Compliance has traditionally been the priority for many organizations. But with data and systems more vulnerable to attack than ever before, InfoSec teams need to take a risk-first approach to be truly effective. Download this eBook to discover best practices for cyber risk management and the critical role automation plays.

Download Now

By Duncan Greaves

Your business reputation is key to building communities, establishing partnerships, and why others choose your solutions. That reputation, whether you operate as a “solopreneur” or employee, is an external evaluation based on such criteria as direct experience, communications, branding, and/or established thought leadership. Information security professionals too often leave business reputations up to other departments or employees. However, they play no small role in how that organization’s reputation is shaped and evolves.

Assessing a company by reputation is used as a shortcut toward assessing a potential business partner. External parties look to your reputation to gauge whether they can build trust and have confidence in your ability to deliver. The most direct source of reputation is experience. However, digital environments—still preferred during these pandemic times—make direct, face-to-face encounters less common; therefore, an organization’s reputation is often evaluated by what can be gleaned from online reviews, e-recommendations and communication systems.

In building reputation, opinions about your organization can be both polarized and conflicting. There will be those who do not share the same corporate views or culture, or who do not believe in the same best practices.

“Maintaining reputation should be a key motivation for any company. Though seemingly intangible, reputation is a key driver of success,” according to Dr. Robin Renwick, a research analyst at Ireland-based Trilateral Research. “It might be difficult to quantify, but we have seen time and time again how a company’s bottom line suffers when reputational damage is incurred.”

How to build a solid reputation as a trusted company

To mitigate the potential for reputational damage, it is important to proactively build and protect your company reputation. Here are seven recommendations for how cybersecurity professionals can assist.

  1. Use social media strategically. Social media can be difficult to manage in advance, and an organization’s internal issues may be revealed or heightened by content posted online, especially by employees or contractors using personal accounts. This can raise reputation risks. To reduce these risks, it is necessary to set up search alerts and regularly scan for reviews and opinions posted about your organization. In modern environments it is not always possible to control the message, so be sure to check with your organization’s CISO and corporate communications team before responding to a post as part of a corporate information security strategy.
  2. Seek and present third-party validations. Remember that reputation is not evaluated entirely by communication, history, credentials or awards. It’s also based on other parties vouching for or advocating your trustworthiness. Seek to emphasize the positive collaborations you have had with partners; this helps external parties to see the positive benefits of associating with your company. Reputation can be transferred from offline to online situations; you just need to communicate this.
  3. Develop strong, consistent messaging. Your reputation must be communicated in a predictable fashion to reassure others that you can reduce risk and minimize the complexity of situations requiring trust. Uncertainty in communications can introduce doubt and reputation risk, and create wariness amongst customers.
  4. Earn credentials that reflect expertise and high standards. Associating with institutions and training providers, as well as demonstrating compliance with regional, national and international standards, allows potential partners to expect standard behavior rather than just trusting your goodwill. This will enhance your business integrity and reputation and increase external confidence in your ability to deliver what you say you will.
  5. Do your own homework. Although it is not possible to create trust just by having a third-party validation or time-tested control procedures, customers must be convinced of the quality of the sources of recommendation. Fact-checking and background analysis on the sources of information to prevent impersonation or unwarranted criticism helps ensure authenticity to add to measures of reliability and adherence to standards.
  6. Seek the right testimonials and other referrals. Recommendations are based on either first- or second-hand reputation information or information from other parts of the recommenders’ network. Since these often act as a substitute for direct observation, the reputation of the recommender is also important. Recommendations from those with good reputations lend more authority and weight to their opinions.
  7. Vet your supply chain and service lines. Where your products rely on third-party providers, ensure that you have confidence in their reputation and ability to deliver. Research has shown that when delegating tasks, customers rely on the reputation of the primary partner, but confidence actually comes from the quality of the service. Your organization will benefit from a reputation boost from a job well done but will suffer if your service partners do not adhere to their responsibilities.

The application of information security values produces a security reputation dividend that enhances the willingness of others to accept the benefits of social and digital interaction. Organizations with a reputation for valuing information security are likely to gain higher levels of trust from customers. And, in turn, more long-term customers over time.

But no one’s going to take your word for it. Instead, reputations come from not just what is (and isn’t) written about an organization, but also who writes it.

The business advantages of being in good standing include being able to charge a premium or receive preferential treatment on goods or services, an increase in the number and quality of business contacts, and the prestige of becoming a sought-after reliable business partner.

Duncan Greaves, Ph.D., CISSP, is a cybersecurity researcher and writer with interests in systems architecture, human factors and digital trust. He is based in the UK.