When staff fritter away resources, they also threaten security
Employees are wasting valuable work time and IT security sales must address this
Scott: Employees must be kept under control, and security resellers can help
Scaremongering may work to a certain extent, but vendors have been crying wolf much too often. The result has been suspicion among SMBs, and a harder life for vendors and the channel trying to sell security products.
I think the messaging and strategy around selling security to SMBs needs to change. The IT industry must raise awareness of security threats, but it also needs to focus on how security (or the lack of it) hits business profits.
Business owners are shrewd and know a good deal when they are presented with one.
They do not want to be told merely how a security threat could affect them, but also how an email management system – especially when set up with minimal cost – might save them thousands of pounds by cutting down on unproductive hours managing the unmanageable.
They want to know how a small investment will safeguard their data and prevent their organisation becoming another victim of data leakage.
The point here is that we need to associate security with productivity cost throughout the sales cycle. Every human intervention using technology has both a security and a productivity cost element.
Employees in many organisations use work resources to browse the internet, check email, connect their personal devices, chat on IM and download software.
Businesses are losing hundreds of pounds in non-productive, non-work-related online activity, and productivity can be drastically improved if that activity were controlled and monitored.
The Hawthorne experiments in 1924-1927 suggested that employees are more productive when they are aware they are being monitored and controlled. So why aren’t businesses doing it when so much is at stake?
Employees downloading or watching videos on YouTube are hogging bandwidth, which companies are paying handsomely for every month. If eight employees spend an hour a day on social networking sites, the business will have lost a full day of work.
If the average hourly rate is £11, this means a non-productive cost of £88 a day, or £22,863 a year – a total of 260 working days. What if all employees spent an hour a day browsing the web?
Do businesses factor in the costs involved if they were caught napping and unable to produce emails for a legal suit, let alone the burden on IT administrators to manage growing demands for storage space and keep track of employees’ .PST files?
I have no doubt this is probably one area, among many, where SMBs are not giving security issues proper consideration.
Combined with their lack of awareness on how security threats are evolving, it is not surprising that businesses continue to equate security with spam and viruses.
And this is why we all need to change our approach to positioning security. Securing business will depend on how effective we are in explaining to customers that failing to address security in today’s ever-changing environment is costing them money – far more than if they were to spend a few hundred pounds in the first place.
We need to change our battle cry once and for all. Security is a cost of doing business, but a worthwhile cost if it will safeguard profits.
Walter Scott is chief executive officer at GFI Software