Businesses and providers typically collect certain details from their customers in order to support service delivery. This information has always been a top target for hackers, but given the high level and rising sophistication of threats, it’s more imperative than ever to ensure it’s protected.
After all, a breach of this information doesn’t just impact the brand itself – it can also result in considerable consequences and potential fraud for impacted customers. Even a single event of this kind can shake consumer confidence in an organization and severely affect brand loyalty and trust. What’s more, given new compliance laws including the EU’s General Data Protection Regulation (GDPR), safeguarding consumer data is no longer a best practice, but a legal requirement.
There are certain critical threats to consumer information that B2C organizations, in particular, should be aware of, as well as a few tips and strategies they can leverage to better protect their customers’ sensitive details.
What threats will impact consumer data in 2019?: Phishing and fraud
As Trend Micro’s expert researchers noted in its recent report, “Mapping the Future: Dealing with Pervasive and Persistent Threats,” there are certain security issues which will specifically impact consumer data, including phishing. These attacks – which involve a cybercriminal posing as a legitimate organization or spokesperson in an attempt to encourage users to share their information – certainly do not represent a new approach. However, as Trend Micro noted in the report, changing trends in operating system use are forcing attackers to abandon exploit kit-centered attacks and leverage more targeted approaches instead.
According to current data, URLs used as a springboard for phishing have been popping up at an increased rate, and predictions show that this will continue into 2019. In 2016, more than 35 million phishing-related URLs were blocked by security professionals, and this figured jumped to over 210 million in 2018.
In the current threat landscape, users should be on the looking for phishing attempts coming via email as well as SMS and messaging platforms. Hackers will attempt to lure users into sharing particularly sensitive details, including banking information and account credentials for cloud and storage platforms. New and more dangerous approaches are also being taken here, including SIM-jacking.
“Criminals impersonate a target and convince a phone carrier’s tech support staff to port a ‘lost’ SIM card to one they already own, effectively taking control of a target’s online presence, which is often associated to one’s mobile phone number,” Trend Micro researchers explained in the report.
In addition to more advanced phishing attacks, experts predict a sharp rise in the use of stolen account credentials, including to support fraudulent transactions. Due to the high instances of successful company breaches, and the fact that many individuals reuse or recycle their passwords, hackers will look to leverage these breached credentials to enable activities like enrollment in rewards programs, circulation of fake news, and more.
Phishing scams remain prevalent attacks conducted by hackers worldwide.
Improving safeguards for consumer data
Now that consumer information can prove so profitable for hackers, businesses must do everything they can to safeguard the data they have on their customers. Here are a few key strategies to help support these pursuits:
Understand current legislation and compliance requirements
As stated previously, thanks to the passing of several recent pieces of legislation, safeguarding consumer details is now legally required. The EU’s GDPR, for instance, introduces new rights for EU citizens, including Breach Notification, Right to Access and the Right to be Forgotten. In addition, the U.S.’s Data Breach Prevent and Compensation Act means that companies are held accountable when systems are breached. Executives, IT leaders and data protection officers must be aware of these changing requirements, as well as the details to support their compliance.
Purge outdated/unnecessary data
In the age of big data and analytics, it’s no surprise that brands across every industry are eager to capture details about consumers which they can then leverage for improved customization of services and other insights. And, as Harvard Business Review contributors Sachin Gupta and Matthew Schneider pointed out, studies have found that many consumers don’t mind sharing their information with organizations that they trust.
However, certain key precautions must be taken with this information, and this goes beyond simply anonymizing details or using pseudonyms. As Gupta and Schneider explained, this approach, while technically compliant with current laws, falls short of fully protecting customers.
“Although [the retailer’s] data was pseudonymized by removing all personally identifiable information, it is not really anonymous because the combination of age, timestamp, gender, and zip code creates a unique population record which can be linked to the additional information from [the retailer’s partner],” Gupta and Schneider pointed out.
In this way, it’s beneficial for organizations to only store and maintain the consumer details that are required for service delivery, and to avoid storing anything beyond this. This especially includes any outdated information, such as details related to customers who no longer receive services from the company.
Be transparent with customers
One of the facets GDPR is the Right to Access, which enables data subjects to obtain information about the personal data an organization is processing and the purpose for this activity. However, this should be considered best practices for every business, whether or not they have EU citizens as customers.
Being transparent about the information the brand maintains on its customers and how this data is utilized can be beneficial for several reasons. As Customer Think contributor Margarita Hakobyan noted, this can enable customer trust and can make any security issues that might emerge easier to track. Supporting this level of transparency could be as simple as including an “opt-in” button, a notification about cookies, or a statement sent to users outlining the data collected and the purpose.
Educate users on security best practices
When possible, it’s also helpful to remind the brand’s customers of certain simple security best practices to help support data protection from both sides. This might include reminders to change passwords regularly, to take advantage of multi-factor authentication when they can, to keep any software platform up-to-date and reset any default account credentials to something more unique. Offering information like this also demonstrates a commitment to user and data security.
Leverage advanced data protection solutions
It’s also a considerable benefit to partner with an expert security provider to ensure that all the areas in which consumer data is used are fully protected. This includes network-level protection, as well as security in cloud environments.
To find out more about types of security solutions that can help you bolster protections for your consumer data, connect with the experts at Trend Micro today. And check out our report to read on about the threats emerging this year.