Trust-building-blocks

If you’ve ever rolled your eyes after hearing a prospective client say, “No one ever got fired for buying IBM,” you know how it feels to be a small fish in a big pond. Any SME that aspires to sell to big companies knows about their almost instinctive preference for buying from other big companies.

One reason for this preference is that big companies assume that, when it comes to guarding the security of IT systems and the privacy of customer data, it’s risky to do business with an SME. Big firms typically figure that if they choose another big firm as a supplier, sure, it will probably cost more, but in return they’ll have the assurance that the supplier won’t cheap out on IT security and privacy.

How can you counter this belief? One option is to also adopt a “spare no expenses” approach. But what if you can’t afford that? Don’t assume this means you’re out of the running.

Fortunately, big companies have become more discerning in recent years. Although they’re still willing to pay higher rates to large suppliers if they feel they must in order to get the level of IT security and privacy they need, they welcome a less costly alternative. If you can assure them that it isn’t risky to do business with you, they’ll be happy not to pay the plus-sized price tags many large suppliers charge.

Here are the three key things large companies are seeking in IT security and privacy—and how you can offer them these things without having to spend big bucks:

  1. Big companies want to be able to trust you: You need to make it clear that you know what you’re talking about regarding IT security and data privacy. Reassure potential clients by showing them that you have all the bases covered, from having certified IT personnel in place to being in compliance with the same standards and legislation as your clients. Let them know in clear and simple language that you’re aware of the potential problems that can arise in this area and the steps you’ve taken to address these problems.
  2. They want you to make them look good: Outline to them the rigour with which you handle the security and privacy functions, so they can assure their own customers that they adhere to high standards in this area. If your business is a restaurant chain, show potential clients the steps you’ve taken to ensure that your employees don’t disappear with customers’ credit cards and that you’re not using beat-up old card readers. If you run an accounting firm, win over big companies with your knowledge of the key principles of privacy and the practices you follow to adhere to these principles, especially for exchanging information online. If you run a Web design firm, put big customers’ fears to rest by showing them how you develop secure code and have your practices independently audited. It really makes a difference in the way they look at you.
  3. They want you to head off potential problems before they arise: Show that you care as much about their business as your own by reviewing your processes to identify any that could hurt or embarrass big clients. Do you have customer service reps collecting client information? If so, have them read out scripted privacy policies to clients as long as they accurately describe your practices. As well, build the sensitive parts of the data-collection process—such as when clients have to state their passwords over the phone in order to connect with tech support—into an inexpensive voicemail system, as ING Canada has done. Does your website need to protect the security of online transactions? Point website visitors to your digital certificates and show that you use a reputable processing company. Do you use surveillance cameras to keep a vigilant eye on customers? Post a clear notice in plain English that complies with privacy law.

Simple practices like these, clearly explained, will please big companies. And they’ll give these new clients confidence in their decision to choose you over the competition.

Claudiu Popa is a corporate security and privacy-risk advisor, and president and CEO of Informatica Corp. He is also co-author of The Canadian Privacy and Data Security Toolkit (Canadian Institute of Chartered Accountants, 2009) and Managing Personal Information (Reuters, 2012).

More columns by Claudiu Popa

Loading comments, please wait.