For all Investors and Business Owners dealing with customers data and sensitive information is most of the time mandatory to have appropriate Security controls in place. You and your customers will sleep soundly at night with the knowledge that their personal and account information is being protected from malicious individuals. It means that your legal team doesn't have to stress about fines from financial institutions, regulators or lawsuits over stolen customer data and you can have peace of mind that your security controls are running like a well-oiled machine.

security-as-a-business-enabler

But security doesn't just have to be that thing you think about because you absolutely have to; a mundane pillar of your activity that's going to cost you money. No, instead, you should think about security as a business enabler. Secure networks and processes can actually increase profitability; you just have to be prepared to harness them correctly.

How can Security be a benefit for your Customers?

Adequate Security can help to impact your levels of customer retention too. Better security makes it less likely that your business will suffer a breach, meaning that your company’s reputation is less likely to be sullied and customers will be less likely to leave.

Additionally, as we see more and more companies having to apologise for breaches, customers are increasingly concerned and worried about how their data is being protected. By boosting your IT security practices - including the security of your business, its network and its security infrastructure and each piece of software that you use - you can be more confident and more transparent when you tell customers how you are keeping their data safe and explain how you are doing it.

How can Security be a benefit for your Employees?

But it's not just your customers who will benefit from having appropriate Security controls as your employees may benefit as well.

One example of how this is possible is with centralized identity management. For many companies, each employee will have a level of how much information they can access according to their job role and what is necessary for the tasks that they have to do. But what if this level changes and they need to be able to see a customer's balance, as well as just their name?

In most cases, your employee would have to wait for that access level to be altered across a number of different systems but centralized identity management would allow you to do that quickly.

Additionally, having appropriate security controls would also allow your employees to make use of BYOD (Bring Your Own Device). BYOD would let your employees do their jobs remotely using their own smartphones, tablets, laptops etc. By putting appropriate security controls in place, you can ensure that if and when their work involves interacting with customers data, there is less risk of it falling into hands that it shouldn’t.

In the long term, BYOD could make your employees more productive as they will be able to deal with problems in the way they are used to even when they are outside of the office.

For example, if an employee is on holiday, resting, or is off work because of an illness, they don’t want to be forced into coming into the office, do they? If they are out of town then they may not even be able to. With a business that is secured for BYOD, the employee would be able to solve the issue with a few swipes on their smartphone or tablet, without them having to leave the comfort of their own home and without them having to worry about their work (or the customer’s data) leaking outside of the firm either.

Integrate Machine to Machine and Internet of Things Networks

People are using new devices almost faster than we can keep up with. Watches, televisions, tablets, kettles, ovens, fridges and even light bulbs can all be connected to the Internet now, providing massive benefits to the user. But is your company prepared for the security risks that these devices bring in?

One example of connected devices opening business up to security issues are the recent reports surrounding connected printers. In theory they are a wonderful idea as you can set up  a document for printing even when you’re on the other side of the room! However, malicious users may capture the data going from your computer to your printer and will then be able to look at that document. Alternatively, your printer may save document info on an internal drive, which again opens it up for malicious snooping. And these security issues are more risky if the printer is aging and you are unable to password protect it.

When you think about all of the other connected things around your office that could be hacked in similar ways (e.g webcams and fax machines) or those that are connected to the Internet, you realise that there are attack vectors all over the place.  For example, let’s think of those network connected copy machines and all the troubles they brought to corporate networks security. Or, imagine what could happen if those IP Cameras of yours are hacked, how often have you updated those? Are you even sure the vendor releases security patches?

While it is obviously quite unlikely that a customer or employee will bring a home appliance to your place of business and connect it to your network, they may want to do that with their watch, especially if they feel as thought it would offer them some sort of benefit. It is hard to deny that it saves time and makes life easier when you can walk into your bank or your favourite department store and pull up the information that you need with just a few taps on your wrist or phone.

In securing your network to allow it to work with this hardware (watches, smartphones etc.) and by developing secure apps and software for these devices, you will be able to offer your customers additional ways with interacting with your business. For example, you could offer apps that allow them to check their accounts or push notifications for their mobile devices when they walk into a branch.

You could do this by segmenting your network so that the section of your network that works with smartphones and watches is separate from the one where your customers data is stored. This way you decrease the chance of  having someone with access to the device-facing section of your network infiltrating the data storage section.

Investors (including Venture Capitalists) and Business Owner should consider Security as a business enabler.

If you are managing a company or thinking to create your own one, acquire an existing one, hire employees and hold customers data in your database, you need to understand the risks you are running.

IT Security is a 360 degrees concept. It can support your business from the development of a piece of software (Secure SDLC or SSDLC) to training your employees, and managing each device sitting in your office.

Your attention and effort are meant to protect your customers data and consequently your business. Make sure you’re up to speed with best practices and trainings, and if you’re not, get in touch with a team of security experts to run vulnerability assessments, penetration testing, and secure code review so to assess whether your company’s network, applications or software contain potential attack vectors that will grant malicious users unauthorised access to customer data. 

Igor Mancini

Written by Igor Mancini

Marketing Director at Advantio. The articles published in the Advantio Blog have the goal of supporting our mission: making IT Security simple for everyone.

My intention is to discuss IT Security related topics with the eyes of a non technical person, speaking a simple language and trying to show to the readers the benefit of IT Security best practices.