Opportunities abound for small ISPs to outmaneuver larger rivals by developing an outreach program for security-conscious customers. As a matter of fact, the federal government has already put together a pretty nice cyber security marketing plan that can guide you through the process.

by Patricia Fusco ISP-Planet Managing Editor [October 7, 2002]

As part of its National Strategy to Secure Cyberspace [PDF], the Bush Administration has called upon Internet service providers to adopt a "code of good conduct" governing their cyber security practices .

This highly ballyhooed plan was released last month, the product of extensive collaboration between the federal government, security experts, and industry leaders. A fair portion of the Strategy was designed to help ordinary Netizens understand their part in securing cyberspace.

A few national ISPs, responding quickly to the president's call for secure American Internet connections, have already announced plans to educate end users about the hazards of malicious hackers and spurious spammers.

America Online, for one, has undertaken several cyber security initiatives, including joining the National Cyber Security Alliance. The Alliance is a partnership between the federal government and leading private sector companies, formed to foster awareness of cyber security through an educational outreach program, StaySafeOnline. Exodus, Cable & Wireless, Symantec, and others have joined the group since it was formed back in February.

In addition to designing and hosting the StaySafeOnline site, which provides clear, concise consumer tips on information security, AOL plans to launch a media campaign this fall suggesting how all Americans can become "cyber-secure citizens."

Small is strong
Your ISP business might not be able to match the marketing clout of AOL, but this doesn't mean you can't do your part to educate subscribers about cyber security issues. In fact, in devising a blueprint for national cyber security, the federal government has actually produced what could be a highly patriotic marketing plan for small, independent ISPs.

Typically, independent ISP operators have a much closer relationship with their customers and can communicate more effectively with their subscribe base than the behemoths of the industry.

Creating a security-awareness program for your subscribers doesn't have to be expensive. There are many useful but low-cost services your ISP could provide. For example, how about a program to educate your customers about the perils of lax firewall security?

Many ISPs already offer firewall software with their initial setup services, but subscribers don't necessarily understand the dangers posed by automated hacking programs that scan the Internet for unprotected, always-on connections to exploit. Do-it-yourself installations may or may not be configured properly to provide adequate protection. Furthermore, firewalls need to be updated on a regular basis.

Offer your broadband clients a firewall system that's easy to use and teach them how to tweak the configuration and how to perform regular updates. This can be a labor-intensive program completed onsite and in person, or a more economical group presentation in a classroom setting. It could even be done over the phone.

You could also direct your customers to the most recent updates for your firewall vendors' websites through a cyber security e-mail newsletter. Alternatively, you could resell the firewall system and upgrades as a value-added service. Either program would make a great envelope-stuffer promotion if you still bill any clients with paper invoices.

Viral marketing
In a 2001, AOL completed a study to determine how concerned consumers are about cyber security issues. The study found that 82 percent of home Internet users expressed some measure of concern about Internet security. Top concerns included credit card theft, the theft of other personal information, and computer viruses acquired through e-mails or downloads.

The study also found that most home users are vulnerable to Internet security threats because they do not follow the key procedures that would protect their systems from attack. For example, 77 percent of anti-virus software users do not update their software regularly and most do not choose strong password protection. The study demonstrates there is a critical need for continued public education and outreach on the issue of online security.

Most ISPs offer their subscribers some type of virus-scanning or spam-stopping service. But how many of your customers actually use these applications properly? How many of your customers keep these types of cyber security programs up to date?

Helping them to do so is another opportunity for small, independent ISPs to outmaneuver larger providers by developing a cyber security outreach program. Leverage your flexibility—simply follow the guidelines put forth by the President's Critical Infrastructure Protection Board and prepare a cost-effective cyber security outreach program for your ISP's subscribers today.

—End