• Subscribe   
  • Subscribe   

Your customers are a security risk

Is Your Customer Data Adequately Secured

Financial services firms accounted for only 6% of the total data breaches in 2019.  Yet, 60% of records leaked that year came from financial services breaches. This illustrates both the risk and the responsibility faced by financial services firms. Are they doing enough to keep customers’ data secure?

Personal data is the new gold. And cybercriminals spend an enormous amount of time and effort to steal this valuable resource.

For financial services firms, the risk lies not only in their own systems. Their partners and downstream providers also process their customers’ data. Providers like printing companies. Or couriers.

1.7 million Nedbank customers’ personal data were exposed by a printing company in February. The breach exposed names, ID numbers, and physical/email addresses. Fortunately, no account details were stolen, and the criminals did not gain access to any of Nedbank’s systems through the incident, the bank said in a statement.

The lesson here is that organizations need to interrogate the level of security in place in their partners’ systems. They need to ensure their customers’ data remains secure, wherever it sits in the value chain. 

If need be, request a security audit. Having a contract that places responsibility on your supplier will mean nothing when your customers blame you for allowing their data to be stolen.

Striata Security Overview

Tags: Product and Technical Overview, Overview, Security, Cyber Security, Data Privacy, Data protection, striata security, security product overview, data security, privacy laws, security policies, security layers, platform security, access control, data centers, saas environment, infrastructure security,document security,password management

Understanding Striata Security - mitigating risks of an ever-changing cyber landscape and ensuring data privacy law and regulation compliancy.

Get the Striata Security Overview

Please enter your details to get the Striata Security Overview emailed to you:

By submitting your details via this form, you are consenting that we receive and store your information for the exclusive purpose of contacting you (if requested).
  • We will not share or publish your information or process it for any other reason.
  • Once your request is fulfilled, we will either delete your information or request your consent for further processing.
  • Please find additional information in our Privacy policy.
View our Terms of use | Protected by reCAPTCHA.

Do your customers know how to protect their own data?

Beyond third-party providers, the biggest threat to customers’ personal data is customers. Companies cannot assume that a customer’s device is secure, or even that the customer is aware of how to protect their own data.

The UK’s National Cyber Security Centre study, released last April, did an analysis of breached account passwords globally. The study showed that ‘123456’ was used in 23.2m incidents, followed by ‘123456789’ (7.7m) and ‘qwerty’ (3.8m). This should tell organizations everything they need to know about how informed consumers are about cybersecurity.

Companies sending personal information to customers need to provide proper security for mobile apps (including two-factor authentication), encrypt documents that are emailed, and protect information that is available online.

Ongoing consumer education is key

A key factor – as the UK NCSC study shows – is ongoing consumer education. Use your regular customer communications to send personalized, relevant information to help your customers help you to keep their data secure.

For example – a customer gets a new phone and downloads your mobile app. This gives you an opportunity to send them an email congratulating them on their new purchase and provide hints and tips on how to get the best out of their device. Things like:

  • Set your phone screen to auto-lock
  • Set a secure PIN
  • Install antivirus software
  • Encrypt your device
  • Use two-factor authentication on all apps and portals that will let you do so
  • Activate biometrics

Likewise, educate your customers on what you will and will not ask them to do. Assure them that you will never ask them to share their password or PIN, ever! Not in an email, nor over the phone, for example.

Explain to them that keeping their password safe doesn’t only mean not sharing it with someone else – it also means not writing it down, telling it to someone verbally, or using it on a public WiFi network.

Give specific examples that are relevant to their lives, so that they can link the advice to the risky behavior.  For example, don’t just say: ‘beware of phishing emails’. Rather, outline that an email asking them to urgently reset their account otherwise it will be closed, is not legitimate because you will never ask them to do that.

Organizations need to consider if they are doing enough to ensure the customer data they share is adequately secured – even on their customers’ devices.

Cybercrime is not a problem with a single solution. It’s an ongoing threat that needs to be mitigated using tactics and strategies that evolve as the threat landscape does.

Samantha Perry

Samantha Perry

Guest Blogger

Samantha Perry has worked both as a journalist and PR professional over the past two decades.

As a journalist, she covered the ICT sector for the likes of Computing SA (editor), ComputerWeek, and Brainstorm magazine (editor). In her capacity as a PR professional and consultant, she works with listed and multinational organizations, such as Google (ZA & NG), Telkom, MTN and Dimension Data.

Samantha has a Master’s degree in ICT Policy and Regulation and runs an initiative called WomeninTechZA, which aims to bridge the gender diversity gap in the tech sector. She sits on the UN Office for South Cooperation Women in Tech program secretariat, is a regular judge of the GSMA GLOMO Awards and has spoken at a variety of prestigious events over the years.

Read more of Samantha's blog posts here or connect with her on the following social channels: