This year’s RSA Conference, taking place from April 16-20 in San Francisco, is fast-approaching and couldn’t be happening at a better time. As one of the security industry’s largest gatherings, the annual event hosts over 45,000 attendees who explore cutting-edge technologies, solutions and ideas in the world of cybersecurity. You can bet money that data protection and privacy will be the hot topic at RSA, based on the recent Facebook/Cambridge Analytica scandal. This year’s theme is “Now Matters” and more than ever, organizations need to “walk the walk” when it comes to keeping customer, employee and corporate data secure. This will be a critical directive for organizations looking to embody corporate social responsibility.
Fortune Global 500 firms are currently spending $20 billion a year on CSR initiatives, indicating that corporate social responsibility is becoming more mainstream and mandatory. As the Facebook/Cambridge Analytica data scandal continues to dominate the world of cybersecurity, companies engaging in CSR are feeling the pressure to maintain trust among their customers when it comes to protecting their private data. A lot of noise around CSR typically revolves around sustainability or philanthropic efforts. While data protection may not be as sexy as these initiatives, the current threat landscape invading the security world make it a necessity, rather than a “nice to have.”
With Great Data Comes Great (Corporate Social) Responsibility
More and more, it’s becoming clear that consumers can no longer rely on or put their faith in our government institutions to pass rules and regulations safeguarding against data privacy and theft. In an ideal world, regulations preventing the personal information of consumers being put together and manipulated in ways without their knowledge or consent would be outlawed.
And yet, these concerns aren’t being taken seriously because up until now, there hasn’t been a scandal as widespread or egregious as the Facebook one—at least one that’s been reported. Transparency still remains a huge obstacle in cybersecurity, and one that won’t be rectified until regulations are instituted that make it mandatory for companies to spill the beans about the data they collect and what they use it for.
With that said, how can organizations step up to the plate and start living and breathing a corporate social responsibility mantra from a data and security standpoint? For starters, they can design their systems, apps and infrastructure with data security and human interest in mind. This human-centric, design thinking approach could actually protect against the kind of data misuse that Facebook is currently in so much hot water over.
Companies who take a thoughtful CSR approach to data protection can also do simple things like restricting third-party access to user data, limiting data access to only those who truly need it. Holistic monitoring of the databases that store this information, equipped with high-level security and encryption features, is an additional step corporations can take to protect consumer data and foster a secure level of trust with them. Finally, circling back to the matter of transparency, companies can offer users insight and visibility into who has access to their data, what they’re using it for and grant them control to restrict any third-parties from using this data—this is currently Facebook’s Band-Aid over the bullet hole approach.
RSA and CSR and Data…Oh My!
Solutions for these cyber threats targeting personal data can no longer wait. That’s why this year’s RSA is branded “Now Matters,” because safeguarding this information is unquestionably a top priority as our personal lives become more digital. Data is no longer just numbers in a spreadsheet—it’s become much more personal and valuable. Organizations that tout CSR as an objective need to start abiding by “The Golden Rule” when it comes to protecting their customer’s data and privacy and start treating it like their own. As soon as corporations accept that data protection needs to be prioritized much the same way that product quality, sustainability and other CSR mainstays are, the more safe, secure and valued consumers will feel.
Some companies like Toshiba are already following suit, listing data protection as a section in their annual CSR reports. Approaching data protection as a core business strategy and CSR initiative, rather than just an IT or security issue, will set a company apart as an attractive competitive differentiator from others that eschew data security or willingly allow private user data to be bought, sold and used. Fool a consumer once, shame on you; fool them twice, they’ll delete your app.
Stay tuned to the Sutherland Blog for more around CSR, and be sure to follow us on social media (Facebook, Twitter or LinkedIn.