I spent a jam-packed day with security software and services provider AVG last week, checking out their 2013 product line-up for free antivirus and paid premium products, and participating in roundtable discussions with press, analysts, and AVG executives about consumer security, mobile, privacy and policy. Here are my reactions to what AVG is doing:

LOVE: Outside in perspective, from both a micro and macro perspective. Most vendors will do and mention the importance of customer experience and feedback, but AVG hammered the point home in every _single_ conversation. On a macro level, AVG is very sophisticated about privacy. They are actively engaged in conversations with governments, are sensitive to the complexity that comes with balancing privacy and national security objectives, and closely follow global privacy policy developments and implications for consumers. Maybe I haven’t been connecting with the right folks from other vendors, but I don’t have these types of conversations often outside of an academic setting.

LIKE: Consumer data (yes, I’m biased here, being the data nerd). AVG has lots of it and it’s all free. This is awesome because it’s a great resource not just for the industry but for other parties to use in education and awareness program design. They’ve done studies across 11 countries for their Digital Diaries studies, surveying parents and kids of different age brackets from 0 to 17 to understand online behaviors and attitudes. Here’s a data nugget that caught my attention: by the time they are two years old, 81% of children have some kind of digital footprint (online photographs, personal data, email and/or social networking accounts). 81%!

UNCONVINCED: Product emphasis on scan speeds and third party test results. AVG isn’t alone here. Vendors, this is not special. It’s table stakes and race to the bottom, where eventually the 2-second difference isn’t going to be noticeable to anyone. As for third-party test results, it’s cool to have that type of validation. But with every other vendor positioning themselves in a positive light with third-party test results, you’re adding to the noise. Mention speed and test results because you’d be remiss not to, but don’t make it your main selling points, and realize that it’s not going to tip the scale in your favor with consumers.

WHAT IT MEANS FOR S&R PROS: While this was a consumer-focused event, there are a few implications for S&R pros:

• Privacy should be on your agenda too. Policy and sentiment about privacy in the consumer realm will shape your organization’s privacy policy and privacy program. Companies like AVG are interested in the topic as it applies to consumers because this matters to their clients and influences their product development.
• BYOD might as well be BYODK (Bring Your Own Devices & Kids). Unless your employees are super vigilant about not allowing their kids to play with their devices (that they also happen to use for work), it’s very likely that you have additional mini “employees” using these devices too. Thus, you must have mobile security plans, policies, and controls if employees are allowed to use personal devices for work purposes. Based on Forrester’s latest data*, data protection for mobile is still uncharted territory for many: 23% of organizations are not doing anything for data protection on smartphones and tablets, and 38% are only enforcing baseline security policies like password entry.

*Source: Forrsights Security Survey, Q2 2012; Base: 1,064 North American and European SMB and enterprise IT security executives and technology decision makers