I have started to finally notice a shift in companies mindsets when it comes to cybersecurity. Companies are finally starting to take notice of just how detrimental ransomware attacks, viruses, and adware can be to them. According to Datto’s 2018 survey, an astonishing 79% of businesses are attacked by ransomware, and that number is only going to continue to increase. Companies are beginning to implement ransomware training, disaster recovery, mock phishing email campaigns, stronger antivirus solutions, and blocking of specific hazardous sites to prevent damage.
While this is amazing and helps everyday companies from getting hacked on a surface level, what is the next step and how can it help prevent not only downtime but also increase company revenue? I have been working very closely with an Aerospace company that works with both private sector airline companies and on different government contracts. If anyone has ever tried to win a government contract, you know how intense it can be where you need to have an edge on the competition.
The DoD (Department of Defense) has created specific Cyber Security criteria to be met to have an opportunity to win a contract. For example, this year the created the DFAR compliance, which is an overall cyber security assessment of the company which requires a yearly penetration testing both externally and internally. The DoD deals with a lot of classified information, so these measures need to be taken to protect that data.
How can you use these new cybersecurity measures if you are not dealing with government contracts? Let’s go back to the same Aerospace company I have been working with. Yes, the original plan was to get these DoD criteria down in order to start bidding for government contracts. However, all these new security measures can be used to differentiate and better market yourself to other less security intensive companies. All companies that you work with, whether it is in the legal space, automotive space, dining industry, healthcare, want to know that their data is protected. Their customer data is their end all be all.
What are some security measures you can take to better market your company?
Implement MFA (multi-factor authentication) – confirming employees only after presenting two or more pieces of evidence to an authentication mechanism.
PenTest – Exactly how it sounds—a penetration test of your environment. Seeing how hard or easy it is to get into a company’s IT environment and create a disruption.
Ethical Hacker – Similar to a PenTest, but more specific and more “live action,” this involves a resource you engage to see how an environment can battle against someone actively trying to penetrate the environment.
SOC – Security Operations Center. Implementing specific tools so engineers can have a live look into what is going in and out of the environment and seeing if anything malicious has entered.
These are all things companies can add to their arsenal and use as a deciding factor when marketing their company.
The fact that companies are becoming more aware of Cyber Security issues is increasing. However, adding all these precautions cost money. So now let’s use these new precautions as selling points when bidding and pitching to clients. This will help increase revenue, and you can say that you are not only preventing disaster but increasing profits by using these security measures!