The quickest way to lose a customer forever


What factors will give your business the edge in the coming years? Your first answer might be speed, the quality of your products or the strength of your customer relationships. But what if I argued that security was the real competitive advantage for the future?

Customer experience is the major factor in determining whether a customer digs in for the long haul or ditches you for another provider. A recent PwC report found that nearly one in four Australians will stop doing business with a brand that they love after just one bad experience. Trust is the key to long term loyalty. If you break a customer’s trust, it can be hard to get it back.

Unfortunately, trust isn’t something most businesses have in spades at the moment. A slew of high-profile data breaches, misuses of data such as in the case of Facebook and Cambridge Analytica and the misconduct uncovered in the Royal Banking Commission enquiries has public trust in Australian businesses as low as 45 per cent. And given that almost one in four Australian small business have been impacted by a cyber threat and more than half are operating without cyber-crime protection, we can expect consumers to start turning away from businesses that don’t make security a key priority.

With that in mind, it’s important to consider the small steps that businesses can take to implement more robust security measures. Here’s where to start:

  1. Consider secure cloud solutions

Many businesses wonder whether it is more secure to store data in a data centre or their own servers. But even if your data is held at your own office, it is still probably connected to the internet, whether directly or indirectly – this means it’s vulnerable to potential security threats.

Working with a secure, global cloud provider is one way to reduce your risk. Providers can store your data across multiple data centres and run regular replication and backups, improving your business continuity in the event of an attack. Previously, this level of support was only affordable by large enterprises but now, it is a more accessible option for small businesses.

  1. Eliminate unlicensed software

Malware threats are now at an all-time high, with eight new threats appearing every second. And the use of unlicensed software, such as software that you download for free, may be to blame. Experts say that businesses face a one-in-three chance of encountering malware when they obtain or install an unlicensed software package or buy a computer with unlicensed software on it. By using only registered software, you dramatically reduce your security risks as licensed software is patched with the latest updates to defend against malware incursions and data breaches. It may be tempting to cut corners and save money on unlicensed software but it’s not worth exposing your business to unnecessary risks.

  1. Implement two-factor authentication

More often than not, you only use a simple username and password to access your business software and applications. This leaves you vulnerable to cyberattacks, phishing scams and user errors as passwords can be guessed or found if they’re not properly managed. Enabling two-factor authentication on key applications is an easy way to decrease your risk level.

Two-factor authentication uses a secondary confirmation method on a mobile device or a separate piece of hardware to confirm your identity. Essentially, it’s a combination of ‘what you have’ such as a physical token as well as ‘what you know’, captured in the standard username and password. Two-factor authentication is a best practice for companies that want a strong security presence to protect their customer and financial data, even in industries or companies that are not subject to specific requirements.

Boost your security resources

The most telling factor in determining an organisation’s risk level is what dedicated personnel resources and technologies it has in place to maintain security and monitor and counter against potential attacks. Very few organisations, however, have adequate resources allocated 24×7 to maintain security. Fewer still have achieved important internal security certifications around data stewardship such as PCI DSS compliance.

When this level of investment is not feasible, cloud providers are useful in enabling the scale to invest substantial amounts in security compared to what an organisation can typically invest on its own. Cloud providers should be running third party scans and penetration tests as well as the necessary compliance certifications.


Lee Thompson, Group Vice President & GM, Asia Pacific and Japan, Oracle NetSuite.