When many business owners think about cyber security, their first thoughts are about investing in new software. But it's not what's on the computer so much as who's sitting in front of it that makes the difference.
Your client's employees and their data security habits are often what can prevent data breaches. Yet many companies are far behind on their data security training. That's both bad and good news:
- It's bad that clients are ill-prepared for data breaches.
- It's good because IT consultants like you might be able to sell security-focused services to those who need to catch up.
Let's look at how you can find new business and incorporate employee training into your IT services.
IT Consultant Risk: Your Clients' Employees Are a Major Risk Factor
The Wall Street Journal reports that 21 percent of employees open phishing emails. Well, that's not so bad, right? Just because they open the email, it doesn't mean they're actually clicking on the malware attachments. Actually, 11 percent do.
As an IT consultant, you can be found financially liable for breaches that happen on client networks. If the anti-malware software you installed can't stop a phishing attack, you could actually wind up in a lawsuit. (See Errors and Omissions Insurance for information about insurance for IT lawsuits).
What does this mean? It's in your interest – and your clients' – for you to prevent data breaches by training client employees to thwart obvious blunders.
The Average Number of Data Security Incidents: 1 Every 2.7 Days
Over the last few years, cyber criminals have changed their strategies, focusing on simple attacks. For example, hackers target employees in these phishing campaigns, using them as a kind of foothold to get larger access, steal data, and breach various high-level accounts.
After surveying 500 executives, PricewaterhouseCoopers found that most organizations simply weren't doing enough to train their employees about cyber risks. Here's what the data shows:
- 54 percent of companies don't train new employees on cyber security.
- But when companies do train employees, 76 percent report spending less on security incidents.
The takeaway is obvious: employee training works. It reduces the effect of a data security incident, lowering its cost for three-quarters of businesses that offer training.
So why don't more businesses do this? Less than half of surveyed companies trained new employees. That's astonishingly low, especially considering that…
- 77 percent detected a security incident in the past year.
- There was an average of 135 security incidents at organizations over the last year.
In other words, it comes out to a security incident every 2.7 days or roughly two per week. When your clients don't train their employees, they're likely ill-prepared for attacks that happen every week. With criminals trying to sneak their way in, it's important for your clients to institute comprehensive employee training.
IT Sales Tips: Educate Your Clients, Get More Sales
Your clients might not realize how much of their data security can be improved by educating their workforce. By pointing this out – and highlighting that they can reduce the cost of data breaches for 77 percent of attacks – you position yourself to get more work from clients.
When you sell security services to clients, bundle an employee training service. Not only can this earn you new business, but it may also…
- Help lower your IT risks.
- Prevent security incidents.
- Minimize the cost of security breaches.
To learn more about offering new security services, make sure to check out our post "Boost Your Cyber Security Skills for Bigger Paydays."