How to build your customers trust, start with a security policy

No matter what the size of your business, your clients have a perceived understanding that your business will do everything in its power to protect that information.    In addition to this, most businesses have a legal and moral obligation to make sure that information gathered about a customer will be protected at all times, this is where the perceived understanding comes from.

Some SME’s understand that to build trust with their customers they have to show how they will protect that information.   The two most noticeable signs from a web site are through an anti-spam policy (we will not share your email address …) and encryption of data between the web server and the browser using SSL.

In addition to this process of proving they are trustworthy they have to restrict the number of questions that are being asked to gain access to their site.   Unless the business site is a full blown e-commerce site a gradual introduction and systemised process of gaining additional personal information needs to be implemented.   This builds trust.

So building trust in your web site is critical to increasing purchases, revenue and profits.   Small and medium businesses and not for profit organisations have to think of ways to put the customer at ease and interact and purchase from them and not from their competition.

Most enterprise level businesses factor in the legal ramifications of a breach, SME’s do not have that benefit.    With compliance and trust issues SME’s need to do everything they are capable of to protect their business data.   The legal obligations are not the way to go.

Here are a couple of ideas to implement.

Choose the best security practices for your business.   Always look at the best ways to implement and secure your client and customer data,   A basic business name and address of a client is less important than individual names and addresses which is far less important than financial information.   Each level of information needs to be managed and protected differently.

Segmentation of your data.  As stated above each level of information needs to be managed and protected differently.    But each level of information can lead to higher levels of individual information.   All levels have to separated into more secure areas to ensure that one single compromise will not endanger all level of information within a business.

ROI is important.   It is no use investing in the Rolls Royce version of a security system when the scooter would have done the job better, for less cost and less management.    No security system is worth never achieving a return on investment at some level.

Most security investment will appear to be a costly.   They always have to be tempered with the consequences of a breach.   Good ROI can be achieved with systems that ensures granular protection of the businesses data.   The more granular, the better protection can be achieved.   Separating normal data, personal information and personal financial information is critical to the way the data is protected.

Build a security profile for your business.   Use check lists and best practice to create a secure business environment.   Best practices and checklist can also be utilised in your marketing by pointing out that every effort is done to protect the clients and customer data at all times.   Do not tell your clients what you do, tell them what it does for their information.

Roger Smith, is an educator. Teaching students at ADFA (UNSW) and showing them how vulnerable they are to cybercrime.

He is also CEO at R & I ICT Consulting Services Pty Ltd, an Amazon #1 author on Cybercrime and founder of the SME Security Framework. He is a Consultant who specialises in inexpensive and highly effective security strategies for small and medium businesses and not for profit organisations.

He has developed and authored the SME Security Framework and the Security Policy Training Course which are considered to be the definitive guides to helping SME's protect their organisation using the principles of Technology, Management, Adaptability and Compliance.