Data is King! But Are You Treating It As One?

By Madhu Maganti, CPA, CISA – Director of IT Assurance and Security Group, Doeren Mayhew

When it comes to evaluating your customer base or identifying ways to grow your business, data is king, but how are you protecting consumer data? Everyone and their big brother (no pun intended) is talking about data, and more specifically, Big Data. Big Data is a technology buzzword that describes the current ecosystem in which there is significantly more data, and the way it is processed is beneficial to companies. Perhaps, even individuals, with news of the usage of many data scientists in the rundown to the 2016 U.S. Presidential Election. However, the evolution of how we got to the current state is not very clear.

Evolution of Data

Data began with zip codes. Developed in 1963, Zone Improvement Plan (ZIP) codes allowed companies and marketers to gather more information on customers in a way that were not possible before. With the evolution of computers, companies were able to relate transactional data to figure out the nature of the transactions. Who bought what and where?

It was an early start to using data to profile a customer for company growth. Using the data gathered, companies could gather more customers and identify their sweet spot with regard to their market base. Moving from these demographics, companies have started moving to psychographics. This is eerie for you and I to understand but companies gain so many data points that it can come up with an ideal customer profile, even having the ability to figure out how they think.

How data is being gathered is always evolving. In recent times, behaviors and attitudes of customers is being sought. Emails, Facebook posts, Google searches (are you reaching for the “Delete search history” button already?), tweets, Instagram posts, etc., give more insight into a customer creating more complex profiles on each customer. Every company has massive databases with so many different data points, and these need complex and fast analysis to provide organizational value.

The evolution of data is not coming to a grinding halt anytime soon. There are so many different avenues for companies to gather data points for more sophisticated analysis. I recently listened to a podcast about the Hyperloop, and one of the main engineers working on a model stated that rides would be free for passengers. How the company would make up for the free ride is to get the passenger’s acceptance to gather all the different data points, be it when they  go on their rides, the type of food they purchase, what advertisements they think is relevant while on the “train”, etc. There are no “free rides” folks! The Internet of Things (IoT) is just the beginning.

Perception of Data

Think of this scenario— As you look down from a high rise building in New York City, you see several people on the streets below, and as an individual, you are judging them based on their looks, attire, actions, etc. Now think of this same scenario from the eyes of a company. A company wants to maximize their customer base and sees the same people based on their pre-set value to them. I almost envision a dialogue balloon over each individual’s head indicating the dollar value that they are worth to the company. These dollar values are not arbitrary numbers. They are the result of processing some complex data points that the company has procured on these individuals.

Why do companies want as much information as they can on different individuals? We have beaten this question to death already but it begged repeating. No company is satisfied with just their current customer base. They want to use all means necessary to ensure they can grow their market share and do it with minimal expenditure. In earlier days, companies had to look at mass advertising and their landing cost for acquiring a customer was high. Nowadays, every individual is on social media and leaving a trail of data points that can help the company in identifying their dollar value, as in the above scenario, to help target them with a higher probability of turning them into a customer.

Facebook recently came in the news for selling its user data to other companies and it is no surprise that companies find the user data useful.

How Do You Protect Your Data?

As an individual, you have many options to protect the sensitive data that you leave out there for others to see. Open information on an individual is the easiest way for bad actors to indulge in identity theft. Privacy settings need to be reviewed and do everything you can to limit your visibility to third parties. Several companies provide services that claim to limit what you have out in the big bad world of the internet to only what you want others to see. I am always skeptical of these services but if there is one that truly delivers on that promise, it would not need Big Data to grow the customer base. The customers would come running to them.

From a company perspective, how do you protect your data? Companies have massive databases that need to be protected from the bad actors since this data contains so many different data points that could cause a lot of harm if it got into the wrong hands. A good security culture in a company will help in ensuring there are safe controls around people, processes and technology. Consider these helpful tips to implement a safe security culture within your company:

• Promote security awareness to empower employees to say something when they see something.
• Ensure your compliance with the different regulations that come under your purview. Health Insurance Portability and Accountability Act (HIPAA), General Data Protection Regulation (GDPR) and other regulations can be your friend in strengthening your perimeter and also in ensuring that the CIO/CISO is empowered to get the budgets they need to have a secure environment.
• Conduct risk assessments periodically and make improvements. Experiencing a data breach is not a question of “if” but “when.”
• Review and periodically test your incident response plan to ensure that when faced with a data breach, the key stakeholders are aware of what needs to be done to plug the damage and reduce any detrimental impact to brand value and business operations.

Navigating these complex risks of Big Data can be challenging. Work with a cybersecurity expert, like those at within Doeren Mayhew’s IT Assurance and Security Group, to help mitigate these risks and limit your exposure.  For more information, contact us today.