Securing a business is often seen as a cost – something that you spend money on with no obvious return. While it is clear that you are reducing risks, it can feel like you are putting money into something and not seeing a return out the other end.
So how can you turn a cost into an asset?
1. Use HTTPS for your website
Too many websites and businesses still are not securing the connections to their websites. Maybe there is nothing sensitive or confidential on your website, and this may be correct. However, secured HTTPS connections have effectively become the industry standard now, and web browsers are marking any site that does not use HTTPS as ‘Not Secure’. As a potential customer/client, this would leave me feeling a bit uneasy in doing business with a company who has a shadow of doubt over them
2. Use it in your promotional and marketing material
Build confidence with your customers/clients by promoting the fact that you are security-aware, and the steps you have taken to protect their data. Have a section on your website where you talk about how their data is handled, how you practice nightly backups, regular patching, etc. Let people know that you take the security of their data seriously, and don’t just leave it for a one-liner in a post-data breach email. Also have a means for someone to contact you if a security vulnerability if found. Be seen to be aware.
3. Promote secure login policies
If your clients login to your site, enforce modern password policies, i.e. NIST. Reject unsecure passwords, check the password they choose against known breached examples, and push them to use two factor authentication.
