In the past year, hundreds of millions of people have had their personal information exposed through data breaches. With every hack, people’s concern about their personal information grows.
More than half (52%) of Americans say they are more concerned about online privacy than they were a year ago, according to a global Ipsos poll conducted on behalf of the Centre for International Governance Innovation. For respondents in the 25 countries polled who expressed concern, their top source of worry is cybercriminals.
Cybercrime is now considered one of the greatest threats to an organization’s reputation, according to a recent Reputation Council study with Ipsos of 109 senior communicators based in 14 different countries. Among members, 42% rank cybercrime as one of their main concerns, along with poor quality products and services.
While companies take a reputation hit, it’s hard to quantify the long-term consequences to brands because “every company is different and every data breach is different,” says Jason McGrath, a senior vice president at Ipsos.
Americans say they’ve made changes to protect their online data. They include avoiding opening emails from unknown addresses, avoiding certain Internet sites and using anti-virus software. Others say they cut the amount of biographical information they divulge online. A smaller number says they censor themselves more online. But by and large, there don’t appear to be lasting repercussions to breached brands by consumers.
The main reason we don’t see dramatic behavior changes in consumers is because you don’t see as much sustained damage from breaches, says McGrath. “There’s a data breach. It gets resolved. The company implements corrective measures. If there were several breaches at a company, we would anticipate you would see changes in consumer behavior because there was no acceptable response by the company.”
It’s surprising then that another challenge is getting employees, who take most of the blame for breaches, to practice good data security. One-third of American workers admit to lax security practices with company information and data, according to a fresh Ipsos poll of on behalf of Shred-It. More than one-quarter of employees leave their computer on and unlocked when they leave work for the day. Two in five workers say they leave sensitive work documents or notepads on their desk when they head home.
Information is more vulnerable away from the office
What’s more, employees are more prone to putting data at risk when they work off-site, say executives. Most leaders of small businesses (60%) and large corporations (86%) point to a higher risk of data breaches when workers are in the field.
About half of corporate C-suite executives polled said employees lost or had stolen their company laptop/device while working off-site. Companies can do better to instill a culture of security. That means awareness of vulnerable behaviors, and training and policies about correct safety practices for employees at levels. Corporate training policies should be the bridge to tighter security. With so many employees working remotely, communication and education is increasingly vital.
Still, just two in five U.S. businesses have a company policy for handling confidential information away from the office. Most corporate executives and 28% of small business owners plan to train employees on security procedures over the next year.
What companies can do to reduce risk
“What we see is companies don’t train employees enough; they also don’t do role-specific training,” says Shane O’Donnell, chief audit executive at The Mako Group, a cybersecurity risk and advisory firm based in Detroit.
He says that companies can reduce their risk by providing data access only to employees who need it. Banning use of USB thumb drives and instead using secure file transfer software can also help. “It’s more of a management-top-down culture shift, ingraining a security mindset into the culture or making it a company goal or mantra,” O’Donnell says.
For brands, this means they must prepare for the worst and plan for how they’ll respond to a crisis. “When we talk to corporate communicators, it’s about preparation, preparation, preparation,” says McGrath. “The way you respond is going to instill confidence or result in a lack of faith among consumers.”