We know it can be intimidating to discuss cybersecurity with your clients, but it doesn’t have to be. Here are some tips:
- Start the discussion BEFORE a need arises. For example, don’t wait for a client’s 100-page cybersecurity questionnaire that you are not at all prepared to respond to, or for the client to call you after an incident looking for help when you have nothing proactively in place to assist them.
- Target the conversation to the relationship. If you have access to the client’s network or data their concerns will center around how you are protecting this access vs a discussion around what protections they have in place internally.
- Ask some open-ended questions to identify where they have concerns or needs, such as:
- Do you process or maintain any protected data (health records, credit card data, government data)?
- Do you know that you may also have a need to protect Personally Identifiable Information (PII), and how PII is defined differently by regulations like General Data Protection Regulation (GDPR) for citizens of EU, the California Consumer Privacy Act (CCPA) for CA residents, New York’s Shield Act, and even state by state? The Federal Trade Commission (FTC) has the authority to audit organizations that collect consumer data AT ANY TIME, even if no breach has occurred, and take enforcement action.
- Have you aligned your cybersecurity program to a known standard?
- If yes, when was the last time a 3rd party verified that you are meeting the standard?
- How often is your network tested to see if a vulnerability has left you open to a breach?
- Who monitors your network for threats 24/7?
- Who is your 24/7 resource to respond to a cyber incident?
- Is your cyber insurance coverage tailored to your cyber risk?
Ask yourself these questions to be ready when you are asked by your clients, your Board members or your commercial insurance agent when your renewal comes due. Ask your customers these questions to show that want to help them reduce their risk by making an introduction to us.