Is E-commerce Right for Smaller Businesses? 10 Stats That Tell the Story

Is E-commerce Right for Smaller Businesses? 10 Stats That Tell the Story


Is E-commerce Right for Smaller Businesses? 10 Stats That Tell the Story

Is E-commerce Right for Smaller Businesses? 10 Stats That Tell the Story

A nearly universal aim among smaller businesses is to become…well, less small. The question of how to expand market reach and find new customers is on the minds of most leaders of small and medium-sized businesses (SMBs), and the prospect of branching out into e-commerce can be tempting.

But is e-commerce really a good move for SMBs? It’s a reasonable question, which is why we’ve put together this “story in stats” to shed light on e-commerce’s place in the small business world. And spoiler alert…for SMBs who are considering adding online sales to their repertoire, the story has a happy ending!


Let’s start with an overview. Currently, over one third of SMBs have not set up any type of e-commerce platform1. This places these businesses at a disadvantage if their competitors offer online sales options (which they probably do).


To understand the magnitude of the advantage SMBs gain when they adjust their business models to include e-commerce options, think about this stat: In the last 10 years, the portion of U.S. retail sales commanded by e-commerce has TRIPLED. Specifically, online sales accounted for about 5% of all U.S. retail sales in 2013, but now they account for about 15%2. With younger generations opting for e-shopping at higher rates than older generations, it’s logical to expect this upward trend to continue.

0 %

On the flip side, to understand the disadvantage experienced by companies that don’t offer e-commerce options, consider this statistic: 40% of buyers will not purchase items or services from a company that doesn’t offer their preferred channel3. That means you could lose out on a huge chunk of potential customers simply because you don’t offer their preferred buying channels.

0 %

And what are those most preferred channels? A whopping 64% of customers reported a distinct preference for ordering online and picking up in-store4. A slightly smaller proportion (55%) reported a preference for either fully online buying or hybrid (i.e., combination of in-store and online). So for SMBs wondering how to position themselves to reach as many customers as possible, the take-home here is that having both in-store and e-commerce options is advantageous.

0 %

Now, you may be reasonably wondering if e-commerce will increase your total revenue, or if it will simply cannibalize your brick-and-mortar sales. The encouraging news is that for brick-and-mortar operations that added an e-commerce option, their online channel generated a 28% increase in revenue overall5.

0 %

But wait, it gets even better! Adding an e-commerce option not only generates additional revenue through online purchases—it can also increase your in-store sales. Remember how we mentioned above the 64% of buyers prefer to purchase online but pick up in-store? Well, those buyers often find additional items they want to purchase once they enter the store. A Google study found that 85% of buyers make additional in-store purchases when picking up their online orders6.

0 %

Once a business makes the plunge into the e-commerce realm, some new questions arise. You may already know that customer experience is the key to success, but how do you enhance online customer experience? In short, website speed. One study revealed that a 0.1 second improvement in site speed was associated with a 9.2% increase in order value7.

0 %

On the other hand, a slow website may portend disappointing outcomes for SMBs who adopt e-commerce. One study revealed that 79% of customers would be less likely to make a repeat purchase from an online site if they felt dissatisfied with its speed8. This is one reason why hosting your e-commerce platform with a cloud provider makes sense. You avoid any latency issues that may crop up with on-premises infrastructure, and the scalability of the cloud allows your platform to handle surges in traffic and purchases.

0 %

Even with good site speed, you still face the unpleasant reality of shopping cart abandonment. One study found that 63% of customers abandon carts if shipping is too expensive, while 36% do so if shipping takes too long9. Whether partnering with a third-party fulfillment company or managing shipping internally, automating workflows following order submission helps to increase efficiency and reduce labor costs associated with order fulfillment.

0 %

Customers may also abandon carts if personal information they entered previously has not been stored in the online purchase platform. When faced with having to re-enter credit card information, 30% of online buyers will abandon carts, and 25% do the same if asked to re-enter their shipping information10. For SMBs wishing to enhance customer experience by storing this type of sensitive data, consulting with a cybersecurity expert first is a must.

The story told by the last few stats (aka, “How to Lose Online Customers”) may have left you wondering what happened to the “happy ending” that we promised for this story. The silver lining is that developing a solid underlying infrastructure for your e-commerce operations can help you to create the positive shopping experience that attracts customers and keeps them coming back.

Offering both cloud hosting, managed IT, and cybersecurity services, NexusTek assists SMBs to create, manage, and secure the IT infrastructure needed to support top-of-the-line e-commerce operations.

Interested in exploring how to create a powerful infrastructure for your e-commerce platform?


  1. (2021). Small and medium business trends report.
  2. S. Census. (2023, February 17). U.S. Census Bureau news.
  3. (2019). State of the connected customer, third edition.
  4. Haller, K., Wallace, M., Cheung, J., & Gupta, S. (2022). Consumers want it all: Hybrid shopping, sustainability, and purpose-driven brands. IBM.
  5. Stewart, N. (2023). Omnichannel retail brands increase revenue 28% via ecommerce presence. BigCommerce.
  6. (2021, August 18). In-store yield higher sales conversion rates than e-commerce.
  7. (2020). Milliseconds make millions.
  8. Wilson, A. (2022). Why site speed is so important: Conversions, loyalty, and Google search ranking. Shopify.,users%20by%20up%20to%2027%25
  9. Estay, B. (2023). 16 online shopping statistics: How many people shop online? BigCommerce.
  10. Estay, B. (2023). 16 online shopping statistics: How many people shop online? BigCommerce.

