In today’s fiercely competitive business landscape – where customer demands are ever-increasing, digital transformation accelerates change, and organisational agility determines survival – one timeless truth stands out: the greatest driver of lasting success is investing in people.

I am delighted to share the full PDF of my book, Accelerate with Impact: Your Business and Personal Growth, here on the CEO Worldwide Blog. This guide distils the lessons from my own hands-on journey as a Managing Director, turnaround specialist, and leader in both PLCs and private companies.

Throughout my career – from re-engineering organisations, driving successful mergers and acquisitions, launching new products and services, to consistently elevating profitability – I have seen firsthand that businesses thrive when they prioritise their people. Technology supports us, but it is dedicated, empowered individuals who truly make companies excel.

This book provides straightforward, jargon-free guidance. My core message remains: “Improving the quality of people is necessary to accelerate with impact organisations.” By caring more for your personnel than your competitors do, you create winners. Key areas covered include:

• Change Management and Leadership – Actionable frameworks for navigating change, executing strategies, and delivering real results.
• People Empowerment – Proven tools for coaching, mentoring, training, effective communication, and fostering high-morale teams.
• Business Acceleration – Insights on market forecasting, ROI maximisation, strategy implementation, building effective boards, and developing 21st-century executives.
• Mindset for Success – The disciplines of champions, cultivating positive attitudes, and balancing professional achievement with personal wellbeing.

Whether you are a CEO guiding your organisation through uncertainty, an executive strengthening team resilience, or a leader aiming to maximise your own impact, Accelerate with Impact offers the practical blueprint to unlock the potential in your people – your most valuable asset.

Download the full book PDF below and take the next step to ignite your business and personal growth.

Growing a business faces a range of challenges. As a business grows, different issues/problems and opportunities demand different solutions – what worked a year ago might now be not the best approach. All too often, avoidable mistakes turn what could have been a great business into an also-ran.

Recognising and overcoming the common pitfalls associated with growth is essential if your business is to continue to grow and thrive. Crucially, you need to ensure that the steps you take today do not themselves create additional problems for the future. Effective leadership will help you make the most of the opportunities, creating sustainable growth for the future.

This guide highlights the particular risks and mistakes that most commonly affect growing a business and outlines what you can do about them.

• Keeping up with the market
• Information source
• Planning ahead
• Cash flow and financial management
• Problem solving
• The right systems
• Skills and attitudes
• Welcoming change
• Renegotiating contracts to take account of increased volume

Keeping up with the market

Market research isn’t something you do as a one-off when you launch your business. Business conditions change continually, so your market research should be continuous as well. Otherwise you run the risk of making business decisions based on out-of-date information, which can lead to business failure.

The more you succeed, the more competitors notice – and react to – what you are doing. A market-leading offer one day may be no better than average a few months later.

Apparently loyal customers can be quick to find alternative suppliers who provide a better deal.

As products (and services) age, sales growth and profit margins get squeezed. Understanding where your products are in their lifecycles can help you work out how to maximise overall profitability. At the same time, you need to invest in innovation to build a stream of new, profitable products to market.

Information sources

Published information can provide useful insights into market conditions and trends. As a growing business, your own experience can be even more valuable.

You should be able to build up an in-depth picture of what customers want, how they behave and which of your marketing approaches work best.

Taking the time to talk to key customers pays off. Your suppliers and other business partners can be important sources of market information. You should encourage your employees to share what they know about customers and the market. Effective IT systems can also make it easier to share and analyse key information such as customers’ purchasing behaviour and preferences.

You may want to carry out extra research as well – for example, to test customer reaction to a new product. You might do this yourself, or use a freelance researcher or market research agency.

Planning ahead

The plan that made sense for you a year ago isn’t necessarily right for you now. Market conditions continually change, so you need to revisit and update your business plan regularly.

As your business grows, your strategy needs to evolve to suit your changed circumstances. For example, your focus is likely to change from winning new customers to building profitable relationships and maximising growth with existing customers. Existing business relationships often have greater potential for profit and can also provide reliable cash flow. Newer relationships may increase turnover, but the profit margins may be lower, which may not be sustainable.

At the same time, every business needs to be alert to new opportunities. There are obvious risks to relying solely on existing customers. Diversifying your customer base spreads those risks.

Following the same business model, but bigger, is not the only route to growth. There are other strategic options such as outsourcing or franchising that might provide better growth opportunities.

It’s important not to assume that your current success means that you will automatically be able to take advantage of these opportunities. Every major move needs planning in the same way as a new business launch.

Watch out for being too opportunistic – ask yourself whether new ideas suit your strengths and your overall vision of where the business is going. Bear in mind that every new development brings with it changing risks. It’s worth regularly reviewing the risks you face and developing contingency plans.

Cash flow and financial management

Good cash flow control is important for any business. For a growing business, it’s crucial – cash constraints can be the biggest factor limiting growth and overtrading can be fatal.

Making the best use of your finances should be a key element in business planning and assessing new opportunities. With limited resources, you may need to pass up promising opportunities if pursuing them would mean starving your core business of essential funding.

