6 security best practices leading up to a sale

6 security best practices leading up to a sale

Author bio

Dan Fries is a freelance writer and full stack Rust developer. He looks for convergence in technology trends, with specific interests in cybersecurity, micro mobility, and smart cities. Dan enjoys snowboarding and is based in Hong Kong with his pet beagle, Teddy. His website is danfries.net.


If there is any one thing that is absolutely essential to surviving the eCommerce landscape in today’s world, it’s data security.


Too often online businesses overlook data security by focusing more on marketing strategies to gain more sales, but the truth is that data security can have a huge effect on your sales as well (not to mention your reputation).


“Roughly 60% of online customers today say that they are wary of data breaches, and if they find businesses with compromised payment systems, they’re simply going to find somewhere else to spend their money.”


The most successful businesses right now are learning to incorporate the best security practices that lead up to a sale, and not just security that is a byproduct of their organization. With that in mind, here are the top security practices to follow leading up to a sale:


1. Migrating Servers & Content

It’s no secret that content gets migrated all the time, as part of a transfer of ownership or simply for a site redesign. Often a business starts with a server provider that is basic and unable to keep up with speed and performance as the company expands its online audience.

For example, many businesses struggle to choose between a website or blog and then start to outgrow the bandwidth and limitations provided. Making the transition to a larger, more reliable server is always a good thing for growing businesses. Unfortunately, it also comes with some significant security risks.

Imagine losing some or all of your important data in the transition. Or imagine personal customer information getting breached during the migration. As a result, you need to make sure security helps sales by making every migration to a more secure server, where it can be one hundred percent safe.

Microsoft’s Storage Migration Service can you help make the transition the most effectively and with as few of security vulnerabilities as possible. Once all the data is transferred, you can then rest more soundly knowing the information is now stored on a more reliable host.


2. Controlling Employee Permissions

The CISO or CSO of an organization is not only a guardian of personal data and keeping the company and its technological procedures safe, but is also a curator and custodian of the overall brand.

Security teams should have their hands in every single detail of day-to-day operations, with the goals of defending company assets, meeting market criteria and compliance, and implementing the right technologies at the right times.

Like a ranking order of a military, your employees should also have different permission levels when it comes to helping generate sales. Not every employee should have the exact same access to your systems.

Only the most trustworthy people should have access to the most sensitive information. Apps like Square Employee Management can constantly let your IT team adjust and monitor permissions.

Keeping control of your back end prevents unnecessary leaks and breaches, leading to safer day to day operations. Furthermore, it becomes a domino effect as it builds trust with your customers, knowing you are reputable and take security seriously, knowing they can trust their personal information with you.


3. Integrating to the Cloud

There is a reason why so many organizations have moved to the cloud: the cloud has allowed information, and especially sensitive data, to get stored more securely.

Of course, this is a gigantic element of many businesses that care about safety and security. So if your business has not already made the transition, the cloud needs to be your answer if you want to cut costs and improve security. More than 70% of companies in the U.S. now use some form of cloud software — don’t be left behind, and left vulnerable.

Sensitive information that is stored on a computer is no longer the best method. If the computer gets hijacked, lost, or stolen, then everything is compromised. Cloud-based data is encrypted, making it extremely secure and reliable.


Are you looking for a premier cloud service? Dropbox, Nextcloud, Google Drive, iCloud, SpiderOak and OneDrive are among the most popular.


4. Compliance and Data Privacy

Due to the massive amount of information that is stored and transferred digitally these days, requirements to keep customers information is not only a thing that any company should do to remain ethical but also a legal matter.

More of the developed world is creating compliance procedures and other regulations that businesses must follow. So you’re also supporting and following the law when you act compliant.

Online forms, for example, are a great means for collecting customer information. However, you need to adhere to certain procedures in order to remain compliant. GDPR and CCPA are two examples of compliance measure that are implemented to help protect consumer privacy.

Depending on the industry you operate in, you may have additional measures you need to take. For example, an insurance company has to notify customers what personal data is being tracked and what is not.

