Keep your technology current! Otherwise your business will suffer in the transition process. Host Tom Bronson is joined by Kent Barner, Principal at CIO Suite, on this episode of the Maximize Business Value Podcast where they discuss technology due diligence. The two exchange stories about acquisitions and strategy going off course because business owners did not invest in current technology needs. This error can lead to technology debt and cybersecurity breaches, which will hinder any company long-term. Listen now to protect your business!
Kent Barner founded CIO Suite to be the Strategic Advisor to C-Level Executives and Business Owners WHEN Technology Matters. As a CIO for 25+ years, he has been the internal advisor to C-Level Executives of high growth entrepreneurial organizations. Most recently, at Behringer’s peak, he delivered CIO services to 15 organizations concurrently. Kent looks to bring this same service to mid-market companies and companies in the M&A space.
Tom Bronson is the founder and President of Mastery Partners, a company that helps business owners maximize business value, design exit strategy, and transition their business on their terms. Mastery utilizes proven techniques and strategies that dramatically improve business value that was developed during Tom’s career 100 business transactions as either a business buyer or seller. As a business owner himself, he has been in your situation a hundred times, and he knows what it takes to craft the right strategy. Bronson is passionate about helping business owners and has the experience to do it. Want to chat more or think Tom can help you? Reach out at [email protected] or check out his book, Maximize Business Value, Begin with The Exit in Mind (2020).
Mastery Partners, where our mission is to equip business owners to Maximize Business Value so they can transition their business on their terms. Our mission was born from the lessons we’ve learned from over 100 business transactions, which fuels our desire to share our experiences and wisdom so you can succeed.
Welcome to the maximize business value podcast. This podcast is brought to you by mastery partners, where our mission is to equip business owners, to maximize business value so they can transition their business on their terms. Our mission was born from the lessons we've learned from over 100 business transactions, which fuels our desire to share our experiences and wisdom. So you can succeed. Now, here's your host CEO of mastery partners, Tom Bronson.
Tom Bronson (36s):
Hi, this is Tom Bronson and welcome again to maximize business value. A podcast for business owners who are passionate about building long-term sustainable value in their businesses. In this episode, I'd like to welcome our guest Kent Barner principal at CIO suite. That's a consulting and fractional CIO firm based here in Dallas. Now, Ken and I have known one another for several years. I think first meeting through business navigators, the servant leadership organization here in Dallas that you hear me talk about from time to time. But so in addition to being a true servant leader, Kent is a strategic thinker and works with companies to solve technology challenges.
Tom Bronson (1m 18s):
When Ken and I first talked about coming on this podcast, well, over a year ago, I might add it's taken us a long time to get this scheduled. I asked him to focus on technology due diligence, which unfortunately in my opinion is often brushed over in M and a transactions. In my humble opinion, not enough time is spent on technology due diligence. So today Kent is going to help me kind of pull back the veil and explore this important topic for business owners. So welcome to maximize business value. Kent.
Kent Barner (1m 54s):
Thanks, Tom. Good to be here.
Tom Bronson (1m 54s):
It's good to have you. So before we dive into due diligence, why don't you tell us a little bit about CIO
Kent Barner (2m 1s):
Suite? Sure. CIO suite. I started in 2017 we're technology advisors to C-level executives and business owners when technology matters because a lot of times they don't really care. And you just mentioned in transactions. Oftentimes they just overlook that, thinking that everything will be, be better on the backend after we acquire this. And, and oftentimes we'll, as we'll discuss, they find some landmines that they could have acquired a company more, less expensively out. Let's put it that way for less. And, and so in generally what I find too is, and I'm sure we'll get into this.
Kent Barner (2m 43s):
The, the acquiring company is more likely to do due diligence and the, the guy that's selling it. I, you know, if they're coming in and, and they want me to look at their company, I'm getting ready to sell and it's a year out, then they're not going to spend the money it's they won't, they won't get ROI. So I know part of your philosophy and many advisors is, you know, five years, get, it takes you five years to get ready to sell. Well, you should look at your technology platform at that time and make some decisions there. So you can get the best value when you're exiting. No, I'm not going to get into
Tom Bronson (3m 17s):
Your business model, but I would disagree with you that, that it doesn't give an ROI. And I know that's not you that's the way CEOs think sometimes, but it can give a massive ROI because if you can identify and find some problems early in and invest in, make the fixes, it could have a dramatic impact on the outcome of the enterprise value. And so, so I would argue that, and you already know this, but this, for the sake of our audience, I would argue that having those conversations well in advance is so very important and it can deliver a great ROI for business owners who were thinking about selling in the future.
Kent Barner (4m 2s):
I agree. It's just like, you got to get your accounting books in order, right? You can't, I mean, all those things that you need to do well in advance of your exit plan. So, but, but to your other point, the people that are receptive to the service are there people that are acquiring cause they don't want acquire some, you know, bad technology problems. So it's unfortunate, but that's the way it works out. Yup.
Tom Bronson (4m 24s):
I totally understand. So, so what's your background and why did you start CIO suite?
Kent Barner (4m 30s):
So I was in corporate America for about 35 years. And most of that time, since the early nineties, I was a CIO that's about when the CIO term was pulling chief information officer. And so the last company I was with, they were imploding and I saw that coming. So I decided I needed to do something. And so I jumped out of there at the end of 2016, they were my first client. So I did a transition with them for a few months in 2017. So in April of 2017, I kind of started trying to figure out how to do business. And it's, it's totally different. As you know, as a corporate executive everybody's after me, you know, now it turned, you know, flip the coin on the other side.
