Todd Barnum, Chief Information Security Officer (CISO), GoPro Inc., discussed data breaches and their impact on today's businesses and consumers in a keynote presentation to Argyle's CX membership at the 2016 Customer Experience Leadership Forum in San Francisco on Dec. 15. In his presentation, "Don't Let a Data Breach Ruin Your Customers' Day," Barnum offered tips to ensure that business leaders can prevent data breaches both now and in the future.
According to Barnum, every Fortune 500 company has been hacked. Meanwhile, the majority of data breaches occur due to email hacks, creating serious problems for businesses of all sizes.
Furthermore, Barnum pointed out that it takes the average company roughly seven months to identify a data breach. This means business leaders often lack the ability to take a proactive approach to data breaches and identify such problems before they escalate.
How business leaders secure systems of engagement and systems of record can make a world of difference for companies globally.
Systems of engagement refer to customer-facing systems, while systems of record encompass systems that business leaders use to manage customer data and other sensitive information.
"Inside the customer ecosystem, the only thing that matters is sensitive information."
Ultimately, business leaders must secure both systems of engagement and systems of records to protect all of the information at its disposal. In addition, business leaders must be able to prevent hackers from targeting systems of engagement, which often serve as the initial entry point for phishing attacks.
"The systems of engagement are the ones that hackers are interested in," Barnum stated. "All [CX professionals] operate systems of engagement. Those are the systems that [hackers] target once they enter the company through phishing."
Barnum also provided three recommendations for business leaders to prevent data breaches:
1. Create a Systems' Map that Supports Your Process
Mapping out the entire customer ecosystem can help business leaders in a number of ways.
Barnum stated business leaders should create a systems' map that enables them to understand all of the systems that are in place. By doing so, business leaders are better equipped to identify security flaws and resolve such problems immediately.
"Think about all the backstream systems, the downstream systems and the interfaces," Barnum said. "Identify system owners. … It is simple to do."
2. Identify Your Sensitive Information
Businesses may store a broad array of sensitive information – from customers' protected health information (PHI) to their credit card details. Fortunately, business leaders who identify all of the sensitive information that they maintain can understand the true value of this data and secure it properly.
"Inside the customer ecosystem, the only thing that matters is sensitive information," Barnum noted. "List [the sensitive information] out. … and find out where it is stored and transmitted."
3. Identify Where Customers Have to Log In
Systems of engagement commonly require only a single log-in for customers. Conversely, business leaders are responsible for deploying a fast, effective and secure system that ensures customers can log in to a company's website instantly.
"All [CX professionals] operate systems of engagement. Those are the systems that [hackers] target once they enter the company through phishing."
Business leaders should strive to provide customers with instant access to a website via a simple login process. At the same time, business leaders should not sacrifice security for usability, particularly when it comes to a website's login process.
If business leaders allocate the necessary time and resources to understand where customers log in, they can find first-rate technologies to bolster security without hindering the user experience. That way, customers will be able to log in to a website with ease, and business leaders can ensure that customers' sensitive information will remain protected at all times.
"It's usually only one login process," Barnum said. "Identify where it is, and then look at the things that you can leverage to have customers log in today."
Barnum noted that deploying a best-in-class security plan may seem like an uphill climb for business leaders. And even though business leaders want to avoid data breaches at all costs, it can be difficult to eliminate security dangers entirely.
Comparatively, Barnum pointed out that business leaders should strive for ongoing security improvements. Security threats continue to evolve, and business leaders who take a proactive approach to security may be better equipped to combat security problems than rivals.
Barnum suggested that business leaders assess a company's current security strategy and plan accordingly. This offers an ideal first step for business leaders and enables them to map out an effective strategy to control security threats.
"If C's and D's get degrees, don't aim for perfection, but just get started," Barnum said. "You'll gain value just going through the [CX security] process … and it won't take up much of your time."
Todd is the Chief Information Security Officer (CISO) for GoPro Inc, a global consumer electronics and software company with over 20 office locations worldwide. He is responsible for developing and executing the cybersecurity programs for GoPro globally. He leads multiple Cybersecurity functions focused on securing the use of Cloud Applications, Cloud Operations, Cloud Security Governance, and Cyber Security Resiliency. GoPro is believed to be one of the largest “cloud only” companies in the world.
Prior to GoPro, Todd spent time leading Cybersecurity consulting practices for KPMG LLP, and Forrester Research.
Prior to these consulting positions Todd worked at Warner Bros Entertainment as a Vice President and Chief Information Security Officer, while simultaneously holding the position of Vice President of Enterprise Architecture.
Prior to Warner Bros, Todd spent 8 years at AMGEN, the world’s largest Biotech company, where he served as the Chief Information Security Officer and held the position of Corporate Director.
Early in his career, Todd learned the details of information security as a Naval Officer managing some of the Navy’s largest telecommunication systems. Todd got his Masters in Telecommunications from the United States Naval Postgraduate School in Monterey California, and his Bachelors from the University of Hawaii.
Todd is an Adjunct Professor at California Lutheran University where he’s taught computer science courses since 2001. Todd also served as a Board member of the Ventura County YMCA, and was a part Orange County’s Big Brother Big Sister Program.