I remember when cybersecurity was just another checkbox on my clients' way to keeping their businesses going. My market as a cybersecurity consultant had very clear boundaries: Any organization that is regulated and needs to show compliance certification to maintain its business's operations would invest in my help to get that need answered. Hospitals, banks, insurance companies--these were the majority of my clients, and the rest were software companies that needed to collaborate with these institutions.
Lately it occurs to me how different my day-to-day has been for the past couple of years. The variety of cases that arrive at my door--including worried high-profile clients who are seeking protection, small firms that don't want to lose a $5 million account, startups in their late stages that thought they could get away with not making cybersecurity efforts and are on the verge of losing a partner, and product companies trying to catch up with the competition--has certainly exposed me to different approaches, concerns, solutions, and cyberattack vectors.
I believe it is a combination of factors that has brought this change. Obviously, one factor is the spread of technology and our growing dependency in it, but more important is media coverage that raises concerns and enhances awareness among the public with reports of the latest breaches and the severe vulnerabilities found in our everyday technologies.
We are now beginning to see both individuals and corporations reach a new level of concern for cybersecurity. People are starting to be aware of their exposure, the meaning of their data, and the way the technologies they use make them vulnerable. Companies are starting to understand that they are responsible for the safety of their clients and employees. And, given this heightened awareness, cybersecurity should be integrated into your sales strategy from the outset.
Regardless of your company's field or purpose, talking about security from the very first step of your selling process and informing your prospects that you have already thought about their safety will most likely give you an edge over your competition. You will be seen as a thorough, professional, and trusted partner. Your customers need to know that their collaboration with you is not exposing them. Taking these steps will be your passport to a closer relationship with your customers:
Don't wait for a promising prospect to ask for it, because at some point you will likely need to present a certification to prove compliance anyway. Too many times, I have seen companies scramble to meet an impending deadline to obtain the requested certification to satisfy an immediate business requirement. Getting a compliance certification is a process and it takes time, so initiate that process before you've been asked to produce it, and do it right to maintain the sanity of your stakeholders. Understand the regulations and laws that pertain to your business, as well as who your customers and what their concerns are. Once you have the right certifications, make sure your potential clients aware of that. Having them already in place says a lot about your cybersecurity efforts and can enhance your reputation significantly.
Mapping, Protecting and Presenting
Every business has its own sensitive areas, including where sensitive information is stored and how sensitive actions such as authentication and transactions are processed. Those areas should be sincerely mapped, so that you'll be ready for any future questions your clients raise. For these areas, you want to map the security threats and develop a clear protection approach that will consider a combination of technologies, in some cased additional coding, and in most cases policies and procedures. Taking those measures and simply presenting them to your prospects will certainly reassure them and bring them closer to you.
Security in Your Sales Pitch
On your website, highlight your concern for security as a feature of your business model. Talk about your security efforts from the early stages of the selling process and make sure your prospects understand the advantage of working with a trusted partner such as yourself. Make sure you have clear separation between the information you can freely share with the public and information that requires an NDA to share. For example, you can share your compliance certifications, but not the detailed reports without receiving a reasonable request for them and only then when the requesting party has signed an NDA--otherwise this action will not only expose you but will present you in a very negative light. You can also show the efforts taken to approach common concerns such as encryption, segregation, perimeters, and even organizational efforts such as awareness and policies.
Though the steps above might involve some effort to implement, they are certainly worth the investment, not only to satisfy existed prospects, but to gain advantage over your competition, and so that you're prepared as national regulations and security requirements become stricter and harder to follow.