UnHacked 53: The One Thing That’s Tanking Your Business Value (And How to Fix It) with James DuBos

UnHacked Episode 53 Summary

Guest Introduction

Jim DuBos is a seasoned entrepreneur with 35 years of experience in both B2B and B2C sectors. He has founded 10 companies and achieved 7 successful exits through mergers and acquisitions. His most recent exit was in 2022 with a company generating nearly $65 million in annual revenue. Jim previously owned Transformix, a cybersecurity firm, and now helps entrepreneurs launch, scale, and exit their businesses through his "Exit Ready Method."

Business Growth Framework

Jim explained his Exit Ready Method, which focuses on three customer journeys:

• Launch journey: A 90-day roadmap for proper business launch
• Scale journey: Assessment and planning for growth
• Exit journey: Preparing a business for acquisition

Jim emphasizes the importance of "working on the business, not in the business" - treating your company as an asset that can generate value when you exit. He noted that a business completely dependent on the owner isn't a transferable asset, as buyers want companies that can sustain themselves after the owner's departure.

Cybersecurity's Role in Business Value

When acquiring companies, buyers look for:

• Growth potential ("leave some meat on the bone")
• Technology stack that can support growth
• Proper regulatory controls
• Basic cyber hygiene

Jim explained that implementing good cybersecurity practices demonstrates operational maturity to potential buyers, which lowers their perceived risk and can increase business valuation. Conversely, neglecting cybersecurity is like "deferred maintenance" that will devalue a company during acquisition.

Major Breach Causes

From Jim's experience, the primary causes of security breaches are:

• Poor patching of systems (inadequate asset management)
• Phishing/social engineering (users clicking malicious links)
• False payments due to poor vendor management (fraudsters changing payment information)

Top Three Security Controls

When asked about the most important security controls for businesses, Jim recommended:

User Training & Awareness

• • Ongoing, not one-time training

• Communicate examples of threats

• • Test user community regularly
  • Frame security as protecting company reputation

Password Hygiene

• Implement complex passwords
• Use password management tools
• Enforce regular password changes (45-60 days)
• Ensure unique passwords for each system

Data Protection

1. • Implement reliable backup systems
   • Test backups periodically
   • Ensure backups are immutable (protected from viruses)

Implementing Security as a Journey

The panel agreed that cybersecurity implementation should be viewed as a journey, not a one-time project:

• Start with administrative controls (about 50% of initial controls are just policy and procedure)
• Prioritize the most critical controls first
• Build a security culture throughout the organization
• Make security awareness engaging and relevant

Key Takeaways

1. Cybersecurity is both a business protection strategy and a value driver for exit/acquisition
2. Start with basic security hygiene - training, password management, and backups
3. View security as an ongoing journey, not a destination
4. Security needs to be a company-wide culture, not just a set of tools
5. Many effective security controls are administrative (policy/procedure) rather than technical
6. Implementing good security demonstrates operational maturity to potential buyers

Jim DuBos offers resources for listeners at dubos.me and can be contacted at entrepreneurship@dubos.me. He also provided a cybersecurity program document for listeners to download.