The past year and a half has pushed businesses and the customers they serve to make dramatic changes in how they use technology. The pandemic sped up digital transformation for 68% of global businesses, to keep up with consumers who were rapidly moving online. Now, the customer experience is more convenient than ever—but the trust brands have earned is precarious, due to increased cybersecurity risks.
While the fast shift to digital channels has made customer experiences more convenient, it has also left companies to manage more technology integrations, more remote workers logging in from more endpoints, and more customers shopping in new ways. Because of these changes and other pandemic-related disruptions, global ransomware attacks increased by 62% from 2019 to 2020.
Ransomware does more than lock victims out of their data. Attackers can also steal and sell the data, leading to identity theft, account takeovers, financial losses and legal complications for customers. These dire customer experience can cost a brand its revenue, its reputation and its ability to continue. Consider that 84% of online shoppers in a five-country March 2021 ClearSale survey agreed that they wouldn’t do business again with a website that allowed a fraudster to use their card.
Businesses that invest in and continuously update their cybersecurity can prevent customer experience disruptions, protect their brand reputation and maintain the trust and loyalty of their customers. That process includes key steps to safeguard customer data.
Refine your data-collection strategies and practices
Ransomware attackers know the value in customer data, which is why they work so hard to steal it and why so much of it goes up for sale on the dark web. To protect your customers from data exposures and protect your business from liability, review the customer data you collect.
Do you ask for only the information you need to authenticate them and provide a good experience? Are there data fields you could stop collecting without compromising fraud control and CX? If so, you can stop requesting that data going forward and securely purge the existing data.
For the data that you must collect, are your permissions, use and storage policies with relevant data protection regulations, such as GDPR for EU-based customers, CCPA for California-based customers, and national and local regulations in other parts of the world where you do business? If not, bringing your practices into compliance will protect your customers and help your company avoid expensive fines for noncompliance in case of a breach.
Reevaluate your encryption practices
Customer data that you store should be encrypted as they enter it on your website or app and when the data is at rest on a server. It’s especially important when the data is in motion to a payment gateway, processor, fraud prevention service or other trusted partner.
Review your cloud storage security to make sure you’re not storing customer data in plaintext on misconfigured cloud servers. That scenario has led to breaches at Facebook, Accenture, Verizon and other companies in recent years.
It’s also wise to see how your organization monitors traffic to and from its servers to prevent data exfiltration. Data traffic monitoring can let your security team respond quickly when there’s an unexpected movement of data from within your company to an unknown destination.
Keep software patched and updated
Recommending patches and updates may seem like the most basic cybersecurity advice, but major organizations were stumbling on this step even before the pandemic caused companies to adopt more software solutions. In 2019, 60% of breaches were caused by unpatched software, and these weren’t zero-day exploits but known vulnerabilities for which patches were available. The average time to patch critical vulnerabilities was 16 days, per a Ponemon Institute survey.
Patches and updates require balancing the need for security with the drive to minimize disruptions and the time and staff required to do the work. Two approaches that can help companies keep up with patching requirements are automating updates whenever possible and choosing software vendors that deliver updates without requiring action by your IT team.
Strengthen your malware protection
Keeping malware out is critical for avoiding breaches. Make sure your sites’ web application firewalls are up to data and deploy continuous site scanning to detect and remove malicious code injections that can lead to data-skimming attacks that collect customer information as they enter it into checkout forms.
Take a fresh look at your email protection tactics, too. While every company should promote a culture of security, it’s increasingly hard to tell sophisticated email compromise attacks from real messages. The best preventive approach is to make sure those emails never reach their targets.
Review your data breach response plan
If your company has a breach, your response can determine the extent of the damage to your customer relationships, your brand and investor reputation, and your financial liability. Report breaches as promptly as possible to law enforcement and relevant regulatory bodies. Track changing laws to make sure you know exactly what the reporting requirements are for your business.
Communicate transparently with your customers about what you know, what you don’t know, and the steps you’re taking to protect them. Have a plan in place before a breach to offer monitoring services to your affected customers—and make sure the CX is excellent. Seventy-eight percent of customers say they’ll “forgive a company for its mistake after receiving excellent service.”
Take the time now to take stock of your new technology environment and take steps to make it as secure as possible. Customer trust is valuable, hard to earn and easy to lose. The best way to keep it now is to keep your customers’ data safe.