So you are either starting a new business, or you are an established business embarking on an exciting new project that will deliver growth. Your immediate focus is going to be on the idea, the product or service you will be providing, or maybe it is an innovative new process that will give you competitive advantage.
You will want to make sure you have the skills and resources needed to deliver it. So what has information security got to do with growing your business? The answer will depend on you and your business but that answer will be ‘something’ in every case and maybe even ‘everything’ in some cases.
In the end it all comes down to understanding what information you use, the chances of that information being lost, stolen or shared with an unintended recipient, and the impact that would have on your organisation. You may have a market leading innovation, in which case the idea itself is pretty important information to you.
What if your competitors get hold of it? We are all in business to make money so being able to get paid and keep your money safe is going to be pretty important to you. Are you going to be taking card payments? In which case you will need to make sure you comply with PCI-DSS standards. Do you provide professional services and handle personal sensitive information related to your clients?
In this case you will most likely have legal and regulatory requirements to comply with. How important is your information technology to your business, could you survive if your systems were down for an hour, a day or even a week? What if your entire system was corrupted, would you be able to recover?
You do need to consider these issues as part of your business planning, as getting it wrong may not just impact on your growth target, it could put you out of business. Information security isn’t just a defensive measure there to protect you from criminals, accidental damage, or disgruntled employees. It can also be a direct enabler for business growth.
In some sectors such as defence and aerospace and healthcare, there are already requirements to demonstrate that you have information security measures in place. The rigour with which that is assessed is also increasing and so good information security can be a positive discriminator in winning new business and larger contracts.
Security can also be a discriminator in the consumer market as the increasingly IT-literate population hears about security breaches and starts to wonder whether their current service provider is secure. If your reputation and livelihood depends on confidentiality you really should be putting measures in place to ensure that is maintained.
Being able to positively advertise the extra measures you take to protect customers’ information can offer a real competitive advantage. Imagine for example being an insurance broker, accountant or solicitor and the only one in a given town who has a service which is free to clients and enables you to share sensitive information securely such as ID documents, bank details, or intimate details of a divorce proceeding.
Would you want to promote that service to your clients and differentiate yourselves from your competitors? In advanced engineering supply chains, or when dealing with sensitive personal data as an outsourced human resources function for a public sector body, you may need to go further than that and provide third party assurance that you have adequate measures in place.
One way of that is to achieve a standard such as ISO27001. This may be an essential requirement in some sectors and a market differentiator in others. This year the government also launched Cyber Essentials.
From October 1 2014, this will be a mandated requirement for new government-funded procurement that involves IT or the transfer of personal data. It just goes to show that investment in information security is not just about protection, it really can be an enabler to grow your business. You may even be able to get a government grant to cover the costs of external consultancy.
The cyber security innovation scheme is available for assistance up to the value of £5,000 which could be used to buy in the skills to implement improvements or to get third party assurance for what you already do.
Mark Pegram is a director of Sanitas Data Security, a business offering consultancy, penetration testing, training and research to ensure businesses meet all the necessary legislative and regulatory data security requirements.
North West Aerospace Alliance in collaboration with Sanitas Data Security and Preston's College, is holding an event about digital security in the supply chain on 5th November.
The website uses cookies.
Some are used for statistical purposes and others are set up by third party services. By clicking 'Accept all & close', you accept the use of cookies. For more information on how we use and manage cookies, please read our Cookie Policy.
