Cybersecurity has never been of greater concern for businesses of all sizes and industries. This blog post, by John Bruce, CGI will examine some simple and cost effective approaches that your business can implement to demonstrate to your existing and future customers and client that cybersecurity is something your business takes seriously and is committed to undertaking.
Cyber Security the ‘Challenge’
It seems like every other week, there is news of another devastating data breach (i.e. Equifax exposing the personal information of 143 million Americans).
“Ransomware” such as WannaCry can lock down your system and prevent you from accessing your own files, while distributed denial of service (DDoS) attacks like the 2018 Memcached DDoS cyber-attack are capable of temporarily bringing down even tech giants like Twitter, Amazon, and PayPal.
The challenge for any digital business today is combating these negative headlines.
Luckily, there are ways to turn them around into a positive selling point for your organisation.
Even people who understand the dangers or who have already been victims of a hack or data breach may find it hard to justify spending money on the problem of cybersecurity.
The problem is compounded by the fact that information security is inherently a highly technical topic, making it hard to communicate and understand both the threats and the solutions to guard against them.
Today, cybersecurity is not just to protect your internal systems from attack.
In this age of hacks and data breaches, it can help attract customers as well.
Despite the difficulties, using cybersecurity as a marketing differentiator for your business has plenty of advantages.
Below, we will discuss how to make cybersecurity a priority, as well as the benefits of doing so.
The Benefits of Cybersecurity
If you are a B2B company looking to expand your horizons and do business with the “big fish,” cybersecurity will be an absolute necessity.
Unless you have a well-defined information security policy already in place, medium and large companies will be highly reluctant to share their assets and information with you — and for good reason.
Two of the biggest and costliest data breaches, the 2013 Target breach and the 2014 Home Depot breach and more recently the 2019 British Airways breach, occurred after hackers broke in using the credentials of a third-party vendor.
Investing in cybersecurity will help counteract this fear from potential buyers and build trust.
B2C firms also have many reasons to focus on cybersecurity.
If you conduct business online or accept payment data from your customers, advertising your information technology security policy is a necessity. Customers want to know that when they are exchanging personal information with you, it will be in safe hands. Once again, it’s all about trust.
All else being equal, consumers will be much more likely to shop on an e-commerce site with a dedicated landing page discussing how it aims to protect shoppers from cybercrimes such as identity theft, than one that does not.
How to Make Cybersecurity a Differentiator for Your Business?
With the clear benefits of prioritising cybersecurity for your business, the question now becomes: How can you make it a priority?
Whether you are completely unsure of where to start or you want to beef up your existing protections, the three tips below will help you along the way.
1. Make It Part of Company Values
Making cybersecurity a differentiator for your business starts with an enterprise-wide decision to make it a priority.
No matter how small your IT budget, you have to choose to take it seriously at an executive level.
From there, you can start to figure out the right cybersecurity posture and the things you need to make your organisation reasonably secure.
2. Get Solid Proof
Depending on your organisation, there may be existing cybersecurity frameworks or certifications that are best practices for businesses in your industry.
For example, GDPR governs how organisations manage and process customer information, while the PCI DSS standard ensures that organisations securely handle customers’ payment card details.
These are not just boxes to check for the sake of compliance; they demonstrate to your customers that you are aware of information security standards and that you take their privacy seriously.
In the case of B2B companies, you can have a third-party perform an audit that will boost credibility among your partners.
Furnish proof of your efforts by developing a landing page on your website or printed collateral in your office that explains your current accreditation or compliance status with organisations such as PCI, ISO, and NIST.
3. Talk About It
Depending on your SSL certificate provider, you can place different badges on your website informing users that their connection is secure.
You may also choose to mention security as part of your organisation’s mission statement and core values, which is especially important if you are a tech or software development company. It shows a commitment to building and maintaining software that takes into account cybersecurity in all aspects of that system.
Digital Sales and Marketing World 2020
If your industry is highly regulated (i.e. legal, accounting, healthcare) you may specifically wish to have an executive summary at the ready of your most recent audit or assessment.
If you have not had a security audit or assessment done recently, this is the place to start!
Cybersecurity awareness training is an excellent way to improve visibility and education among your employees. Despite the sophisticated technologies available, many attacks can be traced back to relatively simple tactics such as phishing attacks and social engineering.
Employees can majorly improve your organisation’s cybersecurity practices simply by learning not to open suspicious emails and attachments, or download files from non-approved websites.
You can even test their level of awareness in a safe environment through simulated attacks.
Warnings and Cautions
Now, like any big initiative, there are a few precautions you take when using cybersecurity as a differentiator for your business.
Choose Your Words Carefully
For instance, no matter how committed you are to cybersecurity, do not make over-the-top statements or promises.
Saying that your customers’ information is “100 percent secure” is simply not credible. Even statements such as “you are safer shopping with us” can be risky.
Instead, allow customers and client to draw that conclusion themselves through your proof, rather than explicitly saying it.
Make statements such as “We know that the privacy of your personal information is important, and here is how we are protecting it.”
Lead by Example
Also, if you make cybersecurity a priority, you need to ensure that you lead by example.
Securing your websites with HTTPS, for example, is very important. Not only does it make you more credible, but it also prevents Google from penalising you in search results.
WordPress, in particular, should be updated at regular intervals due to the number of possible vulnerabilities and security exploits that come with the flexible platform. Due to its popularity — used on 30 percent of all websites — WordPress is a tantalising target for attackers.
If your website uses WordPress, you can use a third-party scanning service to identify flaws and security holes so that you know which parts to upgrade.
Both your version of WordPress and your choice of plugins and add-ons should be secure and up-to-date.
Final Thoughts
Nearly every organisation knows cybersecurity is a major concern, but too few of them are doing anything about it.
With the average cost of a data breach now over £3 million, the consequences of poor information technology security and information privacy are growing more expensive every year. So, do not risk it.
There is no need to blow your IT budget on cybersecurity, but you do need to take it seriously. Start small if necessary. Even a monthly meeting to discuss cybersecurity can help, but you need to act now.