SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Story image
Beyond the breach: How to preserve your customers’ trust
Wed, 14th Mar 2018
FYI, this story is more than a year old

Companies are losing the battle to protect their customers' data. Recent high-profile breaches, such as Uber, have resulted in consumer outrage and proven that there is something more at stake than just sensitive information: Trust. When private details are compromised, organisations risk losing business, particularly as Australia's new NDB legislation means they need to disclose. The stakes are getting higher.

Consumers need to be able to trust the companies they give their data to in order to get the digital economy to work. Not even a generation ago, trust was a handshake and looking the person in the eye when you opened a new bank account, bought a new car, or obtained a home mortgage. Today, transactions happen online between two entities that will never see each other. This means trust matters even more as physical interactions disappear from these relationships.

But trust is under increasing assault. This year alone there have been nearly 1,000 data breaches reported worldwide that exposed nearly two billion personal or financial data records. This is 160 per cent more than during the same period last year, and it's likely only to get worse. Sadly, according to a recent global study by Gemalto, only one quarter of consumers feel companies take the security of their data seriously.

Data breaches still continue to grow in frequency and size, even as companies spend more and more on cybersecurity. No company has been immune to data breaches, even major corporations with enormous spend on data security every year.

Just look at last year's list of the breached companies and you will see a who's who of the corporate world – Deloitte, the Australian Electoral Commission, AMP, Red Cross Blood Service and more recently, Uber. No industry has been spared and no one has been able to stop the rising tide of data breaches.

One thing that must change is the corporate mindset on data security. For decades, the prevailing wisdom about cybersecurity has been that a perimeter “wall” should be built around the data and network to keep out intruders. This strategy of breach prevention has been the foundation of corporate data security for decades. The current breach epidemic shows us this approach is not working very well.

While there is much that can be done by companies to improve corporate data security practices, here are four guiding principles that can help reduce the erosion of trust:

Rebuilding the wall: Today's security strategies are dominated by a focus on breach prevention technologies. Companies should assume that prevention and threat detection tools can only go so far and be used as part of a layered approach to security that can defend data once criminals get into the network. In our new digital world, the new wall is the data itself.

That is why security needs to be attached to the data itself using encryption, as well as the users who access the data through stronger access controls.

Make data security a business essential: If companies want to earn and retain customer trust, they must view the protection of sensitive customer data as a responsibility essential to their success. Meeting the minimum legal requirements, including the new NDB legislation and impending GDPR, is no longer enough.

If a breach hits, and a company has encrypted customer financial data but not the 10 million records containing personal information such as dates of birth, addresses, medical records and social security numbers, it has broken the bond of customer trust in its brand. Being a better steward of customer data is about more than public relations; it's making a better decision for your business.

Transparency is the road to trust: Companies should put security front and centre and tell customers about the security measures that have been put in place to protect their data. If a company is doing something better than the rest of the industry, then it will be seen as a trusted innovator.

Security is a two-way street: Just as companies can tell what they are doing to protect customer data, they should also tell customers how they can best protect their personal identities and financial information. If a customer experiences identity theft or a data breach while doing business with a company, that brand suffers. A better-educated consumer is a safer consumer of services.

The data breach dilemma proves that the traditional approach to data security does not work anymore in the digital world. Companies who take this to heart will see greater consumer loyalty and trust; those who don't will see otherwise.