Unfortunately for retail, it has become the poster child of a data breach epidemic, writes Paul Hampton, pictured, Payment and Crypto management expert at SafeNet. Retail accounts for more than 30 per cent of all data records breached.
These are staggering figures, and should be serious cause for concern especially in the lead up to Christmas, when many more shoppers are using their cards, putting themselves at risk.
Until now, consumers have appeared apathetic about identity compromise security breaches. But new research indicates unrest. A SafeNet survey of more than 4500 adults across five of the world’s largest economies – US, UK, Germany, Japan, and Australia has found that nearly two-thirds (65 per cent) of respondents would never, or were very unlikely to, shop or do business again with a company that had experienced a data breach where financial data or information was stolen. The research also indicated that only half of adults surveyed feel that companies take the protection and security of customer data seriously enough.
What does all this mean? As data breaches become increasingly severe and consumers become more educated on what is (or isn’t) being done to protect their data, their attitudes about what is acceptable will change. And with it, the corporate mind set on security must change. For decades, the prevailing wisdom about cybersecurity has been that a perimeter “wall” should be built around the corporate network to keep intruders out. More recently, newer technologies such as real-time threat protection have been implemented to bolster security. However, as the current breach epidemic shows, these approaches haven’t stopped today’s sophisticated cybercriminals. Here are four approaches that companies can seize upon to help restore customer trust in corporate data security:
•Out With the Old, In With the New: Today’s security strategies are dominated by a singular focus on breach prevention that includes firewalls, antivirus, content filtering, and threat detection. But, if history has taught us anything, it is that walls are eventually breached and made obsolete. Companies should assume that prevention and threat detection tools can only go so far, and should be used as part of a layered approach to data security that can defend data once criminals get into the network. The next and last level of defence needs to be around the data itself and surrounding it with end-to-end encryption, authentication and access controls that provide the additional layers to protect both corporate and customer information.
•Protect Customer Data As If It Were Your Own: If companies want to earn and retain customer trust, they must view the protection of sensitive data not as a compliance mandate, but as a responsibility essential to its success. Meeting the minimum legal requirements is no longer enough. If a breach hits, and companies have encrypted financial data, but not the 10 million records containing customer names, addresses and social security numbers, they’ve broken the bond of customer trust in its brand. Being a better steward of customer data is not just good PR, it makes good business sense, too.
•Transparency Is the Road to Trust: Put security front and centre and tell customers about the security measures that companies have put in place to protect their data. With the recent dust-up about surveillance, the largest online companies are now much more open about what they are doing to protect customer information. If a company is doing something better than the rest of the industry, like encrypting data end-to-end, then it will be seen as a trusted innovator.
•Security Is a Two-Way Street: Just as customers are informed about what companies are doing to protect them, they should also be told what to do in order to protect themselves. If a customer experiences identity theft or a data breach while doing business with a company, that brand suffers. A better-educated consumer is a safer consumer of services.
As companies collect ever-increasing amounts customer information and as our digital interactions become more diverse, more data about what we do, who we are and what we like is being stored online. Our entire identity as individuals is entrusted to the companies who gather this information. Until now, consumers may not have been concerned about having their credit card numbers stolen, because there are built-in protections for them. However, if their location information is being co-opted so thieves can rob their houses, the calculus changes. The traditional data security mind set does not work anymore. If companies don’t wake up to this new reality soon, consumers may finally cut ties with them and take their business to someone they can trust.
