Ali Shabdar
Ali Shabdar Image Credit: Supplied

When it comes to data and privacy breaches, small companies are just as vulnerable as larger ones. Protecting customer information is now a matter of business survival.

Knowing this, businesses are seeking out the most secure software solutions to safeguard their customers’ data and privacy from all possible risks. However, security threats can be hard for businesses and consumers to understand.

They tend to assign this critical job to their software solutions providers, so they could both litigate and take their business elsewhere if their providers do not measure up. Taking up the responsibility, what measures can software companies take to secure customer data?

No more lax regulations

Public patience seems to have worn thin over weak security of personal information, and businesses will need to prioritise security or risk losing customers, incurring fines, or worse. While the US has seen scandals, like the Equifax data breach in 2017, the UAE has also had its fair share.

In the light of all the privacy and security breaches, stringent laws have come into existence such as the EU General Data Protection Regulation (GDPR). GCC nations such as Bahrain have also implemented strict data protection laws, while the UAE and Saudi Arabia are expected to implement similar laws in the near future.

It’s about time UAE businesses refine their business models to ensure that they are not only compliant with global standards, but do more in order to build trust.

In the wake of this, I recommend that software companies undertake concrete approaches to address the urgent demands from their customers around security and privacy.

* Deploy your own security hackers

While software vendors employ teams to perform regular penetration tests and create security solutions, businesses should not rely on these teams alone. Even though these internal cybersecurity teams are often necessary to protect customer data, businesses are advised to hire an outside “white hat” hacker or hacking team to uncover weaknesses.

Companies can also host private or public “bug bounty” competitions where hackers are rewarded for detecting vulnerabilities, and the companies receive third-party insight into the strength of their data security.

* Go for compliance certificates to build trust

To create a reputation for offering solid customer privacy and security, businesses should secure certificates of compliance. The baseline certification is the ISO 27001, which represents the information security standard.

These certificates of compliance require companies to establish and follow strict security policies and procedures regarding customer data.

* Take limited customer data for users during a trial period

Typically, software companies provide their solutions for a free trial period before actually converting them to paying customers. To hedge this bet, some companies will ask for more customer information than is necessary and sell the data when they fail to convert trial users into customers.

This is not a practice that builds trusts. Savvy potential customers are wary of being asked for anything more than basic contact information for just a trial.

* Do not store unnecessary customer data

One mistake software companies often make is to store data gleaned from either potential customers who didn’t sign up after the trial period or from discontinued customers. The longer the unrequited data is kept, the greater the security risk becomes for the company and its trial and temporary customers.

* Converting data to revenue is a risky business

Businesses need to be proactive and public with their security and privacy practices. But it doesn’t all fall on businesses. Beware that customers can consult with websites that list companies that buy and sell data.

If the business model of software companies is predicated on gathering, parcelling, and selling user data to advertisers, the business could be compromised right at the start.

Even strict compliance and honest dealings don’t guarantee the safety of customer data. This reality leads to a regulated free market that enforces companies to comply with security and privacy rules, even as the rules themselves evolve.

Successful software companies are forward-looking to distinguish themselves in the areas of customer privacy and security. They take up innovative corporate practices to build customer trust, stay competitive, and protect themselves and their customers from not being driven by top-down executives or legal edicts.

Ali Shabdar is Regional Director at Zoho Corp.