In Security We Trust: Best Practices for Navigating Security Decisions

For a technical buyer for large organizations, it’s critical to evaluate business solutions through the lens of whom you can trust.

You need to look beyond the shiny marketing spin and smoke-and-mirror demos and get to the punchline, which is security.

Emotions and trust impact how we make all types of decisions, whether buying a new car or innovative technology for your organization.

For example, early in my career I was asked to choose between two different ERP software vendors for our manufacturing business. During the sales process I found myself becoming emotionally attached to the one with more “sizzle” and “bells and whistles.” However, as a final step in the diligence process, I decided to engage industry analyst expertise to assess and validate both companies from a financial and compliance perspective. 

And let me tell you, I’m glad I did.

The company lacking that extra “sizzle” ended up meeting our standards, while the company with the “sizzle” fell short. Our final decision was based on a measurement of trust. In turn, our project turned out to be highly successful. Today, the company with the “sizzle” is out of business.

A study by Deloitte surveying B2B purchasers revealed those who very strongly agreed that the brand employed measures to prevent data loss and privacy breaches were 24% more likely than average to highly trust the brand.

In today’s digital environment, security builds trust.

Organizations need to earn their customers’ trust, and it happens when they feel confident their personal information will be held securely throughout its journey.

The same Deloitte survey found that end users who very strongly agreed that the brand leveraged its digital capabilities to enhance the customer experience were 14% more likely than average to highly trust the brand.

Now that I’ve (hopefully) illustrated the connection security has in developing trust, let’s talk about best practices when evaluating prospective vendors to ensure they pass the trust test.

You need three components outside of the core functional review:

• Your requirements – What are the minimum security requirements for your organization? How stringent do they need to be to instill trust in customers?
• Peer reviews (direct or published) – Tap your peers and industry partners to gain insight into what they’re using and what’s working for them.
• Third-party validation – Look for third-party validation through compliance and industry best practices.

I wish I could tell you that following these steps will ensure security nirvana, but we all know that doesn’t exist.

According to a recent Harvard study, tech CEOs ranked cybersecurity as the No. 1 threat to their organizational growth over the next three years, and the vast majority (77%) believe a strong cyber strategy is critical to engendering stakeholder trust.

Having your ducks in a row can help protect you from real-time threats.

The most common cloud threats I’m talking about are:

• DDoS (Distributed Denial of Service) – An attack that maliciously attempts to disrupt the traffic of a targeted server, network, or service. This can happen when the target or surrounding infrastructure becomes overwhelmed by internet traffic.
• Ransomware – Like the name, ransomware is malware that encrypts an organization/user’s sensitive information, denying access and holding it for ransom. Attacks are brought forth by phishing emails, user errors, access management, organizations’ lack of security training and knowledge, etc.
• Downtime – Even though 100% uptime is difficult to achieve (some say impossible), organizations have the potential to drastically reduce downtime by deploying leading data security technologies that work to modernize backups, provide ransomware protection, recovery and more.

Again, there’s no magic wand when it comes to cyber risks, but you can help mitigate them.

When looking for technology solutions, you need to analyze security capabilities through both a wide lens and not a magnifying glass, because there are many layers.

The physical, software and infrastructural levels matter, and data must be secure at each stop in the journey.

Here’s what to look for:

• Data hosting – A centralized location for storing, organizing, and disseminating data and information ensures information is secure while enhancing the customer experience. It allows users to shift between communication channels seamlessly.
• Data in transit – Confidential data in flight also needs to be protected and securely encrypted all the way to its destination.
• Data at rest – The same principles should apply when the data is at rest.

End-point security for customers and employees – At this point, data has arrived at its destination. Quality endpoint management works by authenticating and supervising access rights of the physical devices used to extract information.

I hope by now you see that it isn’t sufficient to just “check a security box” and risk doing damage control later. You need to do a deep dive.

Digital is here to stay, so organizations might as well get used to it. Better yet, prepare for it.

Trust and Security as It Relates to LinkLive  

Speaking of prepared …

LinkLive was founded on security — the foundation of trust. 

As we evolved our platform and introduced new capabilities, such as artificial intelligence to enhance the customer experience, we applied the same due diligence.

Our No. 1 objective has been and will always be to ensure LinkLive is, hands-down, one of the most secure and trustworthy collaboration and communication solutions in the CEP market.

And it seems to be working. Just ask our 600+ financial service customers.

But our job is never done.

We’ve made the following investments in security and will continue to be at the forefront in this area:

• 2015: Systems and Organizations Controls 2 (SOC2), a voluntary auditing procedure/framework that provides organizational controls and practices for technology services and SaaS companies to ensure customer and client data is safeguarded in the cloud.
• 2017: The HITRUST Common Security Framework (HITRUST CSF) is a global security and privacy framework that supports organizations with information protection, risk management and regulatory compliance, and earned SOC2 Type 2 certification. 
• 2022: System Security Plan (SSP), a roadmap and comprehensive summary to organizational cybersecurity functions and features, including a proactive plan of attack for future threats.  

Looking ahead to 2023 and beyond, we’re aiming to receive Authorization to Operate (ATO) by the Federal Risk and Authorization Management Program (FedRAMP), the most stringent security framework on the planet. Boom.

The moral of the story is that you won’t be seen as trustworthy if there’s any question about security.

When evaluating a vendor, I encourage all technical leaders to ask themselves, “Is this a company and solution I can trust?” If not, it probably shouldn’t make the shortlist.

If you’re interested in partnering with LinkLive, don’t hesitate to reach out.

We’d love to chat about ways your organization can build trust by safeguarding your customers’ critical information while providing high-quality digital engagements.