The recent Uber data breach is another clear sign that companies are losing the battle to protect their customers’ data, and what is at stake is one of the most fundamental aspects of the relationship between consumers and companies: trust. The risks are only going to get bigger because our personal and professional lives depend more on digital services that create more data which companies have proven they cannot protect.
Today, every aspect of our personal and work lives today involves a digital or online interaction that results in the creation, sharing and storage of our personal or financial information. In everything we do we leave behind digital footprints about who were are, where we are, what we like or what we dislike. The simple reality is, we cannot work, live or enjoy leisure without giving up data about ourselves. This is the price we pay for all of the benefits of the connected, always-on digital economy.
If this digital economy is going to work, consumers need to be able to trust the companies they give their data to. Not even a generation ago, trust was a handshake and looking the person in the eye when you opened a new bank account, bought a new car, or obtained a home mortgage. Today, transactions happen in the online ethersphere between two entities that will never see each other. This means trust will matter even more as physical interactions disappear from transactional relationships.
But trust is under increasing assault. This year alone there have been nearly 1,000 data breaches reported worldwide that exposed nearly two billion personal or financial data records. This is 160 per cent more than during the same period last year, and it’s likely only to get worse. Sadly, according to a recent global study by Gemalto, only one quarter of consumers feels companies take the security of their data seriously.
Even as companies spend more and more on cybersecurity, data breaches continue to grow in frequency and size. No company has been immune to data breaches, even major corporations that spend tens of millions of dollars on data security every year. Just look at this year’s list of the breached companies and you will see a who’s who of the corporate world – Deloitte, Equifax, Verizon, Whole Foods and most recently, Uber. No industry has been spared and no one has been able to stop the rising tide of data breaches.
If one thing must change, it is the corporate mindset on data security. For decades, the prevailing wisdom about cybersecurity has been that a perimeter “wall” should be built around the data and network to keep out intruders. This strategy of breach prevention has been the foundation of corporate data security for decades. The current breach epidemic shows us this approach is not working very well.
While there is much that can be done by companies to improve corporate data security practices, here are four guiding principles that can help reduce the erosion of trust:
Out With the Old, In With the New: Today’s security strategies are dominated by a singular focus on breach prevention technologies. But, if history has taught us anything, it is that walls are eventually breached and made obsolete. Think Maginot Line or the Great Wall of China. Companies should assume that prevention and threat detection tools can only go so far and be used as part of a layered approach to security that can defend data once criminals get into the network. In this new digital world, the new perimeter is the data itself. That is why security needs to be attached to the data itself using encryption, as well as the users who access the data through stronger access controls.
Make Data Security a Mission Statement: If companies want to earn and retain customer trust, they must view the protection of sensitive customer data not just as a compliance mandate, but as a responsibility essential to their success. Meeting the minimum legal requirements is no longer enough. If a breach hits, and a company has encrypted customer financial data but not the 10 million records containing personal information such as dates of birth, addresses, medical records and social security numbers, it has broken the bond of customer trust in its brand. Being a better steward of customer data is not just good public relations, it makes good business sense, too.
Transparency Is the Road to Trust: Companies should put security front and centre and tell customers about the security measures that have been put in place to protect their data. If a company is doing something better than the rest of the industry, then it will be seen as a trusted innovator.
Security Is a Two-Way Street: Just as companies can tell what they are doing to protect customer data, they should also tell customers how they can best protect their personal identities and financial information. If a customer experiences identity theft or a data breach while doing business with a company, that brand suffers. A better-educated consumer is a safer consumer of services.
The data breach dilemma proves that the traditional approach to data security does not work anymore in the digital world. If companies don’t wake up to this new reality soon, they may soon find a potential consumer revolt on their hands and it won’t be pretty.
This article also appears on Huffington Post here.