As we begin to pick ourselves up and brush off the dust of the COVID-19 pandemic, many of us are assessing our businesses to see where revenue declined versus areas where it may have stayed the same or even grown. The good news is, that in typical fashion, the technology industry as a whole fared better than other areas of the economy last year. The move to remote work drove many of these information management purchases as businesses first scrambled to put urgent solutions in place and then second as they settled into the long-term reality of our work from home (WFH) arrangements and began to seriously vet and choose technologies that will work well for many years to come.
But remote work also brought new concerns about information security. The Ponemon Institute has conducted annual Cost of a Data Breach studies since 2005, and they’ve consistently reported concerning trends toward bigger and costlier data loss. Digitization and Enterprise Content Management (ECM) can help organizations protect their information—no matter where their employees are working. In today’s economic climate, if you’re not marketing your security expertise, you should be!
We’re not getting better at this
The 2020 Ponemon report, created in partnership with IBM Security, studied 524 organizations. Among dozens of insights provided by their analysts, the following paint a grim picture of how companies are really doing when it comes to cybersecurity:
• The average breach compromised 26,438 records at a cost of $3.86 million.
• The average cost of a data breach has increased by 10% since 2014.
• Customer records made up 80% of lost data, resulting in 40% of the overall cost of the breach as diminishing consumer confidence led to lost business extending years beyond the breach itself.
• It takes a typical company approximately 280 days to discover and mitigate a data leak.
• United States healthcare companies are at the highest risk of experiencing a breach.
• Human error accounts for 23% of breaches — a portion they expect to increase in the 2021 figures due to the rise in the number of employees working remotely.
What does this mean for you? Energy, healthcare, and retail should be target markets for you this year, since they are the industries most commonly affected by data breaches. Since 46% of survey respondents believe data breaches and cybersecurity is the responsibility of the Chief Information Security Officer (CISO), you should target security-focused marketing campaigns at this level. You’re reaching out to individuals who already have concerns about data protection at the forefront of their job responsibilities, increasing the chance that your message will gather interest and lead to sales engagement.
Remote work raises new concerns
Whether intentionally careless or poorly trained, 34% of breaches involve a company’s own employees. But this number reflected a year when most individuals worked from offices, where information was protected by company networks and firewalls. What do the analysts expect to happen now that so many of us work from home?
The timing of the 2020 report allowed the Ponemon Institute to send some “bonus” questions related to the widespread move to remote work. They found that 76% of respondents believe WFH will make it harder to identify and mitigate data leaks, and 70% believed it would increase the overall cost of a breach to an average of $4.0 million.
Their recommendation was to “use tools that help protect and monitor endpoints and remote employees.” ECM is one of these technologies because it can apply security to information even when it’s accessed outside a company’s network.
Don’t overcomplicate it for customers
For many small to medium-sized businesses (SMBs), data security is frightening and it can easily feel overwhelming. Human nature leads us to avoid things that are overly complex, so the best thing you can do to position your cybersecurity expertise is to keep it simple. For most buyers, you’ll want to focus on a few key capabilities that are essential for protecting sensitive information. In most cases, the only time you should dive deeper is when speaking with the CISO, IT, or other technologically savvy individuals responsible for the details of a company’s security plan.
In your sales and marketing efforts, focus on just a few security features, such as the following:
Automated records retention. Those of us who have worked in the information management industry for a while sometimes forget just how important records retention is for compliance and risk mitigation for our customers. When records remain in multiple redundant locations and systems or when they don’t get properly deleted once a required retention period has passed, they are vulnerable. These improperly managed records can be compromised during a data breach, which increases the potential cost to the company. The Ponemon report explains why records retention management is so important. Appropriate management and timely deletion of records will “reduce the volume of sensitive information that is vulnerable to a breach.”
WFH requires encryption. Most document management systems include data encryption in their security toolkit. However, some only encrypt records while they are being retrieved from or uploaded to the system. In today’s remote work environment, that is simply not good enough. Data must also be secured when it is simply being stored at rest in the system. Most people understand this principle, so highlight the ability of your offerings to encrypt information both during transmission and at rest.
A data classification schema offers protection. Another security feature called out by the Ponemon Institute is what they refer to as a data classification schema. Again, our familiarity with ECM may mean we forget just how important the organization of the records we store can be. But consider how version control and index values intersect security to keep information safe. Password protected access and context-sensitive restrictions are critically important with today’s distributed workforce. We’re all familiar with general password guidelines (set strong passwords, do not share them across a team, expire passwords frequently, etc.), but did you know that index values can protect sensitive information? Many ECM systems make use of index values to offer the ability to fine-tune security to only the projects or documents essential to each employee’s job responsibilities.
Security helps you too
If you haven’t been highlighting information security among your skills, it’s time to shine a light on this area of expertise! A small shift in your sales and marketing messaging could reap big rewards for your business.