Recent experiences have made me question just how much information we hand out nowadays to people we barely know. It seems that everyone wants a bit of our personal information, and more often than not we are happy to provide it.
Even from my recent experiences selling a flat, it was surprising how much personally identifiable information the estate agent needed to see. I was asked to send all sorts of documents, from passport details to bank statements, often over e-mail.
As someone keen to sell a flat, I did it without question of course — we all want the process to be as quick and easy as possible. But as a security professional, I am wondering how good their security processes are, and how rigorously they are able to protect this important information?
As customers, we are probably sharing confidential information almost every day with one company or another — information that is personally valuable to us and that we as individuals would look after. Yet we hand it out on the assumption that the business – whether it’s an estate agency or our financial advisor — is going to look after it.
It’s interesting because in our recent survey around consumer trust, where we questioned people about their attitudes to businesses being hacked, three-quarters of consumers in the UK said they would walk away from a business that’s been hacked. Just as many admitted that they think it’s normal or expected for businesses to be breached today.
Most of us feel that the burden of responsibility for securing confidential information falls to the organization itself, whether that’s a bank, a retailer, membership organization or hospitality business. Yet, only half feel these organizations are taking enough responsibility for the security of customers’ or members’ personal information.
So if we believe the business is responsible, but we’re not quite convinced they are doing enough about securing our information, why do we not do more about it before we take any risks — ask more searching questions, check online for security procedures in the Ts&Cs, for example?
I wonder how many of us ask our online grocery supplier, travel agent or indeed our estate agency exactly how they plan to secure our credit card data (or even where they are storing that data) as we rush to complete the transaction?
We didn’t ask this question in our survey, but perhaps we should have. Or perhaps we should be asking this question of ourselves. If so many of us expect the businesses we do business with to be compromised in some way, why do we not do more to find out if their security processes are robust enough in the first place?
Perhaps it comes down to this inherent idea of consumer trust. The burden falls to you, Mr. Retailer, and although we are not quite sure if you are doing it right, we still trust you. Or perhaps we just cannot be bothered because convenience is often a stronger incentive.
But now, with more organizations going public with news of security attacks and data breaches, often notifying customers directly — a third in the UK said they had been notified of a hack — we may see the tide turn.
Headlines are a powerful motivator but nothing beats personal experience. As more people experience the impact of a data breach or stolen credentials, directly or indirectly, they will start to change the way they do business with providers.
It will become second nature to ask for better protection, safer access to information and to see details of a company’s security policy before signing on the bottom line.
Click here to view the full results of Centrify’s Consumer Trust survey.