Protection site

Cybersecurity and public relations: making data protection public

The customer cares

Customers regularly see information about privacy and hacking, and they want to know that it is safe to give out their personal data. A lack of confidence in an e-commerce site is a major reason why potential customers abandon their cart. Consumers have no shortage of other options with which to share their data and their hard-earned wages in a digital economy built on trust and reliability. Organizations need to show that they care about data security and take their privacy responsibilities seriously. Sixty-seven percent of potential US customers say they want more transparency about how their personal data is used by organizations [KPMG]. With a market dominated by trusted options like Amazon, Jingon/JD.com, Alibaba and Wayfair, online retailers need to be proactive in demonstrating their security credentials and compliance with regional data standards. Otherwise, people will take their money elsewhere.

talk the conversation

In today’s data-driven marketplace, it’s important for organizations to provide assurance of expected security practices, such as using HTTPS and recognized e-commerce payment solutions like WorldPay, PayPal, Apple Pay, and Visa. Checkout. When customers visit a site for the first time, they should see the site’s cookies and data collection policy, which they should be able to refer to at any time in accordance with local data collection regulations. Promoting the use of strong passwords and multi-factor authentication to show buyers how serious you are about security can also provide a degree of reassurance. As can clear email communications from unique channels to avoid (and raise awareness of) phishing scams.

Cybersecurity has now become a topic of positive public relations. It is or should be part of the strategy of every organization environmental, social and corporate governance documents (ESG). It is an ESG “must have” for regulators, standard setters, shareholders and investors. Promoting cybersecurity and attack preparedness in material like this makes it accessible to the press and puts it in the public domain.

Many organizations now publicly carry their cybersecurity credentials more openly, and their C-suite (notably CISOs) participate in thought leadership debate on the topic in other places – in the IT security press, the retail, in collaboration with partners and suppliers, in collaboration with retail or safety bloggers, via podcasts, in lifestyle magazines, via local radio stations, in national news channels, etc.

Marketing and HR clearance should always be sought before this is undertaken. Marketing and PR will have clear ideas, guidelines, and suggestions for public forums in which to discuss this that work in tandem with other marketing efforts. However, it is becoming increasingly popular as a tactic to boost cybersecurity credentials and stand out from the competition. If a potential customer sees a quote like: ACME Corporation Chief Information Security Office says: “The safety of our customers is our priority” in a press article on the rise account takeover (ATO) and digital fraud, which will resonate with them, build relationships with your prospects, and put you forward by building your organization’s authority. Being there to provide expert commentary in times of crisis, such as the rise of cybercrime due to the conflict in Ukraine, is a fun way to reassure your prospects and provide real value in the global conversation.

An organization’s marketing department may also be able to provide or suggest media training – which is not traditionally the responsibility of the CISO. This can be invaluable and helps people be prepared for cross-questions, convey key messages and policies clearly, and speak in a succinct and to the point manner suitable for public relations purposes. Often these days it will also cover how to behave on social media and online.

We work with many of our partners and customers, who provide us with case studiesjoin our cybersecurity webinarsand are an integral part of our customer-facing Imperva family.

walk the walk

It is not enough for an organization to say that it is secure; they must be secure. Even now, 10 years later, the Ashley Madison brand (which was originally founded on anonymity and privacy) is still associated with a particular data breach. Delivering on a data-centric security promise is essential. Failure to do so can be doubly devastating to public relations and can forever shatter consumer trust and a brand’s name.

Organizations must “put their money where they say” and maintain complete control and visibility over all customer data they collect, regardless of location and whether structured, unstructured, or semi-structured. It’s one thing to say that our customers’ data is secure, but organizations, especially those that rely on data sharing, like financial institutions, e-commerceWhere Health care – must have exceptional data governance, business oversight and audit capabilities, to maintain a strong public relations and data security record.

Make it personal

In the e-commerce security teams of the future, CISOs will need to be prepared for a life more in the public eye. Those who already have a voice and an audience, who already blog, tweet, create content for YouTube or LinkedIn, and talk about their chosen profession and data protection standards, will be a remarkable product. We already live in a world where building a strong personal brand builds stakeholder trust, and all our peers have to do is google our names for insight into our professional reputations, past -time, our professional background, etc.

Feel free to participate, but know your limits. As the saying goes, “What happens in Vegas stays in YouTube”. You may be the kind of CISO who shares exquisite images of server cabling, announces team accomplishments, and retweets thought-provoking and valuable IT security articles – however, do you really want to share photos from the first day back from your kid at school or cybersecurity memes? (Hey, maybe you do?!) Just think about who might be watching and what impression you want to give, before hitting “send.”

A final word on trust

Organizations should keep in mind their public persona and how their customers perceive them. More and more each year, cybersecurity is now an important part of this public relations mix. Organizations need to show they care about digital security and their customers’ data, and speak about it accordingly, while doing the work to ensure that their customers’ data is truly protected.

If you are CISO in an e-commerce organization, talk to your marketing department. They’ll talk to you soon enough, especially around the time of your annual ESG. Ask how your team can help you build your brand’s safety credentials and what resources are available to help you create content around the topics of trust, safety and to reassure your potential customers that their data privacy concerns are taken seriously.

The post office Cybersecurity and public relations: making data protection public appeared first on Blog.

*** This is a syndicated blog from the Security Bloggers Network of Blog written by Nik Hewitt. Read the original post at: https://www.imperva.com/blog/cybersecurity-and-pr-making-data-protection-public/