Securing Your Merger is the Key to a Happy Ending

Posted on 13 August 2020

Ready to write the next chapter of your organisation’s story? Be sure to factor in security to your merger, or else this fairy tale could become a horror story.

Mergers and acquisitions are not an unusual feature of the corporate landscape, with many organisations taking advantage of the new markets, resources, and capabilities on offer. What many don’t realise, however, is that – if not done securely – the process of merging two or more organisations can open up many an exploit for opportunistic cyber-criminals.

With that in mind, let’s take a look at what threats are standing in the way of your happily ever after, and how these innocuous pitfalls can be closed for good.

The Threat Inside

As we’ve discussed before, employees can (unwittingly) function as the weakest link in the security chain. During a merger or acquisition, employees will be welcoming new colleagues, which presents a series of security challenges – and not necessarily because the queue for the coffee machine will be longer.

Instead, it’s questions such as ‘how much do they use Shadow IT?’, ‘do they understand social engineering threats?’, and ‘what do their security practices look like?’ that might spin up some friction. Suddenly, they’re faced with reconciling the different ways in which they’ve been educated on security.

This is where it pays to have CISOs involved with the merger process from the very beginning, ironing out discrepancies in the existing infosec policies, and ensuring that all members of the newly formed team can exist on the same page. If you don’t have a large security team, bring in a third-party expert to help consolidate your infosec practices.

Elsewhere, we have the not-so-unwitting bad apples. As we’re all aware, disgruntled ex-employees, who can be particularly dangerous – especially if the organisation’s transformation is the reason they’ve lost their role. Pair motive with continuing access to sensitive corporate data, and you have a threat that needs to be taken seriously.

In tackling the latter internal threat, organisations would do well to stay on top of the migration of permissions and how employee records are being maintained during the transition. The JML (joiner/mover/leaver) process is an area ripe for automation – and one which will continue to benefit from innovation long after the merger has completed.


Wolves at the Door

Meanwhile, there are cybercriminals and opportunists to consider. Thanks to the large amount of dating being migrated and updated, mergers and acquisitions are treasure troves for unscrupulous players.

In this case, data encryption is key – and may already exist in one or both organisations. Maintaining this strict handling of data will ensure a smooth transition, though it doesn’t end there. Now is the time to invest in the right technology to protect your data, such as Microsoft’s Advanced Threat Analytics, a robust security solution featured in Microsoft’s Enterprise Mobility & Security suite. Security can be coded into the DNA of the new organisation from day one, saving many a heartbreak further down the line.


Every Story Needs a Good Ending

In case it’s not obvious enough, we strongly advocate for an early acknowledgment of the security risks associated with mergers and acquisitions – especially if it leads to action. After all, what organisation wants to be mired with bad press so soon after good news? Then there’s the cost aspect, with data breaches costing businesses an average of $3.86 million – money that could be better invested in further acquisitions, right?


It’s not just about the short-term, however: streamlining security practices, introducing new solutions, and setting a standard for internal conduct now rather than later means a long and happy life for the organisation, post-merger. Such a shift provides a fantastic opportunity, and to take advantage of the moment is to set everybody up for success.


So, while a merger can be a serious cybersecurity challenge, it’s not necessarily an impossible hurdle to overcome. By adopting the correct practices, investing in strong security tech, and involving every member of your team in the fight against hackers – all from an early stage – you can ensure a happy ending awaits.


If you’d like to know more about how we help organisations merge seamlessly and securely, please contact a member of our dedicated team.

A few people we've already done it for