How Good Cyber Security Supports Small Business Growth
The InfoSec Consulting Series #18
By Jay Pope
Securing IT systems is often seen as a necessary evil and a cost on the business. But can cyber security contribute to business growth? We are all aware of the need to protect sensitive information and drivers such as ‘Supply Chain Security’, and new data privacy legislation such as GDPR makes that more of an imperative. The key point here is that by taking these things seriously, you make your business more attractive. Companies that take security seriously inspire more confidence in consumers and are seen as being more reliable potential business partners.
Research carried out last year by mobile phone company Vodafone suggests that almost 90 percent of businesses believe that good cyber security can improve trust and loyalty in consumers. A similar percentage see it as something that enhances their reputation and can help to attract new business by acting as a differentiator against the competition. Interestingly, the same survey shows that companies that use the Internet of Things or the cloud see greater returns from their security investment. There is still a good deal of suspicion surrounding these technologies and anything that can boost confidence is, therefore, a positive investment.
Major data breaches make the news on a regular basis. This means that consumers are increasingly aware of the risk that entrusting their data to companies involves. Even in the most security-conscious industries, things still go wrong, and data can be compromised or leaked. Understanding the challenges of securing data and taking them seriously is therefore vital. But what is just as vital is being seen to take these things seriously. Looking at obtaining appropriate certification and qualifications for security staff is a good start but the company needs to show its commitment to keeping its systems and data safe.
Most breaches take place due to leaked credentials. This can be because of a phishing attack, poor password policies or simply carelessness amongst employees. Taking access management seriously starts with education so that people in the business understand the risks, know how to spot social engineering attacks, and take the protection of their credentials seriously. Many businesses are now looking at deploying specialist tools to manage access and identity. These help with compliance when it comes to Data Privacy and industry standards, but they can also demonstrate to a wider world that the business is serious about its cyber protection regime. But it also has benefits for the business. Effective access management can help with the deployment of new apps and make collaboration within the supply chain more streamlined and efficient. All of which can have a positive impact on the bottom line.
Top To Bottom Security
There is increasing awareness that cyber security is no longer just an IT problem. It’s something that needs to be taken seriously at all levels and in all departments of the organisation. As something that can affect the profitability – and even the very existence – of a company, it needs to be on the board’s agenda. It’s important to also recognise that it isn’t just an operational problem. It’s a strategic issue too. Effective information security, therefore, starts with a review. This helps management to understand what information is held, its value to the business, how it’s collected and where it’s used. Armed with that information, it’s possible to see where the vulnerabilities lie, where data is not needed, and where there are opportunities to improve working and security practices to help drive business growth.
But this is something that shouldn’t just be taken seriously at the top. A culture of good information security needs to exist throughout the organisation. The most junior staff members need to be aware of the importance of good cyber practice. Ideally, this needs to extend to the supply chain too. It’s no good ensuring that your own systems are secure if you then compromise that by sharing your data with a supplier or customer who takes a less rigorous approach. Data risk management needs to assess in linked systems, and it needs to be incorporated into SLAs and Clauses in contracts for new business arrangements. Should concerns over security of data be allowed to put a wider business relationship at risk? Absolutely they should!
So How Does Good Cyber Security Support Business Growth?
First, good security helps gain and retain your customers – customers who know their data is securely protected. A company’s cyber security record is likely to become an increasingly important part of its profile and pulling power as cyber-attacks become more frequent. Companies that invest in building and continuously improving their security culture will realise the following business growth enablers:
- It provides confidence that your Intellectual Property is being safeguarded;
- It makes your business more attractive to work with – It also makes your business more likely to qualify as a supplier for Government Procurement Frameworks (if that is in your plan);
- It builds the confidence needed to embark on major transformation and innovation projects, knowing that data is protected and secure
- It provides investors with the Assurance that the company is compliant with current regulations and prepared for new ones;
- It will give the Company leadership more confidence to win more business in new markets;
- Freedom to use data in new and creative ways – such as enabling flexible working for employees to drive growth, without risk of information being compromised (e.g. on mobile devices);
- The ability to demonstrate reliability and responsibility to company shareholders.
Does Your Organisation Need Top Cyber Security Consultants?
We are a team of experts with extensive knowledge and experience of helping organisations improve business performance. Our highly qualified consultancy team can deliver cyber security capability at all levels of your organisation and are on hand to help ensure your projects deliver solutions that are appropriately aligned to your cyber security risk position, and meet technical, business and ethics due diligence requirements. Schedule a call above to learn more about how we can help.