The delicate balance between personalization and security

For most people, personalized products and services have often been out of reach.

That’s because personalization used to mean premium. If you wanted it, you had to pay a high price.

Nowadays things are changing. We live in a digital world full of data where customization is sometimes a simple swipe away.

Chances are you might even take your daily dose of personalization for granted.

Think about the playlists Spotify creates from your liked songs. Or the shows Netflix wants you to watch next based on your recent viewing habits. Even dating apps like Hinge match you up with potential partners according to your past preferences.

The amount of data you share about yourself every day enables you to move in a digital direction that is uniquely yours. And in the coming years it’s a journey that’s likely to take you to some interesting places indeed.

There’s just one potential snag to this easier route toward personalization. By sharing more data about ourselves, we attract the attention of bad actors who are quick to recognize the value of it.

Almost without noticing it, we’re immersing ourselves in a digital landscape that we’ve painted ourselves. And once we’re inside that canvas we’re much less likely to spot an uninvited guest. Somebody who’s pretending to be a permanent feature there.

Recognizing this fact today can help us make sure we maintain a healthy balance between personalization and security.

For the most fortunate in society, material possessions alone don’t quite cut it anymore. For them, fulfilment is to be found on a higher plain - namely in meaning and creativity.

They often look to online spaces to satisfy this demand. That might be via a social media app on their smartphone, or a multiplayer game on their Playstation.

The digital worlds where people spend more and more of their free time are full of personalization. Video games are increasingly becoming virtual escapes for an hour or two. Players don’t just get to dress and equip their virtual characters anymore. They can even shape their journey in a way that’s unique to them.

We’ve also carved out spaces for ourselves on social media. Apps have made it possible for us to curate the content we consume there.

Whatever your passion, whatever your niche, you can create a digital world that suits you. Your Instagram feed can become a kind of personal gallery. Or you can settle in to follow a modern-day debate on Twitter that appears to have been designed just for you.

All from your fingertips. And all of it thanks to the power of data.

Before we were swimming in data, personalization was a lot harder to come by. "Made to Measure" is a concept that has existed for hundreds if not thousands of years. But it’s never been as inclusive as it is today.

The evolution of personalization is being driven by new technologies. From facial recognition to advancements in AI and the semi-invisible sensors that surround us.

In the coming years, this technology won’t only continue to customize our digital experiences. It will enable them in the real world, too.

Physical stores are opening up that use this new technology to provide a more engaging experience for their customers. Take the flagship CoverGirl store in New York, for example. It makes use of augmented reality stations so visitors can try on makeup virtually and see the results before they buy.

Increasing numbers of brands are now using GPS together with their company apps to send notifications to customers when they come near the store.

Imagine a retail company has data on your previous shopping habits or they know you’ve been browsing a particular item online that is now available and discounted in store. A quick notification when you get within range could be too tempting an offer for you to turn down.

The covid-19 pandemic was a good testing ground for what’s likely to become the norm for marketing in the 2020s. Socially distant shoppers reliant on their smartphone to make orders and sign into physical locations enabled forward-thinking brands to experiment.

Expect them to learn from it and to communicate differently with customers once the world slowly returns to normality.

Other companies like Affectiva are using machine learning to develop algorithms that can map facial expressions. This opens doors to the possibility of marketers communicating with (and sending promotions to) customers in a specific way based on their mood.

Technologies like these will aid personalization both in store and inside the home.

The end goal for the 2020s - and something we’re already seeing the beginnings of - is an ecosystem of connected devices and sensors working within the home in tandem. Perhaps controlled by a virtual companion that can do much more than tell you the weather forecast and change your Spotify playlist.

Your smart home will know when you want your coffee brewing in the morning. It will know when you need to heat up the car, and when to turn off the lights.

The potential of personalization to businesses that get it right is huge. But getting it right involves having empathy for your customers and finding the right balance between personalization and security.

Especially in a world where cybersecurity threats are more varied and more subtle than they’ve ever been.

A brand taking an interest in you and treating you like an individual rather than a generic customer is a nice feeling. It can make a real difference to how you see your long-term relationship with that company.

But there’s a fine line between caring and creepy.

Remember that old story about Target figuring out a girl was pregnant before her father did?

In a Gartner survey of more than 2,500 customers, almost four in 10 said they’d stop doing business with a company if they found their personalization efforts to be creepy.

The better personalization gets, the greater the potential costs to individual privacy. But there are ways companies can make sure they stay on the caring side of the road.

Smart businesses looking to the long term can take a lead on “minimum viable data and controls” required to empathetically engage their customers at scale. So, that means contacting them at time periods (and intervals) that suit them, rather than overwhelming them and scaring them away.

Academics and industry leaders are also exploring approaches that resolve the natural tension between personalisation and privacy. This includes embracing something called fully homomorphic encryption. That would allow people to search for products or services online without third parties chasing them around the internet reminding them that they'd done so.

Clear communication is a vital part of the delicate balance between personalization, too. Businesses don’t only have to be clear with their customers about how they use their data. They also need to be upfront about how customers are likely to hear from them.

After all, bad actors often look to exploit the wealth of communication channels that exist. We’ve seen that in the past year during the covid-19 pandemic. A side-effect of the global crisis has been a massive hike in social engineering.

We can often spot these phishing messages. But not always. To the untrained eye, a text message from a hacker pretending to be a bank can look just like the real thing.

Suppose your bank tried to personalize your experience with them by suggesting you could receive account updates via text message. Then imagine that shortly after approving this change you receive a bogus message from an opportunistic bad actor.

There’s no easy solution to this problem. The best way for companies to operate is to be completely transparent with their customers while also developing their apps and software by following security by design principles.

A lot of phishing and man-in-the-middle attacks try and trick people into downloading fake applications. Once someone has downloaded it, hackers can glean their valuable personal information such as passwords or even bank account details.

Bad actors also probe genuine applications in order to try and steal sensitive logic and data, or to run a dynamic analysis and reverse engineer the app for their own benefit.

The examples above help to explain why the balance between personalization and security is such a delicate one right now.

Personalization is one of these trends. And it’s converging on another one - the increasing importance of applications to business success.

The very same apps that will play a vital role in the customization of customer experiences.

Mobile apps were already an attractive target for bad actors before they collected a mountain of valuable data about customer preferences and desires.

Part of finding the right balance between personalization and security will be protecting these applications properly.

Companies will have to invest in threat intelligence systems to understand the evolving threats their app is up against. And once these risks are recognized, they’ll have to make sure their app is equipped with robust security. This includes environment checks and integrity checks to spot emulators as well as debugging and hooking attempts.

The fact that customized products and services are available to the masses is a wonderful thing. For both businesses and their customers, the potential benefits of personalization are huge.

But so are the risks of getting it wrong.

The companies most likely to succeed in the next few years are those who are already thinking about this fine balance.