Like most areas of technology, the Internet of Things (IoT) has boomed quickly, offering shoppers a variety of devices, ways to communicate, and even ways to shop. Unfortunately, it’s also brought a fair amount of risk. The connected shopper has a reasonable fear of over-connectivity, meaning brands should take initiative to protect shopper data. This post takes a look at those fears and how brands can keep data safe.
The Fear of Over-Connectivity
“Over-connectivity” refers to the sheer amount of devices and organizations that have access to a shopper’s data, especially as enabled by the internet, wireless communication, and mobile devices. Shoppers now have home security systems they can access from anywhere in the world which can lock their doors, turn on their lights, and show them a video feed. Fitness devices track a wide range of health metrics and funnel it into an app, sorting it into data that has meaningful implications for their health, some of which can or will connect to other devices to help adjust their diet or sleep patterns. Vehicles are becoming “smart” as well, and not only because they’re inching closer to fully-automated driving. Others are more whimsical: even Barbie’s Dreamhouse requires a WiFi connection and accepts voice commands, emulating smart home applications. This connectivity is intended to make daily activities more convenient while personalizing interaction with brands so ads and other services are incredibly relevant.
The problem is, shoppers are aware of the implicit vulnerability that this connectivity brings. More than half of consumers (51%) fear that someone will gain unauthorized access to their data specifically through their smart devices. Another survey puts that statistic even higher among U.S. consumers, at 69%, and another 68% fear that brands are putting their personal data at risk.
Areas of Concern
Shoppers have not completely lost trust. Despite the fact that 22% of customers fear this level of connectivity so much that they won’t shop on the internet, they have a great deal of faith in online banking. According to a recent Gallup poll, roughly 90% of consumers across all four generations have some or a lot of trust in their bank to keep their data safe. Unfortunately, the poll also shows that right now trust is dropping by a little to a lot depending on the industry and function, especially among Boomers and Gen X-ers, and all four generations trust online retailers the least.
Despite their prevalence on the market and user adoption, shoppers don’t necessarily trust their smartphone’s personal assistant either. That’s with some reason — when Apple rolled out iOS 9, there were some unusual security flaws that relied on using Siri.
What’s Actually Safe?
This question is hard to answer because as security evolves, so does the criminal attempt to obtain information. A recent report from Google seems to suggest that the internet is becoming more secure for shopping; the combination of HTTPS adoption and increased intent to buy online is the underlying reasoning. Yet some 95% of breached customer records are due to technology, government, and retail industries, although it’s important to note that in this case, “breach” includes human error, like emailing personal information to the wrong individual. More importantly, there were nearly 1,100 full breaches across businesses and government agencies in the U.S. alone in 2016. A recent Dell security report showed that 69% of decision makers view data security as a burden on their time and budget, and another survey from Deloitte showed only 10% of CIOs considered cybersecurity a top business priority. Even aggregate data can become severely problematic in the wrong hands; it can be parsed to reveal the actions of specific individuals, especially the location of home and workplaces, with a stunning 73% to 91% accuracy.
Most pertinent, however, is the shopper’s approach to their own security and the IoT. Some 65% of Millennials are confident in their ability to protect themselves, but that’s probably a measure of overconfidence. After all, 44% of consumers don’t believe they own enough connected devices to be considered a target for attack, and another 1 in 5 don’t have any protection for their IoT devices.
How Brands Can Protect the Connected Consumer
Your business doesn’t need to offer IoT applications to be connected; you just need to provide a mobile app, accept mobile payments, offer e-commerce, utilize mobile or SMS marketing, collect shopper data on a digital platform of any kind (including forms on your website), store customer data in cloud storage, or even simply accepting credit and debit cards. The IoT may have started as a way to refer to smart devices, but it’s definitively evolved to touch everything. Another thing that’s changed is who shoppers deem responsible for protecting their connected data, namely businesses. According to a recent survey of 9,000 consumers, the ratio is 70:30, which is to say that shoppers feel 70% of the data security responsibility lies with businesses and 30% of the responsibility is their own. What’s interesting is that shoppers are willing to take risks and trust businesses with their data across their devices and platforms of choice until they’re given a reason to stop: 60% of consumers would stop using a retailer if it suffered a data security breach, and 66% say they’d be unlikely to do business with that company again if that breach meant their sensitive or financial information was stolen. Perhaps the biggest reason for why is that while businesses can absorb the costly impact relatively quickly, shoppers will be dealing with the effects of these privacy invasions for years.
So what can brands do? First and foremost, adhere to guidelines and suggestions from the FTC. The FTC also offers additional resources for how to secure sensitive data, including links to other government services, such as the U.S. Computer Emergency Readiness Team and the National Institute of Standards and Technology. It also provides a variety of pertinent articles for small businesses, app developers, and more. Here are a few more tips to help you get started:
- Audit all third parties with whom you share information. Do they provide the security processes to protect your business and your shoppers?
- Have a process for customers to report a security breach or suspicious activity, and make it clear how to do this. This will also build trust with your customers.
- Give shoppers control over the way their data is collected and how it’s used. Are you giving them context for why your business needs that information, and do you provide opt in or opt out measures?
- Enforce internal processes that support data security; the policy is worthless if your employees aren’t handling data correctly.
- Implement and enforce better password policies for both employees and shoppers.
- Apply threat detection technologies where possible.
- Utilize dedicated servers to proactively remove certain vulnerability risks presented by shared servers.
- Prioritize data encryption, and stay on top of developments in encryption methods. For instance, take the necessary steps to ensure brick-and-mortar locations accept chipped credit cards and mobile payments, and utilize two-factor authentication.
- Use risk management to develop a plan in case of disaster to minimize the damage done during a data breach. This will help rebuild trust when customers see that your business has done more than its due diligence in protecting their interests.
- Educate shoppers on how to responsibly utilize your services and help you to keep your data safe.
Despite the fact that shoppers fear over-connectivity and are influenced by cybersecurity concerns, they still want the convenience that connected brands provide. That will continue to drive connectivity between devices, brands, and shoppers, further increasing the need to protect shopper data as the IoT expands beyond startup and trendy niche categories to enterprise applications through 2019. Forrester expects to see increases in IoT focused assistants (e.g., Google Home, Alexa) and security systems (e.g., Canary) in 10% of homes this year alone. While Forrester anticipates security concerns to temper the IoT this year — early adoption applications of IoT tend to be the most vulnerable, and hackers are sure to leverage devices for DDoS attacks — it isn’t close to stopping the development of new wireless connectivity options (e.g., LoRaWAN, 3GPP NB-IOT), the enterprise drive for certifications, reliable autonomous financial transactions via blockchain technology, and the integration of IoT with cloud services and AI or machine learning. Shoppers will undoubtedly continue to put the onus of protection responsibility on brands, and they’ll continue to look for new protections as well; consider the growth of LifeLock, a company built on insuring personal identity against fraud, which was recently acquired by Symantec for $2.3 billion.
The drive for convenience is strong, and the connected consumer is unlikely to put down their collection of devices anytime soon. But concerns about data security, identity theft, and other cyber-crimes is very real, and can have major or even disastrous impacts against businesses. No matter what industry or market your business operates in, the IoT and other areas of connectivity are already unavoidable. Adopting them could increase your added value to the customer experience, but you also need to be sure your company does everything in its power to protect that data. The tips we’ve provided are a good place to start.