How do you keep customer data safe?
87% of consumers will stop buying from companies that fail to handle their data responsibly.
In other words, the companies that prioritize customers’ privacy will earn customers’ trust and win in the long road ahead.
Ready to put cybersecurity at the front line of your unique selling proposition (USP) and business strategy, so you can secure customer loyalty for good?
Here’s what you can do.
1. Set Up an Incident Response Plan
Your Incident Response Plan consists of a set of protocols in the event of a cyber attack.
According to Scott Watnik, the co-chair of Wilk Auslander’s cybersecurity practice, the goal of this plan — in addition to ensuring all regulatory and legal obligations are complied with — is to protect:
- Your business finances,
- Your business reputation and goodwill among customers, and
- Further and continued data compromise once systems have been hacked
As you develop your Incident Response Plan, bring together these stakeholders:
Operations Personnel
Address consumer information needs (e.g., set up call centers).
Public Relations Experts
Manage communications with the media if the hack is made public.
Insurance Brokers and Personnel
Assist with providing immediate notice to insurance carriers, submitting loss claim notices, and identifying the policy benefits and coverage to which your business is entitled.
Outside Legal Counsel
Navigate the complex legal landscape.
“Ideally, your business should have personnel who are ‘on-call’ in each area and are ready to act immediately once a cyber-attack occurs,” advises Watnik.
Richard Rogerson, Founder of Packetlabs, an ethical hacking company, agrees. He also adds that the Incident Response Plan depends on the country the breach occurs in.
“There may be very specific regulations that outline how to respond, when and how soon to report, along with applicable fines or penalties.”
Action Plan: Set up an Incident Response Plan, taking note of your key players and the country your business operates in.
Always Be Prepared: Send Sensitive Data Safely Through 8×8’s Voice Today
2. Boost Your Website’s Security Layers
The security precautions that work for a competitor?
They probably won’t work for you. And that’s because your customer data protocols depend on a myriad of factors — factors that are unique to your company:
What else can you do to protect customer data from point A to point B, besides number masking and two-factor authentication?
Rogerson recommends a Canary, an early warning that an intruder is potentially in an environment. When this happens, businesses should trigger its response plan.
Watnik further advises using only encrypted email accounts when transferring sensitive data via email from one business to another.
He also recommends encrypting this email separately as an extra layer of protection.
Watnik also urges companies to keep up-to-date with regulations.
For companies based in America, the New York’s Stock Hacks and Improve Electronic Data Security Act (the “SHIELD Act”) is a good guide on taking proactive measures to protect customers’ Personal Identifying Information (PII).
Companies that handle sensitive information from citizens from the European Union (EU) within the EU states should turn to the General Data Protection Regulation (GDPR).
Action Plan: Encrypt your emails, invest in website security, and stay current with the new regulations.
Tip: Managing subscriber data is a vital component of SMS Marketing. Find out more in our SMS Marketing Ebook
3. Overwhelmed? Hire an Expert (And Buy Insurance)
Given the complex and often-changing nature of the legal landscape, it’s sometimes best to hire a cybersecurity consultant.
Rogerson shares, “Legal counsel can help navigate your cyber insurance policy restrictions, and ensure you have the resources you need to help protect your business, employees, and customers.”
Watnik also stresses on purchasing cybersecurity insurance that’s tailored to the specific needs of your business.
How do you get the most out of cyber insurance? Insurance writer Sarah George from Finder shares her tips:
Match Coverage to Industry’s Risk
Multiple studies are done every few years on how much businesses pay for cybercrimes by industry. George advises businesses to evaluate those figures to better understand the limits to match these potential expenses.
Look For Companies That Go Beyond Settling Claims in Court
George also recommends businesses to consider buying additional cyber coverage like:
- Negotiating with attackers
- Repairing computer systems
- Covering lost revenue, and
- Managing public relations
Assess Your Business’s Actual Risk And Buy Separate Cyber Insurance
George adds that separate policies tend to be more robust, as some small business insurance packages offer a limited number of cyber coverage.
Keep Security Intact: Secure User Login Process With 8×8’s Mobile Verification Today
Marc Prosser, CEO and Co-founder of Choosing Therapy, shares that he didn’t buy cyber insurance as he would have to certify that his company followed the practices for cybersecurity.
“To comply with these procedures would mean at minimum hiring an IT consulting firm and spending tens of thousands of dollars,”
“If I did not follow these best practices, the insurance company could deny any claims I had. The cost of complying was going to be too high.”
Do you find yourself in a similar situation? Take a leaf out of Prosser’s book: “Before you buy cyber insurance, carefully consider the cost of implementing the security procedures your company will need to put in place.”
Protect Customer Data: Better Be Safe Than Sorry
Putting these security measures into practice comes at a cost, but Watnik emphasizes they’re nevertheless a much-needed investment.
This investment is going to enable you to provide better customer experience, give you peace of mind — and who knows, maybe even motivate customers to buy from you instead of your biggest competitors.
“When it comes to cybersecurity, it is far better to be pound wise than penny foolish.”
Ready to get started right away? Contact 8×8 here