[BreachExchange] 3 Ways Vendors Can Inspire Customer Trust Amid Breaches

Tue Apr 6 10:24:11 EDT 2021

https://www.darkreading.com/attacks-breaches/3-ways-vendors-can-inspire-customer-trust-amid-breaches/a/d-id/1340466?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

As customers rely more on cloud storage and remote workforces, the
probability of a breach increases.

Security breaches are a fact of life. Despite adhering to best practices
and having all of the right technology and safeguards in place, no company
(no matter how preeminent) is ever totally immune.

As organizations increasingly rely on digital data, store more of said data
in the cloud, and shift to an all-remote workforce, opportunities for
breaches are only growing. Given this, it's no wonder the cybersecurity
market is projected to reach a staggering $248 billion by 2023.

Although companies can't control whether they'll ever experience a breach,
they do have control over how it's handled. By keeping the following
strategies in mind, companies can foster customer trust and loyalty, even
amidst security breaches.

Be Transparent
Transparency is integral to trust. Take it from the Dalai Lama, who
famously stated, "A lack of transparency results in distrust and a deep
sense of insecurity." This couldn't be more true when it comes to how
companies alert their customers to — and handle — security breaches. When
vetting a security vendor, there's no bigger red flag than a company that
previously has tried to cover up or hide the details of a breach. It
signals a major cultural issue regarding integrity within the organization
and dismantles user trust.

When organizations experience a breach, it's vital that they quickly
disclose to customers what has happened, how it happened, and exactly how
it will affect them. This should be done in a proactive and timely manner —
no customer should ever have to wonder or do their own research in an
attempt to figure out what happened. As a follow-up, customers should also
be briefed on what the vendor plans to do to avoid similar incidents in the
future.

Be On the Ball
It's critical that companies are on the ball and constantly working to
identify breaches as they happen. Historically, companies who have found
breaches faster, and addressed them with transparency, have fared far
better than their counterparts who were late to the game.

Once customers lose confidence in a company's ability to stay on top of
security, it can be hard to regain that trust. Being timely when it comes
to uncovering breaches gives companies the opportunity to reduce the amount
of damage done and prove to customers that they're always looking out for
them.

Vendors should have a comprehensive incident response plan that is clearly
communicated to customers, consisting of guidelines on how they handle
breaches. Organizations that go above and beyond may even opt to include
this as an easily accessible, public document on their website for all to
see.

Follow Best Practices
So, how can companies stay on the ball? Following a set of best practices
isn't completely resistant to failure, but it's a basic standard that every
business should have in place. This includes everything from prioritizing
cyber hygiene, to adhering to industry-standard best practices, and
ensuring your environment can be independently certified or accredited
(which should come easily if you are doing the first two).

More generally, security should be integrated into everything a company
does. Having security as a separate entity within an organization (with
different objectives and goals) is almost always harmful. Vendors that
handle breaches successfully and maintain customer trust are those in which
security isn't siloed: It's woven into the culture and, therefore,
everything they do. For example, all employees should feel confident
identifying and bringing up security issues, and security should be
embedded into software development processes. And there are plenty more
best practices on top of those.

Some customer organizations today are taking this a step further by
appointing a designated privacy or data security officer. If people hear
about security events that should've been easily mitigated but weren't, it
reflects poorly on the vendor. This can best be avoided by following best
practices.

By being transparent, staying on the ball to identify threats early, and
following best practices, vendors have the best shot at earning and
maintaining trust throughout the customer life cycle.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20210406/2c702882/attachment.html>