Protecting customer and company data is a major concern facing Australian businesses today. No doubt this business dilemma has been intensified by the rise in cyber attacks upon organisations of all sizes, affecting their ability to keep data secure. According to the Australian Signals Directorate cyber attacks on Australian businesses and government increased by 20 percent in 2014. More concerning are figures from the Australian Cyber Security Centre claiming that the total cost of cybercrime in Australia is likely to be over $AUD 1 billion per year.
Aside from the financial burden, companies may soon be legally required to disclose to customers when a data breach has occurred with the expected introduction of a data breach notification bill that is currently in draft form. Certainly any customers who are made aware of a security incident are likely to have their trust in an organisation tested.
So how can businesses retain customer trust and loyalty in the face of increasing cyber attacks, along with the huge financial and legal ramifications associated with attacks of this nature?
In order to maintain customer trust, it’s important that organisations step up security policies and procedures to ensure confidence in their own infrastructure. Many businesses never translate independent audits and reports into actual plans, leaving them wide open to data breaches. This common failure can be highly detrimental should a data breach occur as the organisation will often be unprepared to deal with not only the financial, but also legal and reputational consequences.
Despite the alarming statistics, customer confidence can be preserved. Organisations can create an actionable security plan with the objective of preventing data breaches, while ensuring that the business is prepared in the event of a cyber attack. In order to protect their business from a data breach and retain customer trust, businesses should consider the following five security measures:
- Perform a risk assessment
Organisations need to know where their data is, where it’s being used and by whom. This risk assessment must extend to vendors and contractors as well as data on the endpoint, including devices accessing sensitive data that may not be owned or secured by the business directly. This review can be conducted internally or by an external auditor.
- Create an actionable plan
Businesses should address security risks with a combination of education, security policies and technologies that protect data, wherever it resides and has the ability to detect and contain a data breach.
- Always Automate
Wherever possible organisations must avoid ‘putting off’ data security updates and automate where possible. This includes automated patching as well as automated alerts if data is put at risk. For example, if an organisation’s endpoint device travels beyond a geographic zone or its encryption is offline, the device can be remotely secured to protect critical data and network access from that device.
- Make security a top-down priority
Security should be an organisational priority. The only way to do so is to ensure security becomes a top-down priority, backed by a strong security focused IT team. Every employee also needs to be held accountable for ensuring security, such as in relation to their own passwords.
- Leverage a layered security strategy
Businesses have a responsibility to protect data, wherever it resides for its entire lifecycle. To ensure this, a layered strategy is recommended to better enable IT to cope with the rapid pace of change caused by mobility, the cloud and even the changing risk landscape. Organisations should leverage technologies that will help identify potential security threats and respond rapidly before they become damaging security incidents.
In order to retain customer trust and loyalty, businesses need to demonstrate that they are addressing their own security affairs beyond the scope of what is included within any data breach legislation or other mandatory requirements. This means assessing the security risks, automating security updates, developing a plan and strategy and perhaps most importantly, making security a priority.
About the author
By Rick Ferguson – Country Manager, ANZ at Absolute