The latest Unisys Security Index contains a truly confronting statistic, if you are a retail company or financial institution: Nearly 40% of Americans surveyed say a security breach involving their personal or credit card data would not make them less likely to do business at a bank or store they commonly use.
For one thing, most consumers have no way of judging which company might be safer than the breached one. But it's also a case of "whose ox is gored," and it's not the consumers'. By and large, companies and banks make consumers whole and pay the costs of breaches.
That's why retail companies are a lot more worried than consumers. Recent credit card breaches have caused heads to roll, lawsuits to flourish, customers to leave, and brands to suffer.
[For more on this topic: Card Fraud Biggest Security Concern for US Consumers, Report Finds]
Financial institutions, eager to protect their assets, customers, and reputations, are taking note. As they do so, it's a good time to dispel five myths about security.
1. Security is the job of the CISO and his/her team.
No amount of resources or money can keep an institution secure if security isn't an integral part of everybody's job. Whether you are the HR recruiter verifying applicant credentials, the lender scanning customer documents to your smartphone, or the CEO meeting with analysts, there are vital security measures to be incorporated into your mindset and daily routine.
2. Excessive security checks irritate customers.
That obscures the nuanced view that better serves customers and their security needs, which are situational. So a simple ID check would suffice for low-risk events. Rigorous (but still swift) checks would work for high-dollar or high-risk transactions, when customers want to see strong security. Effective security means dialing it up and down according to the need, whether it's a corporate officer wiring a payment for company payroll or a long-time customer calling for a checking account balance.
3. To improve security, harden the perimeter.
Not to gainsay the value of a hardened perimeter, but it does say, "There's something valuable in here." Many organizations prefer to subtract their valuables from the picture -- to cloak their transactions and activity from the view of anyone not properly credentialed. If, instead of a fence, cybercriminals see absolutely nothing, they have no reason to stick around and try to intrude.
4. The less said about security, the better.
"Banks are supposed to be safe. Why would we draw attention to cybercrime?" Car manufacturers used to be that way about accidents until the carnage became unavoidable and solutions emerged. Now safety is a brand feature for many. The more cybercrime headlines your customers see (at least the 60% who would leave over a breach), the more they will appreciate knowing that security is a cherished feature of your brand.
5. Solve for security in the silo, and you're safe.
OK, maybe nobody explicitly subscribes to that, but it's the default mode for many. Security is assessed system by system, device by device, app by app, and data store by data store. But cybercriminals are adept at exploiting the seams between those securely protected things. That's why some CISOs are adopting an enterprise view with holistic answers that link together all the hotspots exposed to cybercrime: wire transfer, mobile/BYOD, online banking, ATMs, employee hiring and credentialing, vendor credentialing, and more.
Bob Olson is a Vice President at Unisys where he manages the Global Financial Services Practice.He works with clients by providing a portfolio of IT services, software, and technology to help them solve their mission-critical problems. Prior to Unisys, Bob was ... View Full Bio