Sister CISA CISSP

Aug 20 2010   8:34PM GMT

Myths About Reputation Risk

Arian Eigen Heald Arian Eigen Heald Profile: Arian Eigen Heald

I received some entertaining feedback on my previous blog, so I thought I’d share some of the comments I’ve heard over the last few years about business reputations:

1. “My data is outsourced (hosted, in the cloud, etc) at a third party company. If they lose my data, or get broken into, it’s their reputation problem.” No matter who loses it, it’s still your data – or to put it more honestly, your customers‘ data. If you outsourced storage, you’re responsible, not the vendor. You can’t outsource responsibility (see Eigen’s Rules of Thumb).

2. “I have a contract with my vendors to secure my data. They signed off that they have secure practices, so I don’t need to be concerned. I’ll sue the heck out of them if they lose it!” The lawsuit is likely to be much more expensive than it’s worth. Audited them lately?

3. “It will go away soon – customers have short attention spans, because there’s so many data breaches going on these days.” I live in Maine, where I still hear people grousing about having to change credit cards due to Hannaford’s data breach. It’s a classic: “The only thing a customer remembers more than good service is bad service.” News outlets tend to put the “company name” and “data breach” together. Much further down is the “third party vendor” part.

4. “We don’t need to encrypt our laptops. There’s only a few of us and we never take data off site.” If you want to know just how many laptops were involved in data breaches, go to the privacyrights.org and run a search. From 2009 through mid 2010, there were 154 publicly announced breaches (who knows how many more NOT announced) for a total of 87,094,382 individual records lost and/or stolen from unencrypted laptops “protected by a password.”

The expression “Going viral” has meaning here. On the Web, a customer who’s had their data exposed might not only tell 10 people, they might also write a complaint on their blog, post comments on other people’s blogs, write a negative review of your business on a shopping web site, AND criticize you on forums and message boards. Customer expressions of dissatisfaction have outpaced any ability to control negative perception on the Web.

The example that comes to mind is “United Breaks Guitars.” Check it out. Nine million views and counting. I watched it one more time – it’s pretty funny.

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: