Hyatt Hotels recently announced the launch of a new bug bounty program as part of an effort to keep customer data safe. The hotel chain has partnered with HackerOne to offer rewards to researchers who can spot vulnerabilities and security flaws in its digital properties and apps, with bounties of up to $4,000. The announcement comes on the heels of the massive security breach that rocked rival hotel chain Marriott International at the end of 2018, which means it’s probably as much a marketing tactic as a cybersecurity measure.
Of course, big software and tech companies have conducted similar programs for years, and Apple has been known to dish out rewards of up to $200,000 to those who stumble upon security flaws within its products.
Hyatt’s foray into the space is significant, however, because it is one of the first times a consumer-focused service company has made such a public commitment to cybersecurity.
Making cybersecurity a team effort
Crowdsourced security programs, the reasoning goes, bolster transparency. They create a partnership between brand and customer, and signal the company values the customer's input. Yes, it takes a certain type of courage to acknowledge that your company's security systems and protocols may not be perfect, but the rewards for doing so can be immense.
Not every company has the resources to pay out large bounties to professional hackers, but businesses large and small should still strive to get direct feedback from customers. After all, hearing directly from customers gives you far better insight into their needs than even the most educated guess.
Even when a bounty program isn't a viable option, there are plenty of ways small businesses can get feedback on their security efforts. Constructive criticism at every level fuels growth. When the assessments come from the people you’re trying to serve, they're even more valuable.
To cultivate a helpful feedback loop, small business owners can take three simple steps:
1. Actively seek feedback
Paying customers may have the most to lose from bad security practices and will thus be most willing to provide feedback. To find out what they really think of your efforts to keep their data safe, reach out to them on social media, send out surveys via email, or make live chat available on your website.
Remember, your customers aren't the only ones who can provide outside perspectives on your processes. For example, a construction firm that interacts with a big general contractor upstream (and a number of different subcontractors downstream) could look to any or all of these partners for feedback on workflow security. If an employee at a partner firm notices that your email isn't encrypted and takes the initiative to alert you or a member of your team, don’t disregard that advice. Making security a group endeavor can strengthen your entire ecosystem of partners.
2. Find other ways to reward customers
Money isn't the only way to reward those who help improve your business. Often, simply thanking a customer who provides constructive criticism can go a long way toward making customers feel appreciated and strengthening your brand. In fact, 45 percent of customers are more likely to forgive a company that responds to their complaints with a thanks and an apology, while only 23 percent respond positively to compensation without the acknowledgment.
You can take it a step further by publicly recognizing customers who provide feedback on social media or in your local advertising. Show your customers that you value them – not just their wallets – and they will become your best ambassadors.
3. Take advantage of low-cost security tools
Customers are far likelier to give constructive feedback if they know you're taking every practical step to protect their data. The sheer number of free and inexpensive security options available means there's little excuse for not having basic precautions in place. Once you've done that, reach out to your customers and tell them specifically what measures you use to secure their data.
The financial investment it takes to encourage helpful outside feedback and ensure basic levels of security is a fraction of what a data breach would cost your company. If your business does fall victim to an attack, having communicated proactively will mean you get to keep your customers' trust.