Password123: Consumer vs. Organisational Understanding of Data Security and Compliance

Consumers care about their data security. Our research has shown in the US and UK respectively, 83% and 44% of consumers claim they will stop spending with a business for several months should they be subject to a data breach, with 21% and 41% saying they will never return.  

While individuals hold their data in high regard, they place their trust in organisations to remain educated and to apply best practices when it comes   to security and safeguarding their data.  

We all know not to share our passwords; however, it doesn’t make us all less of a target for social engineering. As a member of the general public, we don’t have the training, tools and expertise that an organisation does to fight off cyber threats.  

Case in point, late night talk show host Jimmy Kimmel did an experiment where he sent a camera out onto Hollywood Boulevard and tested how easily people would share their very own passwords when put on the spot.  

The results are discouraging at best:  

This correlating view that consumers have between heightened expectations for the companies with which they do business and increased vulnerability on their own end is telling.  

The message: consumers expect companies to carry the responsibility of keeping their data safe. 

While this is hardly a new standard, it can get complicated when you realize that employees of organizations managing your data are also members of the general public and are subject to the same vulnerabilities Jimmy highlighted in the video. 

Further, hackers are getting more sophisticated by the day, as well as taking advantage of the new normal’ we find ourselves in. As their sophistication improves and opportunity grows, the threshold for potential gain decreases. This means that hacking is more likely than ever before. 

With the present situation, it’s safe to say that leaving cybersecurity in the hands of consumers alone is a risk.  

The better alternative is removing the sensitive data from your organisation. Descoping ensures you don’t have individuals sharing, receiving, or saving this data. It removes the possibility of human error, malicious or accidental, and provides a secure transaction.  

We can’t control what people do with their own information, but we can make a difference when it comes to protecting that of others by securing your organisation’s payments.  

The post Password123: Consumer vs. Organisational Understanding of Data Security and Compliance appeared first on PCI Pal.

*** This is a Security Bloggers Network syndicated blog from Knowledge Centre – PCI Pal authored by Stacey Richards. Read the original post at: