Almost one-third of business software is used illegally, yet a due diligence checklist for IT is often overlooked during a merger or acquisition. But be warned, it is an oversight that could have serious consequences.
I regularly advise clients how to avoid security leaks and carry out forensic investigations when things go wrong. I also undertake audits of software and hardware during a merger or acquisition to ensure clients are operating on the right side of the law.
No company these days can function without IT, so it’s strange that it sometimes slips below the radar when so much importance is put on financial or managerial due diligence. It is critical that companies give due diligence to IT because penalties for inappropriate use of software can be severe.
According to Microsoft and the Federation Against Software Theft (FAST), around 30% of software currently in use in business is illegal. Organisations such as the British Software Alliance and the FAST can impose hefty fines on companies that use pirate software or are using software outwith the terms of their agreement.
Some companies are genuinely unaware that they are breaking the law, and this is especially true of small businesses that have not purchased software licensed for use on multiple machines. However, there are some companies out there that flagrantly abuse software. They might think that they will get away with it, but companies like Microsoft are entitled to walk through their door to conduct an audit at any time.
If a company is found to have been running illegal software over a period of time – say, two years – then the authorities can make them pay for the two years they have got away with it, effectively brining them up to a ground zero level. This is in addition to stiff punitive fines: one company in Northern Ireland recently caught using illegal software was fined £40,000.
But it’s not just the potential legal problems that companies failing to carry out due diligence checks on IT software need to be concerned about as illegal software can give rise to a whole raft of security issues. Companies buying or downloading unauthorised copies of software could find that it has been embedded with security flaws or, worse still, spyware which can capture every user’s keystroke and allow access to sensitive company data.