Every element of working capital should be carefully controlled to maximise your free cash flow. Effective credit management and tight control of overdue debts are essential. You may also want to consider raising financing against trade debts.

Good stock control and effective supplier management tend to become increasingly important as businesses grow. Holdings of obsolete stock may become a problem that needs periodic clearing up. You may want to work with suppliers to reduce delivery cycles, or switch to suppliers and systems that can handle just-in-time delivery.

Planning ahead helps you anticipate your financing needs and arrange suitable funding. For many growing businesses, a key decision is whether to bring in outside investors to provide the equity needed to underpin further expansion.

Problem/Issue solving while growing a business

New businesses often run in perpetual crisis mode. Every day brings new challenges that urgently need resolving and management spends most of their time troubleshooting.

As your business grows, this approach simply doesn’t work. While a short-term crisis is always urgent, it may not matter nearly as much as other things you could be doing. Spending your time soothing an irritated customer might help protect that one relationship – but focusing instead on recruiting the right salesperson could lay the foundations of substantial new sales for years to come.

As your business grows, you also need to be alert to new issues/problems and priorities.

For example, your business might be increasingly at risk unless you take steps to ensure your intellectual property is properly protected.

If you are focusing on individual marketing campaigns, you might need to devote more resources to developing your brand.

Identifying the key drivers of growth is a good way of understanding what to prioritise.

A disciplined approach to management focuses on leading employees, developing your management team and building your business strategy. Instead of treating each problem as a one-off, you develop systems and structures that make it easier to handle in the future.

The right systems

All businesses produce and rely on large volumes of information – financial records, interactions with customers and other business contacts, employee details, regulatory requirements and so on. It’s too much to keep track of – let alone use effectively – without the right systems.

Responsibilities and tasks can be delegated as your business grows, but without solid management information systems you cannot manage effectively. The larger your business grows, the harder it is to ensure that information is shared and different functions work together effectively. Putting the right infrastructure in place is an essential part of helping your business to grow.

Documentation, policies and procedures also become increasingly important. The informality that might work with one or two employees and a handful of customers simply isn’t practical in a growing business. You need proper contracts, clear terms and conditions, effective employment procedures and so on.

Many growing businesses find using established management standards one of the most effective ways of introducing best practice. Quality control systems can be an important part of driving improvements and convincing larger customers that you can be relied on.

Investing in the right systems is an investment that will pay off both short and long term. You benefit every day from more effective operations. If you ever decide to sell the business, demonstrating that you have well-run, efficient systems will be an important part of proving its value.

Skills and attitudes

Entrepreneurs are the driving force behind creating and growing new businesses. All too often, they are also the people holding them back.

The abilities that can help you launch a business are not the same as those you need to help it grow. It’s vital not to fool yourself into valuing your own abilities too highly. The chances are that you’ll need training to learn the skills and attitudes required by someone who is leading growth.

To grow your business, you need to learn to delegate properly, trusting your management team and giving up day-to-day control of every detail. It’s all too easy to stifle creativity and motivation with excessive interference. As the business becomes more complex, you also need to develop your time management skills and learn to focus on what’s really important.

As your business grows, you may need to bring in outsiders to help. You’ll want to delegate responsibility for particular areas to different specialists, or appoint a non-executive director or two to strengthen your board. As you start tackling a new opportunity, someone who has experience of that activity can be vital.

For many successful entrepreneurs, learning to listen to – and take – advice is one of the hardest challenges they face. But it may also be essential if you are going to make the most of your opportunities. Some entrepreneurs, recognising their own limitations, even appoint someone else to act as managing director or chairman.

Welcoming change

Complacency can be a major threat to a growing business. Assuming that you will continue to be successful simply because you have been in the past is very unwise.

Regularly revisiting and updating your business plan can help remind you of the changing market conditions and the need to respond to them. See the page in this guide on planning ahead.

An up-to-date plan helps you identify what action you need to take to change your business and the way it operates, for example:

• Changing to suppliers who can grow with you and meet your new priorities. As your business grows, consistent quality and reliability may be more important than simply getting the cheapest offer.
• Renegotiating contracts to take account of increased volume.
• Training and developing employees. Your own role will also evolve as the business grows. See the part of this guide on skills and attitudes.
• Making sure that you keep up to date with new technologies. 

You need to be fully committed to your strategy, even if it takes you out of your comfort zone. This may involve hard decisions – for example making employees redundant or switching business away from suppliers you have become friends with. But unless you’re prepared to do this, you risk putting your business at a dangerous competitive disadvantage.

I share with you helpful publications below:

Delivering Success – A Pathway to Profits, Passion and True Purpose

`How to Learn, Lead and Grow as a Champion`
Achieving Business and Personal Excellence

Learning – Leading – Growing – Winning Together = Success

`Becoming the Best`
Empowering Employees to Deliver Service Excellence

`Tomorrow You Will Become – What You Choose Today`
Blue Print to Your Success in Business and Personal Growth

“Anything in life is possible as long as you have the passion to be successful”
Colin Thompson

“Cybersecurity isn’t just about technology; it’s also about processes, people, and governance.” – Tonya Ugoretz

Introduction: Why Cybersecurity for SMEs Can’t Be Ignored

Every leader diligently locks their office door at night. You insure your premises and your stock. But what about your digital front door – the one that is open to the entire world, 24/7? Is it left completely unguarded?

As SMEs continue to embrace digital transformation, many business owners still overlook one critical element: cybersecurity. In fact, many SME CEOs still believe they’re too small to be targeted by cybercriminals – an assumption that’s not only outdated, but dangerous. Hackers don’t discriminate by size; they look for opportunity. And SMEs, with lean defences and valuable data, are increasingly seen as low-hanging fruit. In fact, statistics show that 82% of ransomware attacks today are aimed at small businesses.

Cybersecurity for SMEs is no longer a technical issue, but a strategic imperative. Ransomware, fraud, and espionage are not just threats for big business – they’re very real risks for companies of every size. And, as you scale your business, expand into new markets, or pursue product diversification, your digital footprint grows – along with your exposure.

This article is the third in our digital transformation series, and this week we turn our attention to the all-important issue of cybersecurity – and how to build a resilient, scalable, and budget-conscious cybersecurity blueprint that supports your strategy roadmap and long-term growth.

After all, your digital transformation is only as strong as its weakest link – security.

Related Articles:

• The CEO’s Digital Transformation Roadmap: Driving Sustainable Growth on a Sensible Budget
• Building Scalable Tech on a Budget: A CEO’s Guide to Smarter Spending
• “Cyber Crime is the Greatest Threat to Every Company in the World.” – Ginni Rometty

Why SMEs Really Are Targets

You might be wondering, “Why would hackers target my small business?” It’s easy to believe that cybercriminals focus on larger, more lucrative organisations, but that’s simply not the case. SMEs are particularly vulnerable because they typically have weaker security defences, often with outdated software and less trained staff.

Hackers know this and exploit it.

With cyberattacks on the rise, SMEs are facing an urgent needto implement robust cybersecurity strategies to protect valuable assets and ensure business resilience.

Why SMEs are At Higher Risk

Let’s break down why your SME is at risk:

• Lower Defences: Smaller businesses tend to have fewer resources to dedicate to cybersecurity, leaving vulnerabilities wide open, and breaches often go unnoticed for long periods of time.
• Outdated Software: With limited IT budgets, SMEs often run on older systems, and ignore the need to keep software updated, making it easier for hackers to find gaps.
• Easier Targets: SMEs tend to be less vigilant about cybersecurity, making it easier for cybercriminals to breach systems.
• Valuable Data: SMEs hold valuable data – from customer, supplier and employee information to intellectual property – that hackers can sell or use to extort ransom.
• Customer Data: Hackers don’t just want your data – they want your customers’ data too.
• Used as Stepping Stones: Once a hacker breaches an SME’s system, they may use it to target larger companies in the SME’s supply chain.
• Quick payouts: SMEs are less likely to have robust backup systems and so more likely to pay ransoms to minimise downtime.

As Satya Nadella, CEO of Microsoft, famously said: “It’s not enough to protect your data; you need to protect your customers’ data too.”

Common Threats Facing SMEs

Cyberattacks are often automated and random, and seldom personal, which means your business is just as likely to be targeted as anyone else. The most common threats to SMEs include:

According to the Verizon DBIR, 61% of breaches in SMEs involve stolen credentials, and 94% of ransomware attacks are delivered via email.

Related Article:

• From Fragile to Fortress: Safeguarding Your Business with Cybersecurity Best Practices

The High Costs of a Breach

Let’s face it: the cost of a cyberattack can devastate a business. For example, KNP Logistics in the UK suffered a major ransomware attack in 2023 which crippled their systems and, as a result, their financial position. Despite annual revenues of up to £100 million prior to the attack, the company was forced into administration, ceasing to trade a few months after the attack.

The financial impacts of a breach can include:

• Ransom Payments: Hackers demand money to restore access to your data, with some companies paying millions.
• Lost Revenue: Downtime, loss of data, and customer trust can lead to significant revenue losses, directly and indirectly (lost opportunities).
• Reputational Damage: Once your business is compromised, customer confidence erodes, and you may lose current and future clients.
• Recovery Costs: If breached, you will face the often significant costs of forensic analysis and remediation.
• Regulatory Fines: If you’re found to be non-compliant with regulations like GDPR, POPIA, or other industry-specific rules, you could face significant penalties.
• Legal Exposure: If your business is compromised and data leaked, you could also face lawsuits from customers, partners or other affected parties.

The effect on a business of a cyberattack is invariably significant downtime, including: an inability to access systems or data, halted production or service delivery, staff unable to work effectively, and emergency resource allocation, any of which can be extremely costly to the business.