Kent Barner (5m 17s):
Now I'm trying to figure out how to get to people like me. Right? So anyhow, it's been a, it's been a fun journey and generally there's, I'm the only CIO in CIO suite, but I've had other CIOs with me from time to time and that's been fun working with them. I do fractional chief information officer, which is kind of, you know, maybe it's four hours a week or something like that. I, I right now have an interim gig where I am, they're acting CIO and I have about 15 people reporting to me and managing all their vendors. My, my plan there is to get rid of me eventually, but the company's just having to get some things in line first.
Kent Barner (5m 60s):
So, and then I do projects, you know, I've, I've worked for other CIOs who just need bandwidth or advice or whatever the case may be, but generally call it the mid-market $50 million in revenue and up, and I've worked for a large or a Greystar there worldwide. I've done work for them as well. So pretty broad range, but generally in that 50 to probably $150 million revenue, because eventually they'll have their own CIO. Right. So
Tom Bronson (6m 31s):
This interim gig, that's where they had a CIO who left and you're just filling in temporarily or no,
Kent Barner (6m 37s):
They've never had a CIO. And so they were kind of like, well, what does that mean? What do you do? And they had all kinds of problems and they still have problems I'm trying to fix, but you know, now they see the value. And so it's, it's, it's been fun trying to, yeah. I
Tom Bronson (6m 58s):
Imagine though that since you've sat so long in the CIO seat, I mean years before you started this, that's, you know, almost 30 years of, of doing that or 20 years of doing that before you started this, does that make it easier to have conversations with CIOs because you're, you've basically sat in their shoes?
Kent Barner (7m 20s):
Well, it depends on how secure
Tom Bronson (7m 21s):
They're yours, I guess, sat in their seat or walked in their shoes. I'm mixing my metaphors.
Kent Barner (7m 27s):
Yeah. Well, if a lot of them are insecure and so they don't want me around, you know, I don't want you in my backyard, I'm the CIO. I don't want you telling me what's wrong. Now I have worked for CIOs and they're just more secure. It's just a different attitude. And so, you know, I don't, I don't come across as a threat, I don't think, but you know, it was just kind of an odd, an odd thing. I know I'm
Tom Bronson (7m 54s):
Threatened by you right now. And then we're just on zoom. So no need not non-threatening guy. I already started with it. You're a great servant leader. That's a shame that some folks don't see that well, let's, let's jump into the deep end and let's talk about technology and due diligence. So one of the reasons that I think technology due diligence is so glossed over is that post acquisition and integration are not kind of clearly defined in advance. They're all excited. And it's, they're, they're, it's romantic to do the acquisition. We're doing acquisitions, we're doing M and a and they go out and they do that. And they don't define what the backside of it looks like in advance.
Tom Bronson (8m 37s):
So when you're called in by a client to do some technical due diligence, tell us kind of where you start.
Kent Barner (8m 44s):
Sure, sure. So I approach it from the business sides and, and, you know, technology, I can figure that out pretty easy. So I just need to understand what the plan is for the acquisition. So, you know, talking from the acquirers and, you know, are you going to fully integrate the company? Is it going so you bring them into all your systems, right? Are you going to adopt some of theirs? You know, how, how is that going to happen? Are you planning on divesting of certain parts of the business because they're not strategic for you or whatever the reason may be, or, or are you just going to leave them alone and just run them as an independent business? And so depending on what that business strategy might be, and there's probably some other flavors in there, that's I go in with that lens?
Kent Barner (9m 30s):
You know, if you're gonna, if you're going to divest, you know, you're not going to spend a bunch of money on that. You may to get better value, right. Just depends on when you're going to exit them. So there's just different reasons and different views that when you're starting to do it. So we're not even talking about technology yet. Right. It's really, what's the business strategy. I
Tom Bronson (9m 50s):
Love that it kind of forces the, the acquirer, if you will, to think about what the end game is. And that's, that's unfortunate. That's kind of one of the, one of the side-effects of, of M and a too often, they don't think about that end game. And what, what is our strategy beyond close? You know, cause close getting to the close in my opinion is the easy part as I actually do a talk at, at various shows and events and whatnot on buying companies is easy because I think it's easy. That's the easy part. The hard part is the post-integration. But if you don't start with understanding what the end game looks like, then post-integration can take on a life or post acquisition integration phase can take on just a life of its own.
Tom Bronson (10m 36s):
So I love the fact that you kind of force them into thinking about what are we going to do with this? Because if they are going to divest, that's going to give you clues about where you need to spend time. But if they're not, if they're keeping the technology or, or keeping it or keeping it and operating it as a separate entity, then that gives you some idea of where you need to focus to make certain that, that you're delivering value in the due diligence. Am I, am I right on with?
Kent Barner (11m 3s):
Oh yeah, definitely. And I think you said it earlier that, you know, they're all enamored when they're doing the transaction and don't let, don't let technology get in the way of a good transaction. You know, that unfortunately is many times what people say or saying at least, but it costs them on the backend. And then you can have failures, not just from technology, but you know, we'll talk about another topic here, culture, you know, it, a big piece of that as well. Yeah.
Tom Bronson (11m 28s):
The, I will tell you that, that I've kind of done all of the above the descriptions that you gave, you know, keep divest operate separately. And that drove kind of what our technology due diligence is all about. For example, you know, we bought, and in my last company, we bought 17 companies that were providing different types of technologies to restaurants, retailers, and wineries. And some of those companies that we bought, we knew that within 30 days we were going to end of life products and switch them on switch the customers onto something better.
Tom Bronson (12m 9s):
You know, perhaps it was an old tire technology. So we didn't spend tons of time. We made sure that, that there weren't any skeletons in the closet, but we, but we weren't spending tons of time thinking about how do we take this product forward because we knew that we were going to abandon that product. And so, so it's important to really kind of start with that. You mentioned kind of another topic that I think is super important and most people don't think about this in terms of technology, but is, is culture important in the process?
Kent Barner (12m 42s):
Oh yeah, definitely. It's, it's right up there with a strategy. You know, I kind of approached strategy first and then culture second. And one of the things I say is, you know, the, when I was in corporate America doing strategic acquisitions, it was me and HR that showed up first. And, you know, after the deal guys decided we're going to get married, we would, we would drop in and then start doing the real due diligence. And you know, one of the things that I'd like to do is interview all the kind of key stakeholders and, and get to know a little bit about them and how the culture that, you know, just by interviewing them, you kind of figure out what the culture of the company is good or bad. And, and so in addition to just finding out about the systems and where the shortcomings are that they think, and we're the good ones that they think, and I'll just kind of get people's opinions, but yeah, culture is, is huge.
Kent Barner (13m 33s):
And I would, I would say, and you would probably know, but many transactions fail because of the cultural issues or, you know, the post transaction integration. Maybe it takes too long, you know, you don't, you want to do it as fast as you can, especially if you have to do something with people. And so, you know, culture is real important and I've, I've, I've got a couple of examples of interesting culture. So one of them is probably a terrible, a bad example. So there was a company we were acquiring, it was on the west coast. That doesn't matter. But, you know, we, we liked the, kind of the mix between the two companies, but we sense that the culture was a bit of a challenge.
Kent Barner (14m 15s):
And so, and it was with the, the top executives, top two executives to be specific. And they were the part, the partners of the company. And so after the transaction closed, we had to get rid of them quickly, you know, and that we packaged them out. We treated them very fairly, but they were really angry about. And so one, one weekend, shortly thereafter that they left, somebody broke into the office and vandalized it. And it was, this is kind of disgusting, but somebody stood up on the conference room table when took a leak.
Kent Barner (14m 56s):
Oh my gosh. I mean, that was, that was horrible. Right. And then we had to get the police involved and all that, you know, so anyhow, the, the suspects were those two gentlemen. And so that's a terrible example, but you know, it has nothing to do with technology is just a people issue. Now, the other people were glad that they were gone, right. I mean, it was just a really bad environment. And so, you know, after we got over that, we had a good integration. So that was one example. And then another example, that's kind of more technology-related. So I was interviewing the IT director and I have a long list of things I ask. And, and one of the things was like, well, let me see your inventory of your hardware.
Kent Barner (15m 38s):
And so he whips it out and I started looking at it and I'm like, well, you've got like a hundred people and you've got a hundred desktops. And then you got like 10 laptops. What's that story. What's up with that? And he says, well, the owners or the owner doesn't believe that people's, he's insecure about people having laptops. And he's afraid, you know, they're gonna walk off with the data or whatever that, you know, whatever it is. But I mean, it's just a weird quirk as far as I'm concerned. And so the 10 laptops where they would, if you needed to do something remotely for a short period of time, we'd give you a laptop, but you have to bring it back. And so our cult culture was just the opposite.
Kent Barner (16m 20s):
We gave everybody laptops. That was part of our Dr. Strategy because mobility is key. And that was probably six years ago before a pandemic way before pandemic. And so anyhow, well, we would have to buy a hundred laptops to kind of bring those into the fold. That's not why the transaction didn't happen, but that's one of those indicators that it also points to culture, right? It's this, guy's that paranoid that controlling, maybe we don't want him as part of the ongoing team. Right. So kind of crazy stuff you discover, you just have to ask questions and kind of look at the signs. Wow.
Tom Bronson (16m 58s):
That's so, so who would have thought that culture is important and technology, but these issues of course, that you've mentioned some of them certainly related to technology, but, but culture overall, we've done a lot of podcast on culture and I would encourage you to go back and listen to, I think it may have been episode two or three with, with mark Midford at HR catalyst. We did a whole podcast on culture and building a great culture. And so perhaps that company should have listened to that podcast before you had to create it in advance. So now I know we don't have time to kind of go through your entire checklist cause I'm going to imagine it's lots and lots and lots of items, but why don't you give us some examples of things that you might review during a due diligence?
Kent Barner (17m 49s):
Sure, sure. Well, yeah, I've just mentioned the, the hardware. So you need to get an inventory and you need to have it aged when it was acquired. If it's still under warranty, you know, kind of what are, what are some of the signs? And, and we'll talk some more about that in a minute, but so you look at the hardware, all of the software you want to get, you know, all the licensing, make sure they have appropriate licensing. You know, some people like copy software and do things they shouldn't be doing. Right. And, and, and, and also the currency, in other words, how current are the applications? Are they, are they the most modern versions of that? And, and so one thing that, oh, well, let me go, keep going and, you know, make sure maintenance contracts are current because that might be a big expense.
Kent Barner (18m 36s):
Like if you have to renew a bunch of Cisco maintenance contracts, they're quite expensive, you know? So, so you look at a lot of different aspects, but I'll give you another good, bad example. I hate to give you the bad examples, but so there's this company that I did some work for and they acquired this company and they didn't do any technology due diligence. And so they were having problems, onboarding customers. So they had, when they acquired the company, they generally had just a few customers for 15 years or something like that. And they had this proprietary application that they use to service, provide their service. And so, but they were having trouble onboarding new customers.
