Using data security as your Unique Selling Position (USP)

Turn The PageIn the business world your business now resides in its electronic and cyber location as ones and zeros.   All the information that you prize and is the digital embodiment of your business is stored in a nefarious location that is very hard to define and even harder to locate physically.

That data is the lifeblood of your business it allows you to buy and sell, pay your staff and keep your secrets but without a whole of business security system then you are vulnerable.
The problem is that most of the time your clients and customers do not know how you treat their information.   Is your business security lax and can anyone in the business access the information?   Does your business have more than token business protection?    Even worse is the prospect that you have no idea on how to protect their information.

Maybe you need to tell your clients how much their private information means to you as a business.   If you told them that the security of your clients information is paramount to your business and you will do all that is in your power to protect that information would that be a good thing, would it benefit your business against your competition?   In most businesses any edge against your competition is something that will be of benefit

The trouble with this idea is that you also have to put something forward that is true and real and will protect your business.  To lie at this point and on this position could have far reaching implications on your business in reputation alone never mind anything else but as a unique selling point (USP) for your business, is it possible that your clients would appreciate your endeavours to protect their information.   How do you tell them that?

So the next issue could be that you don’t want to say too much to compromise the security practices that you have put in place.   You need to explain the strategy of the protection not the tactics of how you will protect their information.   This can be a fine line but in the end it would be greatly beneficial to being better in another area against your competition.

So using business security as a USP would be greatly beneficial to your business as it gives you a greater depth and protection in your client and customers eyes.   Basic protection on personal information including credit card details can be achieved with minimal cost to your business but the increase in kudos would far out way that initial cost.

Just something else for a small and medium business and not for profit organisations to think about and to implement that makes them different from their rivals.

Are we the weakest link in the security of our business?

3D Helping HandIn a discussion this week I heard a rather interesting quote.    All computer systems can be compromised but it is vigilance and persistence that create a secure environment.    This is very true.   I was talking to someone that makes his living doing penetration tests on business systems using applications that he has developed and also his slant on social engineering.

One of the things that he did bring up was that hacking and gaining access to business systems has started to go full circle.   This means that social engineering is playing a larger part of the hacking repertoire.   Social engineering is a huge subject and a little larger that the space I have here but I will touch on it for now.

In the past the combination of a social engineering attack coordinated with a direct attack usual had the attacker gaining access at some level.    This had then been superseded by the script kiddies and so called hackers who use readily available programs and exploits from the internet (usually infecting themselves in the process) as a means to access business systems.    This has been augmented with virus, spyware and malware applications that have been broadly targeted on the internet and catching unsuspecting and insecure business in the net.

The newest component in the hacker’s ability to gain access to your business system is the use of social engineering and the use of social media to gain insight into a business’s  infrastructure.   In the old days they would get on the phone and ring the company and get as much information out of those people who were answering the phone.   This has changed  greatly with the introduction of social media.

For example – Joe is a payment receipt clerk for your business.   He has a very in-depth profile on a social media site which includes all of his information, where he works, what he does, who and what he like and dislikes and birthdays and family information.   This information he allows anyone to see.   A hacker can do some research and find out about Joe and he can do some further research on your business and who you do business with.   What “Mr Black” the hacker does is creates a carefully prepared infected invoice (infected PDF file) that he sends from one of your subcontractors and from an expected source.   Joe being an innocent worker doesn’t worry about the email because he believes it is coming from a legitimate source so he  clicks on the file.    If this sound familiar – this is how RSA (one of the most secure security systems on the internet) was compromised.

To have this happen, you have to have some serious legitimate information (Critical IP) that the hacker is after or some seriously available unsecure money to make it worth the hackers worth while.

Most high level Government workers and business CIO and CEO, although they have profiles on social media sites don’t have in-depth information concerning their everyday work environment and even that information is only available to friends or contacts that they know.