How SMBs Can Strategize Like Enterprise-Level Organizations

How SMBs Can Strategize Like Enterprise-Level Organizations


How SMBs Can Strategize Like Enterprise-Level Organizations

How SMBs Can Strategize Like Enterprise-Level Organizations

When it comes to IT strategy, larger businesses often have an edge over smaller ones. Most small and medium-sized businesses (SMBs) have few dedicated IT employees, and about a quarter of businesses with under 50 employees operate using only part-time IT employees1. In many SMBs, the company’s IT is handled entirely by non-technical employees, with managers and executives up to the CEO playing a hands-on role in the daily management of IT infrastructure.

In contrast, larger enterprises typically have a full IT department to deal with day-to-day IT management. They also have executive-level technology leaders whose role is primarily strategic, meaning that they provide forward-looking technology leadership that helps the C-suite make IT decisions that align well with the organization’s business goals and budget.

Although SMBs might get along well enough managing their IT in a purely tactical sense, they often lag behind in terms of IT strategy. While the average SMB uses IT just to get their day’s work done, their larger or more strategic competitors are putting technology to work to achieve goals like changing their business model, increasing speed of service, increasing productivity, and improving security of client transactions.

SMBs and IT Strategy—Yes, It’s Possible

The positive news is that taking a strategic approach to IT is within the realm of the SMB. You first need to start thinking about IT as a source of strategy that you will weave into your larger business strategy. The basic building blocks of IT strategy include the following:

  • Document existing IT environment: Include all equipment, software, licenses, and IT people. This helps to establish your IT baseline.

  • Financial assessment of IT environment: Determine your IT budget, including both CapEx and OpEx, and forecast for future spending. Calculating an IT cost ratio (i.e., your IT costs as a percentage of total revenue) can help your business to understand how its IT spending compares to peers.

  • Evaluate risks or weaknesses of current IT: Document any gaps in capability, any issues your current IT creates, or areas that do not meet expectations. These risks or weaknesses provide the foundation for future IT opportunities as you develop your strategy.

  • Define business goals and aligned technology goals: This is the big one. As you review the goals of your business, ask yourself whether your current IT furthers those goals. If there is a disconnect between the outcomes your IT generates and what your organization is trying to achieve as a business, you will need to articulate new technology goals that better support your business goals.

  • Identify technologies that align with your technology goals: Once you have established technology goals that match your business goals, it’s time to determine which technologies will further those goals. For example, if growth is a key business goal, then migrating from on-premises to cloud computing might be a strategic choice, as the cloud scales more quickly and at lower cost than on-premises infrastructure.

  • Create IT roadmap: Once you have selected technologies that support your business goals, an important step is to create an IT roadmap with both short- and long-term goals. Phasing in new technologies over time helps to make the changes less stressful for employees, while also keeping costs manageable within your budget.

Lack of IT Expertise at SMBs—What to Do About It

Given that executive-level technology leaders like CIOs are responsible for strategic IT planning in large companies, it stands to reason that creating IT strategy takes some skill. CIOs have a combination of experience, training, and education that gives them a deep understanding of IT and business, and how the two intertwine. They also earn salaries that average over $300,0002, making it impractical for most SMBs to employ a CIO on a full-time basis.

This is where technology leadership-as-a-service comes in, also known as the Virtual CIO (vCIO). The vCIO is an executive-level technology leader who works in a consulting role with businesses that do not or cannot employ their own CIO in-house. When SMBs add a vCIO to their strategic planning team, they bring in the IT expertise that is needed to create a strategic IT roadmap, but without the expense of employing a full-time technology leader.

By following a thorough and deliberate planning process and bringing in technology leadership to the extent they desire, SMBs can strategize like the big companies and outpace their similar-sized competitors. This is why some say that technology is the “great equalizer” in business. When used effectively, it puts smaller businesses on an equal footing with their larger competitors.

Offering vCIO consultation and strategic planning, NexusTek assists SMBs to create roadmaps to achieve their business goals through more effective use of IT.

Interested in exploring how strategic IT planning can help your business achieve its goals?


  1. SMB Group. (2023). SMB business and technology challenges and priorities for 2023.
  2. (2023, February 9). How much does a Chief Information Officer make?,25.htm

Future-Proofing in an Age of Constant Change

Future-Proofing in an Age of Constant Change


Future-Proofing in an Age of Constant Change

Future-Proofing in an Age of Constant Change

The notion of future-proofing your business within an environment characterized by constant change may seem contradictory at first glance. If future-proofing entails implementing an IT infrastructure that will not rapidly become obsolete, and we know that technology changes continually, how is it possible to truly future-proof your IT?

It’s an excellent question, and the answer is that future-proofing is not really about any particular device or technology. Future-proofing your business infrastructure is more about strategy, about making IT choices that allow your business to shift and change with the currents of technological advancement with greater agility. It’s a nuanced difference, but an important nuance, nonetheless.

If the objective of future-proofing is to improve your business’ ability to adapt to an ever-changing business environment, then what are some concrete examples of this strategy in motion? Below we cover four examples along with explanations of how they help you to avoid obsolescence.

