Business that have been hacked face an uncertain future, as customer loyalty may dwindle.
According to a recent study from Centrify, 75% of UK consumers would walk away from a business that had been hacked.
Clearly, the onus is on businesses to implement processes that both protect themselves and reassure their customers that adequate measures are being taken to protect confidential customer information.
Companies that put customer data at risk are effectively putting their entire business at risk and it’s something that people simply aren’t willing to tolerate.
The survey found that financial institutions have the best reputation when it comes to dealing with security breaches compared to other sectors.
They top the list of 7 different industries in terms of how well they handle security issues for their customers with government/local government and HMRC coming in a respectable second.
Conversely, retailers rank fourth and travel sites fifth in each country, while membership and hospitality businesses are the lowest ranked clearly bringing into question their priorities when it comes to a possible breach of data.
To some degree, most consumers expect to be hacked today, with 73% in the UK admitting that it has become normal or expected for businesses to be hacked.
Despite this, only half feel that they are taking enough responsibility for the security of their customers’ or members’ personal information.
Hackers are constantly on the lookout for ways to infiltrate a business’ defence in order to steal data be it personal information or financial records which can be either sold on to a third party or used to steal money.
They may be working on their own or in wider organised groups and doing everything possible to secure a business against an attack will reduce the risk and do much to enhance the reputation of a brand.
Taking appropriate action
The tactics employed by these so called cyber-attackers are highly sophisticated.
Some sectors are better equipped to deal with such breaches to their system in the main, but the burden of responsibility for security lies with the individual businesses in securing the personal information of their customers.
So what can be done to protect themselves and reassure their customers?
Usernames and passwords still remain the easiest way for hackers to gain access to a business through the proverbial front door so it’s essential that an organisation constantly educates its customers on the importance of good password and ensure that is always remains central to the core security policy.
Very few cyber security professionals believe that username and password-based security is a an adequate form of protection and many organisations are now turning to multi-factor authentication (MFA) to provide the kind of necessary in today’s complex IT and security world.
MFA mitigates password risk by requiring additional factors of authentication.
The first factor is typically a username, password, PIN or security questions followed by a one-time code sent to a mobile device. Other factors used for authentication could include a fingerprint, retina scans, voice recognition or a smart card.
Clear internal security policies
Educating staff and having clear internal security policies are equally as important as those in place for customers along with controlling who has access to what data and giving privilege access only to those who need it as part of their job.
IT departments also face the ongoing challenge of securing enterprise data outside the traditional security perimeter of the business.
Using the individual’s identity to counteract this threat offers the ideal way to address this. With mobile device identity and cloud user identity this technology can leverage user and device information and determine who has access to what application from which device and location.
Keep sensitive data safe
The Payment Card Industry Data Security Standard (PCI DSS) strongly suggests that for the transmission of customer data such as sensitive cardholder information businesses an encryption process is put in place so that it’s masked the moment it’s swiped and throughout the transaction.
Should the worse happen and a business site be breached it is the legal responsibility of the business to inform the customer as soon as possible.
Under the new EU General Data Protection Regulation (GDPR), a business will be required to notify the ICO
(Information Commissioner’s Office) of a data breach no later than 72 hours afterwards, unless it is able to demonstrate that the breach is unlikely to result in a risk for the rights and freedoms of individuals.
The reality for most organisations is not if, but when their systems will be breached.
But, understanding what the biggest security threats are and taking the appropriate measures to protect against them, will go a long way to securing enterprise businesses.
This will send a clear message to customers about the level of importance placed on protecting their data.
Sourced by Bill Mann, senior vice president of products and chief product officer at Centrify