Jake Weatherly posted a blog post
Cybersecurity Strategies for Retailers
In the wake of data breaches at Target, Sony, Neiman Marcus, and eBay, consumers are becoming more wary of how their personally identifiable information is being collected and used. Post-Heartbleed, data security has entered the popular lexicon, and it is a growing concern for everyone from CTO’s at large companies that are vulnerable to cyber-attacks to shoppers who feel like they’re taking a risk every time they use their credit cards or log into an online account. SheerID recently surveyed college students, a population especially susceptible to cybercrime, to find out what information they are comfortable divulging to retailers in exchange for a discount or special offer. 53% won’t give out the last four digits of their social security number and 88% refuse to disclose their full social security number. Only 19% are comfortable revealing their home address. It is up to retailers to address their customers’ concerns by following standard best practices, investing in security to prevent data theft, and creating transparency through communication.Consumers have a good reason to be cautious; data security is a growing problem. Four out of the ten biggest data breaches of all time took place in 2013, according to SafeNet’s Breach Level Index. While information security breaches can be financially costly to a company- the Ponemon Institute calculated that the average U.S. company loss due to cybercrime in 2013 was $11.56M- there is another cost associated with data breaches that can have an even more devastating impact. Once a business loses the trust of its core customer base by permitting access to sensitive user data, winning consumers’ loyalty back can be nearly impossible. In a recent report by Javelin Strategy & Research that was commissioned by Identity Finder, one third of shoppers reported they will take their business elsewhere if a store they frequent experiences a data breach. It is crucial to invest in the following strategies now to ensure data security, maintain consumer confidence, and prevent cybercrime in the first place.Create and Enforce a Security PolicyBe sure to develop strict rules about passwords, including how strong they need to be and how often they must be changed. The 2013 Verizon Data Breach Investigations Report discovered that 76% of data breaches were due to weak or stolen user credentials. The hackers who recently attacked eBay used an internal corporate account to login and access user names, passwords, birthdays, and email and home addresses. Train employees on when it is appropriate to use cloud based apps or personal email addresses to share information and which sensitive files should not be shared.Build Multiple Walls of DefenseConsider adding fraud management tools from companies like Experian, and antivirus software from established providers like from Symantec or AVG. It is prudent to then also add firewalls, threat detection, filters, end-to-end encryption, and hashing as important weapons in the fight against cyber-criminals. Don’t rely on one strategy; create a multi-layered system.Ensure Third-Party Providers Are In ComplianceIn this day and age, security compliance can be a real differentiator between service providers. For example, some online verification solutions require customers to input their full or partial social security numbers and request credit card information which they store. In contrast, SheerID, a leading eligibility verification provider, only asks customers for their name and date of birth, and never sees any data from the authoritative databases it uses to verify credentials. If a third party vendor will be handling data generated during financial transactions, check that they meet the standards of an organization like the PCI Security Standards Council.Open Lines of Communication With CustomersTo foster trust and customer loyalty, it’s crucial to communicate openly with consumers, especially those who have registered for customer accounts, opted into emails, or actively engage with a brand using social media. Don’t ask customers for personally identifiable information you don’t need or won’t use, and be upfront about how you handle, store, and protect their account information. Remind customers to update their own passwords regularly to keep their accounts safe. Consider implementing a customer managed relationship model and permission based marketing to demonstrate that customers’ data is valued and is only being used to benefit them.Following these guidelines reduces the risk of a data breach, and demonstrates to customers that data security is taken seriously and their personally identifiable information is safe.Jake Weatherly is a co-founder and CEO of SheerID, an online shopping cart platform that provides group verification.See More