Strategic Choice

Adopt cloud-based infrastructure.

How This Future-Proofs Your IT

  • Ensures that you always have access to state-of-the-art infrastructure, as data center hardware and networking are continually updated by cloud service providers.
  • Supports multi-channel customer service, an increasingly expected option that 78% of customers already routinely use1.
  • Allows you to scale up or down easily as your business changes and grows, and as market conditions change.
  • Enables remote and hybrid work options, for which demand continues to grow; about half of employees prefer remote work, with about 25% of onsite workers planning to search for a remote job2.

Strategic Choice

Migrate applications to Software-as-a-Service (SaaS) versions.

How This Future-Proofs Your IT

  • Offers you access to the most recent version of an application on a subscription basis, so you never have to worry about buying and installing new versions.
  • Supports access to business and customer data from anywhere, creating flexibility to change when, how, and where you conduct business.
  • Gives all employees access to the same customer data, allowing them to provide consistent, personalized service at a level now expected by 72% of customers3.

Strategic Choice

Refresh on-premises hardware and software routinely.

How This Future-Proofs Your IT

  • Ensures that as new software tools that may be useful in advancing your business objectives become available, your business will be positioned to adopt the new tools, which often impose systems demands that outdated hardware and operating systems cannot keep up with.
  • Ensures that software, operating systems are continually patched and supported by manufacturer.

Strategic Choice

Include vCIO in your strategic planning team.

How This Future-Proofs Your IT

  • Keeps you apprised of technology trends, and whether and how they might apply to your business.
  • Improves your ability to plan strategically for infrastructure that resists obsolescence—in other words, helps you align IT decisions with future-proofing strategy.

One might also argue that (a) cybersecurity solutions and (b) managed IT services belong on this list, as both promote IT longevity and viability in their own ways. Implementing a multi-layered cybersecurity program helps to prevent cyber incidents that can lead to data loss, downtime, enormous remediation costs, and possibly even lawsuits. Clearly these types of outcomes can damage the future prospects of a business.

Similarly, managed IT services keep your entire infrastructure maintained and in good condition, improving productivity, ensuring a reliable customer experience, and avoiding major issues that can lead to unplanned downtime.

And while these solutions both certainly put your business in a position to continue operating smoothly into the future, the strategic choices in the table above stand apart in their centrality to future-proofing. This is because they contribute specifically to your business’ ability to adapt and stay on the leading edge, both in terms of the technology you use and also by positioning your business to take advantage of new market opportunities through strategic use of IT.

NexusTek offers strategic consulting to guide your business’ future-proofing initiatives, along with the IT solutions you need to keep your infrastructure healthy and viable into the future.

Interested in talking to an IT strategy expert about how to future-proof your infrastructure?

NexusTek Recognized on CRN’s 2023 MSP 500 List

Honored as a leading solution provider for the seventh consecutive year
Honored as a leading solution provider for the seventh consecutive year

NexusTek Recognized on CRN’s 2023 MSP 500 List

Honored as a leading solution provider for the seventh consecutive year

Denver, CO, February 15, 2023 NexusTek, a top national cloud, managed IT services, and cybersecurity provider, announced today that CRN®, a brand of The Channel Company, has named NexusTek to its Managed Service Provider (MSP) 500 list in the Elite 150 category for 2023. CRN’s annual MSP 500 list identifies the industry-leading service providers in North America who are driving a new wave of growth and innovation for the channel through forward-thinking approaches to managed services, helping end users increase efficiency and simplify IT solutions, while maximizing their return on investment.

MSPs have become a vital part of the success of businesses worldwide. MSPs not only empower organizations to leverage intricate technologies but also help them keep a strict focus on their core business goals without straining their budgets.

The annual MSP 500 list is divided into three sections: the MSP Pioneer 250, recognizing companies with business models weighted toward managed services and largely focused on the SMB market; the MSP Elite 150, recognizing large, data center-focused MSPs with a strong mix of on- and off-premises services; and the Managed Security 100, recognizing MSPs focused primarily on off-premises and cloud-based security services.

“We at NexusTek are thrilled to be recognized for the seventh consecutive year on CRN’s MSP 500 list, and to be included among the Elite 150 is truly an honor,” said Mike Hamuka, Chief Revenue Officer at NexusTek. “As a managed services provider, we face an ever-changing technology landscape that challenges us to stretch and adapt continuously. But there is one constant that drives us: our customers’ satisfaction. Our solutions are shaped around our customers’ needs and preferences, and it is gratifying to be recognized by CRN for these efforts.”

“Managed services offer a path for businesses of all sizes to remain efficient and flexible as they grow,” said Blaine Raddon, CEO of The Channel Company. “The solution providers on our 2023 MSP 500 list are bringing innovative managed services portfolios to market, helping their customers win by doing more with the IT budgets they have and freeing up resources to focus on mission-critical activities to drive future success.”