Kent Barner (19m 18s):
That was the symptom. And so I went in there and actually with another CIO at the time, and we were, we were kind of interviewing all the stakeholders, trying to understand where the problem was. And then eventually, you know, it was this application and it was taking them months to onboard new customers. And so I brought in an outside consultant and we did a review of the application while it was written. It is proprietary. It was written 20 years ago. And, and so it was an old technology and, and consequently, it wasn't designed for onboarding a bunch of new customers. It was designed to handle two or three customers, and that was it.
Kent Barner (19m 59s):
And so essentially we had to figure out a way to improve that process. So it was literally taking when I got there, some of them had been onboarding for four to five months and then, and then probably six months when it was all said and done. And so what I did there was ad just had to throw a horsepower at it. And so I had to develop a strategy of build and run is what I call it. And so I have a team that's doing the build for new customers. And then the other team that's doing the run, the day-to-day operations and problems had to outsource, you know, I had people in India working on it. I mean, it was, I had to, they had to spend a lot of money just to be able to maintain the customer base.
Kent Barner (20m 45s):
And so consequently, you know, they will eventually replace that application with something more modern, you know, back to that, make sure it's modern and, and it'll cost them a ton of money. And so if you think about, if it's a million, $2 million, right, and you acquired your you're acquiring this company and you know that in advance well, avid, I would, you know, claw that back on the transaction price, I would say, oh, instead of 5 million, I'm going to give you a 3 million because you know, I've got to do this major upgrade to the software. And that's just one example. They had a lot of XP machines and, you know, just, just stuff like you just wouldn't ever dream of.
Kent Barner (21m 26s):
And so that's, that's one example and that's a very expensive oversight from the technology due diligence. Another one is probably, well, I'll just talk about technology debt. I'll just get into that right now.
Tom Bronson (21m 43s):
Oh, please. Do I want you to define what a, what technical debt or technology debt
Kent Barner (21m 47s):
Is? Yeah. So technical debt is the lack of spending on technology to the point where it falls so far behind that you have this, all this old technology and you're going to have to upgrade it to modern technology. For many reasons, one of them I just gave you. And so that's a nice way of saying they haven't invested. And so I've been on both sides of the transaction and, and in one case where we were selling the company, we were cutting expenses on everything to make the GNA look better. And so we probably quit investing three years out. Well, if, if you come in and you're doing due diligence for the acquire, you might discover, you're going to have to replace a bunch of equipment, upgrade a bunch of software, you know, a bunch of expenses to get out of that technology debt that you, that the other company created just to make the, sell that better from a GNA standpoint.
Kent Barner (22m 42s):
And so you gotta really look at that technology debt and, and if you're the acquire, you probably want to adjust the purchase price for those areas where you have technology debt. Yeah, no doubt.
Tom Bronson (22m 54s):
Yeah. There's of course having owned a technology company, we understood technical debt and, and, and a lot of times that was some of the tired old software. I I've got a client when you brought this up, having, you know, old stuff that's been around, I've got a client recently that I was talking to. And I said, I said, how easy is it to pull this data out of, in fact it was a, it's kind of a, a call center. Right. And I said, I want to know how quickly you guys answer calls, how many what's it called volume and, and how what's the time to resolution.
Tom Bronson (23m 35s):
I said, can your software produce those very, what I think are very standard things, standard, simple reports. Right. Right. Well, we bought this software and like, you know, 1989. And, and I said, well, what are you using? He told me, I said, well, that company is still around. Yeah. But they just want so much money to upgrade it. So we've just been using that, you know, the, the way it is. And we don't know if we can pull any reports or not. And I'm like, guys, right. W we need to invest in that. Right. And it, because we've got to have the data and, and that's a perfect example of technical debt, right.
Tom Bronson (24m 15s):
The LDS, something that would instantly any buyer that came in and looked at that knows instantly, I'm going to have to make that investment. So if you make it in advance, then at least it's not an adjustment on the purchase price. And so, wow. That's a, that's a great example.
Kent Barner (24m 32s):
Yeah. And, and, you know, have you heard of CMMC? So it's a like cyber, cyber maturity matrix. I can't remember what it stands for. I know what it is. And so if you're a government contractor, you have to be CMMC compliant. It was supposed to happen this year. You're supposed to be compliant. And so what a lot of companies used to do is just self-certify and they'd say, yeah, we're good. We're good. Well, this year they had to have an audit. And so, and, and the, the governing bodies, having a hard time getting enough auditors to actually do this. So it it's slower than it should be. But if you're a government contractor and all of a sudden you have to invest several million dollars just to be CMMC compliance so that you can do the business.
Kent Barner (25m 16s):
I think it's going to whittle the field down a little bit because people aren't gonna be able to step up and get that stuff and compliance, you know, they'll, they'll, they probably still running those XP machines. Right. And just trying to squeeze every last ounce of them that they, you know, so it was penny wise, pound foolish at the end of the day. Wow.
Tom Bronson (25m 33s):
All right. Well, we're up on a break. Let's take a quick break. We're talking to Kent Barner, and we'll be back in 30 seconds.
