Almost one-third of business software is used illegally, yet a due diligence checklist for IT is often overlooked during a merger or acquisition. But be warned, says Skibo Technologies managing director Mark Mair, it is an oversight that could have serious consequences.
Aberdeen-based Skibo deals predominantly in the computer security sector, advising clients how to avoid security leaks and carrying out forensic investigations when things go wrong. Skibo can also undertake audits of software and hardware during a merger or acquisition to ensure clients are operating on the right side of the law. “No company these days can function without IT, so it’s strange that it sometimes slips below the radar when so much importance is put on financial or managerial due diligence. It is critical that companies give due diligence to IT because penalties for inappropriate use of software can be severe,” says Skibo managing director Mark Mair.
“According to Microsoft and the Federation Against Software Theft (FAST), around 30% of software currently in use in business is illegal. Organisations such as the British Software Alliance and the FAST can impose hefty fines on companies that use pirate software or are using software without the terms of their agreement.
“Some companies are genuinely unaware that they are breaking the law, and this is especially true of small businesses that have not purchased software licensed for use on multiple machines. However, there are some companies out there that flagrantly abuse software. They might think that they will get away with it, but companies like Microsoft are entitled to walk through their door to conduct an audit at any time.
“If a company is found to have been running illegal software over a period of time – say, two years – then the authorities can make them pay for the two years they have got away with it, effectively bringing them up to a ground zero level. This is in addition to stiff punitive fines: one company in Northern Ireland recently caught using illegal software was fined £40,000.”
But it’s not just the potential legal problems that companies failing to carry out due diligence checks on IT software need to be concerned about as illegal software can give rise to a whole raft of security issues. Companies buying or downloading unauthorised copies of software could find that it has been embedded with security flaws or, worse still, spyware which can capture every user’s keystroke and allow access to sensitive company data.
Mr Mair adds, “Security is now the fastest growing area of our business, and we have reacted to that by setting up a specialist forensics division to meet customer demand. As well as carrying out investigations if something goes wrong, we can work with clients to put in place procedures to mitigate against the growing threat of data leaks.”