As new estimates predict cybercrime costs will exceed $2 trillion by 2019, many consumers are wary of letting companies handle their personal data, according to Spohn Security Solutions offers advice on how to handle and defend against such problems.
Lack of diligence in the business world has dominated headlines, leading to serious mistrust on the part of consumers. Currently, 68% of consumers don’t trust companies to handle their personal data securely and keep it protected from hackers, according to Spohn.
Companies need consumer data for invoicing and other legitimate business purposes. This means that methods must be developed for effectively securing data to prevent personal information from falling into the wrong hands. Cybercriminals quickly devise strategies to overcome older security measures, and it’s a sure bet that they’ll continue to exploit any possible vulnerabilities in new security patches, etc.
However, there are some basic practices one can implement which can help protect most consumer data. It’s also important to keep customers in the loop regarding how the company handles and protects personal consumer information. Spohn Security Solutions has a few suggestions in this regard:
° Use multiple authentication layers, and follow this up by letting customers know who will have use of customer data and how it’s secured from unauthorized use.
° Make sure your company is focused on security not compliance. This means following a list of best practices to ensure that your customers’ information stays safe. PCI, HIPAA, SOC compliance cover the MINIMUM acceptable level for many aspects of data security: Employee procedures to data encryption. Compliance will come with security. Compliance is great to advertise on your website and in many cases, require by law, but a secure network lets you sleep at night.
° Make your consumers’ privacy a competitive advantage for your company. Destroy customer data once it’s no longer needed or required to be kept by law. Let customers know that you won’t keep any credit information or personally identifiable information on file longer than legally required. Communicate your assured cloud destruction and data retention agreements; explain this is why they must enter their data repeatedly on your site. Most will appreciate your attention to maintaining their privacy, even if it is inconvenient.
However, even with these and other measures in place, employees sometimes forget to implement them, or new employees who haven’t yet been fully trained on current security practices can commit errors. Spohn Security Solutions has been in the cyber security business for 20 years and has observed that not all companies maintain an appropriate level of vigilance regarding employee security training.
“It’s vital that companies continue to provide security training for their employees. When they train but then forget to regularly update and check on their employees’ practices, it’s as if they were never trained at all,” said Timothy Crosby, senior security consultant for Spohn Security Solutions.
When these gaps occur and new threats hit, serious risks can be propagated throughout the system, leaving vulnerabilities for hackers to exploit. One example was the WannaCry ransomware attack in May, 2017. That attack, termed “next-gen ransomware,” was the largest computer virus /ransomware infection in history. As opposed to regular ransomware, which encrypts only the local machine it lands on, this type spreads throughout the organization’s network from within, without having users open emails or malicious attachments (which is why it’s called a “ransomworm”).
Crosby says, “A big risk is companies becoming complacent with their security watchfulness. Windows had released an updated security patch prior to the WannaCry attack, but not everyone updated their system. There’s a risk of companies providing employee training and information but then forgetting to provide continuity.”