A further important point to recognise is that dormant viruses – those that lie hidden in your system before being triggered weeks or even months later – are a growing threat. Without a comprehensive backup process, these viruses can devastate your business. A solid backup strategy can ensure you have clean copies of your data, minimising downtime and recovery costs.

Related Articles:

• Protecting Your Crown Jewels: Safeguarding the Intellectual Property of Your Business
• Navigating the Data Privacy Maze: A Practical Guide for SMEs

Cybersecurity as a Strategic Investment – Not a Reluctant Purchase

Cutting corners on cybersecurity – like under-investing in accounting controls or skipping insurance – is a classic case of being penny wise, pound foolish (or as we say in South Africa, “Goedkoop is duur koop”). The up-front savings pale in comparison to the long-term costs a security breach can inflict, especially if you’re following a diversification roadmap for growth.

Think of cybersecurity not as a cost centre, but a strategic investment that fuels scalable growth. It protects your assets, reduces operational risk, and enhances your reputation with customers. Viewing it as a necessary reluctant purchase will cost you far more in the long run.

Why It Matters for Strategic Growth

• Supports scaling: secure systems enable steady growth and expansion.
• Protects customer trust: essential for brand reputation and retention.
• Enables compliance: opens doors to enterprise clients and regulated sectors while preventing legal issues.
• Reduces risk exposure: strengthens your resilience against disruption.
• Competitive Advantage: having comprehensive cybersecurity gives you a significant competitive advantage.
• Aligns with The Art of Scale: lean overheads, standardised systems, outsourced expertise.

As was mentioned in the previous article, Building Scalable Tech on a Budget, security is a key component that needs to be treated as an investment in the future – one that enables you to reach your medium to long-term goals for the business.

Related Articles:

• Fortifying Your Business through Risk Mitigation and Resilience: A CEO’s Strategic Blueprint
• Tech-Enabled Triumph: How You Can Leverage Technology for Unprecedented Growth
• The Art of Scale

Your Cybersecurity Priorities: Where to Start

Your cybersecurity strategy must grow as you do, ensuring scalable technology that matches the needs of your expanding business.

So where do you start? A good place is to think of “People, Process, and Technology” as three pillars supporting your business success:

People: Your First and Last Line of Defence

• Training: The majority of cyber incidents stem from human error. Regular, focused training on phishing awareness and safe credential handling is non-negotiable.
• Credential Hygiene: Staff must understand the risks in reusing passwords – one compromised password can unlock multiple systems.
• Shadow IT: Unapproved software and cloud services are a silent risk, as are copies on unapproved devices. Implement a straightforward process for employees to request and adopt the tools they need.
• Culture of Security: Make cybersecurity responsibility clear from the boardroom to the front line, with a clear no-blame process for reporting incidents – security is everyone’s job, led from the top.

Process: Turn Knowledge Into Action

• Policy & Procedures: Document regular password updates, mandate strong (preferably unique) passwords, and require multi-factor authentication (MFA) where possible.
• Remote Work: Every device outside the office, including mobiles, must use secure VPN connections and encrypted tools.
• Role-Based Access Control: Limit staff to only the data and systems they need. This also applies to what data can be copied/downloaded and also provided to AI systems, particularly those that are not company specific.
• Backup & Disaster Recovery: Establish and test policies for regular, reliable, offsite backups.
• Physical Security: Don’t neglect physical access – servers, laptops, and storage must be locked away when not in use and secured in place when they are in use.
• Incident Response Planning: Prepare for the worst – a simple, documented plan for identification, containment, eradication, and recovery, together with one to learn and teach lessons from any incidents. This would include processes for lost/stolen and end-of-life products.
• Cyber Insurance: A safety net for unavoidable incidents; ensure policies cover the risks relevant to your business and scaling aspirations.
• Reference Frameworks: Consider guidance from NIST or ISO 27001, but keep documentation practical, actionable, and jargon-free. Similarly, for data, plain language guidance on GDPR, POPIA, HIPAA, etc., as appropriate.

Technology: The Enabler – But Never a Substitute for Process or Culture

• Firewalls and Endpoint Protection: Modern firewalls, updated antivirus, mobile device management (MDM), MFA, and email filtering are minimum standards.
• Monitoring and Alerts: Even basic monitoring can provide early warnings; investigate any anomalies promptly.
• Regular Updates and Patch Management: Staying current is your best first line of defence against known exploits.
• Device Control: Retire and securely wipe any device before reallocation or disposal.
• Leverage Outsourcing: Consider managed security providers or “security as a service” platforms, along with fractional executives (CIO or CISO), if you lack in-house expertise. Demand clear reporting, transparency, and responsiveness.
• Built-in Cloud Security: Make the most of security features baked into your cloud platforms – let your supplier bear part of the load.

It’s not just company-based devices, but all devices with access to your company systems and data need to be approved and secured – this includes those such as laptops, tablets and mobile phones, together with remote routers and the like, so minimise the potential for cybersecurity incidents.

