• Skip to primary navigation
  • Skip to content
  • Skip to primary sidebar

Red Sift Blog

Red Sift Blog
  • redsift.com
  • Featured
  • Who are we?
  • Get in touch
You are here: Home / Cybersecurity / Data privacy and security: talk less, do more

Data privacy and security: talk less, do more

by Clare Holmes
February 27, 2019August 17, 2022Filed under:
  • Cybersecurity

Every so often an article is shared that provokes a collective, vigorous nodding of heads – and even the occasional repetitive strain injury – here at Red Sift HQ. This recent piece from TechCrunch is one such example, highlighting as it does the fact that, rather remarkably, the line, ‘We take your privacy and security seriously’ appears in more than one-third of recent data breach notifications filed in the state of California.

It’s little more than a basic piece of desk research, but it demonstrates precisely why trust in consumer-facing organizations is in crisis (with an annual trust barometer highlighting that customer trust in businesses is at an unsatisfactory 56 percent in 2019).

Companies are not walking the walk; how can they be when they’re claiming to value user security and privacy at the very moment they’re ‘fessing up to a data breach?

Security isn’t easy

We’re not looking to take the moral high ground and castigate each and every organization that has ever suffered a data breach. Ensuring effective security, 24/7, across every conceivable attack vector – including every partner and stakeholder in an organization’s supply chain – is a massively complex undertaking.

Firms may well make mistakes at various points because hackers are incredibly smart and make it their business to prey upon not just tech weakness, but human vulnerability in all manner of pernicious ways.

Some firms may also be misled by security vendors, who have a tendency to over-promise and under-deliver, leaving them vulnerable to attack despite their good intentions and willingness to invest in their defenses.

However, the TechCrunch piece brings two key points to the foreground:

  1. Companies have got to improve their security basics
  2. Companies must make their security and privacy policies far more transparent and accessible to their customers

The truth is that many organizations leave giant chinks in their armor by failing to address relatively clear-cut vulnerabilities.

A great example of this is email spoofing. It’s perfectly possible to stop hackers from impersonating a company’s email domain by implementing the DMARC email protocol. This protocol was created by some of the most high-profile tech companies in the world, it has been around for half a decade, the UK Government advocates for its use, and yet some companies don’t bother exploring how to implement it.

Going forward

If companies start stamping out such basic vulnerabilities and then take the time to communicate these steps and make customers aware of what they’re doing, then a) there will be fewer data breaches in the first place, and b) customers might start to believe that, indeed, their data privacy and security is now being taken seriously.

Of course, restoring customer trust also requires companies to be clearer about what data they’re storing and for what purposes. It isn’t mentioned in the TechCrunch piece, but when most companies’ privacy policies are written in legalese and are as long as Beowulf, then it’s no wonder customers don’t know what’s going on and feel all the more outraged in the event of a data breach, irrespective of how it occurred.

At Red Sift, we don’t believe there should be a blanket ban on use of the phrase, ‘We take your privacy and security seriously’ because we still have faith that the vast majority of organizations do mean it. But until they start walking the walk, consistently, and having a sincere and open conversation with their customers about privacy and security issues, the trust deficit only looks set to grow.

Red Sift enables security-first organizations to successfully communicate with and ensure the trust of their employees, vendors, and customers.

Red Sift find out more

Share this:

  • Click to share on Twitter (Opens in new window)
  • Click to share on LinkedIn (Opens in new window)

Related

Tagged:
  • Cybersecurity
  • Data
  • policy
  • Privacy
  • Trust

Post navigation

Previous Post The many guises of a phishing attack
Next Post Don’t hit the panic button: What to do if you think you’ve been hacked

Primary Sidebar

Subscribe to our blog and be the first to get updates!

Categories

  • AI
  • BEC
  • BIMI
  • Brand Protection
  • Coronavirus
  • Cybersecurity
  • Deliverability
  • DMARC
  • DORA
  • Email
  • Finance
  • Labs
  • News
  • OnINBOX
  • Partner Program
  • Red Sift Tools
  • Work at Red Sift
  • February 2023
  • January 2023
  • December 2022
  • November 2022
  • October 2022
  • September 2022
  • August 2022
  • July 2022
  • June 2022
  • May 2022
  • April 2022
  • March 2022
  • February 2022
  • January 2022
  • December 2021
  • November 2021
  • October 2021
  • September 2021
  • August 2021
  • July 2021
  • June 2021
  • May 2021
  • April 2021
  • March 2021
  • February 2021
  • January 2021
  • December 2020
  • November 2020
  • October 2020
  • September 2020
  • July 2020
  • June 2020
  • May 2020
  • April 2020
  • March 2020
  • February 2020
  • January 2020
  • December 2019
  • November 2019
  • October 2019
  • September 2019
  • August 2019
  • July 2019
  • June 2019
  • May 2019
  • April 2019
  • March 2019
  • February 2019
  • January 2019
  • December 2018
  • November 2018
  • October 2018
  • September 2018
  • August 2018
  • July 2018
  • June 2018
  • May 2018
  • April 2018
  • March 2018
  • February 2018
  • January 2018
  • December 2017
  • November 2017
  • October 2017
  • September 2017
  • July 2017
  • June 2017
  • May 2017
  • April 2017
  • March 2017
  • October 2016

Copyright © 2023 · Milan Pro on Genesis Framework · WordPress · Log in