When people hear the words "data breach," they often think of identity theft and the loss of credit card information. But as the recent hacking of the United States Postal Service demonstrates, data breaches often don't involve financial data.
The New York Times reports that when the USPS was hacked, hackers were able to breach two of its systems: the employee database and call center information system. The exact details aren't known, but hackers could have taken…
- Contact info.
- Social security numbers.
The breach may have affected up to 800,000 employees and an unknown amount of phone numbers and email addresses from the customer call center. It will likely be very costly and take months for USPS to clean up the breach, fix its security flaws, and update its systems.
If clients don't have transactional data (e.g., credit card / debit card info), they might think they don't need to worry about data breaches. But as this hack shows, even seemingly harmless pieces of data like email addresses and phone numbers need to be protected.
How to Talk about Data Breaches with Clients
When you're talking about data breaches, the bottom line is always cost. Clients might not realize that the loss of email addresses, mailing list information, phone numbers, and dates of birth could turn into significant expenses.
Why are data breaches so expensive? It's because they contain so many costs (some of them hidden), such as…
- Costs to contact customers whose data has been lost.
- Forensic investigations to determine the cause of the breach.
- IT costs to repair / improve weak security.
- Productivity loss when the business pauses its operations.
- Marketing and PR campaigns.
- Reputational damages.
To help your clients understand these costs, try this metaphor. Imagine that your house burns down. The cost of your house might only be $200,000, but the cost to clean up the land and rebuild the house could drastically exceed the market value of the property.
Similarly, a client might not think their data is exceptionally valuable, but data privacy matters to customers. If their security is compromised, the cost to clean up a data breach is often much higher than clients expect. It could even be enough to bankrupt a small business.
IT Sales Tips: Selling Clients on Data Security
In our article, "3 IT Sales Tips To Help You Avoid Becoming a Free Consultant," Kevin Hallenbeck suggests that you focus on the client's "pain points" – the areas of their IT that are troublesome. These pain points can be technical problems (e.g., slow performance) as well as a client's concerns about data security and the costs of a data breach.
But that's the problem with data breaches. They are a pain point. Clients just don't know it.
Data breaches are expensive, but it's hard to calculate all the costs we listed above. One of the challenges you face as an IT consultant is communicating with clients about these costs. A practical example, like that of the USPS spending months to fix its IT, is a good reminder that a breach could be devastating for a client.
By helping a client understand the true costs of breach, you'll help them see the value in your work and give them a practical reason to upgrade their data security now.