Announcer (25m 40s):
Every business will eventually transition. Some internally to employees and managers, and some externally to third party buyers. Mastery partners, equips business owners to maximize business value so they can transition their businesses on their terms. Using our four step process. We start with a snapshot of where your business is today. Then we help you understand where you want to be and design a custom strategy to get you there. Next, we help you execute that strategy with the assistance of our amazing resource network. And ultimately you'll be able to transition your business on your terms. What are you waiting for more time, more revenue, if you want to maximize your business value, it takes time.
Announcer (26m 22s):
Now is that time get started today by checking us out at www.masterypartners.com or email us at [email protected]
Tom Bronson (26m 34s):
We're back with Kent Barner principal at CIO suite. And we're talking about technology and technology due diligence. So Kim, let's talk about the elephant in the room, cyber security. You know, everybody wants to talk about cyber security or they don't want to talk about it, but, but we're going to talk about it here. I don't think we can go a week without hearing a story. And, and, you know, if you watch any TV or listen to any news or reading a newspaper, we can't go a week without hearing a story about cybersecurity or a breach at some high profile business, home Depot a few years ago. It Starwood come to mind.
Tom Bronson (27m 17s):
I have my own horror stories, by the way, in businesses. Let me share that with you real quick. I bought a company in 2010 and we discovered about, let's see, nine months later that the company had been breached prior to the acquisition. And, and there were maybe less than a hundred customers impacted, but it was credit card theft, right? And so that's huge and that's PCI compliance and all of that. And fortunately our agreements were written so that, that we could claw that back against the purchase price.
Tom Bronson (27m 58s):
However, what, what happened was they, the company knew about this problem that they had and had addressed it with their customers. Many as much as two years prior, they had identified the security vulnerability and addressed it with the clients. But because the, the, it was hosted locally, their software was hosted locally, not in the cloud, they couldn't push an update, but they required an update. And they had every client that did the update was, you know, not breached, but every client that didn't do the update was breached.
Tom Bronson (28m 43s):
And so, but we actually had some here's where it can be very helpful. We had some that snubbed us that said, no, we're going to, you know, we'll handle this ourselves where we have our own security people and we'll handle this ourselves. But we had used our call log software or a CRM to track all of these notifications. And we knew when they were opened, we knew how, what the response is, where we had all that stuff. And so we actually had a chain on the west coast that their entire chain was breached, but it was because their internal CIO said, we'll handle this ourselves our own way. And, and of course we had the evidence of that.
Tom Bronson (29m 25s):
And so we ultimately were not at fault nor was the prior company, but, but I mean, there's horror stories that go around that run rampant about breaches. And of course, for a company like mine, that was doing technology for restaurants, retailers, or wineries that can put you out of business. So how do you explore security that the whole topic of cybersecurity in due diligence, and more importantly, how can business owners protect themselves now and know that they're protected?
Kent Barner (29m 58s):
Yup. Yup. And like I said, it's hot, it's a hot topic. And it has been for years now and it's only getting worse. And so I would tell you that I come in at a high level and look at their call it, their cybersecurity posture is what I refer to it as. And I can determine a lot just from that level. You know, what are your policies and procedures? How often do you do, you know, intrusion detection and extrusions and you know, different things and Mo most of the time, it's like, well, we don't do that. You know, we hadn't ever done that. What are you talking about? You know, vulnerability assessments, those, those types of things. And so you can tell just from asking some questions, what their posture is.
Kent Barner (30m 40s):
And then generally, if I'm, if I sense that things are really bad, I will bring in a professional, a certified cybersecurity person and dig deeper into that. But you definitely want to ask the simple question of, have you ever had a breach? And if they deny it then, okay, well, I've asked the question and you might put something in your reps and warranties about that, because just like in your case, it, you didn't discover that until nine months later. Right? And so the other thing you mentioned was the Starwood acquisition by Marriott. And that's one that anybody can study. They're a public company, but Marriott acquired Starwood Starwood.
Kent Barner (31m 21s):
Wasn't aware that they had had a breach. And so post-transaction, it's discovered now Marriott's on the hook for the cost of the breach, right? And in addition to that, they keep getting breached. And so if you go through their filings, I went through a free few years of their filings, just their annual statements, just cause I was preparing for the cybersecurity presentation and the numbers were, they started off, you know, you're in denial when you're the one that gets re it's only $50,000. It's not a big deal. It was a $6 billion transaction. We shouldn't worry about that. Well, the number gets up pretty high.
Kent Barner (32m 2s):
And I, you know, I, I, I'm not gonna quote a number, but it, it would, it would be a significant purchase price deduction just in anticipation of that payment or escrow it or something come up with some way of deferring that or avoiding that cost. But it's all it's in all of their filings because they have to report it. And every year it gets higher and higher and higher. And then, you know, oftentimes people have cyber liability insurance or cybersecurity insurance. And, but it's hard to recover on that because a lot of times they'll prove that you weren't diligent and protecting your environment.
Kent Barner (32m 42s):
And so, you know, you gotta be real careful about paying pain for those policies and understand the, the fine print. So when you go to go to claim that, but you know, little things like, you know, what's your endpoint security, you know, w what do you put on your TCS and your workstations, you know, is that current? Do you train your employees? A lot of companies don't even provide training for their employees. And that's the employees is the weakest link in the chain, right there. They're the ones that's going to mess up the most. You know, the, the standard, you've heard a million stories about the phishing attacks through email. Oh yeah. And, and you put, you can put things in place that aren't even technology related.
