Getting more leads from your website, more downloads from your smartphone apps and more social media interaction with customers?
That’s great, but as digital technologies become more entrenched in your business, it becomes even more vital to protect your data. It’s a question of trust – can your customers trust your organisation with their personal information?
Losing consumer trust due to a security breach can lead to immediate loss of business – and that trust can be difficult to regain. And if that’s not enough cause to justify investing in cutting-edge, enterprise-grade security, see our previous blog post ‘Four reasons why you may need to re-evaluate your enterprise security’.
Being a major telco, security has always been a top priority for Optus, but to maintain our customers’ trust we’re continually adapting and refining our security tools and processes.
A detailed information security strategy is critical to guide the evolutionary process, and Optus’ strategy focuses on:
- continuing to improve our early detection and incident response capabilities
- fostering a security-aware culture by regularly educating our staff and our customers
- optimising our internal processes, such as user and access management
- building resilience into our infrastructure with regular reviews, testing and independent audits.
Protecting the weakest link
Of course, technology solutions are still important for blocking many threats, but sophisticated attacks such as advanced persistent threats (APTs) often target the weakest link in an enterprise – its people.
Information security is now a social issue just as much as a technical one. Everyone in the organisation needs to do their part. Enterprises need to remain vigilant with regular education programs for employees and, where appropriate, customers.
Even traditionally security-conscious enterprises like telcos need to continually promote good security practices and educate users about new threats and vulnerabilities such as Heartbleed. This highly publicised bug in a popular web encryption technology potentially compromised user data on millions of e-commerce and transaction-based websites.
For this reason, we need to continually redefine our employees’ perceptions of just what the latest security threats can do. We need their buy-in so we can protect our most valuable assets – our customers’ data and their trust.
For more insights into building and maintaining carrier-grade security, see our paper 'A question of trust'.