This is the question that popped up more than once in my news feed this morning.
The media is keeping focus on the fact that hackers are NOT going anywhere. And they are starting to ask this question of businesses.
To me, that means a perfect time to reevaluate your cyber stack offering and to help your clients understand the importance of having an advanced security stack that is actually working!
Ransomware attacks are still on the rise in the last couple of quarters—from what I read by nearly a third. On top of this, more than a 30% of companies that confronted a ransomware attack had to either lay off employees and nearly another third closed their doors.
As you know, cyber threats are not going away. They are agnostic to politics, social climate, and pandemics. No matter how the economy turns or how successful your clients are next month or next year, they remain at risk of falling victim. We all know this is an unfortunate cost of doing business today.
But to your clients and users, they might not have the same mindset.
They might expect that you are solely responsible for their network security. They may not see how their actions or decisions when it comes to cybersecurity investment—whether financial or organizational—impact their outcome. They perceive security as a black box and might not understand that they have direct influence on the health and sustainability of their businesses as it relates to security risks.
What we have found is unless you educate them to understand their risks, you really won’t get through. Yes, you will be able to get a minority of what I like to call security-minded clients to quickly adopt and adhere to new technologies and processes as they cautiously maneuver through what they perceive as security landmines.
But for the majority of your clients who might not appreciate the value of an advanced security stack or not simply doing business the way they’ve always done it, they need to understand what is at stake and how easy it is for someone to completely ruin their day, let alone their business.
You need to re-educate them why security. Unless you get them to connect the dots themselves, to see how a very simple action of clicking a link (the most common means of jeopardizing their network) could open a Pandora’s Box worth of problems, would they start wrapping their heads around needing to take action now.
Many of those clients might have very common objections, such as this is too expensive. But what we’ve found is after showing them exactly what is at stake, they understand the costs are far too great to not do anything. By educating them, they realize that security budgets ARE needed (and they will actually put one together).
How do you educate your clients around cybersecurity to get them to take action?
Is a conversation enough? Sometimes. Sometimes you are able to get through simply because they know someone else who has had to suffer the pain of going out of business or recovering after an attack. Sometimes they recognize their risk of being known as someone negligent if something were to happen on their watch.
But most of the time, without seeing their risks and experiencing how easy an attack actually is—that they are a likely and very possible attack candidate, do they see why they need to act soon. Your opportunity today is showing them this extreme risk before something happens.
Whether it is a client or prospect, penetration testing to evaluate and identify real important issues on their network that have tangible consequences if they don’t act is one of the most effective ways communicating why advanced security stacks and IT investment is a critical part of doing business.
One of the easiest ways to see how you might work penetration testing into your client and prospect education process is by evaluating your own network.
