I’ve been working in the security industry for mumble mumble years, and one recurring problem I’ve noticed is that security is often considered an add-on to business initiatives. This is neither new, nor surprising. And while the “customer-first” approach is not really a new talking point for most companies, “customer-obsessed” became a major business initiative for many in 2018. This is due to a number of factors — increased brand visibility via social media, changing buyer behaviors and evolving data privacy legislation, to name a few — and doesn’t show any signs of changing in 2019.
What Does It Mean to Be Customer-First?
Contrary to what many businesses seem to believe, customer obsession doesn’t mean sending six emails in two weeks to make sure your customer is happy with his or her purchase and requesting a good review or rating. Being customer-first simply means listening to your customers’ needs. It requires you to quickly adjust and react to meet those needs — or, ideally, anticipate them and proactively offer solutions to your customers’ issues.
Most of all, customer obsession requires trust. To build trust among your end users, security must be the foundation of every customer-first initiative. In fact, I’d argue that organizations must be security-obsessed to effectively deliver on their customer-first plans.
Prioritize Security to Build Customer Trust
The benefits of a customer-first business approach are clear: increased loyalty to your brand, revenue gains, etc. It is also apparent why security is so important: No organization wants to suffer the consequences of a data breach. However, by looking deeper into what a security-first to customer-first culture looks like, you’ll quickly uncover the complexity of this issue.
First, there is a distinct difference between checking the boxes of your security requirements (i.e., compliance) and truly making your customers’ welfare a top priority. Of course, adherence to security and privacy regulations is essential. Without these standardized compliance policies, companies could measure success in a variety of ways, which would look different to everyone. And if we’re being honest, meeting compliance regulations is often more about avoiding penalties than improving your business.
Second, your brand is more than just your product or service; it encompasses the way your company looks, feels, talks and spends money and is representative of its culture and beliefs. In other words, your brand is about the way people feel when they interact with your company. According to Forrester Research, today’s buyers are increasingly looking at these other characteristics when they make decisions about the products or services they use.
This is where security becomes essential. If you want to instill trust among your end users, you need to go beyond standard compliance measures. Security must become a foundation of your company culture and your customer-first initiatives. It must be threaded into every business initiative, corporate policy, department and individual. This means technology purchases should be made with your end users’ security in mind, as well as your employee data and corporate assets.
It also means evaluating your business partners and the policies they have in place to ensure they fall within your standards. For example, are you considering moving critical business technology to the cloud as part of your digital transformation initiatives? If so, what do you know about your cloud provider’s security precautions? Are you working with advertisers or marketing organizations that interact with your end users? If so, do you know how they handle your customers’ and prospects’ personal data?
How to Develop a Strong Security Culture
Operating a business that is customer-first is ambitious. It’s also really, really hard. By making security a cultural tenet throughout your organization, you communicate to your customers that your brand is trustworthy, your business has integrity and that they matter to you. So how do you do it?
Design collaboration into your security strategy with open solutions. The threat-solution cycle is a familiar one: A new security event occurs, the news covers it, a new company emerges to solve the problem, your company deploys the solution and then a new security event occurs. The entire industry is stuck in a vicious cycle that we, as vendors, have created. To break this cycle we need to take a page from our adversaries. Share intelligence with our peers and our competitors. Learn from other industries. Use open technology that integrates multiple sources of data. Only then are we equipped to uncover risks to our customers that hide among the chaos.
Build Security Muscle Memory
Many organizations are spending a lot of money on security awareness training, which is great. However, the best training is useless if employees are bypassing security measures for convenience. Make security processes required, enforceable and, above all, easily incorporated into the daily life of your users.
Shift Your Perspective
Security strategy is often an afterthought to business initiatives that cut costs, increase revenue and improve efficiency. Security is, after all, a cost. But a good security culture can set your company apart. It can be the champion or the killer for your brand, particularly in an era where customers’ buying motivations have shifted.
Right now, brand loyalty is an asset. A recent Harris Poll survey found that 75 percent of respondents will not buy from a company, no matter how great the products are, if they don’t trust it to protect their data. Stability, integrity and corporate responsibility are key factors in purchasing decisions. Making security a strategic pillar of your company’s brand is a tremendous responsibility, but one that will go a long way toward establishing trust among your users.
The Best Way to Grow Your Business
A customer-first approach is, arguably, the business initiative that can impact your bottom line the most. Understanding and proactively addressing your customers’ security and privacy concerns shows that you’re not just trying to sell a product or service, but that you are responsible with their data and operate with integrity. In an era where brand integrity matters, security-first is the best way to grow your business.
Content Marketing – IBM
Jennifer Glenn is a contributor for SecurityIntelligence.