Kent Barner (33m 25s):
They're just good controls and processes. So a good example, you see a lot of things about the email that goes into the call, it the CFO's office, or to an accountant from the CFO and, and it's, and it says, you know, Hey, I need you to wire this money somewhere that is so classic. And it happens all the time. And then another one would be somebody changes their wiring instructions. And so that happens a lot. And so consequently, what you do is you end up wiring money somewhere that they shouldn't be getting it. Well, the simple controls on both of those is two factor human and engagement, right?
Kent Barner (34m 6s):
I'm going to call that CFO or CEO. It may be annoying, but I'd rather do that than get asked to leave because I screwed it up. Or, you know, in the case of changing the instructions on wiring, place, a call to the company, to the person that you know, at the company and make sure that that's valid. So there are simple things that aren't technology related that can help you avoid a breach if you will.
Tom Bronson (34m 31s):
Thanks by the way, you just brought back a painful memory. For me, we had just hired a new CFO and we had front-end purposes, kind of an accounting manager, a bookkeeper, you know, more than a bookkeeper, but more of an accounting manager who reported to that CFO. I happened to get on a plane to fly to the west coast. So I was literally on an airplane when an email came in, that looked like it came from me to that accounting manager saying I needed her to wire a $10,000. Thank God. It was only $10,000, but $10,000 to this account right away.
Tom Bronson (35m 13s):
Right. And so she takes email, goes to the brand new CFO and says, Tom sends us, we need to take care of it. So, well, why didn't he send it to me? I don't know, but he's in the air. So, you know, we need it. And he wanted this done before he lands kind of a thing. So we need to do it now. And of course the carried out the instruction 10,000 bucks. And that was that right. And it was just basically $10,000 off the bottom line. Cause there's no way to recover that stuff. No, once it's gone. Cause it, it wasn't in that account for more than a nanosecond before it was swept somewhere else. Right. So yeah, those, those kinds of things, even, and this is a smart, intelligent accounting manager, but those kinds of things can get anybody.
Tom Bronson (35m 59s):
So yeah, I, I routinely w when I had an it staff, I would get an email. And if it, even if it was from some name I knew, or somebody I knew I would actually send it over to it and go, Hey, would you make sure that this attachment doesn't have anything weird? Right? Yeah. Yeah. And they could take it and isolate it somewhere else off the internet, open it and look at it and go, yeah, no, it's good. So, or, yeah, your, thank you for sending this to me, but it's that human training, right? How do we get people to stop doing things like that? And, and because genuinely when I saw the email, it looked legitimate, it would move to my address.
Tom Bronson (36m 38s):
Right. And, and, and, and, you know, of course me, in hindsight, I've got the benefit of 2020 when I look backwards. Right. I guess if I sent you that email right. Then that must've meant that I was connected. Why didn't you email me back? And if I didn't respond, then you would know that yeah, something's fishy. So, oh, well, it was a $10,000 less than I learn. I can't remember whether we filed an insurance claim on that or not, but I, I don't, I don't know if they insure against stupidity, but, but that was certainly a moment of stupidity, but all right. So we're talking about cyber crimes and, and we've used a couple of really big examples here, home Depot and, and Starwood, these are giant companies.
Tom Bronson (37m 25s):
And, and fortunately, in my case, we wrote that into the reps and warranties. We knew because there could be the possibility of what we were doing. I'd be surprised if Marriott didn't do that in their Starwood, but maybe they didn't. But, but many business owners, particularly small business owners think that the cyber criminals are just out looking for the big payday and they go, oh, I'm way too small. They're not interested in me. So I shouldn't be concerned about cyber security. How would you address that? If somebody, if a small business owner told you that,
Kent Barner (37m 60s):
Well, I've had that happen. And so I was at a, well, it was one of the B2B CFO conferences. And I was sitting next to this guy who was a business owner. And the gentlemen speaking was talking about cybersecurity and he was talking about it. You know, most companies should count on spending about 3% of their revenue on cybersecurity. And most companies spend like half a percent of their revenue, you know, the small to medium-sized companies. Right. And so he said, well, I've got three companies and that's just going to be a lot of money. And I said, well, it might be a lot of money if you don't, you know? And so I said, I'll tell you what we meet. And maybe we can package all three companies together and some technology and get a better price.
Kent Barner (38m 42s):
And he's like, oh, that's an interesting idea. So call me when you're, you know, after this is over. And so next week I call him and he doesn't return my calls. Well, you know, I'm used to that. You are too, right. Everybody takes my calls, Kent, Tom's calling. I better go. Oh goodness. And so, but one time after I called several times over the course of the few months, and one time he answered and he went, gosh, you just don't know how timely this is. And I was like, well, what, what happened? And he says, well, we got a, we got a ransomware and a factory, so he's not producing.
Kent Barner (39m 22s):
Right. And, and I said, well, do you want me to send in an incident response team to take care of it? He says, no, no, I've got a, I've got an it guy. That's going to do that for me. And I said, okay, well, that's good. But if you want to talk about it after y'all get it all squared away, we can kind of see if we can do something for you. Long-term and then his next factory got hit and all three factories ended up getting hit eventually because now they know that the, the DNA and the formula to get in. Right. And so, but anyhow, so he said that he paid, I don't remember the exact numbers, but let's say you pay $10,000 to the it consultant to remediate it. And the ransomware was $5,000.
