Traditional Security Mindsets Must Transform To Protecting Consumer Data

HOUSTON, we have a problem. One of the most important bonds of trust between consumers and businesses has been broken. According to a recent survey more than 75 percent of consumers do not believe organisations care about keeping customers’ private data safe and secure. What is even more alarming, 64% of consumers say they are unlikely to do business with a company where their financial or sensitive data was stolen. This should set off an immediate red flag not just for corporate IT security professionals, but also for every executive that has a stake in the reputation of their company, from the CFO and CIO all the way up to the CEO.

There are only two things that can break the current data breach cycle. The first is a cultural revolution similar to what we have seen with product safety — where government regulation and education has had the ripple effect of inspiring a mass reset of consumer expectations. This causes a “change or perish” business environment for corporations selling to those consumers. The second, which will likely be a reaction to the first, is a complete transformation of the security mindset around protecting consumer data.

In 2015, more than 700 million data records were compromised by data breaches worldwide, according to the Breach Level Index. Can you imagine a scenario in which 700 million people were made ill by a fast food restaurant’s hamburgers, or if a toy manufacturer’s products injured 700 million children? These would be met with consumer outrage due to a shattering of the basic bonds of trust between companies and their customers.

For decades cybersecurity has simply been that a perimeter “wall” should be built around the corporate network to keep intruders out. However, as the current breach epidemic shows, this approach has not stopped today’s sophisticated cybercriminals.

Trust is at issue here. Below are four security mindsets that security operations professionals can seize upon to help restore customer trust in corporate data security:

1. Out With the Old, In With the New: Today’s security strategies are dominated by a singular focus on breach prevention that includes firewalls, antivirus, content filtering, threat detection and monitoring. But, if history has taught us anything, it is that walls are eventually breached and made obsolete. Think the Maginot Line. You get the picture. The reality is that breaches will continue to occur. Companies should assume that threat detection and prevention tools can only go so far, and should be used as part of a broader, layered security approach. The next and last level of defence needs to be around the data itself and surrounding it with end-to-end encryption, authentication and access controls that provide the additional layers to protect both corporate and customer information.

2. Protect Customer Data As If It Were Your Own: If you want to help your company earn and retain customer trust, you have to view the protection of sensitive customer data not as a compliance mandate, but as a responsibility essential to your company’s success. Meeting the minimum legal requirements is no longer enough. If a breach hits, and you have encrypted financial data, but not the 10 million records containing customer names, addresses and social security numbers, you’ve broken the bond of customer trust in your brand. Being a better steward of customer data is not just good PR, it is good business sense, too.

3. Transparency Is The Road To Trust: Put security front and center and tell customers about the security measures your company has put in place to protect their data. If you are doing something better than the rest of the industry, like encrypting data end-to-end, then you might be seen as a trusted innovator.

4. Security Is A Two-Way Street: Just as you tell customers what you are doing to protect them, tell them what they need to do in order to protect themselves. If a customer experiences identity theft or a data breach while doing business with your company, your brand suffers. A better-educated consumer is a safer consumer of your services.

As data collection accelerates and customer interactions become more diverse — through mobile, online, email and device-to-device communications — more data about what we do, who we are and what we like is being stored online. At that point, our entire identity as individuals is entrusted to the companies who gather this information.

The traditional security mindset does not work anymore, and if companies don’t wake up to this new reality soon, and decide to change their approach in the best interest of their businesses, the consumer revolt will come and it won’t be pretty.

Click here to download the ebook - Encrypt Enerything

To find out how MPA can assist you in the areas of end-to-end encryption, authentication and access controls, email Sales@mpa.co.nz for a confidential discussion.

Latest Security Problems Solved

Privileged Password Management - Pitfalls to consider More >
SIEM matures, however landscape changes. More >
2014: The Year Encryption Comes of Age More >
The key to a secure BYOD-enabled enterprise More >
Our Solutions
Security Solutions

We work with leaders in the fields of data protection, authentication and perimeter security to protect your organisation and manage any threats with the most effective security systems. More >

Technical Services

MPA New Zealand Ltd provides a range of technical services to compliment the vendor technology our company brings to the local market. More >