The Star’s report on Home Depot's data breach shows just how quickly cyber criminals can make a profit from a cyber attack. The hackers have already used stolen data to drain bank accounts, purchase gift cards, and buy electronics and other goods that they can flip for quick cash.
It's only been a few weeks since the breach was made public, but we've already seen confirmed cases of identity theft and data breach lawsuits (see: "Home Depot Data Breach Lawsuit Raises Question: What Are ‘Reasonable’ Security Standards?").
The Home Depot data breach shows the extensive real-world fallout that can follow a cyber attack. A data breach is more than a security leak. It's a breach of customer trust that can have devastating long-term effects on a client's reputation. While you understand this, many of your clients don't. They overestimate their safety and under-invest in IT security. How do you change that mindset?
We'll go over the two key points you should use when talking IT security with clients. In your sales strategy, make sure you focus on…
- The cost of a data breach.
- Why preventing data breaches is the only way to fight them.
Selling Your Clients on Upgrades and Improved IT
Examples like the Home Depot data breach can be helpful for IT consultants when discussing data security issues with clients.
Many clients won't understand how a data breach affects their bottom line. But this breach provides an example of exactly the kind of losses hacked companies have to deal with, such as lawsuits, identity theft cases, and breaches of customer trust.
When you talk with your clients about data security, break it down like this: breached companies will have…
- Direct costs. With lawsuits being filed days after a breach, companies are seeing immediate legal costs. In addition to legal expenses, data breaches also have extensive IT and investigative costs.
- Indirect costs. In our article, "Survey: Consumers Find Data Breaches Only Slightly Better than Oil Spills," we looked at new research that showed customers view data breaches as the third worst thing for a company's reputation. Data breaches ranked just behind environmental disasters and poor customer service. Customers will gladly shop with a competitor instead of the hacked company, which is why a breach can lead to significant losses in revenue.
An Ounce of Prevention: Protecting Your Clients from Data Breaches
By the time you know about a data breach, it's usually too late. Clients often don’t understand that unless they take a proactive approach to data security, their company won't stand a chance against cyber criminals.
Here's how a data breach is typically discovered: a bank begins to notice a pattern of fraudulent transactions after customers file complaints. The bank (or security firm) will crosscheck the history of the victims' accounts. Once they find the common thread – for example, all the customers might have shopped at Home Depot over the summer – they'll contact the business they suspect to have been attacked.
The data is already stolen and being used for identity theft by the time the bank catches on. So the hacked business is already way behind the cyber criminals when it first learns of the data breach and begin its investigation and IT overhaul.
Explain to your clients that this is precisely why they need to invest in data breach prevention strategies. It's nearly impossible to contain attacks once they occur. The only real strategy is to invest in IT that limits the likelihood of an attack. They can do that by…
- Keeping software up-to-date.
- Making sure their employees are using best practices.
- Limiting access to protected data.
- Limiting "shadow IT" workarounds that expose their data.
Remember that poor data security at a client's company can expose you to risk, too. After a client is hacked, they often look to recoup expenses from their IT consultants. That’s why protecting your clients is a crucial part of your own IT risk management.