A couple things on the tech side I’ve learned that you should be looking for in deals
After doing diligence across a range of SMB deals, two patterns keep coming up. Sharing them here because both have real deal implications. 1. Manufacturing businesses with internet-connected equipment and zero access controls A lot of manufacturing businesses have connected their shop floor equipment to the internet for remote visibility and monitoring, which makes operational sense and you need that. What doesn’t make sense is what I find when I look closer: no documented access controls, no audit of who has credentials, no process for revoking access when employees leave, and in some cases equipment running on default manufacturer settings that haven’t been touched since installation. I’ve seen equipment out on the internet with seriously no password protection at all, not uncommonly. This is because the goal was to get it visible as fast and quick as possible, and sometimes the people who handle that work don’t have cybersecurity in mind. This equipment is expensive. Downtime is expensive. A bad actor with access to the wrong system can cause either an expensive fix or complete replacement - costing you repairs/replacement (potentially hundreds of thousands, easily) PLUS downtime. This isn’t an automatic reason to walk away from a deal. Good businesses run with these gaps all the time because nobody ever flagged it as a priority, and luckily there are plenty of people who are more than capable to fix it. But it absolutely needs to be on your 90 day plan post-close with a clear owner and a clear remediation path, with the cost of this identified (not an overly expensive fix to get ahead of this). If it’s not in your LOI protections or your integration plan, you’re absorbing that risk silently. 2. Open source software approaching end of life This one has killed deals. I’ve seen it firsthand. EOL in open source software is so common since the people maintaining it are almost always not getting paid or supported. Open source software is great but genuinely tricky because you need to keep an eye on it for updates, deprecation, ending support, etc. A recent ecommerce business was running on an open source platform that was hitting EOL within 3 to 6 months of the projected close date. On the surface the business looked clean. The tech risk wasn’t visible in the financials because the seller had never been paying for hosting in the traditional sense, which actually made the margins look better than they were. Once the buyer understood what EOL entails, which is loss of security patches, eventual unusability, and a full platform migration that is neither cheap, fast, nor simple even with modern AI tooling, the economics of the deal changed materially. The buyer needed to factor in actual costs of hosting to EBITDA plus the cost of a full migration. They needed to factor in the rushed timeline, because without the platform to make money, they wouldn’t have a business. The deal didn’t close. The lesson here isn’t that open source is bad. It’s that the version, the support status, and the roadmap of every core platform in the stack needs to be part of your diligence checklist. A seller who doesn’t know their platform is approaching EOL isn’t necessarily hiding something, they just haven’t had the time to look at it and prioritize it. Again, with open source, these kinds of updates happen so much more frequently than with enterprise software. It’s a trade-off that isn’t bad one way or another, but you absolutely need to be informed and use what works best for you. Hope this is helpful for anyone looking at these kinds of businesses.