For the elite startups and entrepreneurs who manage to attract the investor they dream of, and survive the term sheet negotiation, there is still one more hurdle before the money is in the bank. This is the mysterious and dreaded due diligence process, which can kill the whole deal. In reality, it is nothing more than a final integrity check on all aspects of the business and the team.
Some entrepreneurs do very little to prepare for due diligence, assuming all the talking has already been done, and the business plan and results to-date tell the right story. Others schedule exhaustive training sessions for everyone on the team, including showcase customers, to make sure that everyone paints a consistent picture. My best advice is to stick to the middle ground.
The Founder needs to remember that meetings up to this point have been primarily off-site, with staged demos, and managed personally by the CEO or a small team. Due diligence always involves on-site visits, informal discussions with any or all members of the team, vendors, and good customers as well as bad.
If there are conflicts within the team, or differing views of the strategy, or evidence of missing processes and tools, the investment process will likely be terminated. Even if the entrepreneur feels that all is well, it’s well worth the effort to prepare with the following actions:
- Make sure the whole team is up-to-date on the plan. That might start with the CEO giving the investor pitch to the whole organization, and distributing the current business plan document to everyone. Make sure all business processes are documented and integrated. If everyone has a different view of reality, you have no reality.
- Take time to review and resolve any personnel distractions. You need to brief the investor early if there are pending changes that have to be made, or conflicts that may become apparent during the due diligence process. Make sure everyone accurately posts their role with your startup on social media profiles, resumes, and references.
- Communicate what is happening and why to everyone. Don’t let the due diligence process be a surprise to the team. Make yourself available to answer any questions, show your enthusiasm, and explain both the positives and negatives of the external investment process.
- Visit reference customers, partners, and vendors. Use this opportunity to validate their satisfaction and support for your company and your solution. If you find open issues that can’t be immediately resolved, be sure to proactively communicate these to investors, with an action plan, rather than hope they won’t be found.
Based on the size of the investment, and the runway available, the due diligence process can take several weeks, or even a couple of months to complete. In any case, before the process starts on your startup, you should be doing your own reverse due diligence on the investor, as outlined in this article I published a while back.
For reference, here is a quick summary of key elements which most investors include in their due diligence process:
- Key personnel review. In all cases, an investor will ask to talk to all key players, and will likely follow-up by calling references and prior associates to verify background, commitment, and experience. Since investors tend to invest in people, more than the idea, the personnel review is normally the highest priority item.
- Status of the solution. Here investors are looking for feature problems or quality issues on the current product. A hard look will be taken at the technology maturity, the current development progress, and customer satisfaction with early product shipments. In addition, manufacturing and inventory levels will be reviewed.
- Review of opportunity and segmentation. A key criteria for a good investment is a large opportunity with double-digit growth. This should be a validation of prior assessments, based on any recent changes in trends, economic conditions and customer feedback data.
- Traction in the marketplace. A smart investor will take an independent final reading in the market on barriers to entry, active competition, demographics, and price sensitivity. Sales and distribution channel activity will be analyzed, as well as cost of customer acquisition, to make an independent assessment of your financial projections.
The key theme for a successful due diligence is full disclosure and no surprises before or after the commitment. If more marriages were subjected to the same rigor, the divorce rate would likely not be in the current fifty percent range. In business as in other relationships, people on the team that have to be above reproach, committed, and working on the same page.
Startup equity investments imply a long-term business relationship, lasting an average of five years. During that period, it is very difficult for either party to get out of the deal, since there is no public market for the stock, and business divorces normally mean bankruptcy. It’s worth your time to do a little extra work here, and make the honeymoon phase a win-win one for both sides.
Startup Professionals Musings
This year has created an unprecedented security landscape for small- and medium-sized businesses (SMBs), and the holiday season is no exception. E-commerce holiday sales are expected to grow between 25% to 35% year-over-year during the 2020 to 2021 holiday season.
With this peak in online activity, and the continuation of employees working remotely, startups must ensure they are properly securing their workforce to avoid a cybersecurity disaster.
Improving security and staying safe during the holidays
The holidays are not only a prime time for shopping, it is also one of the best times of the year for cybercriminals to attack. Organizations large and small have become a greater target this year as employees work from home.
In fact, the threat will continue to challenge startups and small businesses as they consider future plans for their workforce, with 56% planning to have some of their employees work from home permanently.
The reality is, the line between one’s work and personal life has become blurred. Employees can be targeted for both their personal information and their company’s data. From phishing attacks and credential stuffing to the increasing number of COVID scams, employees are the gateway to potential organizational risks, even if they don’t know it.
With devices and applications introduced into workplaces that are not managed by the IT department increasing and people leveraging their work devices for personal online activities, it is more important than ever to ensure every access point to your business is protected. It’s vital that you enhance your company’s cybersecurity practices, starting with enforcing basic cyber hygiene and raising awareness of the risks employees face.
There are several steps entrepreneurs can take to keep their businesses running securely during the end of year rush, including:
- Don’t overlook the basics. Start with cybersecurity hygiene. Make sure all software deployed to employees is updated and working correctly; regularly update firmware and anti-malware and ensure that all data backups are up to date. Tracking all applications being accessed should also be part of the cybersecurity program, as many threat actors target unattended apps.
- Adopt single sign-on (SSO) and password management. There is no doubt that passwords are a hazard to your business. Employees tend to reuse the same weak passwords across accounts. SSO can simplify managing account access to work applications and provide employees with an easy and secure way to log in, no matter where they’re working from. SSO connects users to apps and systems without the need to create and remember passwords. Instead, a user only has one password to remember: the password to access his or her SSO portal. Of course, the goal is to secure all entry points to the business, which includes those apps that aren’t mandated by IT or can’t be authenticated through SSO. This is where an enterprise password manager comes into play, helping users manage all their other passwords.
- Enforce multi-factor authentication (MFA). There are different types of MFA, but at its core, MFA adds an additional layer of security by requiring a further login step. MFA leverages different factors (such as a code) to authenticate who is accessing a device or application. The employee would complete two or more factors in alignment with the MFA policy, while IT can rest assured they are giving access to the correct people.
- Create a security-aware culture. No matter what technology you have in place, you are still vulnerable if you do not bolster online security through employee awareness. Without security awareness and educational resources, employees may not understand how to identify a phishing email or malicious links on a webpage. Providing teams with cybersecurity training to help them recognize threats, understand their personal and corporate risks and what role they play within the security of the full organization, will help create a security-aware company culture.
Getting cyber ready
As employees continue to work from home and the line between personal and work life continues to blur, especially during a holiday shopping season, protecting a company’s assets is more important than ever.
Cyber hygiene, security trainings and simplifying access and adopting the right tools to authenticate employee identities are key steps to maintaining control and securing company assets through the holidays and beyond.
The post ‘Tis the Season for Holiday Scams: How Startups Can Prepare for Cybersecurity Risks appeared first on StartupNation.