Public trust in tech companies is at a noticeable low recently, and a glance at news headlines reveals why. Take Facebook, for one prominent example: Users trusted Facebook to protect their data—and that trust has been broken.
Smaller startups have also proven duplicitous. For example, the medical startup Theranos recently made headlines by lying to investors about what its technology can actually do. In a world where customers are constantly reminded they can’t always trust companies, how can IT help win back that trust? The answer may lie in a smart endpoint security strategy and strong data privacy.
While public relations issues, like honesty and transparency, aren’t necessarily within IT’s purview, the technical work that goes into protecting customer interests is. By pushing for the best protection for your customers, you can assure them that their private data is taken care of well. Here are three ways you can use your company’s endpoint security strategy and data protection policies to boost customer trust.
1. Be more transparent about your data usage
The specifics of your company’s endpoint security strategy probably don’t cross the minds of your average site visitors. However, your visitors want straightforward answers about what type of information your company takes from its user base and what that information is used for.
Presenting people with long, intimidating-looking terms-of-service agreements doesn’t suffice. A Deloitte study found more than 90 percent of people don’t read them before agreeing; plus, even those who study the content but don’t like what they read often decide to accept the risk anyway. After all, the alternative is usually not accessing the site at all.
You can do better by publishing an easy-to-understand document detailing how your company enforces data protection. Disclose whether your company provides content to third parties, as well as how people can opt-out. Using bullet points, lists, and headers make the material easier to digest. Aim to write it in language that’s accessible to non-tech-savvy people, too, and avoid too much legal terminology.
2. Safeguard every entry point on your network
Cybercriminals are becoming increasingly savvy, and they often infiltrate networks in unexpected ways. That’s why it’s so important to consider often-overlooked devices, such as printers, if you want an effective endpoint security strategy.
Fortunately, some device manufacturers have addressed that matter. For example, printers from HP offer built-in security features that can stop attackers from introducing malicious code. The printers protect data in transit and provide instant notifications of suspicious activity on a network. These devices also make it easier to have uniform security settings for each device and ensure they’re all updated regularly.
Mobile devices are another category of endpoints warranting special attention. The mobile devices your employees bring to work could threaten your company’s commitment to data security if compromised. A study released by Check Point polled 850 organizations around the world and found that all of them experienced mobile malware incidents. Even worse, the average number of such attacks per organization was 54. The study also revealed most mobile malware comes from third-party apps, so take steps to educate employees about approved apps for the mobile devices they bring to work. You can also cut down the likelihood of mobile security incidents by employing a mobile management platform, which restricts some of the end-user settings that allow for potentially dangerous permissions.
Keeping an organization secured starts from the inside out. Being mindful of all the ways hackers could enter your network and locking those points down lets you take a proactive stance on earning customer trust.
3. Reevaluate your crisis response plan
Could you confidently respond if asked how your company would react to a cyber attack? A March 2018 report of 2,800 businesses found that 77 percent did not have formal strategies for dealing with those incidents. Respondents also mentioned the attacks they face are becoming more severe—and it’s taking longer than before to resolve them. If your company hasn’t seriously considered how it’ll respond when the worst happens, now is the time to take that step. Conversely, if you already have a crisis response plan, periodically review its objectives and actions to make sure they’re still applicable.
A persistent complaint customers have is, when breaches happen, the victims don’t hear about them for weeks or even months. There are no US federal laws requiring disclosure within a specific time frame, and although most states have such laws, the specifics vary greatly. There may indeed be cases where it’s not possible to disclose a breach as promptly as your customers would like, especially if the associated investigations are more complicated than expected. However, by making sure your responses to crises are as swift as the situation permits, you’ll avoid earning the reputation your company doesn’t genuinely care about data protection—a reputation Facebook is now struggling to shake off.
By following these tips, you’ll not only create a more secure environment but also cultivate a culture of trust among your customers. Customer trust is about more than just saying you care; it’s about following through with the security and communication strategies to prove it. Once customers feel confident your company’s IT department is protecting their data, they’ll continue giving you their business for years to come.