Related Articles:

• Is Your Business Safe from Cybersecurity Threat?
• Compliance is More than a Tickbox: How Building a Culture of Compliance Can Drive Business Growth
• AI Risks: Protecting Your Business in the Age of Artificial Intelligence

What Not to Do: Common SME Mistakes

Even with the best intentions, SMEs often make key cybersecurity mistakes which hinder business resilienceand can undermine your long-term growth ambitions. Avoiding these pitfalls can significantly reduce your risk exposure.

Here’s a list of what not to do:

• Reusing Weak Passwords: It’s tempting to use simple, easy-to-remember passwords, but this is an open invitation for hackers. Common passwords like “123456,” “password,” and “admin” are the first things they’ll try, along with default logins and passwords shipped with various devices.
• Lack of a Central Device or User Policy: Without a unified policy, devices can become a security mess. Having a clear, centralised policy ensures consistency and security across your organisation.
• Delaying Updates: Procrastination might seem harmless, but failing to apply software patches and updates regularly makes your business an easy target for hackers who exploit known vulnerabilities, as evidenced by the continued rise in the use of zero-day exploits by hackers.
• Unsecured Public Wi-Fi: Using unsecured public Wi-Fi for business activities opens your business to attacks. Always use a VPN to encrypt data. Similarly, have secure guest WiFi access on a separate guest network to prevent hacking to your systems.
• Sharing Credentials: Sharing passwords or using common accounts is risky. When employees leave, credentials are often overlooked and become an easy access point for attackers.
• Overly Broad Access Rights: Not everyone needs access to everything. Ensure that access to information is based on role-based access controls (RBAC).
• Neglecting to Disable Former Employees’ Accounts: Ex-employees can be a major security risk if their access rights are not revoked immediately.
• Ignoring Security Alerts: Don’t ignore alerts, even if they seem insignificant. They can be signs of an impending security issue.
• No Response or Continuity Plan: A lack of a detailed, tested incident response plan is a major vulnerability. Every business should have an effective plan that includes response, recovery, and lessons learned.
• Relying on a Single IT Person: If you have just one person responsible for IT, it leaves you vulnerable if they are unavailable or leave the company. Ensure redundancy and support. For SMEs, using outsourced service providers can be a cost-effective solution.

By identifying and avoiding these common mistakes, you’re taking the first step towards building a robust cybersecurity defence.

Related Article:

• Is Your Business Safe from Cybersecurity Threat?

Practical Tools to Protect Your Business

It’s one thing to have a good strategy, but you also need the right tools to back it up. Here’s a list of effective tools to protect your SME’s data, devices, and systems:

• Password Managers: Tools like 1Password and Bitwarden allow for strong, unique passwords for each login, reducing the risk of weak passwords being exploited.
• Endpoint Detection and Response (EDR): Tools like CrowdStrike and SentinelOne help monitor and protect endpoints (laptops, desktops, etc.) in real time.
• Mobile Device Management (MDM): Solutions like Jamf or MobileIron help manage and secure mobile devices that access company systems.
• Email Filtering: Tools such as Mimecast or Barracuda can block phishing attempts and other malicious emails before they reach your team.
• VPN and Encrypted Messaging: Proton VPN and Signal provide secure communication channels and encrypt your internet traffic, ensuring privacy and security.
• Drive & File Encryption: Devices nowadays offer the facility to encrypt their storage – do it.
• Secure File Sharing: Platforms like OneDrive for Business and Dropbox Business offer secure cloud file sharing and collaboration with enterprise-grade security.
• Standardise Devices and Operating Systems: Having standards for all devices and operating systems makes keeping all devices updated with the latest software easier, so reducing potential vulnerabilities across your organisation.

Having the right tools is only one piece of the puzzle. Regularly updating them and ensuring they’re properly integrated into your security systems is key to maintaining a strong defence.

Related Articles:

• Practical AI for SMEs: Streamlining Operations, Boosting Efficiency, and Gaining a Competitive Edge
• Tech-Enabled Triumph: How You Can Leverage Technology for Unprecedented Growth

Understanding Penetration Testing and External Audits

Just like you wouldn’t build a business without testing your products or services, you can’t neglect testing your security systems. Cybercriminals are constantly evolving their tactics, and so should your security measures.

As Chris Nickerson put it, “When you fail to test your defences, your adversaries will do it for you.”

Here’s what you need to know about testing your defences:

• Vulnerability Scans: These automated tests identify weaknesses in your systems. They are a quick way to pinpoint obvious vulnerabilities.
• Penetration Testing: A more thorough process where ethical hackers simulate cyberattacks to find security holes.
• Red Team vs Blue Team Exercises: These are competitive simulations where the Red Team attacks your systems, and the Blue Team defends them. This can give you an in-depth understanding of how your systems react under pressure.
• Black Box, Grey Box, and White Box Testing: These terms refer to how much information the testers have about your system before conducting tests. Black box testing is like an attacker with no insider knowledge, while white box testing gives the tester full access to your system for reviewing code, configurations and processes.
• Automated Scanning vs Full “White Hat” Manual Tests: Automated scans are efficient but can miss complex vulnerabilities that human testers can find.

