Data Security: Can your customers trust you?

October 22nd, 2018

Big businesses around the world have found out the hard way – data security breaches can seriously undermine trust in your brand and that’s very, very bad for business. For SMEs like mortgage brokerages obtaining customers via referrals and word of mouth, trust is also an important commodity you can’t afford to ignore.

Going from hero to zero

You can spend years building trust and brand loyalty with your customers only to have your efforts destroyed in minutes by a data security breach. As if that was not bad enough in itself, new laws attach significant fines to any failure to keep customer data safe.

One of the most historically notorious data security failures  was the Ashley Madison case where the business was forced to pay US$11.2 million in compensation to 37 million customers of their online ‘Have an Extramarital Affair’ dating website after personal details were exposed to the public. (The compensation amounted to about US$3,500 per customer.)

Another notable example was a recent data breach which affected up to 90 million Facebook user accounts in September 2018. Facebook responded immediately but even so, the event sent the brand’s share prices tumbling. And despite their prompt action, under the data breach laws in the UK where the problem initially occurred, Facebook is facing a maximum fine of up to 4 percent of its global revenue from 2017 – which could amount to more than £1.25 billion.

Australian laws are just as tough

Whilst these are both high profile examples, a data breach in your business could also be very damaging to your reputation and could have a serious impact on your profits.

In February this year, new privacy laws came into effect in Australia which include mandatory notifiable data breach provisions. The Notifiable Data Breaches scheme under the Australian Privacy Act 1988 (NDB scheme) obligates you to notify individuals whose personal information is involved in a data breach that is likely to result in serious harm, and provide recommendations about what steps the individual should take in response to the breach.

Failure to comply with the NDB scheme can attract fines up to AUD$2.1 million. You can get the full details in our recent blog article, but basically, you must notify Connective and if you’re an ACL holder, the Office of the Australian Information Commissioner (OAIC) as soon as you realise that a notifiable data breach has occurred.

The Trust Equation

According to recent research from Deloitte Digital*, trust is a critical driver of loyalty. It is not sufficient for financial services businesses to simply talk about trust – you must actively “diagnose, improve and manage” data security for better trust outcomes. According to the research, an organisation’s digital trustworthiness is impacted by three pillars: ethical intent, capability and an alignment to customer interests.

What this research tells us is that to maintain your customer’s trust in today’s digital world, you need to establish a data security policy and processes which:

1. Addresses your customer’s security expectations appropriately in your business
2. Establish the capability to genuinely keep customer data secure, and
3. Enable you to respond responsibly and ethically if a data breach should occur.

Where do the risks lie?

Risks for mortgage and finance brokerages mostly come from external factors, such as:

• Loss of devices like smartphones, iPads and laptop computers
• Human error – staff leaving files open and unattended, or emailing personal information to the wrong person, for example
• Installing apps and software without checking them first for security risks
• Hackers attacking websites, social media and personal files on your laptop.

What can you do right now?

• Use multi-factor authentication instead of simple passwords on all your devices
• Implement a clean desk policy and never email sensitive personal information
• Be careful not to keep sensitive data on websites, social media accounts, in your phone or on your laptop, or in 3^rd party software applications
• Read ASICs guidelines for Cyber Resilience Best Practice
• Talk to your Connective Compliance Support Manager if you are unsure of anything.

For more information and an invitation to our upcoming webinars about establishing appropriate data security practices in your business, watch your email inbox and Connective News. In the meantime, if you have any questions or concerns, talk with your local Compliance Support Manger. To get in touch, simply click your help icon in Mercury. We’re happy to assist.

*Info sources: Deloitte Digital Research July 2018: Restoring Trust in Financial Services in the Digital Era. ASIC Report 555: Cyber resilience of firms in Australia’s Financial Markets November 2017.