Follow GFI:
Find us on Facebook Follow us on Twitter Find us on Linkedin Subscribe to our RSS Feed Find us on YouTube Find us on Google+
 

Selling security in a contracting economy

on July 10, 2009

Up to a few years ago, vendors were united in a single battle cry: your business is at risk… unless…! Scaremongering worked to an extent but it soon became obvious to many organizations that vendors were crying ‘wolf’ far too often. The result has been a growing level of suspicion among SMBs and a tougher challenge for vendors and the channel to convince them otherwise.

Cybercriminals have honed their skills using technology to defraud people. Their modus operandi evolves daily and while financial gain and access to corporate data is a primary reason for their activity, we are witnessing a new breed of hackers whose sole interest is now to cause damage to businesses and governments. The outcome is one that hits businesses’ pockets hard.

That is why I believe that our messaging and strategy for positioning security to SMBs needs to change. We need to continue creating awareness on the myriad threats that exist out there, but we also need to focus on issues that are of greater interest to businesses: how security (or lack of) hits their profits.

Business owners don’t want to be told how a security threat could possibly affect them but they do want to be told how an email management system – set up with minimal cost – will save thousands of dollars by cutting down the number of unproductive hours managing the unmanageable.

They want to be told how a small investment can prevent corporate data from being lost through portable storage devices, social engineering attacks and unmonitored endpoints.

The point here is that we need to correlate security to productivity cost throughout the sales cycle. Obviously there are security risks but what about the costs associated with the above?

Are businesses aware that they are losing hundreds of dollars in non-productive, non-work-related online activity when productivity can be drastically improved if that activity is control and monitored?

Do they realize that employees downloading or watching videos on YouTube is hogging up bandwidth; bandwidth they are paying handsomely for every month? If eight employees spend an hour a day on social networking sites, the business has lost a full day of productive work. Taking the average hourly rate to be $18, this translates into a non-productive cost of $144 a day or $37,440 a year (260 working days). What if all your employees spent an hour a day browsing the internet?

Do businesses factor in the costs involved if they had to be caught napping and were unable to produce emails requested in a legal suit, let alone the burden on IT administrators to manage growing demands for additional storage space and the nightmare to keep track of employees’ .PST files?

I have no doubt that many small-and medium-sized businesses are ignoring these facts and this is probably one reason, among many, why security issues are not given proper consideration. Combined with their lack of awareness on how security threats are evolving (and targeting SMBs) it is not surprising that businesses continue to equate security to spam and viruses.

And this is why we need to change our approach to positioning security. Securing business will depend on how effective we are in explaining to customers that failing to address security in today’s ever-changing environment is costing them money – far more than if they were to spend a few hundred dollars in the first place!

We need to change our battle cry once and for all. Security is a cost of doing business but a worthwhile cost if it will safeguard a business’s profits and existence.

Walter Scott is CEO of GFI Software

About the Author:

Walter Scott is CEO at GFI Software. Walter most recently served as the CEO of Acronis, a provider of scalable storage management and disaster recovery software, where in the space of three years he increased revenues from less than $20 million to approximately $120 million for 2008. Prior to joining Acronis, he was CEO of Imceda Software where he executed a combination of leadership and marketing strategies that resulted in a successful sale of the company to Quest Software for $61 million. Walter was also instrumental in Embacadero's successful IPO in 2000. He started his career in sales with Banyan Systems where he contributed to the growth and success that lead to Banyan's IPO. Walter holds a Bachelor's degree in Marketing and a Masters Degree in Business Administration from the University of Maine.

submit to reddit
 
Comments
TheBelgian July 13, 20092:08 am

A company who feels the need to monitor their employees’ Internet activity to ensure they are productive should ask themselves whether such “big brother” like practices are really the solution. If their employees truly are their best asset, I really question this approach. Companies which do have highly creative and productive employees tend to follow the play hard, work hard approach. Productivity should be managed by the work they actually produce rather than the time spend.

Walter Scott (CEO) July 16, 20094:16 pm

Monitoring employees’ web activity goes beyond simply checking who is doing what online and how much time is spent browsing the internet. I would agree that creative and productive employees do not need monitoring, but there are other employees who do not always pull their weight within the organization. Apart from possibly wasting time, these employees have a negative impact on those around them. Hardworking employees do not take kindly to colleagues who waste time while they are working hard to meet deadlines. With monitoring in place, management has a front-line view of internet activity in the company.

A wise manager will not criticize productive employees who spend a few minutes on their social networking site or reading Yahoo news, for example. Yet, managers are also duty bound to stop those who are abusing the system (internet access is not an employee right) for the company’s sake and the good of those who work hard.

Another point I would like to make is that monitoring is not limited to checking who is browsing the internet. Web monitoring and filtering is key to preventing malware from being downloaded and infecting the network. It only takes one employee to visit a poisoned website. It also only takes one employ to visit an inappropriate website.

What we often forget is that we are living in a society that is becoming increasingly litigious. Businesses are sued and dragged before the courts for even the most absurd of reasons, and yet businesses cannot afford to be caught napping. Web monitoring and web filtering give business owners the ammunition they need to counter any claims from clients or employees. In an employment dispute, for example, you may need web browsing reports on an employee who is suing for unfair dismissal. If you can prove that he or she spent excessive time on the internet or accessed inappropriate sites instead of working, you’ve won the case. Without that evidence, you have a very weak hand. It is also management’s fiduciary responsibility to have the data for when it is needed.

The risks are too high for businesses today. It is not a case of ‘big brother’ but rather one of ‘keeping alert’ and being ‘prepared’.