges to businesses worldwide. Leaders in those businesses have had their lives turned upside down personally and professionally. Business plans have been blown apart. In some cases, the fundamental assumptions about products, customers supply chains and staff have been thrown into question. Enterprise architects, or EA’s charged with defining the technical strategies that have been supporting and transforming businesses find themselves in new and unfamiliar environments. Major paradigm shifts have taken place and EAs are now responsible for rationalizing the technical architecture for a new environment.  

Disruption is unsettling but the same disruption contains opportunities as the landscape changes and customers, employees, and suppliers have new needs, expectations, and constraints. One constant in the pre and post pandemic environment that technology architects will recognize is Technical Debt. Experienced architects know their biggest challenge is not necessarily in deploying new applications, new platforms, or capabilities but managing investment in technology, balancing that investment with other business priorities. Striking that balance means recognizing and managing technical debt. The pandemic crisis presents EAs with new priorities and opportunities for managing that Technical Debt 

recently published “Tech Debt 2.0® How to Future Proof Your Small Business and Improve Your Tech Bottom Line”. The timely release of that book is crucial to small and medium businesses. However, reaction from readers has shown that the books concepts and recommendations, especially now, are equally valuable to CIOs and technology architects in larger enterprises. 

Let’s step back though and examine the concept of Tech Debt. Initially technical debt was defined as defective code released to rush a product to market. Today with technology permeating nearly every aspect of a business and in light of the realities of the new environment, it’s important to expand the definition of tech debt – Tech Debt 2.0 is any liability incurred in the development, acquisition, use and retirement of technology – i.e. hardware and software systems, or the skills set needed to support them. EAs must reevaluate the role of technology in their enterprise. This means reprioritizing investments in legacy systems, infrastructure and skill sets, be ready to abandon obsolete, dysfunctional systems, processes and methodologies.  

Architects must assess the changed needs of the business, – customers, staff, supply chain and identify efficient technology to support those new requirements. 

There is opportunity to walk away from legacy technology containing Unplanned Tech Debt that has never been corrected, the result of poor practices or poorly communicated requirements 

The move to remote workspace may present the option to discontinue the use of equipment or applications that have become instances of Creeping Tech Debt where features become obsolete, replaced by the better, faster more capable upgrades. Orthe applications and operating systems are no longer supported, causing security vulnerabilities. 

Changes in market dynamics as the customer base struggles to understand their new needs, constraints and opportunities invite architects and product developers to consider incurring Intentional Tech Debt. By releasing prototypes and minimal viable products (MVPs) customers become partners in product development, helping to build the plane even as it reaches cruising altitude. Architects know this will entail false starts as perceived requirements morph or fade away and require rework as the product matures. But the approach may buy competitive advantage as all players scramble to find their way in the new market space.  

Internally the pandemic disruption will raise the threat of Tech Debt in the form of shadow IT, as frustrated, impatient functional area leaders are tempted to deploy their own solutions outside the guidelines required by a coherent architecture.  Hmmm, let’s see will it be Zoom, or Skype, or Aircall, Slack, Microsoft Teams, GoToMeeting, Hopin and on and on. Unapproved, unmanaged tools can have cybersecurity issues or fracture data integrity by creating multiple versions of the truth. 

This far into the Covid-19 crisis we have seen the very real existential threat as businesses in more vulnerable industry sectors are forced to permanently close. 

As this continues there will be increased activity in mergers and acquisitions. Enterprise architects have an important role to play on both sides of an M&A transaction. Both involve the aggressive management of Tech Debt.  

To maximize the benefit of selling a business or merging with another organization a company must recognize and eliminate excessive Tech Debt. Unsupported, dysfunctional legacy technology can represent major liability to a potential buyer omerger partner. Such a liability could significantly affect the value of the transaction. An EA needs to foresee and mitigate this by communicating effectively with stakeholders the consequences of Tech Debt. 

The EA with the acquiring company is responsible for effective due diligence that uncovers instances of Tech Debt. These include, not just some of the obvious liabilities mentioned so far but also unsuspected instances such as software license stipulations where, for example, the sheer number of employees in a new organization can vastly increase the software maintenance costs even if the number of actual users doesn’t increase. Tech Debt can not only alter the price of a transaction but create an unsurmountable deal breaker. 

Managing Tech Debt is an important part of an organizations response to the pandemic crisis. Enterprise architects and leaders charged with IT governance have the opportunity and actions they can take on offense and defense to manage Tech Debt to protect their business. 

 Top 10 Plays for EAs managing Tech Debt:

  • Stay healthy, your family and business need you. 
  • Do a health check of your project portfolio and reprioritize any Tech Debt backlog. 
  • Refocus IT governance to accelerate decision making and maintain goal alignment with the organization 
  • Develop an “acute” action plan with intent and purpose for the next 30,60, 90 and 180 days and execute flawlessly. 
  • Prioritize actions that focus on revenue preservation and customer experience. 
  • Diagnose your Tech Debt and plan to address root causes. 
  • Conduct a business impact analysis to prioritize your cyber risks. 
  • Review and revise essential “pandemic” security policies and practices. 
  • Engage your internal team and external partners to best utilize their resources and identify cost saving opportunities. 
  • Protect core operations and monitor critical infrastructure services for internal users. 

 

Michael C. Fillios is the Founder and CEO of IT Ally, LLC., a leading IT and Cyber Advisory firm for small and mid-size businesses. He is a four-time CIO, entrepreneur and senior global business and technology executive with over 25 years of experience in transformation, change leadership and operations management in the Pharmaceutical, Industrials, Automotive, Banking and Consulting Industries. His first book, Tech Debt 2.0™: How to Future Proof Your Small Business and Improve Your Tech Bottom Line, was published by the IT Ally Institute in April, 2020. 

In 2020, he formed the IT Ally Institute, a non-profit organization that provides research, best practices, thought leadership and peer to peer programs specifically developed for small and mid-sized businesses. To learn more about the IT Ally Institute and register for our latest research, thought leadership and peer to peer round tables, please visit www.Itallyinstitute.org

[This article was originally published on architectureandgovernance.com.]