The MSP 500 list will be featured in the February 2023 issue of CRN and online at

About NexusTek

Trusted by thousands of small and medium-sized businesses (SMBs), NexusTek is a national managed IT services provider with a comprehensive portfolio comprised of end-user services, cloud, infrastructure, cybersecurity, and IT consulting. We design holistic solutions for customers that deliver a superior end-user experience, backed by a 24/7/365 domestically staffed support team. NexusTek Managed Service Plans offer end-to-end IT management with fixed-monthly, per-user pricing through which SMBs can leverage help desk, backup, disaster recovery, dedicated engineers, security, 24×7 remote support, and network monitoring services while creating predictable IT budgets.

About The Channel Company

The Channel Company enables breakthrough IT channel performance with our dominant media, engaging events, expert consulting and education, and innovative marketing services and platforms. As the channel catalyst, we connect and empower technology suppliers, solution providers and end users. Backed by more than 30 years of unequalled channel experience, we draw from our deep knowledge to envision innovative new solutions for ever-evolving challenges in the technology marketplace.

Share On Social


7 Reasons Businesses Love Having a Dedicated Engineer

7 Reasons Businesses Love Having a Dedicated Engineer


7 Reasons Businesses Love Having a Dedicated Engineer

7 Reasons Businesses Love Having a Dedicated Engineer

It’s Valentine’s Day, and love is in the air. And in the world of IT management, few are so roundly adored as dedicated engineers. This may prompt the question: What is a dedicated engineer? A dedicated engineer is a highly skilled IT professional who is assigned to a specific business, and who provides routine and as-needed technical support to keep the business’ infrastructure running smoothly.

Why do businesses love dedicated engineers so much? Following are 7 key reasons:

1. They know you and your business.

When you work with a dedicated engineer, they get to know your business and develop a deep familiarity with your infrastructure and how it relates to your business needs. In other words, they understand how you use IT to get important jobs done throughout your company. This familiarity engenders a sense of shared purpose, of partnership between your business and your dedicated engineer, and it also saves you time because you’re not having to continually explain your IT to new techs who don’t know your business well.

2. They can save you money.

We all know that preventing problems is cheaper than reacting to them later when the damage is done. Whether it’s downtime, cyber incidents, or data loss, proactive IT management to prevent such problems can save you untold amounts. In addition, dedicated engineers can also be a more cost-effective choice than hiring your own IT engineer, and you never have to worry about turnover costs related to recruiting and training.

3. They prevent unpleasant surprises.

Dedicated engineers don’t just react to IT issues; they take a proactive approach to maintaining your infrastructure, using their expertise to identify and resolve issues before they become a problem for your business. Their proactive attention to IT management keeps your infrastructure tuned up and running reliably, preventing costly issues like downtime and data loss.

4. They strengthen your in-house IT team.

Having a dedicated engineer working alongside your own internal IT team can help to improve communication and coordination regarding infrastructure management. Most businesses struggle with high turnover among tech support staff and are continually dealing with the loss of IT knowledge and experience such turnover causes. Having an experienced, dedicated engineer can help to stem those effects, making sure that key knowledge about your infrastructure is retained within the support team.

5. They empower your IT decision making.

Dedicated engineers can provide you with regular technology reviews, providing you with key metrics to help you understand the current state of your IT from top to bottom. This equips you with the information you need to make smart decisions about your IT both in the present and future.

6. They keep you current on tech changes.

You have undoubtedly noticed that technology changes…constantly. Most leaders of small and medium-sized businesses (SMBs) don’t have the time or inclination to stay current on the multitude of tech advancements that can and do impact business IT. But a dedicated engineer does. Dedicated engineers stay up to date on the latest business technology changes and can help you understand the pros and cons of adopting new technologies.

7. They work where you need them.

Another great thing about dedicated engineers is that they work where and how you prefer. Some businesses want IT management onsite, and some want remote support. With a dedicated engineer, you can choose the arrangement that works best for your business.

With the wealth of knowledge and skill they offer, it is easy to see why dedicated engineers quickly become invaluable members of the SMB teams they join.

NexusTek offers dedicated engineer support along with a comprehensive portfolio of IT management services that keep SMBs productive and on the cutting edge.

Interested in exploring dedicated engineer support for your business?

3 Real-Life Cybersecurity Incidents… and What They Can Teach You

3 Real-Life Cybersecurity Incidents... and What They Can Teach You


3 Real-Life Cybersecurity Incidents... and What They Can Teach You

3 Real-Life Cybersecurity Incidents… and What They Can Teach You

Before getting into the gritty details, let us first acknowledge that no one—be it an individual or a business—likes being “made an example of” in front of an audience. Being the victim of a cyberattack is painful in a number of ways, not the least of which is the public embarrassment or stigma associated with data breach. Our aim in this article is not to place blame, but to highlight the valuable lessons that other businesses can learn from these real-life incidents.

Incident 1: Malicious Web Browser Update

A large insurance company with a nationwide presence was the victim of a ransomware attack that began with a social engineering scheme. The threat actors created a fake web browser update that was delivered through a legitimate website, and after successfully tricking a single employee into clicking on the fake update, they were able to breach that employee’s workstation.

From there, the threat actors moved through the company’s systems, disabling security monitoring tools, deleting backups, and encrypting data throughout. In compliance with ransom demands by the attackers, the company reportedly paid $40 million to obtain a decryption key and to prevent public release of employees’ sensitive data, which threat actors claimed to have stolen.

