4 smart ways to secure data

Toni El Inati, RVP Sales, META & CEE, Barracuda Networks outlines 4 smart ways by which organisations in the Middle East can secure their data to keep customers protected, satisfied and happy

To be successful, businesses need to place the customer at the very heart of everything they do. This isn’t always easy – but it’s worth it, with Deloitte and Touche reporting that customer-centric organisations are 60% more profitable. Not only that, employees of customer-focused companies tend to have better job satisfaction and performance – so it’s a real double win to place customers front and centre of your business.

Customers are increasingly concerned with the privacy and management of their data, so a customer-centric company must have robust privacy policies and systems in place and ensure sensitive data is securely protected at all times. Many organisations are taking steps to tighten their policies to improve security and satisfy customer expectations. The end of 2020 saw a landmark move by Apple to protect users’ data privacy. Now, developers with an app on the App Store must disclose what information is collected and how it’s used – and Apple customers can choose an app based on this.

Similar moves from other organisations are likely to follow as privacy rules and regulations are tightened throughout the world. The United Arab Emirates, for example, has shown its commitment to issues of data management and privacy. UAE Federal Decree Law No 45 of 2021, known as the Personal Data Protection (PDP) law, offers sweeping protections designed to reflect international best practices. It covers everything from the confidentiality of information to individual privacy, with immense weight given to data management and protection, including the processing of personal data, whether this takes place inside the country or abroad. The law came into force on 2 January this year and we are now deep into its six-month compliance window, which started in March.

So, with protecting customer data now essential from both a customer experience and a regulatory standpoint, let’s look at four tips that will help businesses protect customer data:

Encrypt Email
Data encryption is a tried and tested solution that prevents unauthorized access of sensitive data and information theft. It is one of the best ways to protect your business information and customer data privacy. Cybercriminals target encrypted data far less frequently, as encoded data is considered useless without the proper passcode.

While encryption is widely used to protect stored data, data in transit often remains overlooked and email is one of the communication channels that’s especially vulnerable to exploitation if this critical measure isn’t implemented. Sending an unencrypted email is like dropping a postcard in a mailbox. Anyone who picks it up can read it, and cybercriminals have at their disposal a host of advanced programs to search for unencrypted emails. Simply put, if you work in an organisation that uses emails to exchange sensitive information, you must protect your emails to safeguard your company’s information and customer data privacy. Moreover, if your company sends automatic recurring emails, such as payroll requests or invoices, to clients, you must ensure these are also encrypted.

Create a Transparent Privacy Policy
A data privacy policy is a legal document placed on your website. It should detail, at the minimum, what data is collected, how it’s collected, and how it is used. The data that organisations often collect can include contact information, passwords and usernames, cookies, order history, website behaviours, personally identifiable information, app engagement and much more.

Be transparent about your company’s privacy practices and the information collected. Clear privacy practices will help reassure your customers that your businesses is trustworthy. Google, for example, explains in its privacy policy that the company collects information to provide better services to the users. The company understands users’ growing privacy concerns. Moreover, the company incorporates a few videos to help people understand their message better. Google also states that the company will ask for the user’s consent before using their information for a purpose that isn’t covered in the document. Reassurances like that make people trust the service more.

Test for Vulnerabilities
Vulnerability testing helps you identify, diagnose, and triage application vulnerabilities. The aim is to better understand an application’s behaviour and identify suspicious activity.

It doesn’t stop with the applications, either. If your company has APIs or uses cloud services, you’ll need to test those platforms as well. Remember, a single vulnerability at one point can compromise the whole system and bring your entire business to its knees. So you have to test and protect your applications, whether they’re in the cloud, on-premises, or hybrid.

Analysing the test results and making decisions based on them requires a team of highly skilled professionals. If your company doesn’t have a cybersecurity team, consider employing the services of a penetration testing company whose ethical hackers can try to break into your website, web applications, and mobile apps. You can use automated vulnerability scanners on some of your web applications to identify potential vulnerabilities.

Update Regularly
Regularly updating the software on your employees’ workstations and mobile devices is key to protecting your business from cybercriminals. As cyberthreats are constantly evolving, failing to update leads to points of weakness.

Updating your operating system is one of the easiest ways to keep your business on top of changing threats. But here is the other thing. Sometimes updates come with vulnerabilities. For example, hackers recently exploited a Windows zero-day vulnerability to spread malware among users. Therefore, while updating your systems is usually helpful, it’s vital that you stay on guard and watch out for any vulnerabilities that may come with the updates themselves.

To illustrate the importance of keeping your programs up to date, consider this cautionary tale. During the Equifax data breach of 2017, hackers were able to access customers’ data through a known vulnerability in a website application. Sensitive information, including birth dates and the home addresses of 143 million Americans, was put at risk. It turned out that the fix for the security hole the hackers exploited had been available two months before the cyberattack.

In that instance, Equifax failed its customers. The lesson we’ve learned from the Equifax incident is that regular software updates give you fixes for security gaps. It’s critical not to disregard them.

Keeping Customer Trust
If your clients’ data gets into the wrong hands, it’s not just your business that will suffer. Cybercriminals won’t hesitate to steal people’s money or illegally use their identities. Privacy protections should be a priority for any organisation.

You can protect customer data by using encryption, updating regularly, and testing for vulnerabilities that can be potential targets for threats. Be transparent with the company’s privacy practices and keep your brand’s promises. Organisations that address security threats proactively win because they earn their clients’ trust and gain an edge in the experience economy.