Story image

Beyond the breach: How to preserve your customers’ trust

14 Mar 2018

Companies are losing the battle to protect their customers’ data. Recent high-profile breaches, such as Uber, have resulted in consumer outrage and proven that there is something more at stake than just sensitive information: Trust. When private details are compromised, organisations risk losing business, particularly as Australia’s new NDB legislation means they need to disclose. The stakes are getting higher.

Consumers need to be able to trust the companies they give their data to in order to get the digital economy to work. Not even a generation ago, trust was a handshake and looking the person in the eye when you opened a new bank account, bought a new car, or obtained a home mortgage. Today, transactions happen online between two entities that will never see each other. This means trust matters even more as physical interactions disappear from these relationships.

But trust is under increasing assault. This year alone there have been nearly 1,000 data breaches reported worldwide that exposed nearly two billion personal or financial data records. This is 160 per cent more than during the same period last year, and it’s likely only to get worse. Sadly, according to a recent global study by Gemalto, only one quarter of consumers feel companies take the security of their data seriously.

Data breaches still continue to grow in frequency and size, even as companies spend more and more on cybersecurity. No company has been immune to data breaches, even major corporations with enormous spend on data security every year. 

Just look at last year’s list of the breached companies and you will see a who’s who of the corporate world – Deloitte, the Australian Electoral Commission, AMP, Red Cross Blood Service and more recently, Uber. No industry has been spared and no one has been able to stop the rising tide of data breaches. 

One thing that must change is the corporate mindset on data security. For decades, the prevailing wisdom about cybersecurity has been that a perimeter “wall” should be built around the data and network to keep out intruders. This strategy of breach prevention has been the foundation of corporate data security for decades. The current breach epidemic shows us this approach is not working very well.

While there is much that can be done by companies to improve corporate data security practices, here are four guiding principles that can help reduce the erosion of trust: 

Rebuilding the wall: Today’s security strategies are dominated by a focus on breach prevention technologies. Companies should assume that prevention and threat detection tools can only go so far and be used as part of a layered approach to security that can defend data once criminals get into the network. In our new digital world, the new wall is the data itself.

That is why security needs to be attached to the data itself using encryption, as well as the users who access the data through stronger access controls.

Make data security a business essential: If companies want to earn and retain customer trust, they must view the protection of sensitive customer data as a responsibility essential to their success. Meeting the minimum legal requirements, including the new NDB legislation and impending GDPR, is no longer enough.

If a breach hits, and a company has encrypted customer financial data but not the 10 million records containing personal information such as dates of birth, addresses, medical records and social security numbers, it has broken the bond of customer trust in its brand. Being a better steward of customer data is about more than public relations; it’s making a better decision for your business.

Transparency is the road to trust: Companies should put security front and centre and tell customers about the security measures that have been put in place to protect their data. If a company is doing something better than the rest of the industry, then it will be seen as a trusted innovator.

Security is a two-way street: Just as companies can tell what they are doing to protect customer data, they should also tell customers how they can best protect their personal identities and financial information. If a customer experiences identity theft or a data breach while doing business with a company, that brand suffers. A better-educated consumer is a safer consumer of services.

The data breach dilemma proves that the traditional approach to data security does not work anymore in the digital world. Companies who take this to heart will see greater consumer loyalty and trust; those who don’t will see otherwise.

Article by Gemalto's regional director for Australia and New Zealand, Graeme Pyper.

Slack users urged to update to prevent security vulnerability
Businesses that use popular messaging platform Slack are being urged to update their Slack for Windows to version 3.4.0 immediately.
Secureworks Magic Quadrant Leader for Security Services
This is the 11th time Secureworks has been positioned as a Leader in the Gartner Magic Quadrant for Managed Security Services, Worldwide.
Deakin Uni scores double win with Exabeam partnership
Australia’s Deakin University is partnering with SIEM security company Exabeam in an effort to boost the university’s cybersecurity degree program and strengthen its SIEM capabilities.
Google puts Huawei on the Android naughty list
Google has apparently suspended Huawei’s licence to use the full Android platform, according to media reports.
Voter vulnerabilities: Cybersecurity risks impact national elections
The outcome of elections have an enormous impact on the political and cultural landscape of any democratic society. 
Using data science to improve threat prevention
With a large amount of good quality data and strong algorithms, companies can develop highly effective protective measures.
General staff don’t get tech jargon - expert says time to ditch it
There's a serious gap between IT pros and general staff, and this expert says it's on the people in IT to bridge it.
ZombieLoad: Another batch of flaws affect Intel chips
“This flaw can be weaponised in highly targeted attacks that would normally require system-wide privileges or a complete subversion of the operating system."