Customer Privacy at Risk When Companies Become Complacent Regarding Data Security

cyber attacks on retailers

As new estimates predict cyber crime costs will exceed $2 trillion by 2019, many consumers are wary of letting companies handle their personal data. Lack of diligence in the business world has dominated headlines, leading to serious mistrust on the part of consumers. Currently, 68 percent of consumers don’t trust companies to handle their personal data securely and keep it protected from hackers. (1)

Companies need consumer data for invoicing and other legitimate business purposes. This means that methods must be developed for effectively securing data to prevent personal information from falling into the wrong hands. Cyber criminals quickly devise strategies to overcome older data security measures, and it’s a sure bet that they’ll continue to exploit any possible vulnerabilities in new security patches, etc.

However, there are some basic practices one can implement which can help protect most consumer data. It’s also important to keep customers in the loop regarding how the company handles and protects personal consumer information. Spohn Security Solutions has a few suggestions in this regard:(1)

- Sponsors -

1) Use multiple authentication layers, and follow this up by letting customers know who will have use of customer data and how it’s secured from unauthorized use.

2) Make sure your company is focused on security, not compliance. This means following a list of best practices to ensure that your customers’ information stays safe. PCI, HIPAA, SOC compliance cover the MINIMUM acceptable level for many aspects of data security, ranging from employee procedures to data encryption. Compliance will come with security. Compliance is great to advertise on your website and in many cases, required by law, but a secure network lets you sleep at night.

3) Make your consumers’ privacy a competitive advantage for your company. Destroy customer data once it’s no longer needed or required to be kept by law. Let customers know that you won’t keep any credit information or personally identifiable information on file longer than legally required. Communicate your assured cloud destruction and data retention agreements; explain this is why they must enter their data repeatedly on your site. Most will appreciate your attention to maintaining their privacy, even if it is inconvenient. (2)

However, even with these and other measures in place, employees sometimes forget to implement them, or new employees who haven’t yet been fully trained on current security practices can commit errors. Spohn Security Solutions has been in the cyber security business for 20 years and has observed that not all companies maintain an appropriate level of vigilance regarding employee security training.

“It’s vital that companies continue to provide security training for their employees. When they train but then forget to regularly update and check on their employees’ practices, it’s as if they were never trained at all,” said Timothy Crosby, senior security consultant for Spohn Security Solutions.

When these gaps occur and new threats hit, serious risks can be propagated throughout the system, leaving vulnerabilities for hackers to exploit. One example was the WannaCry ransomware attack in May 2017. That attack, termed “next-gen ransomware,” was the largest computer virus /ransomware infection in history. As opposed to regular ransomware, which encrypts only the local machine it lands on, this type spreads throughout the organization’s network from within, without having users open emails or malicious attachments (which is why it’s called a “ransomworm”).(3)

“A big risk is companies becoming complacent with their security watchfulness,” said Crosby. “Windows had released an updated security patch prior to the WannaCry attack, but not everyone updated their system. There’s a risk of companies providing employee training and information but then forgetting to provide continuity.”


1. Gerber, Scott. “9 Ways to Protect Your Customers’ Data and Keep Them in the Loop.” The Next Web, 2 June 2017.

2. Sep 30, 2011 | Updated Oct 3, 2017. “Customer Privacy Is An Important Part Of Business Strategy.” ReputationDefender, 3 Oct. 2017.

3. Zeichick, Alan. “Self-Propagating Ransomware: What the WannaCry Ransomworm Means for You.” Network World, Network World, 16 May 2017,

Stay Updated

Get critical information for loss prevention professionals, security and retail management delivered right to your inbox.