Eighteen months ago, the average American wouldn't have raised an eyebrow if they'd heard that President Obama was going to address cyber security in his State of the Union speech – but now after months of controversy surrounding the Target, Sony, and JP Morgan data breaches, news outlets are carrying this story and treating it like a big deal. But will any of the president's proposed changes have any effect on IT departments?
The New York Times reports the president is…
- Proposing new standards for the way companies report data breaches.
- Calling for increased data sharing between private companies and the Department of Homeland Security.
- Suggesting lawmakers increase punishments for cyber criminals.
How will IT contractors be affected by the president's proposal? There are two things to consider:
- You might face new scrutiny under tougher laws.
- You can use the raised national attention to your benefit by selling your services to clients who are concerned about their information security.
President Obama Wants to Beef Up Cyber Security: What Does This Means for IT Contractors?
President Obama's cyber security proposal is still in the earliest stages of the lawmaking process. Congress would have to draft and pass any new legislation. So your legal responsibilities aren't likely to change soon. With that said, it's important to know what data breach law changes might be coming down the road. Here are the three main features of Obama's cyber security proposal:
- National data breach notification laws. Obama has proposed setting a nationwide standard for data breach notification that would require all companies to notify their customers about a breach within 30 days. Right now, almost every state sets its own requirements for notifications, which means that an IT department would have to follow 40 different laws when notifying customers across the country. That's a headache. While Obama's proposal of 30 days is stricter than some state requirements, the added simplicity of a singular law could be a benefit for IT departments (see our guide to state data breach laws).
- Sharing cyber attack information with government agencies. The Obama administration wants to encourage large tech companies to share data about potential cyber threats with the Department of Homeland Security. The idea is that as criminals attack companies, each company's IT department will fend off the attack, but there will be a little bit of data left behind, like new strands of malware, IP addresses, and other evidence. By sharing data about the attacks, businesses can help prosecutors and security professionals know what threats are out there.
- Stronger prosecution of cyber crime. The last major change proposed is to increase the penalties for certain cyber crimes – including DDoS attacks. This won't affect contractors much. But if authorities are better able to prosecute cyber crime, hopefully some of these threats will be kept at bay.
IT Sales Tip: Using Data Breach Pain Points to Your Advantage
When clients are concerned about their data security, that's good for your business. With so many data breaches and cyber liability issues in the news, your clients probably have anxiety about their security. Keep this in mind when talking to them.
In our article, "3 IT Sales Tips to Help you Avoid Becoming a Free IT Consultant," we emphasize that IT sales depend on you identifying client "pain points" and offering them a solution that meets their needs. Data security is one of their pain points. Your job as a salesperson is to offer a solution and deliver a product or service that calms their fears.
When meeting with a client, you may even try asking them about their company's data security strategy and their concerns about data breaches. Get them talking about these worries. Then make sure you offer a solution that meets their technical needs.