Security in the Internet of Things Era
The goal is to prioritize against the likely threats. This is why companies, such as General Motors’ subsidiary OnStar, have invested in appointing a head of cybersecurity for all products, Miessler points out. “We expect to see a lot of other companies following that, not just in the automotive space, but in other spaces.”
WORKING TO EARN CUSTOMER TRUST
For companies investing in IoT strategies, customer trust is a central concern, but recent research from SAS Institute states that only 11 percent of consumers believe that they have total control over the data they provide companies. Furthermore, 30 percent claimed they had “no control at all” over what those businesses did with that data.
And, while companies present users with the terms of their agreements before accessing customers’ data, only 13 percent of respondents were likely to read through these (often long and tedious) documents. Typically, Raj notes, “they run for pages and are in two-point font—nobody’s reading that.”
Raj suggests that companies build trust by looking at data as a strategic priority—not just from a governance perspective but also from a customer experience perspective. He recommends making terms and conditions “very, very transparent, and by that I mean easy to read, in bullet points rather than in legal jargon.” They should make it very clear in interactions what the data will be used for. “Is it going to be used to enhance their profile? By other partners? If so, the steps should be stated,” Raj says.
Further, they should make clear whether customers have the option to easily change their preferences. “There are things you can do from an outbound perspective, when you’re communicating in your campaigns or marketing interactions” to give users more control, Raj says. One way is to proactively send users an email that asks them whether they would like to adjust their security preferences. “Very, very few brands are doing that,” Raj says.
Miessler also stresses the importance of transparency, saying that companies that are “very clear about what data they collect, how they handle it, and who they share it with are going to be the ones who win out in the battle for trust.” Going a step further, he predicts that companies will likely have to incorporate security messages into advertising and legal disclaimers. For instance, companies will feel more regulatory pressure to notify customers and describe the levels of protection, as well as what they do to protect their data.
When it comes to building trust, the culture of security is “table stakes—ground zero,” Leary says. A company should strive to value the best interests of customers over any immediate gains that primarily benefit the enterprise. This means acting responsibly and fairly. “The whole idea is to use this technology to learn about customers—their behaviors, needs, and expectations—to try to do better,” Leary says. “But if you’re only using it to keep traditional business processes and methods in play, then that’s a problem.”
For instance, some companies might be tempted to use data to offer customers products or services that are not suitable to those customers. This might hurt—or even destroy—the relationship in the long run.
Raj singles out Disney as a good example of a company that has successfully gained the trust of customers and enhances experiences through its IoT initiatives. The company’s highly regarded Magic Band ecosystem is designed to accommodate users as they navigate through the theme park. By tapping the band, users can perform a number of activities, including making purchases as well as accessing rides and their hotel rooms.
To make this a reality, Disney “didn’t look at data as a privacy governance issue,” Raj says. “They looked at data as enhancing the experience of anyone who was at Disneyland.” He points out that Disney doesn’t collect any data that is not necessary and relevant, and it uses analytical tools on the back end to make predictions regarding what is interesting and desired by the audience. There is very clear communication about how the data will be used, as Disney does not sell it to second- or third-party vendors, as other companies do, Raj adds. Consequently, “the customer doesn’t think twice about sharing,” Raj says.
Experts agree that, while precautions will be taken to prevent security breaches as the IoT gains steam, they are still very likely. “Getting hacked isn’t necessarily a bad thing,” Hunter says. “It’s what you do after you get hacked” that’s important.
According to Miessler, a security breach can in fact turn into a positive event for the company, if it’s handled correctly through marketing and communications with customers. “That’s largely becoming the new game—having a good story for how you’re defending, saying that it might not be possible to defend 100 percent of the time, but that you’re going to do your best, and have good people working on it,” Miessler says. “Going forward, with more IoT, and more connectivity in general, that will continue to be the main play.”
Associate Editor Oren Smilansky can be reached at osmilansky@infotoday.com.