Founder of Allure Security and professor of CS at Columbia University.
Getty
The coronavirus pandemic has changed everything, including the way we work, think, shop and socialize. And many Americans are feeling particularly insecure with all of these changes happening so quickly. Unfortunately, adjusting to the current global health crisis has put new strains on computer networks and defenders, as millions of U.S. employees have shifted to working from home and opened the door for fraudsters to take full advantage of vulnerable home networks.
This is bad news for corporations that are fighting harder than ever to earn limited consumer dollars in an unstable economy. Consumers are paying more attention than ever to how companies are treating their customers. They don't want well wishes and trite expressions like "We're all in this together" from brands. They can see right through them. Consumers want evidence that companies are doing more than just talking about helping — they want action, not platitudes.
When the pandemic subsides and consumers have money to spend again, one thing is certain: They will be more mindful about which companies they support with their dollars. And companies that haven't done enough to protect their customers from online scams and fraud will be among the first crossed off the list of brands they'll do business with.
Go to jail: Nearly one in four consumers want CEOs imprisoned for data breaches
But it doesn't end there. A growing number of consumers would like to see leaders of companies who fail to protect customer data punished.
In an April 2020 survey commissioned by Veritas, 79% of consumers said they expected companies to use security software to protect their data. A full 71% of respondents said they expect companies to "stand up to cybercriminals," and 65% of consumers said they should be entitled to financial compensation by companies that expose their data.
Most concerning of all is that 40% of consumers blame CEOs personally for cybersecurity breaches, with 35% stating that a CEO should be forced to pay a fine in such a situation. Another 30% said the CEO of a company involved in a data breach should be banned from running a company, and 23% indicated that a CEO should go to prison.
We have already witnessed several CEOs step down from their companies after a major data breach, such as Target, Equifax and Imperva. The decisions to remove these leaders were largely driven by shareholders. But in this new era of consumer vigilance, CEOs and other leaders will be ousted by public demand.
Stop blaming consumers for phishing attacks
It's easy to see why consumers are fed up with the status quo. Just take a look at phishing attacks. They've been around for decades, and they still work. In fact, phishing attacks are on the rise right now, as fraudsters seek to take advantage of fear many people are feeling during this pandemic.
Phishers are happy to pounce on any topic in the news to launch a new scam. Knowing that many are searching for reliable Covid-19 information and are also worried about their financial future, phishers are launching attacks that prey on consumers' worst fears about the pandemic. Americans have already lost an estimated $77 million due to coronavirus-related fraud. Researchers have reported an upward surge in malicious emails that lead to phishing websites with promises of "financial relief" during the coronavirus pandemic.
Organizations that get caught up in these schemes will ultimately pay the price. Nobody wants to be the company whose customers were fooled using the coronavirus as a lure. CEOs have long procrastinated in dealing with phishing and web spoofing. They've left it to the IT security department to figure out. But executives are going to be in for an ugly surprise when their brands are targeted by fraudsters who leverage the pandemic as bait.
Protect your brand by protecting your customers
Companies spend millions of dollars building and protecting their brands. But when it comes to taking responsibility for protecting customer data, they often fall short. Organizations can't seem to connect the dots between consumer data breaches and brand reputation. But soon, they will have no choice but to do so.
For too long, corporations have pushed responsibility for cyberattacks, like phishing, onto their customers. If end users fall victim to a phishing scam, the common response is, "You need to be more vigilant." This puts too much burden on the users. Organizations cannot assume that the average consumer has been trained to recognize when they are being scammed. The phishers and fraudsters are that good.
Cybercriminals are using fear and uncertainty to trick people and make a profit. It's time for businesses whose websites are used in phishing attacks to do more. As the data indicates, customers are tired of taking the blame. They are demanding justice from companies who didn't take the proper precautions to protect their personal data. It's time for business leaders to stop pushing the responsibility on to consumers and step up.
CEOs must start recognizing that cybersecurity failures are devastating to their businesses on a number of fronts. There's just too much at stake to leave cybersecurity to the CIO and IT department. This is now a boardroom issue. Make no mistake: A major data breach, caused by phishing attacks on customers, has the potential to ruin an organization. A company's bottom line, brand reputation, stock price and future health are all in the balance.
Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?
