main

Attack MitigationDDoS AttacksSecurity

The Delta Airlines Security Breach: A Case Study in How to Respond to a Data Breach

October 24, 2018 — by Anna Convery-Pelletier1

delta_airlines_breach_blog-960x628.jpg

Recent data breaches against Panera Bread, Delta Airlines, Sears, Saks, and Lord & Taylor highlight a lot: the need for improved web application and internet security processes, better accountability, and why cybersecurity is critical to securing the loyalty of an organization’s most valued customers.

But perhaps most importantly, it highlights how an organization should react if they do suffer a data breach and the significance of a response plan. If there was ever an example of the importance of honesty and transparency, communicating effectively with consumers after your organization has been breached is a critical one.

Take Delta Airlines as an example. In April 2018, the company announced it was informed that some of its customer’s credit card information had been compromised during online chat support provided by a third party software company called [24]7.ai. In response, Delta launched a custom webpage providing a complete overview of the breach (including a timeline and FAQ section), executed a customer communication plan that included education and mitigation best practices, and worked with partners and law enforcement to identify how/when the breach occurred.

Delta’s handling of the breach underscores some of the key best practices that organizations should act upon once they identify a data breach has occurred.

  • Communication is key to both internal (employees, partners, suppliers, etc.) and external (customers) audiences, including direct mailing to clients, an official media release/statement, and if necessary, interviews in the appropriate press
  • Be open and sincere and admit what happened and accept responsibility
  • Provide details and explain how the breach occurred
  • Mitigate. Provide solutions for impacted users, and if possible, prepare a special offer for the affected audience
  • Educate by providing best practices on how to prevent similar issues in the future
  • Invite open dialogue by involving clients, industry experts, and even the general public

All too often, consumers discover that their personal information was compromised long after the breach occurred when suspicious activity on financial accounts, e-commerce sites, etc., is noticed. This is often the result of one of two reasons. The first is because an organization doesn’t realize its sensitive data has been breached. According to various sources, it can take a company nearly 200 days to realize there’s been a data breach.[1]

The second and far too common reason is that organizations seeking to avoid the negative connotation of being a data breach victim avoid directly or immediately announcing that a breach has occurred. However, as research suggests, the consequences of such surreptitious communication tactics can be far worse than the direct impacts of a data breach.

According to the report Consumer Sentiments: Cybersecurity, Personal Data and The Impact on Customer Loyalty, the vast majority of consumers must be convinced that the security issue has been addressed and any damage has been rectified before continuing to do business with the brand.[2]

[You might also like: Consumer Sentiments About Cybersecurity and What It Means for Your Organization]

The impact on businesses is twofold. Whereby companies were once reticent about speaking publically about cybersecurity because it would cause consumers to question their business’s fragility, organizations must now embrace and communicate their ability to safeguard customer data. Forward-thinking organizations have the opportunity to use security and due diligence as a competitive differentiator to build trust and loyalty with customers in the face of an increasingly insecure world.

Per the aforementioned points, companies must clearly communicate that a breach has occurred, those likely impacted and planned remediation actions to address the issue. Organizations that don’t admit to compromised consumer records until long after the breach took place to suffer the greatest wrath from consumers.

In addition to increased customer attrition rates and lost revenue, that wrath increasingly includes lawsuits. Forty-one percent of executives report that customers have taken legal action against their companies following a data breach. Given the string of high-profile data breaches in recent years, consumers are becoming increasingly empowered by regional government regulations that are forcing the hands of organizations to act accordingly following a data breach. The best example of this is the General Data Protection Regulation (GDPR) that went into effect throughout the European Union in May 2018. Broadly speaking, the GDPR provides individuals with a right to an effective judicial remedy and/or compensation and liability, especially if the holder of the PII has not acted accordingly to the regulations.

Ultimately, an organization’s ability to successfully respond to a data breach is linked to its ability to view cybersecurity, not as an afterthought, but rather a strategic initiative that mitigates business risk across all mission-critical departments within the organization, not just IT. When an organization is breached, it’s not just impacting the CIO. It affects the CFO, CMO and the COO, in addition to the CEO.

In an increasingly insecure world where customer loyalty to a particular brand is tied directly to that brand’s ability to safeguard the customer’s data, the entire C-suite must be held responsible when a breach occurs to reaffirm the trust and loyalty of consumers and to mitigate the broader, more cataclysmic impact that could result if they don’t.

Read “Consumer Sentiments: Cybersecurity, Personal Data and The Impact on Customer Loyalty” to learn more.

Download Now

Application SecurityBotnetsSecurity

Don’t Let Your Data Seep Through The Cracks: Cybersecurity For the Smart Home

September 20, 2018 — by Anna Convery-Pelletier4

secure_customer_experience_smart_home_blog-960x610.jpg

Technology and wireless connectivity have forever changed households. While we don’t have the personal hovercrafts or jetpacks that we were promised as children, infinite connectivity has brought a whirlwind of “futuristic” benefits and luxuries few could have imagined even a decade ago. But more importantly, it has re-defined how the modern domicile needs to be managed.

