Data Protection Issues that Brands Must Answer to Build Trust
- By George Chung, M800 Limited
- March 19, 2019
People, devices and systems are locked in a whirlwind of hyperconnectivity today and it’s no surprise that even the world’s largest and most highly secure brands are being hit by hackers and cyberattacks. Year 2018 has been a bruising year with global brands across the board being hit with huge cyberattacks – the largest example topping 500 million plus customer records hacked!
What this year’s security incidents tell us is that not one person, company or country is completely safe whether it's Facebook, Google, FIFA or even nations like the US. It’s almost guaranteed that attacks and breaches will occur. The challenge is being ready to minimize the damage but also ensuring that everything is being done to minimize the chance of being hit by hackers and cyberthreats.
As customers of many of the brands mentioned above, people today should demand that they answer three critical data protection questions so that we can trust them with our data.
- Are brands doing everything to follow the highest security and compliance standards?
- Are brands following up with flawless execution of their strategies and frameworks?
- Finally, are brands looking to secure and protect data across their entire ecosystem?
Addressing the first point, companies have spent millions globally in security tools and technologies, but the question is have they done everything possible? On top of the usual technologies like anti-virus/anti-malware, firewalls, end-to-end network protection and data encryption, are industry standards being applied? Is your brand certified with security frameworks like ISO 27001 which all brands that handle significant sensitive customer data should be adopting?
Other measures include the Payment Card Industry (PCI) Data Security Standard that applies to all companies that process credit card payments. Organizations must also add in GDPR compliance to specifically protect customer privacy and ensure their data is not being abused is also noteworthy. Customers should insist on these standards with all companies that hold their data.
As a communications provider to recognized brands around the world, M800 is committed to setting an industry example by adhering to these critical security standards to meet industry best practices and recommends all businesses follow suit. It also demands the highest rigor by securing end-to-end all its operations, from the application development process to networks, databases and staff behavior.
The second key component is execution. In reality, all companies to some degree are using the same or similar tools, technology and frameworks to secure their business and customer data. Where the very best companies differ is in investing time, money and effort in execution. This requires having dedicated security professionals in place and ensuring that they repeatedly assess, review and test security systems and processes.
So how do brands ensure their staff is primed to be the last line of defense? A security culture starts with leadership, then employing dedicated personnel, time and effort as well as the will to enforce all standards and policies. It’s not enough to just get security certified as a business but every individual in the company must be made security conscious and be responsible for protecting customer data.
Each and every staff member must perform and act every day with security in mind. The best companies not only train staff regularly in security practices but test them so that security becomes a habit and standard behavior. At M800, staff is consciously and unconsciously tested on a regular basis and monitored for secure behavior to ensure standards remain as high as possible.
Finally, the eco-system question has become all the more important today as businesses are increasingly forming collaborations and operating as a network of tightly connected partners. Every associate and provider must deliver the same security standards to ensure customer data is protected end-to-end. While in cases where it’s not possible to demand the same standards then measures must be in place to guarantee related data is protected and encrypted so that even when exposed is not accessible.
As a provider of critical communications technology to global brands around the world, M800 believes investing the maximum resource in security is essential. One area of major concern when considering how modern organizations today are built on eco-systems is the increasing use of social platforms in business. Use of WhatsApp, WeChat and many other emerging social platforms raise significant security and data privacy questions that businesses must consider when work communications and sensitive data is being shared on these networks?
Only by asking brands these critical questions can businesses as a whole become more hardened to cybersecurity threats but also ensure their wider eco-system of partners, suppliers and customers are protected too. It is only by having the technologies, the frameworks and processes and the disciplined staff in synch can companies be best prepared to respond and act in such dangerous times.
George Chung, IT Director, IT & Security, M800 Limited contributed this article.
The views and opinions expressed in this article are those of the author and do not necessarily reflect those of CDOTrends.