Companies that work in the healthcare industry must stick to HIPAA compliant forms and utilize security practices provided by HiTRUST. Failure to secure sensitive data can end up costing a company heavily, including potentially the closing down of the business permanently. The fines can range from $100 to $50,000 per violation, depending on the violation and the severity of the security breach.


5. Implement Employee Security Protocols

What you can control the most about your sales is not external, but rather internal matters. In addition to many of the other security practices that help build a client vs. customer trust, organizations much also build management vs. employee trust where you know every single employee, regardless if they are IT or not, are mindful of the best security practices.


Even salesman need to understand the basics of cybersecurity in order to contribute to the overall growth and well-being of the company.

Questions you can ask yourself include:


  • What are the best practices for accepting credit cards online?
  • What changes in the online payment technology are evolving and how are you adapting?
  • What are the latest security threats and vulnerabilities that target customer credit card and bank account information?


All of your employees need to understand that they are responsible for maintaining security protocols in every interaction. According to a study done by Kaspersky, 46% of the businesses surveyed stated that data breaches only happened after irresponsible employees did not follow security protocols. If there isn’t a protocol in place, this is the best time to implement one.


6. Transferring SSL Certificates

SSL certificates are a website’s best friend and when it comes to business practices you need to have one in order to expect any reasonable and logical person to entrust you with their personal or financial information.

When a domain gets transferred it must remain secure either with an existing SSL certification or by setting up a new one. In the first security practice section, we covered migrating servers. This is where it becomes applicable.

According to a report from AccuRanker, SSL is not only a ‘nice security feature’ but mandatory if you want to rank well on Google and other search engines. Google now has mandates that require all websites it lists as having to provide an SSL.

Rankings sometimes get impacted negatively when an SSL certificate is changed or updated. It may result in a temporary drop in rankings for your business, although within a few days it should recuperate. Your web host can also help you troubleshoot the problem if it’s still affecting rankings (and therefore sales).



Wrapping everything up, we can see that:

  • eCommerce security must be one of your top priorities.
  • Migrating data can put your data at risk.
  • You need to train your employees on proper security protocols.
  • Not all employees are the same; limit their access and permissions.
  • The cloud is great but can be dangerous if not properly secured.
  • There might be more security compliance codes you need to follow.
  • A website MUST have an SSL certificate for any financial or customer sensitive information.


In order to keep sales strong and build up trust with customers, consider all of the security practices listed above and implement them immediately if you have not done so already.


While it may seem trivial at the moment, it is better to address these issues before something and/or someone messes up. Unfortunately, the human element leads to too many cyber breaches each year. You can work on reducing that in your company through proper security protocols and training. Now is the time to make sure your data is secured properly.

5 steps to follow for a graceful business exit strategy

5 steps to follow for a graceful business exit strategy

Author bio

Dan Fries is a freelance writer and full stack Rust developer. He looks for convergence in technology trends, with specific interests in cyber security, micro mobility, and smart cities. Dan enjoys snowboarding and is based in Hong Kong with his pet beagle, Teddy. His website is danfries.net.


The current climate for company owners and entrepreneurs is dynamic and competitive, which means that exiting a business can actually be a wise and profitable move under the right conditions.

Exiting does not have to be about cutting your losses. Some entrepreneurs feel that selling can be a good option whenever they get to the point where the company is operating at the level they intended, and others simply want to pursue other activities that may not be related to entrepreneurship.

A turnkey business proposal should be similar to a marketable title in terms of making investors feel that they can pick up the reins to the business immediately after the sale is finalized.

Cheat sheet for an exit plan audit

The ambition that drove you to turn your business idea into a reality should be the same that guides you to package your company into a neat and exciting package for investors.

Ask yourself, from a high level: Do you want the business to be taken over by the highest bidder? Would you prefer to see a continuance of the brand you worked so hard to build? …Or somewhere in the middle?

If you do feel strongly one way or the other, you are in the majority. However, your business partner or partners may not feel the same way.

Suitable business successors who share your business goals are generally more difficult to find, but there is a strong chance that they will be optimists who do not care too much about the exit plan audit and turnkey checklists.

