Saturday, January 28th was Data Privacy Day, an international event that aims to promote awareness of privacy and data protection best practices.
However, cybersecurity experts are warning that a growing volume of cyber threats are putting the data of consumers and businesses at risk, with potentially disastrous consequences for companies and brands.
According to Brian Pinnock at Mimecast, companies need to do more to protect the personal information of their customers.
“Recent Mimecast research found that 70% of South African organisations believe the risk of cyberattacks will increase over the next two years,” he says. “While this may sound like an IT or cybersecurity issue, consider the impact on the brand’s reputation and the knock-on effects on customers when there’s a successful cyberattack.”
Mimecast’s State of Email Security 2022 report found that two in five South African organisations were only somewhat prepared – or not prepared at all – to detect and take down fraudulent web domains imitating their brands online. This put the country last among the twelve countries surveyed in the report. And when it came to email, less than two-thirds of local companies were mostly or completely prepared to detect an attack that directly impersonated their email domain.
“This creates huge risk for brands,” says Pinnock. “When a customer opens an email with an offer from one of their favourite brands, the last thing they expect is for a cybercriminal to harvest their personal information. The ease at which criminals imitate trusted brands and trick consumers into sharing their personal details means brands must do more to detect and prevent these impersonation attacks. This will protect the brand’s reputation and help maintain positive relationships with their customers, a win-win for companies and brands.”
Vested interest in protecting customers
It is squarely in companies’ interests to protect customers from cyberattacks. A study conducted by Mimecast in 2021 found that 83% of South African consumers would lose trust in their favourite brand if they disclosed information to a spoofed website.
Seventy-three percent said they’d stop spending money with their favourite brand entirely if they fell victim to a phishing attack involving that brand. And nearly all (94%) said they expect their favourite brand to ensure their services – including their website, emails and other communication, are safe to use.
“This may appear unfair to companies, who believe they have little influence over the actions of criminals appropriating their brands. But there are steps that companies can take to protect their brands and in turn their customers,” says Pinnock:
* Acknowledge the risks and create awareness around safe online habits. Banks have long been driving cyber awareness programs to highlight cyber threats and help customers avoid mistakes that could compromise their online safety. Every brand should be doing the same, by developing regular, engaging and impactful customer communication around cyber safety. “We’ve seen recent examples of organisations being held accountable for their customers falling victim to email based attacks, such as Business Email Compromise,” says Pinnock. “A precedent has been set that brands need to protect email correspondence and inform consumers of the risks of brand imitation.”
* Companies need to ensure their brands have the necessary defences against cybercriminals. DMARC (Domain-based Message Authentication, Reporting & Conformance) is an email validation tool that helps detect and prevent email spoofing. “Our latest data shows that only 52% of South African companies either have or are actively rolling out DMARC. But, on a positive note, 34% had plans to roll out such a solution in the next year,” says Pinnock. Encouragingly, most South African companies have or are planning to roll out a service that detects and protects against malicious websites spoofing their website and online brand.
* In light of the Protection of Personal Information Act and its disclosure requirements in the event of a data breach, marketers and brand managers can play an important role in ensuring customers are notified and have the necessary information should their data be compromised.
“Cyber threats are unlikely to diminish or disappear in the coming years,” says Pinnock. “As we digitise more aspects of our personal and professional lives, our data becomes an increasingly attractive target for a global cybercrime industry in overdrive. Companies have a vested interest in ensuring their brands are protected and that customers can interact with the brand in a safe way. This means greater effort needs to be made to ensure customers are safe from harmful phishing attacks imitating their brands.”