What Can Be Learned:

  • As with many cyberattacks, this one highlights the importance of employee security awareness training, as a simple employee error opened the door to an extensively damaging attack and data breach.
  • Another key point is that before launching the ransomware attack in full, the threat actors located and destroyed backups. This illustrates the importance of business continuity and disaster recovery strategies that include offsite backups that attackers cannot access from inside the company’s network.

Incident 2: Ransomware Attack

The next cybersecurity incident involved a regional hospitality business with about 2,700 employees, that operates a collection of music venues, restaurants, and hotels in the Pacific Northwest. In late 2021, the company’s employees found that they could not access digital files as usual—the result of a malware infection. As soon as the company identified the problem, they shut down key systems to prevent the attack from progressing. The immediate effect of the attack was that they were unable to use any point-of-sale machines, and online access to functions like room reservations was immobilized.

The long-term issues have cut deeper, however, as the ensuing investigation revealed that the threat actors accessed sensitive employee information (e.g., social security numbers), which could be used in identity theft, from thousands of employee records that spanned decades. On top of this, employees have filed a class action lawsuit against the company, alleging that insufficient cybersecurity measures allowed the ransomware attack to happen.

What Can Be Learned:

  • The downtime the company experienced is a common side effect of cyberattacks, which demonstrates the importance of planning ahead with business continuity strategies to ensure that critical infrastructure remains operational in a crisis situation.
  • Although reports to date have not explained the root cause of this ransomware attack, what this case makes clear is that post-attack lawsuits are a reality. In such cases, being able to show due diligence to protect sensitive data before an attack occurs is important. Conducting cybersecurity risk assessments and using a multi-layered cybersecurity strategy that addresses threats from a variety of angles are helpful strategies toward this end.
  • Cybersecurity risk management assessments may also be useful in qualifying for cyber insurance, which can help with business and legal costs associated with cyberattacks.

Incident 3: Spear Phishing/Business Email Compromise

In a world of ever more sophisticated, technology-based cyberattack vectors, it is easy to forget about the more basic cyber scams. But they’re still in use and still a threat. As an example, consider the business email compromise (BEC) attack that befell a small construction company in Texas.

The company received an email from what they thought was one of their contractors. The email said that they were having problems receiving payments, and it asked that payment instead be mailed to a different address. What the company didn’t notice was that the sender’s email address had been spoofed, meaning that it looked very similar to an actual email address from the contractor, with only slight differences. Unfortunately, the construction company dutifully sent a check for $210,312 to the BEC attackers before learning that the request was not legitimate.

What Can Be Learned:

  • Employee security awareness training on a routine basis is paramount. Spoofed email addresses use subtle substitutions to make them easy to miss, and employees need to be sensitized to this threat to make sure it doesn’t slip through.
  • When in doubt about an email’s authenticity, reach out directly (don’t reply to the email) to the ostensible sender to verify.

These are just a few real-life examples of cyber incidents that in their different ways have been very costly to the businesses victimized. Taken together, these stories illustrate the importance of protecting access to your systems through strategies ranging from employee awareness training to strong password policy to multi-factor authentication.

Should threat actors navigate past these barriers, solutions that can detect malicious activity and limit access within your network (e.g., SIEM, IAM) are important in slowing threat actors down. Finally, resilience strategies are important for ensuring that critical systems keep running and that backups are maintained where threat actors cannot reach them, keeping them safe from loss or destruction.

Is your business doing all it can to manage cyber risk? Our cybersecurity experts can help.

The descriptions of cyber incidents in this blog post are based on actual events, but identifying information has been omitted out of respect for the businesses affected.

Aligning IT During a Merger or Acquisition

Aligning IT During a Merger or Acquisition


Aligning IT During a Merger or Acquisition

Aligning IT During a Merger or Acquisition

Mergers and acquisitions (M&As) are as promising and exciting as they are intimidating. For many small and medium-sized businesses (SMBs), merging with another organization offers the opportunity to expand beyond their immediate geographic markets and possibly diversify the products and services they offer to command a larger market share.

These attractive prospects come with some tantalizing financial possibilities: Expanding your business’ reach and taking advantage of new efficiencies brings the promise of increased revenues and reduced expenses. Over-eagerness to capture these benefits, however, can result in costly miscalculations, and in truth, only 47% of M&As result in positive returns in the first year1.

A major stumbling block for many SMBs is not taking the time to create and follow a post-merger integration (PMI) plan, a key component of which is IT integration. In fact, only 40% of businesses formally develop a PMI plan2, and many fail to appreciate the importance of strategic IT integration planning.

To give your business the best chance of success with your M&A, it is wise to construct a thorough IT integration plan, keeping the following in mind:

The due diligence stage of M&A planning must include IT.

A company’s IT infrastructure is integral to its strategic performance. Importantly, in 50-60% of M&As, the new synergies and efficiencies firms seek to gain are at least partially related to IT3. Taking the time to fully understand both organizations’ IT realities helps with accurate valuation as well as thorough integration planning, so that you’re ready to hit the ground running immediately after the deal is done.

Map out the full IT infrastructure of both organizations.

This can be a time-consuming and tedious step, but one that deserves thorough attention. In this step, you need to do a full accounting of each company’s infrastructure, including every piece of hardware, every application in use, and all subscriptions and licenses. Some important questions you need to be answering with this information include:

  • How do applications and other infrastructure elements relate to operations, especially those operations that are closely associated with competitive advantage?
  • What applications and data are mission-critical?
  • Do you foresee functionality gaps, i.e., functions the new organization will require that are not supported by current infrastructure?
  • What communication systems are in use?
  • Is there outdated hardware that needs updating?

