As the number of high-profile data breaches continues to rise year-on-year, cybersecurity has never been as prominent in the public eye, with WannaCry being the most obvious recent example.
This has caused a cyber security crisis of confidence for consumers, which businesses must take a leading role in resolving by educating their customers about how they can stay more secure online.
Indeed, security is increasingly becoming a valuable competitive differentiator for businesses in all sectors.
However, the vast majority of consumers don’t know where to start when it comes to securing their data. Their primary objective is achieving on-the-go convenience and “always on” access to their digital life, which is invariably at odds with staying secure.
First and foremost, it is important to understand that consumers maintain high expectations for security, no matter how many cybersecurity horror stories they see in the news. Their data is important to them and they expect it to be treated with the care it deserves.
Unsurprisingly, 93% of consumers would prefer to be involved in choosing how their personal information and accounts are protected and 91% want service providers make security more visible.
If a business can’t meet these expectations, there is growing evidence that consumers will simply go elsewhere. In fact, 28% of consumers said they have chosen to boycott companies that mishandle data, opting to move to a more secure alternative instead.
Of course, consumer perceptions of security vary greatly depending on their activity, and the nature of the digital application or service they’re using. It is no surprise that consumers are most trusting of banks and their ability to provide the highest level of security.
A massive 96% of respondents believe banking websites and apps are ‘very’ to ‘somewhat’ secure. In stark contrast, social media apps scored the lowest results, with a sizable 4 in 10 consumers stating that social media websites and apps deliver the least secure experience.
There are two very different lessons to be learnt here. For social media organizations and the least trusted industries, there is a tremendous opportunity to debunk these myths, making security a USP.
This can be done by ensuring security policies are more visible, as well as educating users as to how they can stay secure while using their services – as we have seen recently with apps such as Facebook which enabled end-to-end encryption.
For banks and other similarly trusted industries, the expectation of security is already there. For many, this means they will not win brownie points for delivering security alone, they need to do so in a way that makes life easier for the consumer. Customer experience and ease of use will be the new benchmark which these industries are measured against.
Yet it is becoming increasingly difficult for brands to protect customers from themselves. With every breached organization, consumer passwords are sold and distributed en masse throughout the Dark Web.
Billions of fresh credentials are available for sale on the dark market for mere pennies. Furthermore, credential checking tools such as Sentry MBA make it easy to test thousands of username and password combinations across multiple websites in minutes.
This means that cyber criminals can leverage one password to break into further accounts, gaining information such as addresses, national insurance numbers and bank details that can be stolen from directly, or sold on to be used in further breaches.
However, one of the most striking findings from the survey was that, while general awareness of data breaches has risen, consumer security practices have not improved accordingly. In many cases, they have even slipped.
To put this into context, 60% of consumers cited the prevalence of password breaches from popular website as their biggest security concern. However, 72% of those same respondents admitted to using the same password after a major breach was announced.
The results suggest that consumers are becoming indifferent to data breaches, which is a worrying state to be in. They continue to see some of the world’s top organizations succumb to massive data breaches, and wonder how they can ever hope to protect their data.
The pain of lost passwords and credentials
So what can businesses do to address this problem? Here are a few ways that businesses can fight the data backlash:
1. First and foremost, businesses must encourage their users to change their passwords immediately after a breach. No exceptions.
2. They must also ensure that each online account has a strong unique password, something that is more easily achieved using number of free tools such as free password managers.
3. Enabling two-factor authentication for online logins will also greatly reduce the risk of a hacker accessing a customer’s account. It’s an essential and easy to use security measure for any business or service, and gives customers’ piece of mind that their account is properly secured.
4. Finally, all security features should be as frictionless as possible. If security is obtrusive or difficult to use, customers will simply ignore or bypass it, both of which are dangerous. Furthermore, because security can be a factor in the user experience, it can therefore impact customer retention and satisfaction.
Without user education from businesses, experts and peers, offering practical advice and spreading the message that something can be done, consumer complacency will continue to put users at risk of even bigger breaches in the future.
(Story via Information Age)