Using security best practices to market your business

While there’s still a lot more to be done, most Australian businesses now acknowledge the importance of protecting data through security best practices. Let’s assume the business you work for boasts business security systems and equipment far superior to its competitors. In this scenario, your business is likely leaving money on the table if it’s not trumpeting its data security chops to potential and existing customers.

Marketing your investment

Marketing revolves around identifying a target market’s conscious and unconscious desires and highlighting how you’ll address them. The goal is simple, but marketing types get paid the big dollars because it’s often difficult to identify these desires precisely—and usually even harder to create marketing campaigns that speak to those desires in ways that motivate customers to go into their wallets.

The good news for businesses with top-notch cybersecurity is that there’s no ambiguity around Australians’ desire to have their data protected, and there’s a wealth of proven data-security marketing techniques.

It should be self-evident that Australians, whether they’re ordinary citizens, key decision-makers for companies, or small business owners, worry about the business security systems in place to protect their data. If you come across a Chief Marketing Officer who wants to argue about this reality, you can refer them to the following:

  • This recent Unisys study that found 57 percent of Australians were seriously concerned about unauthorised access to their data, 56 percent were seriously concerned about bank fraud, 54 percent were seriously concerned about computer hacking or viruses, and 15 percent reported going as far as cutting ties with an organisation after it suffered a data breach
  • This ANU study (relating to supplying personal data to government departments) that found 70 percent of Australians were concerned or very concerned about the accidental release of personal information, deliberate hacking of government systems, and data being provided to private-sector organisations
  • This PwC survey that found an overwhelming 89 percent of Australian CEOs were concerned about cyber threats

Don’t assume that cybersecurity news goes over the heads of the citizenry either. The government has strict rules about which incidents must be reported, and all such breaches remain as part of indelible public record.

The course of action you choose might not be the sleekest or the most stylish ad campaign your business has ever run, but the numbers don’t lie—you’d be remiss not to make use of your cyber safety efforts for marketing purposes. Here’s what you can do to avoid leaving money on the table:

Step 1: update your website

So, you’ve convinced your organisation that security best practices are a salient issue for customers. What now?

The logical first step is to let customers know that your business security is formidable via a dedicated page on your business’ website. You don’t want to go into eye-glazing detail about the numerous firewalls or encryption algorithms your business uses or your sysadmin access compartmentalisation practices, but you also don’t want prospective or existing customers to be left with any doubt about whether you’ve protected their data to the best of your ability.

You might want to take the Atlassian approach. Their security information page starts with a concise statement: “Security is built into the fabric of our Cloud products, infrastructure, and processes, so you can rest assured that your data is safeguarded”. There’s also a brief description of Atlassian’s security goals and “key security offerings”, including data encryption, user provisioning, 2FA, password policy controls, and SAML-based SSO with links for those seeking further information. Additionally, they list their security partners and provide an “All Security Practices” link that provides a more comprehensive list. Dropbox’s security page is designed in a similar manner and provides a high-level overview with links for those who want a more granular understanding of security practices.

Step 2: train up sales staff

Historically, many tech-industry legends (including Steve Jobs, Marc Benioff, Larry Ellison, and Steve Ballmer) were, first and foremost, great salesmen. You may be surprised at how eager your salespeople are to acquire working knowledge of security best practices, especially if they work on commission. Having a firm grasp on these more technical concepts can instill great confidence in a prospective client and help seal the deal as well.

There’s a variety of ways to impart this knowledge, including in-house mentoring, external training, person-to-person sessions, online tutorials, and more. The important point is that salespeople must understand prospective customers’ desire for reassurances about data security.

Where it’s feasible, sales staff should come to meetings with customer case studies and use cases supported with concrete data analysis. Of course, sales pitches will differ depending on your business and the prospective customers who will receive pitches from your team. Fortunately, there are many resources available to help sell secure tech solutions in a range of industries.

Step 3: position yourself as a cybersecurity thought leader

Whether it’s logical or not, if a business is talking about a particular topic, people will perceive that business as an expert on the subject. This is what’s been driving the thought leadership phenomenon of recent years.

If your business hasn’t already, it should jump on the thought leadership bandwagon. You could provide a weekly update on what’s happening in the world of data, as Data Republic does, to encourage your CTO or CISO to interview with local tech news outlets or produce opinion pieces for industry publications. If these moves aren’t feasible, make use of your social media channels to post the occasional article on Twitter or LinkedIn addressing topical data security issues—anything to increase your visibility.

People care about the security of their information, and the public is only getting savvier when it comes to technology and the security measures needed to protect their online presence. Whatever efforts you can spare to tout the depth and breadth of your organisation’s cybersecurity are certainly worth it.