You’re Unique… Just Like Everybody Else!
Your business is unique.
No other business is the exact same size in the exact same market offering the exact same value proposition in the exact same way with the exact same people. Even if you’re operating a franchise, you’re bringing your own unique management style to it. That’s why franchise operators all achieve different business results—and why franchisors are constantly monitoring their franchisees to track their relative performance.
Uniqueness in business is, of course, a plus. We call it “competitive differentiation.” And if you don’t have it, there’s no compelling reason for customers to spend their money on you rather than on someone else. You probably even focus a lot of your effort on differentiation: making your product or service better, ensuring that your marketing materials stand out from the crown, hiring superior talent, offering more attractive pricing—or maybe pursuing a higher price-point because you’re delivering premium value.
But the advantages of uniqueness are primarily on the sell side. On the buy side—and when it comes to operational excellence—uniqueness can potentially be a problem. After all, it can be kind of expensive to re-invent the wheel. There’s a lot of trial-and-error involved in wheel re-invention as well.
And there are two areas where you can ill-afford either a lot of excessive expense or a lot of trial-and-error: cybersecurity and cybercompliance. You want to get those right. And you don’t want to spend any more on them than you have to.
So how do you balance the uniqueness of your business with the fact that you need to achieve security and compliance as quickly, reliably, and cost-efficiently as possible?
Well, here are three ideas you may find helpful:
Idea #1: Different in the same ways
First, it’s helpful to understand the specific attributes that make your business unique. One of the most distinctive attributes of any business, for example, is its vertical market. A law firm is not a consumer products company is not a university is not an industrial materials company.
Other attributes that differentiate one company from another are size, geographic reach, B2B vs. B2C, product vs. service (or some combination thereof), upmarket vs. downmarket, and low margin vs. high margin.
There are also differentiating attributes that are somewhat specific to your organization’s security and compliance requirements. Those attributes include your vertical market (which determine the nature of your compliance requirements), your digital footprint (how much technology you use and how it’s architected), the degree to which your employees work remotely (whether it’s because their jobs requirement them to be on the road or because you use liberal work-from-home policies to attract talent from all over), your accountability to a board, and your overall appetite for business risk.
Here's the thing though: While these attributes collectively make your business unique, individually they are attributes you share with other companies. So, yes, your business is unique in its totality. But it shares its individual characteristics with many other businesses.
This understanding of the uniqueness of your business as a combination of individually non-unique attributes may seem obvious, but it’s critically important when it comes to security and compliance—because it’s the first step in helping you craft a strategy that’s unique to you without being a totally unique one-off re-invention of the wheel.
It’s just like how we are as people. You are absolutely a unique person. But there are people who are just like you in each of your various particulars. There are people who are as smart as you are, people who enjoy the same kinds of music, people who are also lactose-intolerant, etc. What makes you unique is how all those attributes come together in one person.
Idea #2: The same in different ways
Once you get a good grasp on Idea #1, you can apply Idea #2: Each of your business’s individual attributes—your vertical market, your degree of remote access, the rigor with which your IT team may or may not have configured your Microsoft365 environment—map to measures you need to take to ensure your security and compliance.
So while your company’s overall plans for security and compliance must be tailored to its unique needs, that tailoring is really just a matter of putting together precisely the right combination of elements commonly found in any security and/or compliance plan.
Again, consider the metaphor of a person. It would be pretty upsetting if after your annual checkup your doctor said “I’ve never seen anything like this before in my life! We’re going to have to develop a whole new medication for you—and invent a whole new type of surgery!”
Instead, your expectation is that your doctor will help you as an individual by applying lessons already learned by the medical profession generally.
The next patient your doctor sees may have lower blood pressure than you do. Their white blood cell count may be higher. They may complain of fatigue, while you complained of insomnia. But you both may have high cholesterol. So the doctor may put you both on a statin.
In other words, the doctor is treating you both as individuals. But, where you have issues in common, the doctor will issue a common prescription.
Idea #3: Get tested
This brings us to Idea #3. None of us should act as our own doctor. Even doctors go to a doctor. Yes, you may think you know what makes your business unique. But when it comes to security and compliance, you probably know less about your business’s unique needs than you think.
In fact, the only way to determine your business’s specific, unique needs for better security and more confident compliance is to get tested by an independent security-and-compliance testing specialist.
It’s just like going to the doctor. Or like getting a DNA test. Sure, there’s a lot you already know about your unique self. But there are things that you simply cannot know until you’re tested scientifically. And that information can be incredibly valuable in creating a truly personalized plan for your health and longevity.
The same is true of your business. Yes, it’s unique. And, yes, it shares all of its attributes with other businesses. But what you really need is a scientific report that tells you exactly what your business’s unique digital condition is today. Only after you get such a report can you devise a truly custom-tailored plan for getting your business into better digital condition tomorrow.
To learn more about how you can use testing to devise a bespoke plan for fulfilling your company’s unique security and compliance requirements, reach out to vCSO Magazine’s editors at info@vcsomagazine.com or contact any of the vCSOs listed in our vCSO Directory.