SaRB for SMO's blog pages contain between 3000-4500 words, as a non-subscribers you only have access to 800-1000 words.

(Reading time: 8 - 15 minutes)

Getting and Keeping Enterprise Customers with Security

Hot

Getting Enterprise Customers

Today's enterprise customers are more attuned with risk and security and because of that they want to work with suppliers which take security seriously. This is especially so as there have been many high-profile breaches which originated from a third-party supplier. So, the best way that Small Organisations can get and keep enterprise customers is to demonstrate that they understand risk and security.

This is edited content from Sarb Sembhi and co-host Nick Ioannou. Also in video and podcast media.

 Glossary Terms in this Blog Article - hover to view, click for full glossary.

 

Introduction to getting & keeping enterprise customers

Today, we're going to be looking at what Small Bcan do to ensure that they keep the enterprise customers and what enterprise customers are particularly interested in knowing about a Small Organisations when it comes to security.

Default sample awareness and knowledge infographic

Supplier pre-qualification questionnaires

When you first engage with larger enterprises or organisations, they normally ask you to fill out a Pre-Qualification Questionnaire (or PQQ) and one of the first few questions that's normally on there is: "Do you have Cyber Essentials Certification?"

It's a pretty straight forward certification that provides assurance that you have covered the basics of cyber security controls. The UK Government made it mandatory for any outsourcing of government or local authority procurement. It only costs £300 a year for the basic certification. You can spend more for the plus versionm and it's really straightforward.

It makes sure you've covered all the basic security controls, so that you get on to the bigger questions that they're interested in.

Your competition does the basics for their critical customers

The other thing about the Cyber Essentials Scheme is that even if an enterprise procurement process hasn't made it mandatory, as a Small Organisations you will be competing against larger suppliers who may have 'Cyber Essentials Plus.' So, at least having the Basic level puts you above those that don't have any. And often it will mean that you've got fewer questions to answer.

What some enterprises may do to ensure the security of their supplier organisations if they don't have Cyber Essentials Certification, is to ask you additional security control questions. If you really don't know how to answer those, it's going to show. So, if you've got Cyber Essentials Certification, firstly it could mean there's less forms to fill in. Secondly, it shows commitment that at least you've taken the basic steps even if you haven't moved on from there.

And the Cyber Essentials Scheme is an evolving standard and more and more organisations are making it mandatory. If you can get it done sooner it makes life a lot easier.

Create the appropriate security policies and procedures

The first point I'd like to make, is that you need to have policies and procedures in place. The policies that you have in place will vary depending on the Organisations you're in, what you're supplying, who you're supplying it to, the industry you're in etc. Equally, if you want to show that you're a cut above other suppliers, having those policies enables you to convey what it is that you're doing to make sure that you are backing up what you're saying.

As a minimum, you need a Security Policy and a Data Protection Policy. The others that will possibly add value, could include a separate Password Policy, a Firewall Policy, and a Starters, Movers and Leavers Policy. Again, it depends on what you're doing, what's important, what's not important and what Organisations you're in.

For example, your Data Protection Policy will feed into who you're using and where you're storing the data, which is what a lot of these organisations are really interested in. They want to know who your suppliers are and how you know the information they are giving you is being protected.

Default sample Threat Map infographic

This section of the article is only available for our subscribers. Please click here to subscribe to a subscription plan to view this part of the article.


Infographic images are copyright of Virtually Informed, and available to registered users for download during the publication week of the blog article together with other downloadable resources, including: all related infographics on this page, example policy templates, posters, screen savers and much more. 


Actions and Activities

Now, on SaRB for SMOs:

  • Help us to help you by completing our short poll on this topic (only available when article is published).
  • Let us know which FAQs you would like us to answer.

Later, in your Organisation:

  • Complete Board level Policy Review
  • Update Policy
  • Present to the Board for Agreement

Finally, if you know anyone who could benefit from the information you have viewed, please invite them to register for SaRB for SMOs and share our resources with them.

Follow-up Resources:

Virtually Informed Resources:

  • Glossary - at the top of this blog article (link to items).
  • Infographics (Downloadable in the week of publication).
  • Download Items - Policy Templates, etc. (Downloadable in the week of publication).
  • FAQ’s (Available soon).
  • Blog articles (link to items )
  • How To articles (links only available to Premium subscribers).
  • Other content (available soon)

External Resources:

  • Ponemon Institute Survey
  • Other Survey information