It’s highly recommended that you consider basic penetration testing every 12-24 months – “Grey Box” testing providing the optimal balance with cost for most SMEs. These tests are an affordable way to ensure your business remains resilient in the face of evolving threats. Complement these with more frequent vulnerability tests.

Who to Engage: Reputable security firms or certified ethical hackers are your best bet for quality tests. Look for accreditations such as CREST, OSCP, or EC-Council CEH, and always require transparent, plain-language reporting.

Related Article:

• Is Your Business Safe from Cybersecurity Threat?

Backup and Recovery: Your Last Line of Defence

The old adage, “Failing to prepare is preparing to fail,” rings especially true when it comes to cybersecurity. Having a solid backup and recovery plan is your last line of defence.

A 3-2-1 backup rule ensures the long-term resilienceof your digital infrastructure, making your business adaptable and scalable.

Here’s the 3-2-1 Rule for backups:

• 3 copies of your data
• 2 types of storage (e.g., cloud and physical)
• 1 copy offsite (preferably immutable, on an external drive, located remotely)

These three steps ensure that if one copy is corrupted or lost, you still have others to fall back on, and encrypt your immutable backups, too, for further protection.

Dormant Threats: Backups should not just be about keeping data safe from accidental loss. Some attacks, like ransomware, inject dormant threats into your systems that are activated months later. Malware often targets system files, so separate system and program backups from your data backups to enhance the likelihood of recovering your data in the event of an attack.

Regular testing of backups is a must. Don’t assume they’re working just because you have them set up.

Cloud vs On-Premise Backups: Cloud-based backups offer scalability and reliability, often with a standard cybersecurity toolkit, while on-premise backups give you more control but require more maintenance. A hybrid approach – cloud and encrypted local backups – can maximise resilience.

A Basic Cybersecurity Checklist for SMEs

Every business needs a comprehensive checklist to ensure they’re not missing any essential security measures. Below is your basic checklist for keeping your SME secure.

What to Include:

• MFA (Multi-Factor Authentication) on all systems
• Strong password policy and password manager
• Device management policy, including VPNs
• Regular updates and patching
• Comprehensive, regular backup schedules
• Employee training plan (phishing, credential management)
• Antivirus and firewalls in place
• Role-based access control
• Secure mobile device and remote work policies
• Policy to disable former employees’ access immediately
• Incident response and recovery plan
• Penetration test schedules
• Risk register updated regularly with cybersecurity threats

When to Do It:

“Cybersecurity is not a set of products – it’s a set of practices.” – Ed Amoroso

Culture and Leadership: Cybersecurity Starts at the Top

Cybersecurity is not just an IT issue – it’s a leadership and governance issue.

As a CEO, you set the tone for the entire organisation. Cybersecurity must be embedded in the company culture, starting with strong leadership support. Here’s how you can lead the charge:

• Lead by Example: CEOs set the tone for how seriously security is taken. Board involvement and clear priorities make it part of business-as-usual, not just an IT “nice to have”.
• Make it Everyone’s Responsibility: Set clear expectations for all employees, making cybersecurity a non-negotiable part of company culture. Staff should feel empowered – never blamed – for reporting incidents or concerns.
• Embed Security in Your Culture:
  This is as non-negotiable as financial controls or workplace safety. Investment in security is an investment in business continuity, customer confidence, and the entire diversification roadmap..

Your leadership in cybersecurity isn’t just about policies – it’s about instilling a security-first mindset across your company.

Related Articles:

• Defining Company Culture: Building a Foundation for Business Success
• Embedding Culture into Your Business: Transforming Values into Action
• Culture Without Borders: Building a Strong Hybrid Work Culture in a Distributed World
• Leading a Fearless Business: Boosting Growth and Profits

Conclusion: Don’t Wait for a Wake-Up Call

Cyber-attacks are not a hypothetical risk; they are a daily reality of doing business. For an SME, the impact can be existential. The right time to build your fortress is before the attack, not during the siege.

By moving from a mindset of cost to one of strategic investment, you can transform your approach to cybersecurity. It is a continuous process of managing risk through the layered defences of your people, your processes, and your technology. This commitment is an investment in business continuity, customer trust, and brand reputation. It is the bedrock of resilience and the ultimate enabler of sustainable growth.

The best time to secure your business was yesterday. The second-best time is now.

Next Steps:

Now is the time to assess your current cybersecurity position. Start by identifying the key vulnerabilities in your business, whether it’s outdated software, weak passwords, or lack of employee training. Develop a phased approach to strengthen your defences, starting with the basics: multi-factor authentication, regular backups, and staff awareness.

Remember, cybersecurity isn’t a one-time fix – it’s an ongoing process that scales as your business does. Begin now, before the next attack becomes a reality.

It’s your turn now:

What’s the one cybersecurity weakness that’s been sitting on your to-do list for too long?  I’d love to hear your thoughts in the comments, or feel free to drop me an email directly.

