Make security a mindset

But these relationships are also built upon trust. Customers trust that brands will keep their data safe and private—and they trust them to use that data responsibly in turn. To earn that trust, brands need three essential things: a security philosophy, a plan to identify and address security needs and a clear roadmap.

Putting privacy and security at the core of your business

Keeping data private means being vigilant about managing access to information, and ensuring that you always understand where data is coming from, as well as understanding when it can and can’t be used. That’s much easier to accomplish if you emphasize data privacy and security across your organization from the start.

In turn, strong security requires a smart development process. If your company is pushing out code that is not being adequately reviewed, it is a security risk on par to a lack of traditional safeguards, such as firewalls and virus protection.

Demonstrating a commitment to security and privacy

Securing your data is essential, but it’s just as important to demonstrate your data security capabilities to customers and partners. Brands could consider putting together a security attestation roadmap featuring some of these common certifications and actions:

• Engage a security vendor to carry out digital security audits and penetration tests
• Evaluate security controls against the SANS Institute’s Cybersecurity Risk Framework
• Implement the U.S.’s Health Insurance Portability and Accountability Act (HIPAA)’s data privacy and security rules
• Complete the Service Organization Control (SOC) 2 Type 1 examination, developed to protect systems against unauthorized access
• Update data policies and contracts with technical partners to ensure material compliance with the EU’s General Data Protection Regulation (GDPR) by May 25, 2018

Some of these steps can be accomplished in a matter of weeks, but others, such as the SOC 2 examination, can take more than 18 months from start to finish. The SOC 2 certification is the gold standard, as it touches on every element of security from physical infrastructure to software safeguards, as well as the procedures a company has in place for those with access to its systems.

It’s a major investment in time and resources, but a necessary investment all the same. By finding the certifications that are vital for your business and investing in expert legal and security guidance, brands can improve on data privacy and security while showcasing a commitment to data protection.

How to embrace a privacy and security practice

To ensure you are focusing your efforts, take a holistic view of the organization and use that understanding to complete a security risk assessment. For digital security, embrace traditional measures like firewalls, encryption and virus scanners, in addition to two-factor authorization and IP whitelisting, to prevent unauthorized access.

However, digital security isn’t just about keeping data safe from outside intruders—it also means using things like role and permission management to ensure that only the right members of your team have access to that data. Physical security matters, too. You can have world-class cybersecurity protections, but if you don’t secure your company’s physical assets by installing security cameras, requiring ID badges, maintaining maintenance logs and making sure that guests can’t just roam around your offices unescorted, you’re not really securing your data.

Security isn’t just about safeguards; policies and processes matter too. Role-based permissioning can’t work effectively, for instance, without a process for terminating access when employees leave the company. In addition, if your brand shares customer data with technical partners, you need to fully understand their security measures.

Privacy and security is a journey

Security doesn’t stand still. Technology keeps shifting, new threats continue to crop up, and last year’s secure system may suffer from previously unknown vulnerabilities today. Stay ahead by making security and privacy a priority every day by instituting strong processes, staying alert to the changing security landscape and choosing partners with the same mindset.

To dig a little deeper, check out #NoFilter: Braze on Security.