Since the major data breach at Target, everyone and their mother has been talking about data breaches, which means your clients will probably have more questions about their own cyber security. They'll want to know if what happened at Target can happen to them. They'll want more reassurance that you can protect their business.
That extra pressure is actually great news for IT professionals. With this sudden interest comes business opportunity and new ways to market your business. Here's how to take advantage:
- Marketing. If you don't already market your security expertise, add that language to your website, LinkedIn profile, and other marketing material. Given recent events, a security-focused IT consultant, developer, network admin, or project manager will resonate with potential clients.
- Expand your services. One of the ways to grow your business is to offer new services to old customers. If it's feasible for you to offer additional security services, consulting, auditing, or other relevant cyber security services, you might be able to stir up more business.
Remember to be prepared for questions about data security. If a client calls you up wanting to know how secure their mobile app is, you'll need to give them a reassuring answer. In addition, you might have to convince some clients that their software, mobile app, or other IT infrastructure needs more security.
Take some time to prepare for these inevitable questions. Use examples from the news to reinforce your points and practice the hardest IT skill of all: explaining tech things in plain English.
Usability vs. Security: the Mobile Developer Dilemma
One of the areas facing the greatest cyber security challenge is in mobile app development. Everything from mobile payment software to VPNs has been hacked by criminals taking advantage of security flaws in mobile platforms.
Starbucks' mobile payment app, for example, has come under scrutiny recently. The app sends unencrypted user information in plain text to the store's payment software, which makes it vulnerable to RAM scrapers.
RAM scrapers are a kind of malware that look for plain text in point-of-sale systems, harvest that data, and send it back to hackers, and were likely used in the Target data breach. So why are developers still transmitting user info in plain text? Starbucks and other companies don't want to inconvenience customers by making them enter validation codes or a name and password every time they buy a latte. But eventually, convenience could cost them customers big-time.
How do you convince your client to increase security when they’re reluctant? Let's take a look at an example.
Why Is Security Important? Because You’re Liable for it.
You might encounter this problem from clients: you agree to beef up the security for an app you’re developing. You add a verification process to the app, which makes using it slower but more secure. When the client sees this, they think its takes away from the user experience and want you to remove it.
Clients often want to have their cake and eat it, too. For many businesses, security is a tradeoff. They only want it as long as it doesn't affect their product or cost more money. That's all well and good, and you should work to find security solutions that make sense for your clients, but remember that if a client is hacked, you can be held liable.
Clients might decide they don't want certain security features or software, but that just puts you at risk of a lawsuit. You can be sued for their data breaches.
While clients are free to call the shots, remember that you may still bear the liability. Outline the importance of good security from the beginning to help get your clients on board.
Leveraging Your Insurance to Win Over Clients
Insurance is an asset. It's a capital investment. A tech company with E&O Insurance is like a farmer with a four-wheel-drive truck. You don't want to get stuck in the mud, but if you are you want a powerful engine behind you.
An E&O policy insures you from data breaches, which means you can use your coverage to reassure clients that if a data breach happens, your work is insured. They won't be left out to dry.
It's because of this that many clients in the know require IT contractors to have E&O Insurance in order to sign any contracts. For free sample quotes, check out our page on the cost of E&O Insurance for IT small businesses.
