The spate of global and local data breaches – privacy breaches affecting millions of Australian consumers and thousands of Australian businesses – has a lot to teach the business community: that business growth should not come at the expense of customer privacy.
These incidents usually occur because many companies operate business models that collect, manipulate and sell customer data, especially as online and digital are deeply embedded in our lives today.
It is common practice to pay for products, services and subscriptions with money. For those that are “free” – as with many of the apps available today – consumers don’t realize that they are, in fact, paying with their personal information or someone else’s information. These two options are popular with ad companies and ad-based business models.
It begs the question: is data more valuable than money?
Marketers are using data to meet growing customer demand for more personalized and targeted experiences.
The exchange of real money for customer data is treated as an investment, in the hope that it will generate more revenue over a longer period of time than a customer with no online footprint.
While data can be stored ethically, the lack of regulation and unclear business models for protecting privacy means that some companies collect user data without their explicit consent.
Privacy as the core of business strategy
With data driving many business strategies, privacy and security shouldn’t be put on the back burner. Privacy and security should be fundamental concerns, and for the companies that do this, the risk of being exposed to cybercrime is reduced.
The risks are increasing.
The Australian Cyber Security Commission (ACSC) received one report of a cyber attack every eight minutes in the 2020-2021 financial year.
Not only are they increasing in frequency, they are also increasing in severity, with a higher proportion of these incidents being categorized as ‘substantial’ in terms of impact. Think about that for a second. If an attack on your company happens in the next eight minutes, are you prepared?
Zoho research found that only 35% of Australian small businesses have a defined, documented and enforced policy regarding personal data collected, used and disclosed through their business. And meanwhile, nearly half feel “uncomfortable or very uncomfortable” with their customers’ data being used by companies they had no direct relationship with.
It’s easy for small businesses and startups to overlook data privacy due to a lack of understanding. This, coupled with the misconception that cyberattacks only affect larger organizations, fewer resources and processes that are not protected or optimized, and that small businesses and start-ups are suddenly at the forefront of these malicious threats.
Recognize a cyber threat
Australia is a country of entrepreneurs and small businesses that have become heavily dependent on digital channels. However, this makes the country more vulnerable to growing cyber threats as cybercriminals adopt new techniques to take advantage of booming digital activity. However, if we can prioritize awareness, education and action, we can help small businesses and start-ups mitigate their risks.
Many small businesses and start-ups often don’t realize they’re being targeted until it’s too late. One breach, and the financial and reputational damage it causes, can be enough to shut down a business. However, data security measures can help protect small businesses and reduce the likelihood of their data being compromised. Security and access control should not be limited to large companies.
Like the breaches that hit Medibank, Telstra, and Optus, cyberattacks come in many different forms, including ransomware, phishing, malware, and online scams. While varied, these attacks have a common malicious intent: to disrupt business operations by damaging or stealing data. Policymakers have a responsibility to prioritize awareness and education about these threats, while the technology industry has a duty to create software that has privacy built in as a foundation, not an afterthought. Then there is the obligation for small businesses and start-ups themselves.
A shared responsibility
It is often assumed that data is more secure offline, on local servers and hard-to-access paper systems. This is not true and carries more risks.
Businesses can improve data security by integrating cloud security solutions. While some of the recent breaches have resulted from misconfigured cloud servers, if properly navigated, the cloud can be a powerful tool that ensures only authorized personnel can access the data the company has obtained.
Every piece of cloud software has multiple layers and each of these layers is secured to maintain data integrity.
Understanding how the cloud works and taking preventative measures to protect your data integrity is critical to taking advantage of technology and building resilience for the future. Start small, such as implementing a data authentication method, enabling multi-factor authentication, and setting data access permissions.
Ask the vendors questions, train employees on cloud best practices, and ensure there is a high level of understanding of the data journey. The more unique and time-bound your authentication modes are, the stronger your security system that customers can benefit from.