Fear of data breaches and concerns about privacy are increasingly prevalent and, unfortunately, some concern is warranted. We should care about how businesses look after our data, just as marketers should make every effort to protect it and use it responsibly. That means learning how to protect your business online and doing what it takes to keep your data safe and sound.
Trust can be earned and it can be lost
In marketing, trust is everything. Users take a leap of faith when they entrust businesses with personal information, sometimes very sensitive details like credit card numbers and medical history. Failing to do everything possible to keep it safe is an offence not readily forgiven. The cost of the reputational harm alone can be huge yet very difficult to quantify. If a customer has a choice to make between two service providers, one of which they remember seeing in the news because of a data breach, the decision is an easy one.
The other associated costs are more tangible, that being direct financial loss, legal liabilities, and the disruptive process to identify and contain the breach. IBM’s Cost of a Data Breach report for 2022 found that the average cost of a data breach is US$4.35 million, up from $4.24 million in 2021. The healthcare industry has seen the sharpest rise in the cost of a breach, up 42% since 2020, and now stands at US$10 million.
The report notes that the share of breaches caused by ransomware grew 41% in the space of a year and now sits at an average cost of US$4.54 million per breach. Attacks mostly occur through stolen or compromised credentials (19%), phishing (16%), or vulnerabilities in third-party software (13%), and nearly half of all data breaches (45%) occur in the cloud.
Start improving your posture
But you don’t need to take your business offline to keep it safe. Simply following basic cybersecurity best practices and being mindful of different types of threats and the social engineering tactics used will help to keep back the vast majority of cyber threats. Never forget the importance of…
- Creating strong passwords
- Making use of two-factor authentication
- Applying regular software updates
- Encrypting sensitive data
What’s needed is a company-wide culture of cybersecurity in which everyone understands what’s at stake and the part they have to play in the security chain. Try to make security awareness training as fun and engaging as possible, and be sure to find the right person to lead your security team.
For your customers, online transactions must utilise secure payment gateways with encryption, so be sure to keep your SSL certificate valid at the very least. Secure Socket Layer (SSL) certificates establish an encrypted connection between the user's browser and your website that protects sensitive data during transmission. If your website can’t offer a secure connection with HTTPS, visitors are bound to be apprehensive about entering any details on your site, let alone making a purchase.
Stay compliant with regulations
South Africa’s Protection of Personal Information Act (POPIA) regulates how businesses can acquire, organise, store, secure and discard personal data. Modelled on Europe’s General Data Protection Regulation (GDPR), this legislation targets organisations (including some of the world’s biggest) that for years had been playing fast and loose with often-sensitive customer data or simply not keeping it as safe as it should be.
Failing to comply can carry some hefty penalties and certainly isn’t worth the risk. But these laws exist to ensure that personal information is treated with due respect, for the sake of privacy and to protect a business’s customers from cybercriminals.
Secure your business for tomorrow
Staying secure is an ongoing process and requires dedicated resources, as well as regular security tests. Should the worst happen, you need to be able to bounce back quickly so it’s essential that critical data is backed up frequently and that you have a disaster recovery plan in place.
In the end, multi-layered cybersecurity measures are worth investing in because falling victim will be significantly more costly. It starts with staff awareness, from C-suite to intern, so try to do whatever it takes to prevent complacency from entering your business.