Password123: Consumer vs. Organisational Understanding of Data Security and Compliance

Consumers care about their data security. Our research has shown, in the US and UK respectively, 83% and 44% of consumers claim they will stop spending with a business for several months should they be subject to a data breach. Twenty-one percent and 41% say they will never return.

While individuals hold their data in high regard, they expect organisations to remain educated and apply best practices when it comes to security and safeguarding their data.

We are all targets for social engineering

We all know not to share our passwords. However, it doesn’t make us all less of a target for social engineering.  As a member of the general public, we don’t have the training, tools and expertise that an organisation does to fight off cyber threats.

Case in point, late night talk show host Jimmy Kimmel did an experiment. He sent a camera out onto Hollywood Boulevard and tested how easily people would share their very own passwords when put on the spot.

The results are discouraging at best:

Implications for Organisations

This correlation between consumers having heightened expectations for the companies with which they do business and increased vulnerability on their own end is telling.

The message: consumers expect companies to carry the responsibility of keeping their data safe.

While this is hardly a new standard, it can get complicated when you realize that employees of organisations managing your data are also members of the general public. They are subject to the same vulnerabilities Jimmy highlighted in the video.

Further, hackers are getting more sophisticated by the day. And, they are taking advantage of the ‘new normal’ we find ourselves in. As their sophistication improves and opportunity grows, they take more risks that offer smaller reward. This means that hacking is more likely than ever before.

With the present situation, it’s safe to say that leaving cybersecurity in the hands of consumers alone is a risk.

An effective solution

The better alternative is removing the sensitive data from your organisation. Descoping ensures you don’t have individuals sharing, receiving, or saving this data. It removes the possibility of human error, malicious or accidental, and provides a secure transaction.

[Related: Descoping Your Infrastructure for Improved PCI Compliance]

We can’t control what people do with their own information. However, we can make a difference when it comes to protecting that of others by securing your organisation’s payments.