When you’re discussing IT security with your clients, you’ll no doubt run into a broad range of concerns from people with varying levels of technical literacy. On one hand, you might have a non-technical executive pointing to a headline and utterly convinced that the threat that’s making the news today is the one the business needs to be prepared to defend against, whether that’s realistic or not. On the other hand, you might find yourself in a meeting with a director or another high-ranking executive who doesn’t see why funds should be spent on an audit and revamp of the company’s IT setup to identify and fix potential holes when things seem to be plugging along just fine as they are (while you see someone from IT sitting in the corner, rolling his or her eyes or wringing his or her hands).
Given this range of concerns (or lack thereof) from the client, you need to bring three things to the conversation: expertise, context, and guidance. That is to say, you need to explain to your client what the real threats are that they are facing, what those threats could mean for their business, and what investments must be made in order to prevent them. You can do that by having the following approaches in mind when you’re discussing your client’s concerns about digital security.
Know What’s Going on in Their Area of Business
Knowing the industry a client works in and what cybersecurity developments are taking place can help you put their concerns in context and make sure that they’re approaching digital security with a thoughtful, well-informed strategy.
For example, if you are working with a healthcare client you should be aware of the latest developments in targeted ransomware and how it’s a growing problem in that space. If your client is a retailer, you should be aware of the myriad ways that retailers are having their systems breached, the numerous systems that a retail enterprise has integrated internally to do business, and the type of data that is being stolen. Knowing the ins and outs, up to the minute, of what is going on in an industry will not only show that you really care about the business and its cybersecurity, but it will allow you to make sure that resources are being directed at addressing real, pressing concerns—not driven by hype.
Understand Their IT Setup
How a client has its IT set up will, of course, inform what needs to be secured and how to secure it. It will also be the basis for your conversations about what solutions to implement and where. You don’t want to spend much time discussing potential cloud hacks if none of the client’s data is on the cloud, and you don’t want to talk securing Windows machines if the office is running entirely on Macs. Like knowing the industry, understanding the IT setup keeps discussions in the realm of reality. It prevents wasting time, prevents wasting money, and, most important, prevents pursuing courses of action that don’t work.
Make Sure They Know That Good IT Security Requires Good Staff
Digital security in this era of enterprise computing consists of far more than just installing a malware scanner and keeping the definitions updated. Hiring IT staff with the skills to manage next-gen security technology like network monitoring tools, or bringing on a managed services provider capable of doing it, are necessary to handle the myriad of digital security threats out there. Giving your client an informed perspective on the criteria that make a good candidate or a good provider can ensure that it’s not left with a solution sitting on its system generating logs that nobody can read or a piece of software with vulnerabilities that nobody understands how to patch.
What questions are your clients asking you about digital security, and how are you answering them?