Kent Barner (40m 3s):
So the it company turns around and pays the 5,000 in pockets five, and didn't do anything. You know, it was just this terrible, it's a terrible story. And then I hear later that they got into his bank account and then it got to hundreds of thousands of dollars, you know, and this is a relatively small to medium sized business. And so if you don't do something, it can be very costly. Right. So those are, that's just a real bad example. Okay. Those
Tom Bronson (40m 29s):
Are small businesses, you know, for, for a big business, for someone like Marriott, we're not worried or home Depot, we're not worried that they're going to go out of business as a result. It could cost them thousands to millions of dollars in damages and, and, and, and reparations. But for small businesses, I've, I've actually seen some small restaurants that, that were breached in one way or another. Some of them even very low tech ways, right. That, that has put them out of business. Sure. Oh
Kent Barner (40m 59s):
Yeah. There's a large percent like that. I don't remember if it's 50%, but there's a high percentage that don't recover because it cost them so much. And then, you know, when you look at some statistics, statistics, I think about 70% of the small to medium-sized enterprises get breached. And it, because they're the easy targets because their attitude about, I don't want to invest, you know, I was talking to a guy from bank of America that was on their security team. They have 2,500 people just on the security team. And, and that wasn't enough. They were trying to hire more. And this was a couple of years ago. So, you know, when somebody is thinking, well, I'm a small company, nobody's really going to want me, nobody's going to come after me.
Kent Barner (41m 41s):
No, you're the target. You're the easy time. Let me get, I'll take a hundred small businesses over that one, you know, gorilla, you know, bank of America, if they're, they're too hard to get into, you know, it's, it's a sense of accomplishment when a hacker gets into it. And so there's some twisted thinking going on there, but, you know, and, and, you know, in Russia, they have companies that are legitimate companies, that all they do is try and breach our companies. Right. And, but, and they, and they, and they were very, it's weird to say this, but they're ethical and how they do their business. So I'm going to ransomware you. If you pay the money, I'll, I'll turn the keys over to you and let you recover.
Kent Barner (42m 21s):
And so they're operating, you know, in good, good faith, as bad as they are. Right. And, but that's, you know, they're, they're like legitimate companies that are public facing and that's what they do. Now, if you, if, if one day I should show you a presentation I've done and it's actually a real demonstration. So I go into the dark web and show you what you can find in the dark web. And it's a lot of bad stuff, but it's easy to get into, like, I could do it right now, what we're talking and it's, but what you see in there, you know, whether it's from human trafficking, drugs, arms, but you can hire people just to go hack people. And, and, and one time I was working at a company and they received all their payments online from through, through a service, you know, it was, it was an apartment company.
Kent Barner (43m 11s):
And so at the first of every month, what was happening is that software company was getting denial of service attacks, which means their, their servers can't respond. Right. And so the payments couldn't get PA process. You know, we had very high end communities all over the U S and we weren't able to get our rents the first part of the month because the software company we were using couldn't process them. Well, what we, what we think and what the FBI thought was one of their competitors who didn't want them in the business, because they were kind of a new business or new entry into this business. It was hiring somebody to do a denial of service attack on them. And you can just go on the dark web and find those people.
Tom Bronson (43m 55s):
Wow. It's a whole different side of the gig economy, right?
Kent Barner (43m 59s):
Oh, it's horrible. Yeah. And you just don't know how, how close it is to you all, all the time. I know
Tom Bronson (44m 6s):
I don't, I don't really want to see one of your demonstrations on dark web. I've seen that at various shows and I totally get that. And just, it's, it's tough. People need to realize that this is a real threat. Doesn't matter the size of your business. If Ian, if you're small, you made an excellent point. You don't probably have the security. And so it's so much easier for them to get in and they go after those small businesses as well. Now. So for business owners that are thinking about selling their business in the next few years, how can they be proactive about technology due diligence before they go to market? And kind of, what do you think is the impact of that? We talked a little bit about that before, but let's talk about the meat and potatoes.
Kent Barner (44m 49s):
Yeah. So, you know, hire someone to come in and do an assessment. You just need a professional. Oftentimes, you know, a small business, small to medium sized business has a managed service provider. And if they're a good managed service provider, they keep your technology current, but there's plenty of them that aren't good. And, and some of the problem is the owner wants the low cost provider. And so they get a low class solution and the quality's suffers. And so I would, I would argue that you should hire a third party, another third party, because you don't want the Fox watching the hen house, so to speak. Right. And so bring somebody in that's independent, let them do an assessment. And then, you know, look at kind of what the results are.
Kent Barner (45m 31s):
And, and there, there there'll be be dollars likely to spend. And if you've got a five-year runway, it might make sense to do those things early. And, or over those five years, you know, chip away at the, probably do a cost risk analysis. Where's the highest risk and, you know, get, get the best value for your dollar. And then, and then that would probably impact your, your price as you exit, you know, whether it's is it 10 X or, you know, I don't know what that number might be. It all depends on kind of what the revenue of the company is, EBITDA all those good things. Right. But, you know, at least be at least know in advance where you're headed and don't be surprised. Like we were talking earlier about the 17% that actually make a transaction happen.
Kent Barner (46m 15s):
You know, that other 83% it's probably has a lot of skeletons that they didn't even know they had. Right. So they get to the transaction. Somebody says, well, I'm going to have to spend, you know, $2 million to upgrade that software or replace it. So I'm not going to offer you what you think you're worth. Right?
Tom Bronson (46m 31s):
Yep. That, that happens so frequently. And of course, what, what Kent sock about is the 83% of business transactions that fail to reach the finish line, you know, 83% of all attempted transactions, don't get all the way to a close, only 17% do. And I think that the, the, the seven of the 17% that do they're very proactive. They do things like this technology audit in advance, right? They, they think about it, they get their systems up to date. They, they update, they, they document the processes they re are well-run businesses. And so, so if you want to be in that elusive 17% club, like, like the business owners that have successfully transitioned, think about doing this kind of thing in advance.