To protect yourself from a social engineering attack is relatively easy;    Keep critical business and personal information to only those people that you want to have that information, not the whole internet.  Furthermore access systems that need passwords need to have high level complexity and you should also have some level of auditing and reporting on the internal systems to track transactions within the business.

Do you rely Just On Security Technology to protect your business information?

Nearly every day you hear about another security threat spreading across the internet. As a small or medium business, or a not for profit organisation (SME) how vulnerable are you to these threats?

SME’s are connecting to the internet in record numbers to support improved and greater market opportunities, to increase productivity and to strengthen communications with staff, management, customers and suppliers. The problem is, the more you open your network and business to the internet the more your confidential business information and data is at risk.

So you think you are too small to be a target?

Think again, if you use Microsoft software then you are a target by default. Microsoft is not bad but it has the largest market share, therefore any released virus, worm or application created by a hacker can achieve more with less. These programs spread rapidly and inflict damage on a global scale and you, as an SME can be caught in their net.

Security threats are constantly emerging and evolving, the job of securing your business information becomes all consuming. Little jobs take time – updating and checking anti-virus, patching and updating operating systems and applications, checking firewalls with renewed rules and policies are a critical requirement of your business risk analysis.

They still have to be done regularly.

The importance of checking these components in a timely manner cannot be underestimated. Consider the cost in lost productivity, reputation and non-compliance penalties that a breach could visit on your business. Effective security can be costly, time consuming and difficult for SME’s to implement successfully. Skilled security people are often difficult to find and cost prohibitive to have on staff. As a result the job often falls on the technologically savvy staff member who is already snowed under with other ICT matters or their own job to implement security features properly.

Today’s security threats are business size neutral. They leave a SME with the same security challenges as large corporations. The trouble is that SME’s do not have the depth of resources to handle them. This is where a Managed Services Security Providers (MSSP) can be of benefit to your business.

What are the benefits to your business of outsourcing your security?

You can focus on your core business

Outsourcing allows all of your staff to concentrate on revenue generating business initiatives instead of computer, security and infrastructure issues. Having limited IT resources on staff takes business resources away from your core business.

Reduced Cost

Outsourcing security sources provides your business with access to “big business” security protection at an affordable price.  The expense is more cost effective than hiring or contracting a security expert and the consistent monthly billing helps ensure security services that you need are available without unforseen hassles and expenses. An integrated and comprehensive solution that can help reduce the expenses of maintenance, upgrades and add on security solutions is a benefit to any business.

24 X 7 (always available) expert security staff.

You’re on staff, in house expert is normally available only during working hours. In most cases your outsourced Security Company can act as an always available security and ICT management department. They can also provide your business with access to an internet security expert without incurring the cost of hiring, training and retaining highly skilled staff.

Gain Customised Service

All MSSP’s have service plans and you can select the service plan that will fit your requirements.

Receive up-to-date protection

Technical security solutions such as firewalls, antivirus software, content filtering solutions, and virtual private networks (VPNs) are far more effective when they are maintained regularly with the latest system updates.  Changes to your business resilience and regulatory requirements can also have a detrimental effect on your business stability.

Why R & I ICT Consulting Services is right for you!

How do you know you are getting what you paid for?

  1. Company reputation – see what our clients are saying about us. We have references and referees that you can ask.
  2. Plans and services – we have a comprehensive assortment of plans and services depending on your business requirements and size.
  3. Service Level Agreement – all of our plans and services have a service level agreement incorporated into them so that you know what will be delivered in protecting your business.
  4. Guarantee – We guarantee all of our technicians work with a 100% money back guarantee. We also stick to any pricing that we put forward to you. All projects are priced on a per project basis so that no matter how long it takes it will not cost you anymore. No more “time and materials” projects based on how long is a piece of string that have costs blowing out uncontrollably.
  5. Monthly Reports – we supply monthly reports that are delivered with your next month invoice. We like to prove how much we have done for your business in the last month.