Business relationships are built on trust. When that trust is lost, the relationship usually is, too. Customers have to take a leap of faith that a business will protect them, which means protecting their valuable financial and personal data.
Cybersecurity builds trust on two fronts: It shows customers they're getting their money's worth, and it lets companies demonstrate that they are working to protect their customers' personal records and data. Whether it's credit card information, medical records or purchasing history, customers want to know that a company is keeping their information confidential.
Unfortunately, it has gotten so much more difficult for businesses to protect customers. Hackers use increasingly sophisticated methods to intercept all that material, increasing the regularity of attacks and the scope of the problem. As well-known global brands have recently—and publicly—learned, downplaying the effects of a security breach can erode consumer trust.
My company, The Purple Guys, manages IT support services, and we saw this happen when a financial services firm called us in for help. This firm manages hundreds of clients' financial accounts totaling millions of dollars, not to mention personal financial data, including account details and Social Security numbers. It used an external IT support company to manage its on-premise servers, then it got hacked and sensitive customer information was encrypted and held for ransom.
Its external IT company was unable to decrypt the data and restore from the backups. The firm then called us in to clean the servers of the encryption and restore the data, getting the firm back up and running. Step two was to migrate the entire environment to a more secure cloud-hosted environment with all data preserved and backed up in more than one place. We simultaneously implemented ongoing security awareness training.
Retaining Trust and Business During a Breach
During this recovery process, the firm communicated with its customers, letting them know what had happened, how the recovery was going and what steps it was taking to ensure security going forward. The quick response, open communication, and more robust security practices eased customers' concerns and resulted in the retention of their business. That is not always the case when a breach occurs.
Ponemon Institute's “2017 Cost of Data Breach Study," sponsored by IBM security, found that a breach, on average, costs an organization $3.62 million. (419 companies participated in the study.) When you add in the cost of increased customer churn, it's no surprise that smaller businesses may shut down for a day—or sometimes permanently—if their systems or data were compromised.
If you're not taking steps to protect your own business, you're gambling with one of your most valuable assets—the trust of your customers.
In short, cybersecurity is not to be taken for granted. While large corporations have money to soften the blow of a breach, small and middle market businesses do not. New clients don't become regulars after one buy—they need several interactions to really build trust with a company.
Cybersecurity that protects customers with every transaction can gradually build that rapport. Here are three ways to do it:
1. Train employees to prevent a breach.
There are two ingredients to a successful training program: It needs to be ongoing, and it needs to be easy. I generally recommend that small-business owners partner with third-party trainers for regularly scheduled sessions that can demonstrate progress over time.
An outsourced company comes with prepared lessons to keep your employees educated on everything they need to know. Ongoing education means your staff is less likely to get taken in by new attacks, keeping them ahead of the curve and better suited to combat hackers and protect the company's credibility.
2. Show your work to customers.
Companies may suffer a breach at one point or another. Customers will want to see that you were taking steps to prevent it from happening, and they'll want to know the safeguards you've put in place.
If you're regularly training employees, tell your customers; if you're bringing in an external cybersecurity firm, tell your customers; if you're encrypting your user data before online storage, tell your customers. If you're candid about your efforts, customers will be far more understanding when a breach happens than if you did nothing and hoped not to be hacked.
3. Calm customer fears about a breach without downplaying them.
Show your customers that you value them by compensating them for the breach if possible. Offer them subscriptions to tools like credit monitoring services that alert them if you've lost their data or it's being sold on the dark web. Finally, if you hope to keep some of your existing customers, let them know what you're doing to upgrade your systems and to ensure that a breach doesn't happen again.
With cybersecurity breaches impacting every major industry, there's no time like the present to upgrade your defenses. Many small and middle market business owners make the mistake of assuming that their size will keep them off a hacker's radar, not realizing that hackers tend to strike at easy targets. If you're not taking steps to protect your own business, you're gambling with one of your most valuable assets—the trust of your customers.
Photo: Getty Images