Data security is becoming increasingly important as consumers continue to transition their lives online. From banking to buying, online security is vital for the success of a company. While 91% of brands have adopted some sort of risk-based cyber security framework, incidents from stolen identities to data breaches across organizations, obviously still occur.
The success of any organization greatly depends on the sense of trust your customers feel. To obtain that trust in a technologically advanced world, we turn to information security specialists to uncover and maintain it. Why is this so important to leading brands? After the recent stem of security breaches, 76% of consumers would likely take their business elsewhere if negligent data handling practices were found. In addition, 72% of consumers also reported that they may share fewer personal details with companies, which may influence future revenue opportunities. That’s major.
Today, information security specialists handle the most important commodity in your company’s possession. No, it’s not your company’s patents, products, or services; it’s relationship management. With that in mind, what are some ways to maintain your information security, as well as work with those specialists who focus in combating threats?
The Little Restaurant That Could
To illustrate why I find this topic so important, let me take you back to a few weeks ago. My wife and I ate out of town at a restaurant we like to frequent. Upon returning home, I discovered my bank card was missing. I immediately called the restaurant and confirmed that they had found it, but because we live 45 minutes away and would not be able to recover my bank card for another week, I asked about their policy in such cases. They affirmed that cards remain in their safe until the patron returns to recover it by identity verification or until 30 days, at which point the card is destroyed. Confident in their policy, I agreed to them storing it for me and I returned a week later and happily retrieved my card.
While this is a very touching story, you may be wondering how it relates to your business. Well, the restaurant provided something more valuable than their food or service to me: they gave me a sense of trust. The role of informational security specialists is the same.
If you’re a consultant responsible for maintaining a company’s website, you will likely meet an information security specialist who will flag one of your page tags for immediate removal and send you questioning your very existence (maybe not the latter, but you get my point). Yes, these are very stressful moments that lead to a scurry of activity to validate the security of your chosen solution. It sometimes become a very drawn out process while you build your case for tracking x data point (or your entire data set!). However, I urge you to look at the situation from an alternative perspective.
Would you rather an information security specialist find an issue or would you rather them overlook it? Yes, it’s time consuming to resolve an issue. Yes, adjusting your entire data set is a pain. Yes, errors may even be costly. However, if the future of your business is based on the trust and loyalty of the consumer, you should do everything in your power to maintain it. That includes getting along with information security specialists and trusting their expertise.
Be Proactive With Your Information
Working with enterprise-level organizations, we often set out to establish the importance of being proactive in a relationship with information security. At some point, consultants will most likely have a relationship with a specialist and you may as well set about it before it sets about you. My recommendations here are actually quite simple in theory, but harder in practice since they involve our little friend called discipline. Nevertheless, here are some best practices:
- Identify the best information security specialist within your organization.
You need someone that has at least a basic knowledge of digital analytics and a desire to learn about it. A great find is someone who is interested in the subject and has the tenacity to be vigilant about maintaining trust.
- Document a list of approved data collection points and collection methods.
You will need to document all the data you wish to collect, as well as how it’s collected, stored, and utilized. Then you can work with your information security specialist to whittle this list down to what can be approved without further information security review and sign-off.
- Include your new information security friend at all project kickoffs.
Once you have an approved data collection list, be sure to notify your information security specialist when there are upcoming projects outside of the approved data collection list that need special approval. This is vital since it will allow them time to research new items and provide timely feedback to prevent project disruption or an adjustment of requirements.
- Revise your approved data collection list every 6-12 months.
Every 6-12 months, collect the list of items which needed special approval and work with your information security specialist to have the items added to the approved list, particularly if they are likely to be used again in the future. This will minimize the amount of new items that need special consideration as your approved list grows and your information security team gains greater knowledge around your data collection practices.
The Big Picture
Information security findings can be a bitter pill to swallow, but as I noted, it’s better to solve issues quickly than to be concerned with the steps it may take to get there. Trust is a hard thing to acquire, but once you have it, you should go the extra mile to maintain it. That starts with enhancing the role information security plays. Through these recommendations, I hope I have provided an antidote to trouble that could be lurking ahead. With this approach in place, you can have the peace of mind that information security will have your back instead of being on it.