These days, it seems like hardly any time passes between headlines about the most recent data breach. Consider the revelation in late September that a security intrusion exposed the accounts of more than 50 million Facebook users.
For that matter, not much time goes by without a new survey or study that confirms the difficulty of data security. Forbes recently reported that US businesses and government agencies suffered 668 million security intrusions and data breaches in the first half of 2018 alone. It’s no wonder consumers have little faith in organizations’ abilities to protect their data. Only 20 percent of US consumers completely trust organizations to keep their data private.
No business is immune to data breaches, but that doesn’t mean you can’t do everything in your power to prevent them. By taking proven, sensible measures to ensure data security, your enterprise will not only tighten its defenses, but also promote trust among customers.
Here are five steps your organization can take that will demonstrate to consumers that you’re committed to data security.
1. Encrypt sensitive information.
Many industry regulations require certain data be encrypted, but it wouldn’t hurt if your organization considered safeguarding other types of data too. Almost anything can be encrypted. There are the obvious resources: email, SMS messages, user names, passwords and databases. Other sensitive data, such as intellectual property and the personal data of customers and employees, can also be encrypted.
Before considering encryption, review whether a particular type of data would cause financial harm and reputational damage to your organization if someone exposed and manipulated it. Encryption isn’t foolproof, especially if the key to encryption falls in the wrong hands, but it is a first-line security step that can show customers you take these matters seriously.
2. Optimize backup and recovery.
Most enterprises have data backup and recovery plans and likely rely on some form of disaster recovery (DR) technology, whether it’s offsite servers or a cloud service. But is it effective enough to boast about? An organization can’t make any stated commitment to protecting customers’ data if it’s at risk of losing it.
Because cyber incidents usually happen without notice and can go undetected for days, weeks or even longer, it’s critical to restore data to its clean, pre-breach condition. It’s a complicated process, but cutting-edge, purpose-built resiliency technologies can automatically recover data to its correct state and enable enterprises to find their footing quickly after a breach.
3. Promote compliance and transparency.
This year, organizations around the world started abiding by the General Data Protection Regulation (GDPR), a European Union standard for the handling of customer data. The GDPR essentially puts the power in consumers’ hands, enabling them to control how their data is stored and managed. It’s a thorough and detailed mandate for any organization, no matter where it’s based, to properly handle European citizens’ data.
Companies that comply with GDPR should use this compliance to their advantage by promoting how they collect, use and store consumer data. Asking users to review privacy settings or agree to a laundry list of new standards won’t effectively relay the steps you’re taking on their behalf. Instead, organizations should separately promote the many ways they follow GDPR and other compliance standards in easily consumable marketing materials. This will show customers that the organization is serious about its commitment to protecting personal information.
4. Consider cyber insurance.
In its annual study on the expenses of cybercrime, Ponemon estimates that the global average cost of a data breach has increased 6.4 percent over last year, climbing to an average $3.86 million in 2018. Those high costs have prompted many businesses to view cyber risk insurance as a critical investment.
Businesses that want the support of insurance should look for a policy that covers common reimbursable expenses. These might include a forensics examination to review the data breach, as well as monetary losses from business interruption, crisis management costs, legal expenses and regulatory fines. Hopefully, your enterprise won’t face many of those costs, but cybercrime is unpredictable. The peace of mind that insurance can provide you and your customers is worth the cost.
5. Work with a data security expert.
It’s not easy deciding which technologies and data security management strategies will work best for your organization. There are many technologies and strategies to implement. With regulations such as GDPR increasing expectations, don’t take any chances with customer data. Work with a data security expert that knows the lay of the land and already has insight on potential changes that would affect how you safeguard information.
Customers have an increasingly endless array of options to choose from on the digital market, so you might get only one chance with each consumer. Win their loyalty by demonstrating how you can expertly handle and preserve their data.
Learn about more ways IBM can help your organization secure your cloud platforms by registering for the guide to securing cloud platforms.