Information Security: What Small Businesses Don’t Know Will Hurt

Personally and professionally, we were not prepared for the growth of the Internet and the resulting information security needs.  For the vast majority of us, we still aren’t.  We’re human beings using advanced digital communication systems, and as users of these systems, we are defined by behaviours.  This is the single reason why organizations are failing; from small shops with two systems that make up their IT department through to enormous enterprises.  

Adam Mosher

Adam Mosher

Our behaviours towards information security remains stagnant. 

We are all familiar with the big stories of the day;

  • Privacy breaches;
  • Systems compromised; and
  • Inadequate security controls within organizations whose core business revolves around collecting and storing our personal data.   

As we’ve been thrown into this unknown world, we’re already behind in understanding the significance of how these threats affects us all.  It’s far more than just the inconvenience of having our email addresses leaked or our usernames and passwords exposed.  It’s what’s occurring behind the scenes with this information.  This is where and why malicious individuals are always ahead.  They know what the value of our systems and data are worth and they profit off of our behaviours towards our systems and data.   

These behaviours have left us ignoring fundamental concepts.

Fundamental concepts are easy.  Let’s look at a simple example; you lock the doors to your house because you want to protect your persons and belongings.  This simple concept translates into the business world, where belongings are classified as assets.  You lock the front door to your office because you want to protect your assets. 

These assets include:

  • Intellectual property;
  • Confidential company data; and
  • Clients’ personal financial and health information.

We move these concepts into the digital era.  Firewalls have become our doors and anti-malware solutions have become our alarm systems.  The list is enormous with Vendors offering hardware and software solutions for just about any issue one could think of.

Information Security

While some of these solutions serve a valid purpose, the one constant throughout the growth of the Internet is us and our behaviours.

Let’s look at some of the current threats, from Drupal’s SQL issue, the SSL v3 vulnerability and the highly publicized Heartbleed, it’s certain that our behaviour created these.  Rushing through the software development lifecycle where security has a very high percentage of being neglected until last minute, if at all.  Not patching systems or properly responding to threat notifications.

Vulnerabilities and risks throughout the systems do not happen by themselves, nor do malicious individuals accidentally retrieve our personal information.    

We have to stop looking at our failures as a way to shift blame onto someone.  This is another behaviour; we don’t blame something, such as a firewall or a software application, we blame someone.  With Brand names in jeopardy and as the blame to point the finger rises the corporate ladder, now is the time to look at these failures as a great opportunity for improving our behaviours towards information security.  It’s not to say all bad things that happen are intentional.  However, negligence and ‘I didn’t know’ are inadequate responses for cyber breaches.  Ownership falls on the responsibility of the business.    

There’s a current theme for professionals working in the information security realm; you pay for security now or you pay for it later.  When you’re a multi-billion dollar a year enterprise, you can absorb cyber breaches.  Still, when you’re financially responsible for distributing out in the hundreds of millions in costs because of a breach, is this not enough to change our behaviour towards information security?

So how do we change our behaviour towards information security?  How about we start with setting expectations?  We reward personnel for meeting sales targets and praise them for client satisfaction.  How about we reward them for not clicking on a phishing email by reporting it to the IT person in charge?  Or we reward them for not spending a copious amount of hours on social media sites in the workplace, although our acceptable use policy states ‘reasonable amount of time’?

It’s about bringing security to the forefront in your workplace.  Discuss it, reward it and it will become a workplace behaviour.  This is a behaviour worth expecting.    

Want to learn more about how this impacts your marketing efforts? Click here to connect with TaylorMade Solutions.

Influence

Why Influence Still Matters

When you are about to make a purchase, what do you do? If you are like me and most people, we do some research and then based on what we find, we…wait for it…we ask our friends, colleagues and family what product or service they use. This my friends is influence at its best. In fact, it is the precursor to social proof.  We feel better knowing that the people we trust and respect would: 1) share their experience with us and 2) recommend a product/service or, conversely send us running for cover because of their experience.  And, this is why influence still matters.  

For brands then, this really is at the heart of the matter. More specifically, it is at the heart of the people who manage the brands and plan, plot and strategize how to influence buyer behaviour. Ultimately these same people want to understand how to influence others. Influence is not new. Dale Carnagie knew this back in the 1930s. In fact, his book “How to Win Friends and Influence People” was published in 1936.  Still a good read by the way!

While wanting to influence is not new, what has changed is primarily how we go about influencing. There is now more of a focus on influencing influencers. This area of marketing is of particular interest to me, and many quite frankly, because of the potential for significant changes to consumer behaviour.  But the question remains: how do you influence and influencer? Here are six key principles of influence according to Dr. Robert Cialdini to consider:

  • Reciprocity
  • Commitment and Consistency
  • Social Proof
  • Authority
  • Liking
  • Scarcity

When it comes down to it, these six principles really make sense.  The only thing that I would add to this mix is patience. When building an influencer program or relationships, it is key to remember that Rome was not built in a day.  After all, working with influencers is about relationships and it makes complete sense that there is some give and take (reciprocity), commitment to the relationship and consistency.  After all, how do you feel when your “friend” only reaches out when he or she wants something?  We already know that social proof is very positive based on our insistence of asking people we know about products/service. We also like to know that people we trust, people who have authority, will guide us in the right direction. Additionally, we are influenced by the mere fact that “others” like something. You know the feeling..everyone is getting the new iPhone so you kinda feel like you should too. And, finally scarcity is very important in influencing someone. Again, relating back to the iPhone, think about how it feels to be on the pre-order list. Specifically think about how you feel when you have that new iPhone way before your friends. You know that feeling. You feel really special and important. That of course is the ultimate in influence!

Next time I will explore the six principles in more detail looking at specific examples and delve into the question of whether to pay or not pay influencers. 

Feel free to follow me on Twitter!

NOTE: this post previously appeared on InNetwork’s Blog.