Subscribe

Building digital trust

A breach of trust can result in a damaged reputation and lost customers.

Alison Treadaway
By Alison Treadaway, director at Striata
Johannesburg, 11 May 2016

The 2016 CIGI-Ipsos Global Survey on Internet Security and Trust*, released on 18 April, reported consumer concern about online privacy and security is on the increase. This is particularly related to the personal data organisations and governments hold.

According to the survey: "The majority of global citizens (83%) believe there needs to be new rules about how companies, governments and other users use personal data".

"A strong majority (85%) also believe their governments should work closely with other governments and organisations to make the Internet more safe and secure," the survey adds.

Companies are gathering personal data from customers at unprecedented rates, and trust is becoming a crucial factor in the relationship between customer and business. A breach of that trust can result in a damaged reputation and lost customers.

According to the December 2015 Gemalto Data Breaches and Customer Loyalty Report+, 64% of 5 750 respondents said they would stop doing business with a company if it lost their financial data.

Firm limits

Businesses need to operate within strict boundaries, ensuring the data they hold is stored, secured and used in line with legislative requirements, industry best practice and the manner in which the customer expects it to be used.

The first step, however, needs to be establishing digital trust. Consumers are becoming increasingly aware of the value of their data and less inclined to share it, or give companies permission to use it, without knowing exactly how it will be used.

The foundation of digital trust is an understanding of a company's legislative obligations when it comes to using and protecting an individual's personal information. Today's consumers expect a business to have done its homework and implemented the appropriate policies to comply with data privacy legislation.

But, a company that processes personal data is not only responsible for its own compliance. If it uses service providers like a marketing agency or human resources consultancy, it must ensure the third party's data protection policies are aligned and compliant.

Managing a data breach is essential, but first prize is to avoid one altogether.

In an Accenture global survey** of more than 3 100 business and IT executives across 11 countries (October-December 2015), 82% of respondents said trust is the cornerstone of every business in the digital economy, and 83% agreed that data ethics breaches pose a similar threat to security breaches.

Code of honour

As such, companies must define a digital code of ethics which speaks to how personal data is used, secured and shared within the company. This code must be communicated to all employees and partners that have access to data, and there must be internal processes to handle a breach of that code.

If not correctly managed, a breach of data security, whether in a malicious attack or by accidental leakage, will damage the digital trust not only of the victims whose data is compromised, but of all that company's customers, as they question the safety of their own information. It is therefore advisable that the company issues a general communication to get the facts out before speculation appears on social media.

Communication around a breach must include detailed information on how the company is dealing with it, and how it will ensure the same breach does not happen again. This will go a long way to addressing concerns of those not directly affected.

Customers whose data was directly compromised need to know what kind of risk the breach poses to them and what damage control they can do - for example, changing compromised passwords, notifying their bank or cancelling credit cards.

Managing a data breach is essential, but first prize is to avoid one altogether. Companies must ensure all customer data stored digitally is protected by multiple layers of each level of security. The number and variety of criminal tactics emerging to steal and abuse identity and financial data means the protectors of that data have to be vigilant and innovative.

At a network level, there are multiple ways to secure stored confidential data, including firewalls, access control and database encryption.

To protect information residing in stored documents, security must be like an onion: if the outer layer is peeled away, a second layer must present a harder challenge, and so on, until the contents of the document become unworthy of the effort.

Possibly the most risky element of data protection is the human one. No matter how strong a company's security, or how strict its policies, an employee who is tricked or makes an error can compromise the company's data security. Education targeting employees, consultants and contractors is a must to give businesses the best possible chance of avoiding a data breach.

* Full report at: https://www.cigionline.org/internet-survey-2016
+ Full report at: http://www.safenet-inc.com/resources/data-protection/data-breaches-customer-loyalty-report/
** Full report at: https://www.accenture.com/us-en/insight-technology-trends-2016.aspx

Share