IT security is no longer just an added extra for business. The costs of failure are so high, and consumer attitudes changing so fast, that it can and should be a key differentiator for your business.
A differentiator, or competitive advantage, is what sets you apart from your competitors. You can specialise in one vertical sector, you can be the best provider for one type of customer or you can focus on one type of business service – all of these can be what marks you out from the competition.
Using security this way is not without risk.
It is not just a marketing campaign; you will need to invest time and money in strengthening your organisation’s security competence.
But done correctly security should allow your business to do more and it should not be just an expense or a restriction on the business or a hassle for your customers.
This means enterprise security needs to focus on what the business does, and how security can help it do this better and faster. This means talking to finance, sales and other areas of the business about how security can help improve their working lives.
Culture and training.
One of the benefits of making security a key identifier for your company is it will alert your staff to its importance. This is not enough on its own – staff training is vital. But so is creating a security conscious, but not paranoid, company culture.
Right sizing security.
Vital to creating this atmosphere is using the right size security for the threat faced and the right tools for the job. This reinforces company culture. If there is not an annoying risk assessment procedure to use the company kettle then people are more likely to take real security seriously.
Skilling up security staff.
Automation of everyday tasks gives your security team time to breathe. They need time away from fighting fires to keep their skills up to speed and be ready for the next threat on the horizon.
Plan to be breached.
Finally, but most importantly, do not expect that having all the above in place will stop the worst happening. However good your procedures there will be breaches. You need to have a well-rehearsed plan in place for when this happens.
The real difference between a company which is ‘good’ or ‘bad’ at security is not how they act on a normal day but what they do when a problem does arise – that is the real key differentiator.