Get a thorough understanding of the IT talent across both organizations.

This includes not just titles but organizational roles, IT operational practices, and IT budget and other resources. It is also useful to learn:

  • What skills and experience are possessed by IT employees across both organizations?
  • Are there any skills gaps to address as you move forward with the deal?
  • How do the organizations handle proactive and reactive IT issues, and are processes compatible?

Determine the desired future IT systems for the post-merger organization.

This is where you’ll need to make some tough decisions, as there will inevitably be elements of one or both organizations’ infrastructure that will need to change. Here are some considerations to guide those choices:

  • “Best of both worlds” approach: Changes to tech always evoke a certain level of resistance in employees, but a great way of minimizing such resistance is by crafting a new infrastructure using a “best of both worlds” approach. This is where you incorporate the most effective tech from each organization to best meet the business goals of the post-merger organization.
  • Be careful with legacy systems: Don’t rush to eliminate legacy systems just because they’re old. Legacy systems are often still around in a business because they are mission-critical, and premature discontinuation of such systems can seriously hamper operations.
  • Consolidate when possible: Vendor consolidation is an important step, as it allows the new organization to take advantage of volume discounts due to its larger size. For example, software subscriptions may be less expensive when purchased at higher volumes; just make sure that you verify transferability of software and other licenses during the due diligence phase.
  • Identify redundancies and streamline: This is also an ideal time to look for functional redundancies across applications, and to streamline across the newly formed organization to reduce IT costs. Keep in mind that in the average company, over 30% of software spend is wasted4; the creation of a new, post-merger infrastructure is the perfect opportunity to weed out such overspend.
  • Reassess cybersecurity and cyber resilience: Finally, don’t forget to rethink your cybersecurity, as your new infrastructure will likely have new security needs. Combining elements of two previously separate IT systems may leave holes in your security posture that will need to be filled. With your new infrastructure, there will also be a need to reassess business continuity and disaster recovery, to make sure you are prepared to withstand crisis events like ransomware attacks and natural disasters.

A thoroughly planned IT integration plan can make the difference between a chaotic post-merger environment and a smoothly functioning one that is ready to capitalize on the synergies that make M&As worth the work.

Offering in-depth IT assessments and executive-level technology leadership services, NexusTek puts the expertise you need for a successful M&A at your fingertips.


1, 2. Kengelbach, J., Berberich, U., & Keienburg, G. (2015, October 14). Why deals fail. BCG.

3. McKinsey & Company. (2011). Understanding the strategic value of IT in M&A.

4. Flexera. (2022). State of ITAM report.

Understanding the Impacts of a Ransomware Attack


Understanding the Impacts of a Ransomware Attack

Ransomware attacks continue to plague businesses of all sizes, with 82% of attacks hitting small and medium-sized businesses (SMBs)1. And with the rise of “ransomware-as-a-service,” in which cybercriminals sell ready-made ransomware tools for use by other attackers, it has become more urgent than ever for businesses to protect themselves against this insidious form of cyberattack. To do so, you need to grasp the realities of ransomware attacks:

Stage 1: Employee Unwittingly Grants Access to Network

In most cases, ransomware attacks begin with phishing emails or other types of social engineering attacks, where threat actors try to trick employees into sharing credentials or downloading malicious software by clicking on links or attachments in emails. In some cases, malware is downloaded when an employee visits a malicious website, also known as “drive-by downloading.” Most employees have no idea that they’ve opened the door to a ransomware attack at this stage.

Stage 2: Threat Actors Go After the Data

In the next stage, threat actors put their malicious program to work, encrypting the victim’s data. This renders the company’s data unusable, which forces the company to suspend most if not all business activity. Even worse, ransomware attackers are now more likely to locate and encrypt the victim’s backups as well. With control over the victim’s data, the attackers now have the leverage they need to execute their extortion scheme.

Stage 3: Victim Receives Ransom Note

In the third stage of the attack, a ransom note appears on the victim’s screen. The note threatens the company that if they do not pay a certain sum, usually in cryptocurrency, then their data will be encrypted indefinitely and possibly even destroyed or shared with the public. In this way, ransomware attackers create urgency and fear in their victims, which often compels them to pay up in order to receive the decryption key. And while 66% of companies believe that they would never pay the ransom, in truth, about 65% do pay when faced with the realities of unusable data and an immobilized business2.

The Aftermath: How a Ransomware Attack Impacts a Business

As the above suggests, ransomware attacks are major crisis events that can bring a company to its knees. The impacts are various and can include:

  • Downtime, which costs the majority of SMBs between $10,000 and $50,000 per hour3.
  • Ransom payment, with median payment of $36,360 and average payment of $228,125 (note that law enforcement agencies strongly discourage paying the ransom)4.
  • Permanent data loss whether the ransom is paid or not, as many ransomware attackers do not make good on their promise of sharing a usable decryption key in exchange for the ransom.
  • Loss of intellectual property, possibly leading to loss of control over patented information and trade secrets.
  • Post-attack remediation costs, including costs to replace or recreate lost or damaged files and restore damaged systems, the total cost of which averages $139,000 for SMBs5.
  • Reputation damage among partners, vendors, and the public, often leading to lost business from current and prospective customers.
  • Lawsuits, often resulting from threat actors releasing sensitive or proprietary information accessed during the attack, which 86% of attackers threaten6.

