- Aug 17, 2017
The pandemic altered the way many B2B2C manufacturers interact with customers. While the retail outlets that would typically distribute their products were closed, many manufacturing brands in consumer packaged goods, fashion, equipment, etc., realized the value of adopting a direct-to-consumer strategy. These brands traditionally had limited interaction with the end consumer, as their model was to sell their product to a reseller. However, with resellers closed or operating at limited capacities, many manufacturers wisely built digital experiences to interface with, sell to, and collect data from their customers directly. However, there are inherent risks in collecting consumer data — not only of hacking, malware, and data theft but also misusing the collected data that may damage one's brand or even create legal exposure.
I encourage manufacturers to consider the following to keep data compliant, secure, ethical, and productive, while still working toward objectives:
- When it comes to data, what you don't do is as important as what you do. Since the big-data trend, firms often collect and store data without considering its necessity. Today's machine-learning algorithms also encourage a degree of data hoarding. But data must be recognized as a liability and an asset. Hackers can't steal what you don't collect, and a security snafu can't leak customer information that's not in your database. Think selectively about the data you need and the possible fallout if it is stolen or leaked. Managing less data is easier.
- Adopt decentralized security. As cyber threats evolve, previous methods are ineffective. There's no safe boundary or perimeter anymore. System design should enable risk management and security enforcement across the entire architecture, employing security-in-depth practices such as encrypted communications, segmented regions, granular authentication and authorization, and intelligent intrusion detection systems.
- Analyze the AI in security. AI capabilities are increasingly important in software applications. Organizations should leverage this to help security professionals identify and react to threats and predict attack vectors. While automation isn't a replacement for trained professionals, it can automate basic defenses, allowing focus on critical threats.
- Anticipate increased regulation. While we've flagged some of the most recent regulations to emerge in the privacy space, organizations should be prepared for more. Worldwide, there are a significant number of data protection laws already on the books, with more to come. Challenges will emerge as compliance grows more complex, especially for firms operating in multiple jurisdictions. When GDPR came into effect, many US-based news sites blocked Europeans from accessing their websites because of concerns about falling foul of a law they didn't understand.
- Build products with robust security and privacy practices. This requires commitment and strong leadership; security and privacy should be ingrained in the organization's culture. Teams shouldn't consider these aspects nice-to-have, optional, or optionable for cost-saving purposes. Leaders must set the tone that security is a priority for everyone. Data breaches often result from employees not changing passwords or ignoring alerts.