Paul Hampton, Payment & Crypto management expert at SafeNet explains the four steps required to restore trust in corporate data security
Results from the latest Breach Level Index report show there have been more than a thousand worldwide data breaches so far this year that compromised nearly 563 million data records of customers’ personal and financial information. Particularly worrying for consumers, is that the retail industry accounts for more than 30 per cent of all data records breached and has thus become the embodiment of the data breach epidemic. These are shocking figures, and should be a serious cause for concern, especially in the lead up to Christmas, when many more shoppers will be using their cards, and could be putting themselves at risk.
Until now, consumers have appeared apathetic about identity compromise security breaches. But new research indicates unrest. A SafeNet survey of more than 4,500 adults across five of the world’s largest economies – U.S., U.K., Germany, Japan, and Australia has found that nearly two-thirds (65 per cent) of respondents would never, or were very unlikely to, shop or do business again with a company that had experienced a data breach where financial data or information was stolen. The research also indicated that only half of adults surveyed feel that companies take the protection and security of customer data seriously enough.
What does all this mean? The traditional data security mind set does not work anymore.With companies collecting ever-increasing amounts customer information and with digital interactions becoming more diverse, vast amounts of data about who we are, what we do, and what we like is being stored online. We entrust our entire identity as individuals to the companies who gather this information and need to be reassured that it is being kept safe.
For decades, the prevailing wisdom about cybersecurity has been that a perimeter “wall” should be built around the corporate network to keep intruders out. More recently, newer technologies such as real-time threat protection have been implemented to bolster security. However, as the current breach epidemic shows, these approaches haven’t stopped today’s sophisticated cybercriminals.
Companies can seize upon these four approaches to help restore customer trust in corporate data security:
* Out With the Old, In With the New: Today’s security strategies are dominated by a singular focus on breach prevention that includes firewalls, antivirus, content filtering, and threat detection. But, if history has taught us anything, it is that walls are eventually breached and made obsolete. Companies should assume that prevention and threat detection tools can only go so far, and should be used as part of a layered approach to data security that can defend data once criminals get into the network. The next and last level of defence needs to be around the data itself and surrounding it with end-to-end encryption, authentication and access controls that provide the additional layers to protect both corporate and customer information.
* Protect Customer Data As If It Were Your Own: If companies want to earn and retain customer trust, they must view the protection of sensitive data not as a compliance mandate, but as a responsibility essential to its success. Meeting the minimum legal requirements is no longer enough. If a breach hits, and companies have encrypted financial data, but not the 10 million records containing customer names, addresses and social security numbers, they’ve broken the bond of customer trust in its brand. Being a better steward of customer data is not just good PR, it makes good business sense, too.
* Transparency Is the Road to Trust: Put security front and centre and tell customers about the security measures that companies have put in place to protect their data. With the recent dust-up about surveillance, the largest online companies are now much more open about what they are doing to protect customer information. If a company is doing something better than the rest of the industry, like encrypting data end-to-end, then it will be seen as a trusted innovator.
* Security Is a Two-Way Street: Just as customers are informed about what companies are doing to protect them, they should also be told what to do in order to protect themselves. If a customer experiences identity theft or a data breach while doing business with a company, that brand suffers. A better-educated consumer is a safer consumer of services.
As data breaches become increasingly severe and consumers become more educated on what is (or isn’t) being done to protect their data, their attitudes about what is acceptable will change. And with it, the corporate mind set on security must change. So far, customers may not have been concerned about having their credit card numbers stolen, because there are built-in protections for them. However, distress sets in if their location information is being used so thieves can rob their houses. Companies need to wake up to this new reality sooner rather than later, or else risk consumers severing ties with them and taking their business to trustworthy competitors.