Protecting your business from ransomware attacks requires proactive measures to reduce the likelihood of attack, combined with strategies to limit the damage threat actors can do should they gain access to your company’s network.

Contact NexusTek to learn about multi-layered cybersecurity solutions that hit all the angles.


1 .Drapkin, A. (2022, February 7). 82% of ransomware attacks target small businesses, report reveals.

2. Fruhlinger, J. (2020, June 19). Ransomware explained: How it works and how to remove it. CSO.

3. Infrascale. (2020, May 13). Infrascale survey highlights the heavy costs of business downtime.

4. Coveware. (2022, July 28). Fewer ransomware victims pay, as median ransom fall in Q2 2022.

5. Help Net Security. (2022, September 15). SMBs are hardest-hit by ransomware.

6. Coveware. (2022, July 28). Fewer ransomware victims pay, as median ransom fall in Q2 2022.

Tech Trends for 2023: Don’t Fall Behind

Tech Trends for 2023: Don’t Fall Behind


Tech Trends for 2023: Don’t Fall Behind

Tech Trends for 2023: Don’t Fall Behind

Welcome to 2023, and we hope your New Year is off to a wonderful start!

No technology blog would be complete without its annual “Tech Trends” article, so we’ve looked into our crystal ball to discover what we predict will be some of the most impactful trends in technology in the coming year. We hope you find this informative and that your business has a stellar 2023!

Broad Trend: Sustainability

Sustainability continues to grow in importance to both consumers and businesses, with 90% of businesses now adopting some form of environmental, social, and governance (ESG) practices1. Many consumers now make buying decisions based on a company’s ESG performance, and they have become shrewd evaluators of the authenticity of a firm’s stated commitment to sustainability. In fact, the term “greenwashing” has been coined in reference to ESG practices that appear disingenuous or of little practical benefit.

Specific Trend: Migrating to Cloud

The perils of greenwashing have become so acute that Forrester projects that “greenwashing becomes a serious business risk” in 20232. Technology experts such as Gartner’s David Groombridge view IT as being at the center of effective sustainability programs, suggesting that firms adopt a “sustainable by default” policy for all technology decisions.

For businesses looking to improve their sustainability performance, migrating to the cloud is a logical place to start. Compared with on-premises IT infrastructure, cloud data centers make much more efficient use of energy due to factors like higher server usage levels, data center location, and hardware efficiency. What this means for an individual business is that they can obtain the same amount of computing power while consuming far less energy than they would with on-premises infrastructure. This makes cloud computing an ideal means of shrinking your carbon footprint.

Broad Trend: Zero-Trust Cybersecurity

As cloud computing has gained prevalence, many voices have expressed concern about the security of the cloud. Under the traditional perimeter-based cybersecurity model, a company grants trust to users located inside the business’ network, denying trust to those located outside of that perimeter. But where exactly is that perimeter if your workloads are in the cloud and your employees work from remote locations of their choice?

This is an excellent question, one that is underscored by the fact that 20% of companies report experiencing a security breach due to a remote worker3. The answer? We need a new paradigm of security: Zero-trust cybersecurity.

Specific Trend: Multifactor Authentication & Identity Access Management

Zero-trust cybersecurity is not a single solution. It is a state of security that is established by using a collection of solutions that together function to protect a company’s infrastructure in its entirety. As business infrastructures grow ever more diffuse, different methods are needed to ensure that access is granted at appropriate levels and to the right people. Solutions such as multifactor authentication (MFA) and identity access management (IAM) function to support these objectives, using multiple criteria to verify users before granting access on a least-privilege basis.

Specific Trend: Endpoint Management Solutions

You may have heard about solutions like endpoint detection and response (EDR) and mobile device management (MDM)–these security solutions also support a zero-trust cybersecurity program. Endpoint solutions like EDR and MDM enhance security by allowing a company’s IT team to remotely monitor for malicious activity and manage the wide range of devices used by today’s employees, such as mobile phones, laptops, and tablets.

Because employees often use a mix of company and personal devices, also known as bring-your-own-device (BYOD), it is important for IT to have the ability to establish administrative policies and monitor for malicious activity on any device connecting to the company network. Endpoint management solutions give IT departments this capability.

Broad Trend: Optimize Efficiency

With ongoing inflation and a generally uncertain economic outlook for 2023, another overarching theme for many current tech trends is making the most efficient use of your technology tools.

Specific Trend: Automation

Automation certainly falls under the efficiency umbrella, as it gives your company the capacity to manage a range of predictable and repetitive tasks using IT tools rather than employee power. Gartner predicts that by 2024, companies that have implemented large-scale automation may see cost reductions of up to 30%4.

For example, business process automation applications are great tools for automating workflows that consume large amounts of employee time. This not only frees up your employees to work on important tasks, but it also reduces the likelihood of data processing errors in key areas like customer orders, inventory, job applications, and other human resources documentation.

