With cybercrime escalating in volume and sophistication every year, consumer trust is a bigger challenge for organisations than it’s ever been, says Ross Sibbald, Commercial Director at Striata, Africa. And while legislation such as the EU General Data Protection Regulations (GDPR) and California Consumer Privacy Act (CCPA) have made things simpler by setting minimum standards for organizations to adhere to, they need to do more to truly guarantee trust.
They should not, for instance, assume that their responsibility is over once a document has been delivered safely to the customer. If a customer’s personal devices are unsecured, there is still a risk that one gets hacked or stolen. This means that confidential information sent by the organization could find its way into the public eye, or worse, get exploited for criminal purposes. Even if the organization’s own security protocols are watertight, it could still end up shouldering the blame or have its reputation tarnished.
Fortunately, organisations can (and should) do everything they can to ensure that customer communications are protected throughout the information cycle.
Customers face multiple threats
When considering why it’s so important for organisations to protect customer communication even once it’s on the end device, it’s worth remembering just how many threats customers face.
The millions of mobile phones stolen every year alone represent a massive danger of identity theft. That’s before even getting to the number of people every year who fall victim to phishing scams or who have their information compromised after inadvertently installing malware.
According to Kaspersky Labs, the number of unique malicious objects detected by its web antivirus solution reached 24,610,126 in 2019. Some 85% of web threats detected were malicious URLs making the risk of a customer unwittingly clicking on a URL an ever present threat to data protection.
In short, while companies have never been more aware of the need to keep their customer data safe internally, the threat to that data once it’s on the customer’s device continues to increase.
Data protection by design
One solution to mitigate these threats is for organisations to bake data protection into the design of their customer communications. Data protection by design is about considering data protection and privacy issues upfront in everything the organisation does, especially when it comes to customer communication. This not only ensures compliance with relevant legislation, it can save reputational damage and, ultimately, revenue.
But what does data by design look like practically?
Well, encryption and password protection should be non-negotiable for starters. Encrypting and protecting important documents ensures that even when it resides on the customer’s smartphone or laptop, the information cannot be easily accessed if the device is stolen or hacked.
Encryption is a process that encodes a message or file so that it can only be read by the intended recipient. Encryption scrambles, or encrypts, data which the receiving party can only unscramble, or decrypt, using a key (a string of values or an application).
Password protection, meanwhile, means a document cannot be opened without entering a shared secret known only to the sender and recipient. Requiring a password to access a secured document not only adds another layer of protection, but has other benefits. In the unlikely event that a document is sent to the wrong person, the incorrect recipient cannot open the document (personal information remains private) thereby avoiding a data breach.
Customer education is key
While it’s obviously important that the organisation does everything in its power to protect and encrypt information, customer education remains the most powerful weapon in its arsenal. Cybercriminals can find their way around new technologies, but tech-savvy customers are much harder to crack.
If an organisation can help its customers avoid risky behaviour and protect their personal information, no matter where it sits, they’re much less likely to fall victim to cybercrime. That, in turn, means reduced reputational and financial risk.