Data privacy and security: talk less, do more

Every so often an article is shared that provokes a collective, vigorous nodding of heads – and even the occasional repetitive strain injury – here at Red Sift HQ. This recent piece from TechCrunch is one such example, highlighting as it does the fact that, rather remarkably, the line, ‘We take your privacy and security seriously’ appears in more than one-third of recent data breach notifications filed in the state of California.

It’s little more than a basic piece of desk research, but it demonstrates precisely why trust in consumer-facing organizations is in crisis (with an annual trust barometer highlighting that customer trust in businesses is at an unsatisfactory 56 percent in 2019).

Companies are not walking the walk; how can they be when they’re claiming to value user security and privacy at the very moment they’re ‘fessing up to a data breach?

Security isn’t easy

We’re not looking to take the moral high ground and castigate each and every organization that has ever suffered a data breach. Ensuring effective security, 24/7, across every conceivable attack vector – including every partner and stakeholder in an organization’s supply chain – is a massively complex undertaking.

Firms may well make mistakes at various points because hackers are incredibly smart and make it their business to prey upon not just tech weakness, but human vulnerability in all manner of pernicious ways.

Some firms may also be misled by security vendors, who have a tendency to over-promise and under-deliver, leaving them vulnerable to attack despite their good intentions and willingness to invest in their defenses.

However, the TechCrunch piece brings two key points to the foreground:

  1. Companies have got to improve their security basics
  2. Companies must make their security and privacy policies far more transparent and accessible to their customers

The truth is that many organizations leave giant chinks in their armor by failing to address relatively clear-cut vulnerabilities.

A great example of this is email spoofing. It’s perfectly possible to stop hackers from impersonating a company’s email domain by implementing the DMARC email protocol. This protocol was created by some of the most high-profile tech companies in the world, it has been around for half a decade, the UK Government advocates for its use, and yet some companies don’t bother exploring how to implement it.

Going forward

If companies start stamping out such basic vulnerabilities and then take the time to communicate these steps and make customers aware of what they’re doing, then a) there will be fewer data breaches in the first place, and b) customers might start to believe that, indeed, their data privacy and security is now being taken seriously.

Of course, restoring customer trust also requires companies to be clearer about what data they’re storing and for what purposes. It isn’t mentioned in the TechCrunch piece, but when most companies’ privacy policies are written in legalese and are as long as Beowulf, then it’s no wonder customers don’t know what’s going on and feel all the more outraged in the event of a data breach, irrespective of how it occurred.

At Red Sift, we don’t believe there should be a blanket ban on use of the phrase, ‘We take your privacy and security seriously’ because we still have faith that the vast majority of organizations do mean it. But until they start walking the walk, consistently, and having a sincere and open conversation with their customers about privacy and security issues, the trust deficit only looks set to grow.

Red Sift enables security-first organizations to successfully communicate with and ensure the trust of their employees, vendors, and customers.

Red Sift find out more

PUBLISHED BY

Clare Holmes

27 Feb. 2019

SHARE ARTICLE:

Categories

Recent Posts

VIEW ALL
Email

The best tools to protect yourself from SubdoMailing

Francesca Rünger-Field

In late February 2024, ‘SubdoMailing’ became a trending search term overnight. Research by Guardio Labs uncovered a massive-scale phishing campaign that had been going on since at least 2022. At the time of reporting, the campaign had sent 5 million emails a day from more than 8,000 compromised domains and 13,000 subdomains with several…

Read more
Product Release

Red Sift’s Spring 2024 Quarterly Product Release

Francesca Rünger-Field

This early into 2024, the cybersecurity space is already buzzing with activity. Emerging standards, such as Google and Yahoo’s bulk sender requirements, mark a new era of compliance for businesses reliant on email communication. At the same time, the prevalence of sophisticated cyber threats, such as the SubdoMailing campaign, emphasizes the continual hurdles posed…

Read more
Email

Navigating the “SubdoMailing” attack: How Red Sift proactively identified and remediated a…

Rebecca Warren

In the world of cybersecurity, a new threat has emerged. Known as “SubdoMailing,” this new attack cunningly bypasses some of the safeguards that DMARC sets up to protect email integrity.  In this blog we will focus on how the strategic investments we have made at Red Sift allowed us to discover and protect against…

Read more
Email

Where are we now? One month of Google and Yahoo’s new requirements…

Rebecca Warren

As of March 1, 2024, we are one month into Google and Yahoo’s new requirements for bulk senders. Before these requirements went live, we used Red Sift’s BIMI Radar to understand global readiness, and the picture wasn’t pretty.  At the end of January 2024, one-third of global enterprises were bound to fail the new…

Read more