Specific Trend: Optimizing IT Spend

Another great way to increase IT efficiency is to eliminate unnecessary spending on applications. If this seems like a no-brainer, consider this: On average, about 33% of a business’ software spend goes unused. In other words, the average company wastes a good chunk of money on things like unused software licenses or redundant applications (e.g., paying subscriptions for three applications that all do basically the same thing)5.

Offering IT Spend and other strategic assessments, plus cybersecurity, cloud hosting, productivity & collaboration applications, and managed services, NexusTek has the expertise and tools you need to get ahead of the curve in 2023.

Interested in exploring new IT possibilities for your business?


  1. Overby, S. (2022, December 5). CIOs get serious about sustainability. CIO.
  2. McLellan, C. (2022, November 2014). Tech in 2023: Here’s what is going to really matter. ZDNET.
  3. Nicoletti, P. (2022, September 29). Remote work security statistics in 2022.
  4. Weston, M. (2022, December 7). Digital transformation trends in 2023. Information Age.
  5. (2022). State of ITAM report.

Holiday Hacking: Watch Out for These Deceptive Tricks

Holiday Hacking: Watch Out for These Deceptive Tricks


Holiday Hacking: Watch Out for These Deceptive Tricks

Holiday Hacking: Watch Out for These Deceptive Tricks

While most of us get into the holiday spirit, threat actors gear up for their holiday hacking sprees. To outsmart sophisticated hackers, you have to understand how they operate. Consider the following as you develop your cybersecurity strategy—if a trickster cyber attacker were planning their holiday hacking methods, here’s what they might do…

Extend a Fake Job Offer

A tried-and-true method of gaining access to a company’s network is by tricking employees into downloading malicious files. This type of attack falls under the umbrella of “social engineering” schemes, which often prey upon employees’ trust and benevolence—a rather ruthless form of trickery, indeed.

In one recent example, a notorious hacking group gained access to a cryptocurrency platform, getting away with over $600 million in stolen funds1. How did they gain access? By tricking an unsuspecting engineer at the firm with a fake job offer that induced him to download a pdf that was infected with spyware. The rest is history.

Scan Remotely to Identify Vulnerabilities

The story above might be falsely reassuring to some small and medium-sized businesses (SMBs). “After all,” you might surmise, “we’re not a cryptocurrency platform with hundreds of millions of dollars at our fingertips, so why would a hacker target us, right?” Wrong.

In 2022, threat actors have tools that allow them to randomly scan billions of IP addresses with ease. What are they looking for? Vulnerabilities that allow them easy access to networks, akin to an “unlocked front door.” Like any other criminal, hackers take advantage of easy opportunities to commit their crimes—the nature or size of the target is secondary. In other words, you don’t have to be an enormous, high-profile enterprise to be a cybercrime target; you just have to leave the front door unlocked to be targeted.

Purchase Credentials on the Dark Web

Speaking of easy ways to gain entry into a company’s network, are you aware that some cyber attackers simply BUY access to their future victims’ systems? Yes, it’s true. In fact, Uber was attacked this year by threat actors who purchased a password on the dark web2. Once inside, the hackers were able to download information from one of Uber’s finance tools.

It is believed that the credentials were harvested from a device belonging to one of Uber’s contractors, after the device was infected with malware by the original threat actors. If cybercriminals were looking for an easy way into a company’s network, they might simply peruse the marketplace for stolen passwords. Hence the importance of multifactor authentication to stymie hackers’ efforts to log in!

Use Drones to Impersonate Wi-Fi Network

Unimaginative attack strategies like buying credentials on the dark web might eventually bore sophisticated hackers, who often demonstrate a penchant for creativity. In such case, they might try to replicate an attack that targeted a financial institution in the U.S. earlier this year—one that used drones, no less!

The threat actors in this attack placed devices on two drones and flew them to the roof of the company’s building3. The devices aboard the drones functioned to impersonate the company’s own Wi-Fi network, which then resulted in at least one employee unknowingly logging into the counterfeit network.

The hackers were then able to obtain that employee’s credentials and start their own penetration of the company’s network. Continuous monitoring for aberrant user behavior is what alerted the company to the intruders’ presence, and without such monitoring, it could have been much worse.

Use Password Spraying

Many hackers might try a simple brute force attack where they enter multiple passwords for the same username over and over, only to eventually be locked out of the system. Growing frustrated due to repeated lock-outs might lead them to try password spraying, another prevalent method of attack.

In password spraying, threat actors try the same password with a long list of usernames. The passwords might be known default passwords or commonly used passwords; for example, the password “123456” is used by over 3.5 million Americans4. Password spraying preys upon those who fail to change default passwords and/or use weak passwords that are easy to guess, making good password hygiene a must.

As a managed cybersecurity provider, NexusTek offers a range of preventive and responsive security solutions that help SMBs defend against even the most sophisticated threat actors. From employee awareness training and ongoing threat monitoring, all the way through incident response and remediation, NexusTek has your cybersecurity needs covered.

Would you like to discuss your company’s security posture with a cybersecurity expert?


1,2. Lever, R. (2022, October 28). Data breaches in 2022. U.S. News & World Report.

3. TechFunnel. (2022, October 31). Halloween special: The scariest cyber attacks of 2022 (so far).

4. Tietsort, J. R. (2022, October 3). 17 types of cyber attacks commonly used by hackers. Aura.