FAQs – Top 10 Questions About Strategic Tech Investment:

1. Are SMEs really at risk from cyberattacks, or is this just hype?

Absolutely at risk. Automated attacks target any system that appears insecure. Over 60% of SMEs worldwide report at least one cyber incident annually, with over 80% of ransomware attacks being on small businesses.

2. How can I get started with cybersecurity on a budget?

Start by prioritising the basics: strong passwords, MFA, antivirus, regular backups, and employee training. These low-cost steps can significantly reduce your risk.

3. What is a penetration test, and how often should I do one?

Penetration tests simulate a cyberattack to find vulnerabilities. SMEs should consider a grey box test every 12-24 months.

4. What is multi-factor authentication (MFA), and why is it so important?

MFA adds an extra layer of security by requiring more than just a password to access systems. It’s one of the easiest and most effective ways to prevent account breaches.

5. What cybersecurity mistakes do SMEs commonly make?

SMEs often reuse weak passwords, delay updates, and don’t implement proper device management policies. These mistakes leave systems vulnerable to attacks.

6. Can we outsource cybersecurity affordably?

Yes. Managed Security Service Providers (MSSPs) offer monitoring, response, and compliance help, scaling services to fit SME needs and budget.

7. Is cyber insurance necessary?

Yes. Cyber insurance helps mitigate the financial impact of a breach, covering costs like ransom payments and legal fees.

8. Can my team work remotely securely?

Yes, but you must implement secure access tools, such as a company-managed laptop, VPN, and encrypted communication channels.

9. How do I ensure compliance with data privacy regulations (GDPR, POPIA)?

Ensure you have robust data protection policies, train staff, and regularly review systems. Regular audits and penetration tests also help ensure compliance.

10. How do we protect against ransomware?

Maintain regular, immutable backups; train staff to spot phishing; keep software up-to-date; and have an incident plan so you’re ready if attacked.

11. What’s the 3-2-1 backup rule?

Three copies of your data (original + two backups), two different storage types, and one held securely offsite.

LEADING A BUSINESS THROUGH IPO, EXIT AND BEYOND

• Deciding whether to float or not?
• Short, medium, long term – the pros/cons of different scenarios
• How to enhance shareholder / stock value
• What are the pitfalls which can result in a flotation and how to avoid them
• What are the Corporate Governance, risk mitigation and due diligence requirements?
• How do you go about assembling an effective Board of Execs and NEDs?
• What are the key skills of a successful Non-Executive Chairman?
• Examples of leading ailing businesses through turnaround and learnings gained.

DECIDING WHETHER TO FLOAT OR NOT?

Need to be certain you want to move into a public spotlight that comes with being listed

Significant greater rules and regulations as a public company

Undergo internal audit to ascertain whether the business is in a position to do so. A full business review

Assessing in advance issues including:

• Corporate structure
• Board structure
• Board and senior management abilities
• Corporate Governance analyses
• Issues which would prevent Listing
• Internal control reviews
• Tax check ups and requirements

UNDERSTANDING THE REQUIREMENTS OF INSTITUTIONAL INVESTORS

• Solid management team
• Proven concept
• Sizeable market opportunity
• Differentiated proposition
• Rationale for joining the AIM
  • Growth Capital
  • Raise profile
  • Incentive / retain staff through tradable equity

The items above should form an executive summary to the superior strategies for business plan and strategy document, together with a financial summary, to use as a preliminary document to start to assist the Company.

IPO PROCESS – PHASE 1 – STRATEGIC ISSUES

Strategic issues:

• Business Plan and Strategy
• Rationale for an IPO
• Capital Structure and Debt Financing
• Intentions of major shareholders post listing
• Issue size and structure
• Timing
• Advisors
  • Nomad
  • Legal
  • Accountants
  • PR
  • Registrars

Indicative AIM flotation timetable

The Advisors

IPO PROCESS – PHASE 2 – PLANNING

Planning:

• Corporate Structure and domicile
• Financial Track record
• Dividend policy
• Board Structure and Corporate Governance
• Incentivisation Schemes
• Employee Participation
• Project Timetable

DUE DILIGENCE

• Financial Modelling
• Long Form report
• Commercial due diligence
• Legal due diligence
• Prospectus Drafting
• Shareholder Agreement
• Underwriting Agreement
• Lock up undertakings
• Roadshow presentation

We will guide you in the selection of the relevant professionals who can provide relevant services around the above activities

COMMERCIAL AND FINANCIAL DUE DILIGENCE

• Detailed operational, commercial and strategic plan for the business
• Business development opportunities
• Detailed budgets and forecasts

At this preliminary stage this only needs to be provided at a high level and in summary form

LONG FORM REPORT

• Nature and scope of business
• Adequacy of accounting systems and internal controls
• Past record of forecasting of results and working capital requirements
• Appropriateness of accounting policies

SHORT FORM REPORT

• Financial Statements and Cash flow for 3 years
• Accountants to confirm that accounts are fair and reasonable

