Data Security:  Not a place to cut corners, even in tough economic times.

 

Information Security's Priorities 2009 survey showed that data protection, threat management and other security initiatives are top concerns for financial institutions. However, 27 percent of those surveyed expect their security budgets to remain flat, 23 percent are delaying some security purchases and over 50 percent expect security budget cuts if the economy doesn't rebound.  Those are scary facts for consumers to read.

 

Ok, so I’m in Marketing, what could I possibly know?  Like any other consumer or person out there, I don’t want fraud or identity theft to happen to me. But also being in the financial services industry where we touch sensitive data every second, I don’t want anything to happen to our business or customers because the consequences are devastating.  From company reputation (Reputation Risk) and the bottom line (Costs associated to making matters right) to the “pain and suffering” caused to the customer, it is a losing situation for everyone.

 

Take this Data Security 101 from my perspective and from a company that takes it seriously from IT all the way to good old Marketing.

 

1.      Prevention, Prevention, Prevention:  Yes enough marketing lingo turned IT.  But here’s the point- You MUST prevent because any sort of data security breach is difficult to recover from.   Whether it will be company reputation or financial costs, it will be tougher to manage than not thinking through what would happen if XYZ data is compromised? IT calls it Risk Assessment.  The challenge is protecting the data which continues to get more intense as crime becomes more complex (not just one individual, but major organized crime).

 

And since the crimes are more complex, with that so do the prevention tactics of a company.  There is no single fix to offer protection, but a well rounded “layered” model that doesn’t make it easy for penetration of data. (Think about a castle and all the different layers of protection.  There is a great YouTube vidoe called IT Security Spotlight done by the US Courts.)

 

That said think about the cost to make sure you are doing what you need to protect the data (including personnel) versus the consequences. In a study by Ponemon Institute, the total cost of coping with the consequences of a data breach was $6.6 million per breach, with a per record cost of the $200 mark.    Not insignificant.

 

2.      Consumers are Aware:  The premise of this blog, I’m a consumer and I don’t want it to happen to me.   I’m sure you don’t want it to happen to you, your business or your customers.  That said be sure there is security awareness within your organization.  There is a need to protect all non public data and educate on how to protect.  Understanding the risks about “phishing”, to giving out sensitive data to an untrusted source, to sending unencrypted emails containing sensitive data is vital to your organizations’ continued success.    

 

3.      Change in Economic Climate: One word, survival.  To survive, people tend to make some bad decisions.  From making charges on credit cards and disputing them to other small “white collar” crime like possibly selling off sensitive information on the black market.  Either way, the abuse of data has become more frequent. 

 

Digital Transactions reports an increase in “friendly fraud” where credit card transactions are being disputed in hopes of escaping payment.  (Issue January 28, 2009, The Recession Is Sending Rates of Friendly Fraud Up, Processors Say)

 

Typically when economic times get tough crime increases.  But when we think of crime we think of traditional physical crime like house robbery, car theft, etc.  This downturn is producing a more complex white collar crime.  People that wouldn’t typically commit armed robbery can justify selling off Social Security Numbers or disputing transactions because it doesn’t “physically harm” anyone.  

 

Whatever the justification, it is typically an act of desperation to “pay the bills”.  Just food for thought as you identify partners, policies, procedures for your business, or simply want to protect your own personal data.

 

Take it for what it’s worth, but understand data protection is an ongoing battle for businesses, banks and consumers through out the world.  And don’t expect the battle to ever end, but a constant change in the mediums by which the battle is fought on both sides.