Tom Bronson (47m 16s):
So before we go, what, you know, there are other companies out there, other technology consultants, other CIO firms that they could talk to what sets CIO suite apart from other folks that do the same thing.
Kent Barner (47m 31s):
So I would tell you a couple of things, you know, when you're talking to consultants, even people like yourself, it's all based on your experience and, you know, the value you bring to the table because of your experience. And so you have to look at that. I think that's one point. One of my approaches is always, I, I look at technology from a business perspective, not a technology perspective, here's a good example. I was interviewing for a job and it was the CIO of a large company. And this, I was interviewing with the CFO and he kept talking about his technology and I was like, okay. Yeah, that's great. You know, and, but tell me about the business.
Kent Barner (48m 11s):
You know, tell me about what the strategy is for the business. You tell me you're going to grow, how are you going to grow? How are you going to fund it? All those types of things, not what kind of PCs do you buy? And he was more enamored with that kind of stuff. And so the head hunter that sent me there said, well, they didn't, they didn't think you cared about their technology. And I said, well, I, I really don't, that's the easy part. We need to understand the business and how technology fits with the business and then come up with the appropriate strategy. So I think that's a little different approach that some companies don't take, they kind of get more on average with the technology also in, in my years of experience.
Kent Barner (48m 51s):
So some people say the life of a CIO is three to five years. And so I was with my first group of the management team for 23 years, and then my second group for 10 years. And so I'm kind of, I think that's a good track record that I didn't get fired if that's a selling point, I guess. So, anyhow, I've got a track record that shows that I'm kind of a pretty good guy and then, and then start
Tom Bronson (49m 22s):
With the business first. Right? I love that.
Kent Barner (49m 28s):
Just a lot of fun too, so
Tom Bronson (49m 31s):
Well, you and I can debate that, right? So one last business question, this podcast is all about maximizing business value. What is the one most important thing that you recommend business owners do to build long-term value?
Kent Barner (49m 50s):
So keep your technology current. That's one thing that I would highly recommend and then hire people that are qualified to support your technology. Don't, don't, don't hire that least common denominator, the cheapest, you know, that's always a bad, bad approach. Race into the bottoms is a terrible idea. You get what you pay for, and that's not just for me, it's hiring an MSP, hiring a consultant for whatever you're doing. So those are a couple of things that I would advise.
Tom Bronson (50m 18s):
Those are great pieces of advice. Now we've gotten kind of all the way to the end. And I don't know if you listened to the podcast or, or certainly our, our listeners always are looking forward to the answer to this question. I have to ask you a bonus question. Ken, are you ready? Go, okay, what personality trait has gotten you into the most trouble through the years? And I'm anxious to hear this.
Kent Barner (50m 44s):
Probably no fear, you know? And so I'll do, I'll do stupid things if I'm, I'm challenged, especially as you're growing up and in college. And, you know, I, I can't tell us some of those stories, but then also in, in business, you know, I jumped out of a corporate pretty, pretty cushy position and said, I'm just going to go do this. And, and I think I've achieved success. So, but if I was, if I was afraid, I think, yeah, that second guessed myself all the way. So
Tom Bronson (51m 16s):
I love that. I'm glad you're not my airline pilot.
Kent Barner (51m 20s):
My dad, my dad was a fighter pilot. So I think it wasn't. Oh yeah, yeah.
Tom Bronson (51m 25s):
They have to go in with no fear, but that's a different kind of thing. So yeah. So how can our viewers and listeners get in touch with you?
Kent Barner (51m 32s):
So CIOsuite.com. So the letter C I O S U I T e.com and
Tom Bronson (51m 40s):
As w E T actually
Kent Barner (51m 44s):
I actually got that URL. So I was going to use it for promotional. It'll give out a candy bar and has CIO suite, and then it would take you to my website. And then (214) 952-3190. That's my phone number, my cell phone. And then [email protected] or call you. And they can, and you can get them to me. You're,
Tom Bronson (52m 8s):
You're stealing my line. That's it back there, right? You must've listened to my podcast before. I'm so thrilled. Thanks, Ken. You've been a great guest and you've given us lots and lots of information. Thanks for being our guest
Kent Barner (52m 19s):
Today. It's been a pleasure. I appreciate it. Thank you. Awesome.
Tom Bronson (52m 23s):
You can find Kent Barner at CIO, suite.com apparently spelled either way or on LinkedIn. And of course you can always reach out to me and I will be happy to make a warm introduction to my good friend Kent Barner. This is the maximize business value podcast, where we give practical advice to business owners on how to build long-term sustainable value in their business. So be sure to tune in each week and follow us wherever you found this podcast and comment, we love your comments and we respond to all of them until next time. I'm Tom Bronson, reminding you to think about your technology long before you plan to sell your business so you maximize business value
Announcer (53m 10s):
Thank you for tuning Into the maximize business value podcast with Tom Brunson. This podcast is brought to you by mastery partners, where our mission is to quick business owners to maximize business value so they can transition on their terms on how to build term sustainable business value and get free value building tools by visiting our website, www.masterypartners.com that's master with a Y masterypartners.com. Check it out.
Announcer (53m 40s):
<inaudible> that was perfect. I wouldn't make any changes.