Address the issue of what information to provide by defining the overall process for dealing with new clients. This process doesn’t need to be complicated and having a process to follow will prevent digression into off-topic discussions; importantly, avoiding all conversations about previous clients and focussing on what the client needs now and in the future. Having your process in place reduces the risk of being drawn into following someone else’s.
- The client shows an interest in your services because they need help to solve a specific problem
- Ask specific questions about what services are required and what problems the client faces, which require attention. Depending on the complexity, it may be necessary to arrange a consultation to discuss the specific requirements.
- Provide a summary of discussion points and conclusions, a proposal to deliver, along with costs and timescales
- Further consultation and refinement of the proposal may be necessary
- Client accepts or rejects the proposal
The point with this process is to gain credibility from taking a professional approach to solving the potential client’s problems, not by demonstrating what you delivered to previous clients. Although lots of companies and individuals have similar issues, clients don’t want their laundry washed and dried in public.
Companies understandably want to undertake a measure of supplier due diligence, so it stands to reason that suppliers should apply the same level of scrutiny to potential clients. In the above process, if followed through, you can quickly filter out phishing attempts, and the discussion on requirements will have taken place, and done so without discussing confidential information.
In parallel to discussing requirements, acquire additional information to verify that the client and their needs are genuine. Client due diligence is more than checking to make sure you are likely to get paid for the services provided. Gather facts about the client to make sure they are who they claim to be and assess risks such as money laundering, terrorist financing, impersonation and identity fraud. Check sources such as public brochure websites, due diligence websites and public registers such as companies house.
To conclude on confidential information, potential clients whose primary interest is in understanding what services you delivered to previous clients and no interest in discussing their current predicaments, should be treated with a level of suspicion. However, not all will be fraudulent with malicious intent; there are plenty of market research companies that are skilled at extracting information while pretending to be potential customers.
Robert is an information security consultant with over 20 years of experience across a diverse range of organisations, both in the UK and internationally. Robert graduated in 1997 with an honours degree in software engineering for security and safety-critical systems. Robert is contactable directly through LinkedIn.