With all this in mind, the following guide is for the most likely scenario of a business sale proposal that hopes to attract the highest bidder.


Step 1 – Get your accounts and finances in order

An easy transfer is the greatest marketability factor in a business sale transaction, and this is intrinsically related to its finances. Let’s say an e-commerce store has been operating for three years and is looking to sell.

If the seller is not able to come up with two documented years of financial history, the best prospects are bound to take a pass and the listing will get stale. When this happens, lowballing sharks and vultures will begin to circle, thus increasing the chances of having to sell at a loss.

But the process of exiting the business might be compared to that of buying a new home in that it requires a stock check. Clarity in the specifics of your accounts will be both beneficial to you and to your successor. Keep in mind that most supporting records of at least two years of reliable financial history should include:

* Detailed list of debtors and creditors

* Stock ownership

* Capital gains information

* Depreciation

* All operating expenses

* Staff and wages details

* Bookkeeping ledgers

* Operating agreements and other documents

If the e-commerce shop seller has diligently used Quickbooks or Zoho for bookkeeping and accounting, coming up with these records and presenting them to prospective buyers will not be difficult.

Naturally, any reasonable opportunity to improve a negative item should be taken. For example, if you have an overdue web design bill for $300, pay it immediately.


Step 2 – Identify your contract status

Purchase prospects have a right to learn about the contracts keeping the business in operation, but they will also appreciate a frank opinion of these agreements.

An e-commerce may have multiple banner exchanges in place, and they may have run their course or become conflicting without the owner taking action.

If the seller thinks that some of the exchanges should be reconsidered, the best approach is to express such opinions to the buyers.

Similarly, the buyer would like to know if the current email marketing services provider can be replaced on the spot or if a hard agreement is written in stone for a few more months. Often, enterprise email clients like Outlook have multi-year contracts, but relative to alternatives like G Suite, Mailbird and Aweber.


Step 3 – What is the condition of your current software licenses?

You will want to make a clear list of all software used to support the business. This should also include the licensing model.

The list does not have to be fancy. It can be as simple as a column/row chart, but it should be detailed insofar as cloud-based subscriptions, SaaS service agreements, e-commerce software platforms, peripheral devices, and login credentials.

If you think that your company may have benefited with the use of software you never got around to installing, this is something that you should communicate to prospective buyers before they ask.

Or maybe you originally developed the site on a shoestring budget with a popular website builder like Wix or CMS like WordPress, but have lately come to believe that it’s time to move past the simplified DIY model and spring for a professionally constructed version.

You avoided this technological upheaval because you planned on unloading the business but that’s information that should be passed along.


Step 4 – Help buyers post-transfer

Not all buyers look forward to handshakes, receiving the keys, and saying goodbye. Some prospects will be upfront and tell you that they are only interested in the domain name or social media accounts. When this is the case, they may not even walk you to the door.

On the other hand, if a fashion boutique owner purchases an established e-commerce shop as an extension of the brick-and-mortar business she inherited from relatives, she may not know anything about online retail and would like a guiding hand. Are you willing to help this buyer if the sales price is right?

Brand-conscious sellers will likely offer business guidance to their successors if requested, but even if you do not care about what happens to the brand you built, your post-transfer collaboration could be turned into an attractive selling factor for the right prospect.


Step 5 – Meet with the employees and vendors

We’ve spent a lot of time talking about technology and processes but would be remiss to leave out the human factor, which is the most important “step” on this list.

An online business that is successful enough to draw the attention of buyers is likely to have at least a few employees and certainly a handful of vendors. It’s a common courtesy to make the introductions among all parties involved and let everyone know there’s a new sheriff riding into town.

And just because the online business world often has employees scattered across the planet and whom might have never met one another face-to-face, do your best to at least get the initial conversations started.

A buyer might want to bring in his own team but then again, they might not.


Go forth, and exit with grace

In the end, your business exit strategy can be as simple or as elaborate as you want it to be.

Realize, though, that the more you work on making your proposal marketable and enticing, the better your chances of making the sort of profit that satisfies your grandest dreams of avarice.

At the same time, you do owe some debt to the buyer to set them up with the best chance to succeed.