Johannesburg, 28 Jan 2020
With the start of a new year, many of us spend time thinking about how we can do things better than the year before. That’s as true for businesses and large organisations as it is for individuals.
And when it comes to information security, doing better is an ever-present challenge. According to IBM’s annual Cost of a Data Breach Report, the global average cost of a breach event in 2019 was US$3.92 million, a 12% increase on 2014’s figure of US$3.5 million.
To address this escalating threat, organisations need to review their systems, processes and procedures to ensure security is as tight as it can be. Unfortunately, the organisation can be at the mercy of its customers, who may hold the keys to valuable information, without understanding how to protect it.
With nearly two-thirds of attacks involving phishing and social engineering, it’s imperative that organisations do everything they can to minimise how vulnerable their customers are.
One of the best ways to do this is through education and awareness. It must, however, be the right kind of education.
Go beyond general, high-level advice
Over the years, most organisations have stepped up their efforts when it comes to customer education and awareness around cyber security.
Unfortunately, most of their efforts have tended to be very general and high-level, providing broad advice such as ‘protect your devices’ and ‘beware of phishing e-mails’.
Although these are useful, in many cases customers won’t connect the advice to their own risky behaviour.
They might not, for example, realise that “don’t share your access details” doesn’t only refer to e-mailing them to a co-worker. It also means not saving your username and password in your browser or connecting to secure sites using public WiFi. These actions can be as risky as writing your password on a sticky note and pinning it to the department notice board.
Specific, ongoing, relevant
Reaching customers requires specific and relevant education delivered via a campaign of consistent communication.
Here are some tips that will elevate your customer education:
- Be specific in your communications about security: Wherever possible, you should use examples or scenarios to highlight risky behaviour.
- Send a series of communications: Your security communication needs to be consistent in both frequency and tone. Pick a theme and use it to co-ordinate messages across all communication channels.
- Keep it relevant to the specific customer: As an organisation, you likely have enough data to understand how customers engage with your products and services. There’s no reason to send mobile app security tips to customers who don’t use your app.
- Keep it simple and understandable: Aim your message at the level that a non-technical will understand. You should also provide links to more information and additional detailed instructions if needs be.
- Provide clear actions: You need to empower your customers to take action if they suspect a security issue. Tell them who to contact, what information to provide, and what action to expect the organisation to take.
Step up
In 2020, organisations of all sizes must step up their customer security awareness campaigns.
We live in a world where data breaches are becoming increasingly common and expensive. A single campaign in January to check it off your list is not good enough.
Ultimately, your goal should be to plan a campaign of useful, actionable information that helps educate and protect your customers from cyber attacks.
Linda Misauer is the Head of Global Solutions at Striata and is responsible for technical Research and Development, Operations and Project Management for global initiatives. Misauer previously led the Product Management of the Striata Application Platform before moving across to Striata North America as Chief Technical Officer (CTO). As Product Manager, her responsibilities included internal project management of the product development team, market research and product feature design, as well as product life cycle management and quality control. As CTO, Misauer was responsible for all technical operations for North, Central and South America, including Project Management, Support, Production and Data Engineering. Misauer has over 10 years of experience in the IT industry, ranging from video streaming solutions and Web site application development to electronic billing and messaging. Prior to joining Striata in 2002, Misauer held the positions of Chief Information Officer at AfriCam, and was IT project manager at Dimension Data. Misauer studied at the University of Natal – Pietermaritzburg and holds a degree in BSc, majoring in Computer Science and Economics. She also has a diploma in Project Management.
Share
Striata
Striata provides strategy, software and professional services that enable digital communication across multiple channels and devices. We are experts in message design, generation, security, delivery and storage.
Clients choose our technology and services to encrypt, send and store confidential documents; execute integrated marketing campaigns; and distribute high volume electronic communications.
The world’s largest financial services, utility, insurance, retail and telecommunications companies trust us to achieve unrivalled results in digital adoption and transformation.
We have operations in New York, London, Johannesburg, Hong Kong, Sydney and partners in North and South America, Africa, Europe and Asia Pacific. www.striata.com.