When it comes to data privacy, who do consumers trust? A recent data privacy survey by McKinsey & Company asked 1,000 consumers to rank the most trusted industries in protecting privacy and data. Healthcare and financial services had the highest ranking, both at 44%, with government, media, and entertainment bringing up the rear around the 10-11% mark. But that trust for healthcare and financial services—the highest ranked industries— isn’t really all that high. In a glass half-empty observation, less than half of those survived trust their doctor or their bank to keep their very important data safe.
But where some might see a lack of trust, others will see opportunities. Organizations that demonstrate that they are trustworthy by handling and protecting their customer’s privacy and data carefully can stand out from their competition. It’s pretty simple, really. Nine out of ten people are more loyal to companies they trust. Conversely, consumers quickly fall out of trust with a company that suffers a data breach. According to a HelpNet Security article, Businesses facing post breach financial fallout by losing customer trust, 83% of consumers claim they will stop spending with a business for several months in the immediate aftermath of a security breach, and over a fifth (21%) of consumers claim they will never return to a business post-breach.
Data privacy and protection ensures that your company’s data is safeguarded from unlawful access by unauthorized parties. Organizations need to consider the wider consequences of a data breach, including fines, lawsuits, loss of customer trust, revenue and reputation. So not only is protecting data a smart thing to do for your bottom line, it’s important to your customers, too.
It’s January, so it is time for Data Privacy Day
Data Privacy Day (known in Europe as Data Protection Day) is an international effort held annually on January 28 to raise awareness and promote data privacy and data protection best practices and is sponsored by the National Cyber Security Alliance (NCSA). Consumers can follow these tips to stay safe online and to protect their personal information. Although this day is mostly to raise awareness for consumers, businesses are encouraged to keep consumer data out of hacker’s hands by understanding what and where are the “digital crown jewels” others want, learning how to protect those assets, detecting when something has gone wrong, and reacting quickly to minimize impact. Micro Focus believes so strongly in promoting Data Privacy, that we are 2021 Data Privacy Day Champions.
The NCSA website is chock full of good stuff, however I want to highlight these two calls to action from them: If you collect it, protect it, and consider adopting a privacy framework. Data breaches can not only lead to great financial loss, but a loss in reputation and customer trust (as pointed out above). Orgs need to follow reasonable security measures to keep individuals’ personal information safe from inappropriate and unauthorized access. A privacy framework, such as this one from NIST, builds privacy into your business by helping you manage risk and create a culture of privacy in your organization. Micro Focus offers a new Cybersecurity Assessment Tool, designed to help you identify gaps in your cybersecurity posture so you can understand how to prioritize them for your business and help to avoid data breaches and keep your customer data safe.
Organisations need to be Cyber Resilient to respond to cyber-attacks and protect data
Cyber resilience is the ability of an organization to enable business acceleration (enterprise resiliency) by preparing for, responding to, and recovering from cyber threats. Businesses need intelligent solutions to create cyber resilience through detecting threats, securing data and applications, and protecting identities—enabling orgs to adapt and evolve for the future.
Steps to Secure your Data
We strongly encourage our customers to take a holistic, analytics-driven approach to securing what matters most—identities, applications, and data. Incidentally, Identities have evolved beyond heartbeats, what with the Internet of Things (IoT) and a rapid increase in connected devices. The lack of proper identity and access management is a major concern. Businesses need to ask, who has access to what, and how are privileges managed?
The Covid-19 outbreak that started in early 2020 confined a big part of the population indoors. This has had a direct impact on mobile app usage trends, especially among on-demand mobile apps. According to TechCrunch, consumers spent a record $28 billion in apps in Q3, aided by the pandemic. They also spent more than 180 billion collective hours each month of July, August and September 2020 using apps, an increase of 25% year-over-year, reports the site. Woe to the business that rushed an app to market and was hacked and their customer data stolen and then sold on the dark web. Businesses need to be able to find and fix vulnerabilities in all application types—on premises or in the cloud, and practice fast security testing to get secure apps out to the waiting public.
In order to have a good roadmap of where their data is, organizations need a comprehensive data discovery solution. But knowing what is sensitive customer data (name, address, credit card, social security number) and where the sensitive data resides is not enough. With cyber attackers lurking seemingly everywhere, external or even internal, enterprises cannot fully control and trust their data environment. They have to instead protect the data itself with data-centric security. For companies that take data privacy seriously, the only alternative is to implement a data-centric privacy and protection program, one that encrypts or tokenizes at the data level itself. This allows any sensitive company or consumer data to be fully protected across the entire lifecycle of that data, yet still allowing the data to be moved around the organization, and to be processed and analyzed in a protected fashion.
There are InfoSec venders that offer robust point solutions however, #buyerbeware! Very few vendors can assure InfoSec professionals that they are protected against breach, guarding the privacy of individuals, apps and data, with ease, insight and confidence.
Enterprises need a holistic solution that addresses their need to access and analyze sensitive information and deliver new value to consumers, as well as their need to build security into their business in a seamless and efficient way. For businesses that want to take data privacy seriously, then security should be at the core of everything they do. So on this Data Privacy Day we issue a call to action to enterprises large and small: take the right steps to protect your information and keep private data private.
Share your support for Data Privacy Day by following @MicroFocusSec on Twitter and by using the hashtag #PrivacyAware. Let us know the steps your org takes for data privacy by logging in or registering and commenting below.
This blog originally appeared on the Micro Focus Security blog.