058 | Building a Culture of Security within Healthcare | Tony Anscombe of ESET | Studio CMO - a podcast by Golden Spiral, Shaping Technology Marketing

Today’s marketers wear many hats—when it comes to webinars, they have to build the slides, run the software, and follow up. Despite the reputation and stereotype of marketers being extroverted and performers, many don’t like being on stage or camera. The purpose of a webinar is to bring your attendees/audience closer to what they need. In this podcast episode, Ashley Levesque from Demio walks us through the power of webinar platforms, building engagement, and how to build a webinar funnel and KPIs for HealthTech applications.

About Our Guest

Tony Anscombe is the Chief Security Evangelist for ESET. With over 20 years of security industry experience, Anscombe is an established author, blogger and speaker on the current threat landscape, security technologies and products, data protection, privacy and trust, and Internet safety. His speaking portfolio includes industry conferences RSA, CTIA, MEF, Gartner Risk and Security, and the Child Internet Safety Summit (CIS). He is regularly quoted in security, technology and business media, including BBC, The Guardian, the New York Times, and USA Today, with broadcast appearances on Bloomberg, BBC, CTV, KRON and CBS.

The healthcare industry is very good at preventative medicine for their patients. Paying cybercriminals is not preventative because it's funding and resourcing bad actors for the very next attack. —Tony Anscombe, ESET

[gravityform id="8" title="true" description="true"]

Three Steps to Building a Culture of Security at Your HealthTech Company

Don’t leave security to the IT technicians. Build it into your marketing messaging and automation. Healthcare providers—whether attacked or not—are chilled every time they consider a new solution to add to their digital mix. They worry if the new application will become a door that can be breached by bad actors putting millions of dollars and patient trust on the line. Don’t miss that hurdle in the customer journey you and your sales department are creating for potential clients. You can set yourself apart by taking these three steps.

Start with You

Michael Jackson famously sang, “I’m starting with the man in the mirror.” You need to start with your own company.  How well do you handle sensitive data to prevent loss, a breach, or corporate espionage? Start with you. Make sure your company data is locked away. Give your IT team freedom to look at cybersecurity tools and stay on the cutting edge. Build upgrades into your budget so you can be more nimble. How carefully do you handle your own customer data? With the onset of GDPR and CCPA, many companies wrestled with their customer data plans, their email lists, and more. However, a large number of SaaS companies, especially start-ups and those in the US but outside of California, didn’t upgrade their websites and systems because they didn’t meet the threshold requirements. If you’re going to be an unbreakable link in the chain for your customers, build that strength now. Systems and procedures are not enough to protect your customers’ sensitive data. Every person who works at your company (plus any freelancers) need to keep the value front and center in all that they do. Imagine if you went inside for a banking transaction and could see another customer’s information on the screen or could easily look on the teller side of the counter and see account numbers, names, and balances. You would feel like you were banking at a careless institution. Work with your entire team to raise the standard of protection so they each feel responsible. Call it security collaboration. You may even want to create some internal marketing for the standard so that everyone feels part of something bigger than themselves. (For more, listen at 14:00 and following and 27:00 and following.) When you create your next product, don’t wait till after you’ve developed it to add security features. Start with cybersecurity. Build your product in an environment of security. (Listen at 24:00 and following.)

Spruce Up Your Security Process within Marketing Functions

When a visitor comes to your site and downloads a white paper or signs up for your email list, what security protocol is in place? Is there two-factor authentication or a verification code sent by email or text? How do those messages look, feel, and sound from a marketing perspective? Don’t accept boilerplate language or templates here. Work on these expressions of security so that your users feel secure when they interact with you. Don’t let your privacy policy be a jumbled mess of legalese that is a mess to read on the screen. Treat it like a long blog article. Use subheadings and simpler language for a better experience whether your visitor is skimming or reading. Help them feel confident in your security. (Listen at 16:00 for more information.) If someone unsubscribes from your list, don’t waste an opportunity to demonstrate how carefully you treat personal data. Sure, you may still want to try and retain their place on your list, but it is more important to let someone leaving know with confidence that they won’t receive any more communication from you and their name isn’t for sale. What other subtle ways could you remind your visitors and email list that their data is secure?

Include Security in Your Front Line Marketing Messaging

Trust must be earned. You can’t call yourself a trusted partner. Only your customers can bestow that honor on you. In the same way, you can’t demand to be trusted in the marketing and sales process. You must earn it. However, you won’t earn your prospect’s trust if you don’t talk about security and demonstrate it.

• When you answer objections about your solution, do you include any security information?
• Do you include security as a part of your FAQs?
• Can you spare a few words in your elevator pitch to nod to security?
• How many seconds does security receive in your pitch presentation and deck?
• Do you have any comments and endorsements from existing clients about security?

Keeping data secure is high stakes for healthcare institutions. Be their armor-bearer. Help your customers be even more secure than they are now. Tony Anscombe, Chief Security Evangelist for ESET believes there is a broader call in the healthcare industry. “Healthcare is regulated by HIPAA. This is very generic security terminology used in HIPAA,” Anscombe said. “I think if I was in the HealthTech industry, I would be looking beyond HIPAA compliance. When you have regulations or legislation, it’s merely a stake in the ground. Go beyond. Innovate further. Look at some of the other innovations around security technology that could be used to further—not just comply—but to go way beyond compliance. There’s too much at stake.”

Links Mentioned on This Episode

• Dr. Michael McGuire presented his research at RSA 2018 where he found that the total cost of cybercrime worldwide was $1.5 Trillion per year.
• In 2020, the World Economic Forum revised that number. They estimated that the global risk was over $6 Trillion.
• In 2018, Atlanta, Georgia’s Smart City Servers were hacked and the ransom was $51,000 in bitcoin.
• The attack on Kaseya, a SaaS and managed service provider, was attacked with a total ransom of $70 million.
• Britain’s National Health Service was attacked but the government didn’t pay the ransom. It cost an estimated $122 million to bring the network back online.
• Zero Day Vulnerability in Microsoft.
• Golden Spiral’s Privacy Page
• ESET’s Privacy Policy
• Tony Anscombe’s “We Live Security” video series

Further episodes of Healthcare Market Matrix

Further podcasts by Golden Spiral, Shaping Technology Marketing

Website of Golden Spiral, Shaping Technology Marketing