In this digital age, given the increasing levels of cybercrime targeting rich customer data for financial gain, businesses need to take a step back and ponder whether they are moving into an economically healthy online age or whether the losses from law suits and reputation, such as in this latest instance with Sony, will ultimately cripple organisations’ growth in the long term. At the core of the issue, enterprises need to re-consider the validity of data collection and accessibility. Marketing departments may perhaps be the most obvious example of the need to review the amount and type of information they gather, how it is gathered, and how widely it becomes available. Marketing organisations have never been more effective at gathering information, profiling and targeting their customers, which is a great benefit to the business. However, marketing managers must also think hard about what their processes communicate to their customers - do marketing campaigns, for example, suggest that sensitive customer or even account data is being shared widely across the organisation, or worse with the outsourced call centres? Can they justify to customers what information they are working with and why?
Personally I find it difficult to understand why an online restaurant reservations company needs much more than my name and a phone number when it takes a dinner reservation. They must recognise that when savvy customers object, business is lost.
The review should not be limited to marketing. Companies should consider whether data needs to be stored permanently or whether it can be held temporarily. Authentication is a clear example of where the data usage requirement can be temporary. Trust is both a logical and emotional achievement that is difficult to develop and all too easy to lose. Data loss and identity theft is now a mainstream concern. People are alarmed by the enormity of the potential loss to them, with emotional distress over such incidences having the potential to damage customer relationships permanently. Any company or government office wishing to transact online, even those with the most comprehensive and effective security measures in place, must now also invest in assuring confidence in these measures. In the digital age, customers that believe you value their data, and understand what you are doing to protect it are more likely to believe you value them. The task ahead is not insignificant. Philosophically, information security, traditionally an IT discipline, must evolve into a broad management concern, while security must become an integral consideration in the innovative development process. Clearly part of the challenge will be for organisations to understand how much to invest in this effort. Years of investment has successfully moved them to the cost-effective cashless online services and processes that now underpin core operations. They must be guided by their dependency on a healthy digital age. Posted by John Colley, Managing Director, (ISC)2 EMEA