The issue of what information to provide and not to provide can be addressed by defining what the overall process will look like for dealing with new clients. This process doesn’t need to be complicated and having such a process to follow will prevent the conversation being diverted into off-topic discussions; importantly, avoiding all discussions about previous clients and focussing on what the client needs now and in the future. Having your own process to follow reduces the risks associated with being drawn into following someone else’s process.
- The client shows an interest in the services being offered because they need help to solve a specific problem. This can happen in many forms depending on what routes to market are being used by your business.
- Ask specific questions about what services are required and what problems the client is facing which require attention. Depending on the complexity, it may be necessary to arrange consultation to discuss the specific requirements.
- Write to the client with a summary of what was discussed, and a proposal to provide the services along with costs and timescales
- Further consultation and refinement of the proposal may be necessary
- Client accepts or rejects the proposal
The key point with this process is that credibility is gained from taking a professional approach to solving the potential client’s problems, not by demonstrating what was done for previous clients. Although lots of companies and individuals have similar problems, clients don’t want their laundry washed and dried in public.
Companies understandably want to undertake a measure of supplier due diligence so it stands to reason that suppliers should apply the same level of scrutiny to potential clients. In the previous draft process if followed through, it is likely that phishing attempts will be filtered out, and the discussion on requirements will have taken place, and done so without discussing confidential information. In parallel to discussing requirements, additional information should be sought to verify that the requirements and the client are genuine.
Client due diligence is more than checking to make sure you are likely to get paid for the services provided. Facts about the client need to be gathered to make sure the client is who they claim to be and assess a number of risks such as money laundering, terrorist financing, impersonation and identity fraud. This includes sources such as public brochure websites, due diligence websites and public registers such as companies house.
To conclude on confidential information, potential clients whose primary interest is in understanding what services were provided to previous clients and no interest in discussing their current predicaments, should be treated with a level of suspicion. However not all will be fraudulent with malicious intent; there are plenty of market research companies that are skilled at extracting information while pretending to be potential customers.
Information security consultant with over 20 years’ extensive experience gained across a diverse range of private and public industry sectors including insurance, banking, telecommunications, health services, charities and more, both in the UK and internationally. Graduated in 1997 with a software engineering degree and specialising in cyber security, risk analysis, compliance reporting and access management.