In security we trust
Ben King, Okta Regional Chief Security Officer for Asia Pacific
With the sudden heavy dependence on online transactions as a result of quarantine restrictions to contain the spread of COVID-19, trust has become an even more important value for both consumers and businesses.
Consumers had to trust businesses online with their valuable personal information, for example, while companies had to trust their employees to really work from home.
Trust, however, is not so easily won, especially in the virtual world, as revealed in “The State of Digital Trust” report recently released by Okta, a US-based company deemed one of the leaders in helping companies manage and secure user authentication as well as identity controls into applications. According to Okta, if companies want to earn that elusive consumer trust, then they will have to ensure the highest possible level of service reliability. Filipino respondents included in the study indicated service reliability as “the most important factor” when it comes to trusting a digital brand.
“Businesses should ensure that they are transparent and open with their communications to consumers, especially during the pandemic when disruptions do occur,” says Ben King, Regional Chief Security Officer at Okta for Asia Pacific.
Service reliability along with strong security, quick response times and good data handling practices were considered the most valued by consumers in Asia when it comes to building trust.
Trust level
Fortunately, the trust level is already high in Asia with just 10 percent of the 1,700 Asian professionals included in the survey saying they don’t trust any of the digital channels to safely handle their data.
This is a marked contrast to Americans, 19 percent of whom said they do not trust digital channels, making the United States the most “untrusting” region.
But while the level of trust is high, Asians are nevertheless cautious about actually providing personal information online amid the pandemic with 71 percent expressing the sentiment, almost double the global average of 41 percent.
King said respondents considered identity theft as the biggest security threat they feel exposed to followed by data breaches and password theft.
“In light of this, business should also look towards reassuring consumers of the security measures that have been implemented, data handling and privacy practices, to reassure customers,” King said.
King offers here some do’s and don’ts for the Philippine market:
1. Do: Enforce zero trust security measures to provide organizations and consumers with peace of mind
Organizations can best combat attacks by adopting zero trust methodologies. This means never assuming trust, but always verifying connections and resource requests. Businesses should provide greater assurance to increasingly wary consumers by taking the two-pronged approach of improving customer awareness and encouraging improved account profile and credential management, including offering multifactor authentication options.
2. Do: Foster a culture of transparency
Encourage transparency between business and information technology leaders, their employees, and customers to foster greater trust that the organization’s network is safe and secure. Companies also need to define the trust parameters by which employees, partners and customers access sensitive data and systems, and be clear about when this does and doesn’t occur. Likewise, transparency about system uptime or outages are important to communicate.
3. Do: Tie security to business goals
Business offerings should be secure by design. By incorporating cybersecurity from the outset into new products or services, conducting risk and regulatory compliance assessments, and regularly reviewing cybersecurity strategies and plans, businesses can better connect business and security.
4. Do: Provide customers with control over their personal data
Often the problem with data sharing is not so much the actual loss of privacy, but the perception of loss of control, which leaves consumers feeling worried and powerless. Offering customers control over their own data, a mechanism where users can keep direct control of what data is being collected, how it is used, and how long personal data is stored by the company will help customers trust organizations with their personal data. The “right to be forgotten,” or request deletion, is also important to many customers.
4. Do: Enable customers to evaluate the company and its offerings
Customer feedback is some of the most valuable data a digital business can receive. Organizations should be open to calling out customer feedback and reviews from verified purchasers on their platforms to reinforce the credibility of their products and services. Conversely, any negative feedback or complaints should be addressed in a sensitive and timely manner.
1. Don’t: Be complacent in planning for data breaches or a cyberattack
Do not wait for an attack to happen to take action. With cyberthreats becoming increasingly common and sophisticated, it is essential for companies to develop a cybersecurity strategy and framework for any attack or data breach scenario. The plan should outline roles and responsibilities, escalation paths and involve all stakeholder teams to ensure that any damage due to cyberattack is minimized, services promptly and securely restored, and customers are informed with actionable information as promptly as possible.
2. Don’t: Be irresponsible when disposing of data
Ensure your organization has protocols in place for properly destroying different types of digital data. In an increasingly digital-first world, it is important that data is collected, protected and disposed of properly, to ensure that privacy is upheld.
3. Don’t: Security and compliance should not just be a C-level responsibility, it should be company-wide.
Raising data security and privacy knowledge as a company-wide responsibility is important. The majority of recent cyberattacks gain a foothold via employees, often by social engineering as an initial attack vector. Employee susceptibility can be greatly reduced by having well-trained employees. Consider implementing a staff training and awareness program or attending intensive workshops on privacy rules and cyber hygiene.
4. Don’t: Assume trust for supply chains
Cyberattackers are increasingly targeting supply chains and points of integration, exploiting the chain of trust implicitly assumed by organizations. This is routinely evidenced by attacking smaller organizations to gain access to larger ones. Businesses must apply appropriate due diligence to understand and manage the risk inherited from their critical suppliers.
5. Don’t: Business should not be afraid of change and transformation
The past 12 months have shown a business’ most important differentiator is its digital and online presence. As such we are seeing more and more digital transformation programs. Only by seeking new ways of delivering products and services to market will organizations stay ahead of the competition and maintain a strategic edge. Plan and consider a transformation process that will deliver business impacting outcomes, while keeping security and privacy concerns at their heart to manage future risk and compliance needs. INQ
