According to the latest Breach Level Index report, there have been more than a thousand worldwide data breaches so far this year that compromised nearly 563 million data records of customers’ personal and financial information. Unfortunately for the retail industry, it has become the poster child of the data breach epidemic, accounting for more than 30% of all data records breached. These are staggering figures, and should be serious cause for concern especially in the lead up to Christmas, when many more shoppers will be using their cards, putting themselves at risk.
Until now, consumers have appeared apathetic about identity compromise security breaches. But new research indicates unrest. A SafeNet survey of more than 4,500 adults across five of the world’s largest economies – U.S., U.K., Germany, Japan, and Australia has found that nearly two-thirds (65%) of respondents would never, or were very unlikely to, shop or do business again with a company that had experienced a data breach where financial data or information was stolen. The research also indicated that only half of adults surveyed feel that companies take the protection and security of customer data seriously enough.
What does all this mean? As data breaches become increasingly severe and consumers become more educated on what is (or isn’t) being done to protect their data, their attitudes about what is acceptable will change. And with it, the corporate mind set on security must change. For decades, the prevailing wisdom about cybersecurity has been that a perimeter 'wall' should be built around the corporate network to keep intruders out. More recently, newer technologies such as real-time threat protection have been implemented to bolster security. However, as the current breach epidemic shows, these approaches haven’t stopped today’s sophisticated cybercriminals.
Here are four approaches that companies can seize upon to help restore customer trust in corporate data security:
Out with the old, in with the new
Today’s security strategies are dominated by a singular focus on breach prevention that includes firewalls, antivirus, content filtering, and threat detection. But, if history has taught us anything, it is that walls are eventually breached and made obsolete. Companies should assume that prevention and threat detection tools can only go so far, and should be used as part of a layered approach to data security that can defend data once criminals get into the network. The next and last level of defence needs to be around the data itself and surrounding it with end-to-end encryption, authentication and access controls that provide the additional layers to protect both corporate and customer information.
Protect customer data as if it were your own
If companies want to earn and retain customer trust, they must view the protection of sensitive data not as a compliance mandate, but as a responsibility essential to its success. Meeting the minimum legal requirements is no longer enough. If a breach hits, and companies have encrypted financial data, but not the 10 million records containing customer names, addresses and social security numbers, they’ve broken the bond of customer trust in its brand. Being a better steward of customer data is not just good PR, it makes good business sense, too.
Transparency is the road to trust
Put security front and centre and tell customers about the security measures that companies have put in place to protect their data. With the recent dust-up about surveillance, the largest online companies are now much more open about what they are doing to protect customer information. If a company is doing something better than the rest of the industry, like encrypting data end-to-end, then it will be seen as a trusted innovator.
Security is a two-way street
Just as customers are informed about what companies are doing to protect them, they should also be told what to do in order to protect themselves. If a customer experiences identity theft or a data breach while doing business with a company, that brand suffers. A better-educated consumer is a safer consumer of services.
> See also: The '12 scams of Christmas' revealed
As companies collect ever-increasing amounts customer information and as our digital interactions become more diverse, more data about what we do, who we are and what we like is being stored online. Our entire identity as individuals is entrusted to the companies who gather this information. Until now, consumers may not have been concerned about having their credit card numbers stolen, because there are built-in protections for them. However, if their location information is being co-opted so thieves can rob their houses, the calculus changes. The traditional data security mind set does not work anymore. If companies don’t wake up to this new reality soon, consumers may finally cut ties with them and take their business to someone they can trust.
Sourced from Paul Hampton, Payment & Crypto management expert at SafeNet