Just as with an enterprise network, cybersecurity concerns also impact the home network. The onus is on us, the consumer, to take responsibility for home network security because device manufacturers have not and the risks associated with any data breach is hugely detrimental in the digital age we live in.

A home network is no longer just laptops, tablets, smartphones and printers. The explosion of the Internet of Things (IoT) has resulted in network connectivity to nearly everything. Everyday household items – appliances, cameras, routers, baby monitors, toys, televisions, thermostats, heating systems, etc. are now connected to each other and the internet. But with all this network connectivity comes risk. Why is that and more importantly, what should you do about it?

While many consumers naively assume that developers behind new network-connected equipment must be thinking long and hard about security, in truth they aren’t. To be first to market, design zero-setup equipment, and to deliver a more fulfilling consumer experience, security on many IoT devices is woefully inadequate and often times an afterthought. In addition, many of these network-connected devices leverage bare bone operating systems that have neither the capacity nor processing power for sophisticated anti-virus/malware tools.

It’s common knowledge that home security such as burglar alarms and even door locks are connected to the internet. What many consumers don’t realize is that this creates a huge exposure because the Wi-Fi serves as a new vulnerability to the house’s physical security system. While useful for providing remote access to your next-door neighbors when the dog needs to be let outside, tech-savvy thieves need only to hack the Wi-Fi to gain access to security controls, monitor resident’s daily habits and gain physical access to the house.

IoT devices connected to e-commerce sites is yet another. For example, a smart fridge integrated into somebody’s Amazon Fresh or FreshDirect account (and access to banking/credit card information) allows someone to purchase groceries or other kitchen necessities right from the refrigerator door. This seamless connectivity can be a dream come true for today’s digital consumer, but can also provide a virtual playground from which hackers can gain access to digital bounties via a single vulnerability.

Smart Homes Require Smart Planning and Smart Security

Smart homes are here and are only going to get smarter. In effect, they are no different from a small corporate network, and as such, they need similar levels of planning and security, especially when considering the growing trend of working from home. However, many consumers simply don’t have the desire to run them securely. Most importantly, consumers are not reviewing and taking the necessary security precautions like they do other aspects of their life.

[You might also like: Cybersecurity & The Customer Experience: The Perfect Combination]

Just like security must become the very fabric of a business, cybersecurity planning – the act of reviewing network-connected devices, where sensitive data is stored and potential security vulnerabilities – must become a critical component of the smart home.

On a yearly basis, my family sits down and does financial planning to review everything from vacations to unexpected expenses. We’ve now included conversations about security planning and ask ourselves some questions such as:

Have I taken an inventory of and actually know all of the various network-connected devices that are in my home? Have security updates been applied to home computers and network-connected devices? Do any outdated devices, such as routers, need to be changed out by the vendor? Are my passwords secure and have I backed up any critical/sensitive information?

These types of questions are what modern-day consumers must be asking, in addition to executing the multitude of security best practices regarding password management, device protection, and backing up sensitive information. Even traditional consumer-focused antivirus software providers now offer multi-layered security devices meant specifically to safeguard home networks, routers and IoT devices.

[You might also like: Personal Security Hygiene]

To truly enjoy the promise of the smart home, it needs to be protected from cyber intruders just as vicariously as it’s protected against physical intruders. Similar to the lessons that leading organizations and name brands have learned in recent years, the best combination is taking proactive measures and leveraging consumer security tools that are easy to implement, easy to operate and does not require a great deal of expertise. It’s time for consumers to become proactive and smarter about home cybersecurity.

Read “Consumer Sentiments: Cybersecurity, Personal Data and The Impact on Customer Loyalty” to learn more.

Download Now

Security

Cybersecurity & Customer Experience: Embrace Technology and Change To Earn A Customer’s Loyalty

June 12, 2018 — by Anna Convery-Pelletier0

c-suite-2018-960x640.jpg

Consumers demand a secure, world-class experience, but when organizations deploy new applications and services to deliver that experience, customer data is put at risk. If forward-thinking organizations are using security as a competitive differentiator to build loyalty with customers, how are executives expected to accomplish this facing new security threats, tight budgets, a shortfall in cybersecurity professionals, and the need to safeguard increasingly diversified infrastructures?

Security

Cybersecurity & The Customer Experience: The Perfect Combination

May 22, 2018 — by Anna Convery-Pelletier1

finance-data-protection-960x640.jpg

Organizations have long embraced the customer experience and declared it a competitive differentiator. Many executives are quick to focus on the benefits of a loyal-centric strategy and companies now go to great lengths to communicate their organization’s customer centricity to retain existing customers and attract new ones.

But where is cybersecurity in this discussion?

Security

Why Cyber-Security Is Critical to The Loyalty of Your Most Valued Customers

April 17, 2018 — by Anna Convery-Pelletier0

customer-loyalty-960x640.jpg

The recent data breaches against Panera Bread, Delta Airlines and Sears, and Saks and Lord & Taylor highlight a lot: the need for improved web application and Internet security processes, better accountability, and enhanced crisis management. But perhaps more than anything, it highlights why cyber-security is critical to securing the loyalty of your organization’s most valued customers.