WORKING CAPITAL REPORT

• Statement is required in prospectus / admission document that company has sufficient working capital for the next 12/15 months
• Detailed review of monthly working capital requirements and compliance with relevant covenants together with sensitivity analysis

Not required at this preliminary stage

SHORT, MEDIUM, LONG TERM THE PROS/CONS OF DIFFERENT SCENARIOS Of AN IPO

Short Term (PROS) 18 Months

• Providing access to Capital for growth – Raise finance for further developments as Company grows
• Placing an objective market value on the Company’s business
• Increasing the Company’s ability to make acquisitions (Available Currency)
• Create a market for Company’s shares and broadening the shareholder base
• Encourage Employee commitment and incentivising their long term motivation e.g. share options
• Creating heightened public profile
• Always under promise and over deliver

Short Term (CONS)

• Dealing with increased disclosure and greater Regulatory obligations
• Additional costs associated with new audit fees, investor relations, NEDs, etc.

Medium Term 3-5 years

• Stable Management team pulling in the same direction
• Stay focused on Plan
• Maintain momentum – with shareholders following IPO
• Be transparent – To obtain the long term support of all shareholders
• Consistently meet the delivery or growth plan
• Do not become obsessed with share price

Change Board / Chair at what point and why?

Long Term 5 year +

Investors looking for:

• A committed and experienced management team
• Commitment to strong corporate governance procedures
• A viable Corporate Culture
• Sustainable Competitive position
• Growing business operating in an expanding market, locally and / or internationally
• Visibility and quality of earnings
• In summary: Quality, Good Governance and Value

HOW TO ENHANCE SHAREHOLDER / STOCK VALUE

• Once transformation into a Public Company is complete, it is just the beginning, and company then needs to meet the ongoing obligations of public markets
• Management needs to execute strategic initiatives and transactions
• Invest in good people and continue to evaluate the performance of the Board and management team
• Under promise and over deliver – Turnover, Profits, etc.
• Engage with investors effectively through a clear communication plan
• Manage Risk and Promoting good Corporate Governance , will add value
• Do not over-value the business. This is less important at IPO time.

WHAT ARE THE PITFALLS WHICH CAN RESULT IN A FAILED FLOTATION AND HOW TO AVOID THEM

• Management – Comply with rules, culture, etc
• Need to be sensible when valuing Company
• Investors will not invest in Companies where the Revenues or Assets are not substantiated
• Need a clear vision with credible management team committed for the long term
• Cannot raise all the funds needed
• Down turn in economy and stock market
• Fraudulent information
• Intellectual Property Rights – issues relating there too

FINANCIAL DUE DILIGENCE

The Business Plan prepared by the Company

• Detailed operational and strategic plan for the business
• Business development
• Detailed Budgets and forecasts

Long form report prepared – by the reporting accountants who records the results of the financial due diligence

• Nature and scope of business trends
• Adequacy of accounting systems
• Forecasting, working capital, accounting policies

Short Form Report

• 3 year Financial statements (Audited)

Working Capital Report – 18 Months

Legal including verification of, Material contracts, Underwriting Agreements

WHAT ARE THE CORPORATE GOVERNANCE, RISK MITIGATION?

RISK MITIGATIONS (who is responsible for reviewing Risk mitigation issues)

• Auditors
• Reporting Accountants
• Lawyers
• NOMAD (Nominated Advisors)

All above would assist in ensuring that the information is correct and ensure due care with risk mitigation

The end result being the admission document which is the responsibility of the NOMAD to the Stock Exchange, ensuring everything is correct and verified.

STRUCTURE AND REQUIREMENTS OF AN EFFECTIVE BOARD

Well functioning Board is led by the Chairman

CORPORATE GOVERNANCE FOR GROWING COMPANIES

WHAT ARE THE OBJECTIVES OF CORPORATE GOVERNANCE?

Corporate Governance is the system of processes, activities, standards and reporting to facilitate and deliver growth in long term shareholder value by reducing risk while maintaining a flexible, efficient and effective management framework within an entrepreneurial environment.

It represents a dynamic relationship between shareholders, the Company and the Directors, influenced by a number of external factors including regulation and social responsibility.

It reduces the risk of uncommercial and inappropriate bad decisions being made.

SUPERIOR STRATEGIES FOR BUSINESS GROWTH: QCA Code

THE PRINCIPLES OF THE QCA CODE

• Establish a strategy and business model which promotes long term value for shareholders
• Seek to understand and meet shareholder needs and expectations
• Take into account why the stakeholder and social responsibilities and their implications for long term success
• Embed effective risk management, considering both opportunities and threats throughout the organisation
• Maintain the board as a well functioning, balanced team led by the chair
• Ensure that between them, the directors have the necessary up-to-date experience, skills and capabilities
• Evaluate board performance based on clear and relevant objectives, seeking continuous improvement
• Promote a corporate cultures that is based on ethical values and behaviours
• Maintain governance structures and processes that are fit for purpose and support good decision making by the board
• Communicate how the company is governed and is performing by maintaining a dialog with shareholders and other relevant stakeholders