[BreachExchange] 4 Ways Bad Cybersecurity Habits Can Cost You Customers

Destry Winant destry at riskbasedsecurity.com
Wed Mar 10 10:19:13 EST 2021


https://www.cmswire.com/information-management/4-ways-bad-cybersecurity-habits-can-cost-you-customers/

Cybersecurity was nothing but a buzzword only a few short years ago.
Now that it's become an essential business practice and a
multibillion-dollar industry, the idea of locking down your online
assets against enemy intrusion should be at the forefront of any
business owner’s mind. There are tried, true and traditional
approaches to practice cybersecurity, as well as a myriad of
innovative ways to make sure you are protecting your customers.

So which cybersecurity measures should your business deploy? Failing
to put adequate cybersecurity measures in place could harm your
business in ways you may not have considered. Let’s explore exactly
how weak cybersecurity can create havoc.

Poor Website Security = Losing Customers’ Trust

The connection between poor website security and the loss of customers
is probably the easiest to explain: if customers think your website is
unsafe, they won’t feel comfortable using it, let alone making
purchases through it.

If only for this reason, your website must look, feel and work
reliably. There are plenty of guides out there that inform customers
how to spot an insecure website, and with a little creative thinking
it’s possible to turn these warning signs around and use them as a
basis for creating a website that feels and looks secure. Some of
these suggestions may not be what people typically think of when
they're considering how to build trust for their website, but they
collectively have an impact:

- Use SSL certificates to protect your site. People avoid sites that
don't have them. Some browsers even block people from accessing sites
without SSL certification. Look for the little padlock symbol that
appears in customers’ browsers — it’s a surefire way to increase
traffic.
- Does your URL look legitimate? Buying a descriptive .com domain
might be expensive, but if your URL looks suspect (overtly commercial
or scammy), visitors won’t trust your website.
- Avoid using external links to untrustworthy sources. Visitors read a
link as an implicit endorsement of a third-party website, and links to
questionable sites may tarnish yours by association.
- It should go without saying, but check your copy's spelling and
grammar. Poor grammar and spelling are strong indications of a
phishing site, and your customers know this.
- Ditto with images. Don’t use poorly-scaled stock photos — not only
do they look cheap, they also look suspicious.

Avoid these mistakes, and you’ll likely find that visitor trust
increases, making it more likely they'll make purchases. Looking at
deliberately insecure websites will show you other practices to avoid.

The Broader Business Risks of Poor Cybersecurity

Of course, the link between cybersecurity and business risk is not
just about perceptions. Apart from making a bad impression on
customers, poor cybersecurity can undermine your business in many
other ways. Here are just a few.

Effect on Clients and Markets

Weak cybersecurity not only has the potential to harm your business,
but it can bleed out to clients as well, an unpleasant eventuality
which would make you quite unpopular.

Poorly protecting customer data, for example, can have a chilling
effect on not only individual organizations but wider markets as well.
A cybersecurity breach, when information your company was responsible
for is leaked, can send long-term clients running for the door.

Once new and unusual, data breaches have reached the point of
“business as usual” across just about every industry. What used to be
fairly rare is now an everyday occurrence. This risk can be mitigated
through a variety of techniques:

Assuming hacks won't happen leads companies to under-prepare or fail
to prepare altogether. In contrast, operating under the assumption
that it's only a matter of when a breach will happen might be the spur
businesses need to take the necessary precautionary measures.
Such breaches have the potential to adversely affect the bottom line
via a couple of different routes, but one stands out: one study found
that 70% of customers would stop doing business with a company after a
data breach. Unless you can afford to send seven out of 10 customers
off into the ether, that in itself should be reason enough to take
cybersecurity seriously.

Potential to Shut Down Operations

A cybersecurity breach could cut off your access to customer data or
derail other vital parts of your business’s day-to-day operations. One
example to study is the healthcare industry. In the past, hospitals
that suffered a cybersecurity breach have been forced to send patients
elsewhere and even delay non-urgent treatments.

Altering day-to-day operations to this degree can be so damaging that
it leaves companies with no other option than to shut down. Small
companies that lack the staff, resources or capital to mitigate this
kind of large-scale disruption face the same possible outcome.

Even a short-term closure will have a detrimental effect on profits.
To avoid this:

IT should be a priority for any business no matter the size. For those
to which security has been an afterthought, it would be a good idea to
adjust your thinking sooner rather than later.
Do you have a crisis response plan? This is the best way to limit the
likelihood of having a breach shut you down for an extended length of
time. Crisis response plans keep your business prepared for any
eventuality and ready to leap into mitigatory action when a breach
occurs.

Risk of Regulatory Fines

Figuring out how to recover from and operate your business after a
data breach is a burden in and of itself. But data breaches can also
lead to hefty fines.

The General Data Protection Regulation (GDPR) is one such mechanism in
place here. Multiple companies have been investigated and fined for
breaching GDPR guidelines due to insufficient cybersecurity. The fines
vary depending on the extent of the infraction and a company’s gross
income. Some fines levied have reached into several hundreds of
thousands of dollars. Your company is at risk of a fine if it
interacts with customers in a country operating under the GDPR (which
is most of Europe), and if it is discovered you failed to properly
protect customer data. Other countries (or in the case of the US,
states) around the world have adopted or are in the process of
adopting similar measures.

To avoid this risk:

Cybersecurity compliance should no longer be the thing you tend to
after you’ve done everything else, even if you’re in one of the few
areas that isn’t bound by the European Union-centric GDPR.
It’s in your best interest to become well-educated on how to stay
compliant with existing and upcoming privacy regulations. Current
knowledge on privacy regulations and the acceptable ways to implement
mandatory precautionary measures will go a long ways towards avoiding
a nasty fine, even if a breach occurs.

Growth Prevention

A cybersecurity issue could cost your business thousands of dollars or
more, depending on the severity of the problem and the process it
takes to recover. There are basic steps a business can take to protect
its privacy:

Look into freely available and low-cost privacy tools like a virtual
private network (VPN). VPNs provide online privacy and anonymity by
creating an encrypted connection that is difficult for hackers to
overcome. While free services aren’t always trustworthy, a quality
service shouldn’t cost more than $5 to $10 per month.
The sometimes overlooked thing about all this is that a business can
stymie its own growth by not paying proper attention to cybersecurity,
and the best time to take care of this is before a breach occurs.
Restoring operations after a cyberattack is costly, time-consuming and
burdensome. Not to mention, cyber breaches can be expensive.

A Final Word

There are, of course, more than four reasons why ignoring
cybersecurity is a bad idea, but these should be enough to get you
thinking. Can you afford to sacrifice time, money, energy and, most
importantly, customers?


More information about the BreachExchange mailing list