Human beings
have two basic instincts among all others:
Being a creature of habit, and wanting to forgive people if they have wronged
you in some way, shape, or form. I know
for one I am a creature of habit. The
best example of this is just a few days ago.
I recently traded
in my 22-year-old Honda Civic and am now leasing Kia. This is the first time that I have had a car
with all the electronic gizmos in it. I
have always been an analog dashboard kind of person on my past cars, so there
are times I have wished to have that back.
But I know I
made the right decision and must get used to all these new fancy things. In terms of forgiveness, well, I am also a
pretty loving guy. The best example of
this is one of my best friends of over 40 years, and we have our major spats,
and the most recent one, a few days ago about the current pollical climate. But of course, being close friends for such a
long time, we forgave almost immediately.
These two examples
can also fire perfectly well in the world of Cybersecurity. For example, suppose you have been a long-time
customer of a major vendor. All of a
sudden, you have been informed that they have been impacted by a security
breach. Some of the first questions that
you will ask are:
1)
How
did it happen?
2)
How
soon did you find out it happened?
3)
What
steps have you taken to rectify the situation?
4)
MOST
IMPORTANT: How am I impacted? Is my data safe?
5)
What
kind of recourse are you going to offer me?
But no matter
how much you try to find fault with and blame the vendor for what happened, the
tendency to want to stick around with them still persists. After all, it is going to take time to
find a new vendor, and time to get acclimated
to the way they serve customers.
And what if
they are more expensive? So now the feeling
of being a “creature of habit” sets in, and in the end, you decide you want to
still stick with the same vendor. This is
technically known as “Digital Forgiveness”.
But now there
is a new psychological play here as well.
It is the phenomenon called “Risk Normalization”. To put it simply, you further rationalize
your decision to continue with the same vendor by further rationalizing
this: “Well, anybody can become a victim,
I guess it was my turn now”.
Because of all
the loyalty you have shown to the vendor, the tendency will now be for them,
indirectly, to take advantage of you.
For example, there attitude could very well be now: “Well if a security breach happens again,
they will still probably stick around.
No need to beef up my lines of defenses even further”.
But, taking this
kind of approach can have detrimental effects,
which include the following:
1)
Trust:
Although
you may have forgiven the vendor, it will still be a part that will be hidden
in your memory. So, if the vendor takes
a complacent attitude with you, your level of trust with them can erode over
time. Not your loss, it will be theirs, because
customers can easily be lost, but it can take an exceptionally long time to get
a new one.
2)
Anxiety:
After
a company has been hit by a security breach, the moral and ethical thing for
them to do is to offer you some kind of recourse, most often which comes in the
form of free credit reports and real time monitoring. But they are not legally required to do
this. So, if nothing is offered to you,
it is quite likely that a prominent level of feeling of anxiety will kick
in. For example, some of your most immediate
fears will be: “Will I become a victim
of ID Theft”?
3)
Goodwill:
If
the vendor again becomes a victim of a security breach, your goodwill towards
them will completely vanish, and at this time you will say: “This is the straw that broke the camel’s
back, I am finding a new vendor”.
My
Thoughts on This:
Although this
is much easier said than done, if your vendor has been hit by a Cyberattacker,
and you have become a victim, it is imperative to separate yourself from the
emotional side, and take these solid steps:
Ø
After
you have been notified, immediately demand to know what happened to your data, and
what corrective measures have or are currently being taken to protect your datasets.
Ø
Immediately
enable either 2FA or MFA on all your financial accounts, such as you are banking
and credit card portals. Keep checking them
at least twice a day to make sure that there is no fraudulent activity.
Ø
Immediately
contact the three credit bureaus (Equifax, TransUnion, and Experian) and put a
freeze on your account.
Ø
Demand
recourse, more than what the vendor has to offer. If you can afford the legal expenses, even
consider filing a lawsuit.
Ø
Remember
in the end, that you are the customer.
In our capitalistic society, the “Customer Is King”. So, wield these powers that you have, and try
to find a different vendor. If you take this route, make sure you ask
what steps are being taken to protect your data if you were to go with them.
Finally, you,
the customer, also need to play a part in protecting your data. For example, with the recent passages of the
many data privacy laws, especially those of the GDRP and the CCPA, you now have
the legal right to know explicitly know how your data is being stored, processed,
and archived. And, you can always ask to
have your datasets deleted if at any time you are not feeling comfortable with
the way it is being managed.
No comments:
Post a Comment