Security breaches cost firms millions of dollars and irreparable damage to brand reputation. Marketers can avoid such situations by having a proactive approach toward breaches with activities like regularly securing third-party tools and platforms, access control, and educating your customers about possible breaches. Sujit Kumar, VP of strategy & marketing at Valuebound, explains five ways to do that.
As today’s marketers rely more on data and technology, they are becoming preferred targets for cyber-attacks. The marketing domain needs to have a fine balance between maximizing operational efficiency and maintaining foolproof security. Here are five ways to minimize the risk of cyber threats, by focusing on the larger picture.
1. Vetting Third-Party Tools and Platforms
The arsenal of the marketer has become much bigger in recent years with specialized tools for data capturing, predictive analysis, running campaigns, promotions, and branding. Many of the best tools and platforms are distributed in SaaS (software as a service) format and cloud storage, which add to the security challenges associated with it.
Reputed firms like Microsoft, Apple, Dropbox, and Capital One have suffered cloud security breaches in the past. For example, in 2016, LinkedIn suffered a data breach in which the details of 167 million users were compromised. After the incident, LinkedIn strengthened the security aspects and introduced an optional two-factor authentication.
All new third-party services and platforms should undergo a stringent security assessment, and we need to thoroughly examine the SLA with the service provider. It should clearly mention the ownership and usage of data, along with liability clauses in case of a breach. Make sure that there is segmentation in storage between the different clients. Vendors who have relevant certifications like ISO 27001/02 or SOC 2 need to be given preference as it shows a more systematic and planned approach towards processes.
2. Strict Access Control
With big data, companies started collecting all possible data from customers, often not knowing what to do with it. Consumers are becoming more concerned about their privacy and legal interventions like GDPR and CCPA have come into effect across the globe to keep companies responsible for the handling of private data. Many of the marketing departments are used to having multiple users handling the same accounts using shared credentials, and some of these individuals might have left the firms too.
The default strategy of access control needs to be conservative using the principle of least privilege. A master account can help to monitor and control the various individual accounts for the various tools and platforms. Use two-factor authentication for access and change passwords periodically. Conduct periodic checks to remove rights. A systematic process is needed to identify the end-of-life of data and to execute its disposal.
3. Connecting with Customers
Now, there are multiple touchpoints for customers to connect with businesses and each of them can be a target for cyber threats. Even though hackers have started targeting through social mediaOpens a new window , most of the phishing attempts are still made using e-mails.
One effective way to protect your domain is to use email authentication protocols like DMARC (Domain-based Message Authentication Reporting and Conformance). Marketers need to be constantly in touch with customers to educate them on security practices and common threats. Use your social media platforms to communicate periodically about the current vulnerabilities and security updates. Marketers also need to monitor traffic data to identify bots trying to adversely affect the data gathering process and thus the predictive analytics
4. Expecting a Breach
According to marketer and strategist, Norman GuadagnoOpens a new window , the question that organizations need to ask themselves is not â€˜whether we will be hacked?’, but, â€˜When will we be hacked?’. A recent study found out that more than one-third of the companies surveyed were not prepared to respond to a breach. In most cases, it is not the breach alone, it is the lack of prompt response that ruins the customer trust in the brand.
As part of building resilience, all the critical processes, data flows, and architecture need to be documented. There needs to be a contingency plan ready to be executed in case of a breach. It should have alternate channels of communication among verticals, emergency contact information, SOS procedures, and how to inform customers about the breach. Conduct drills of cyber-attack scenarios periodically to check the promptness of response and to identify gaps. Also, closely examine the contracts with customers and stakeholders to ensure sensible and practical limits to liabilities for damages. Cyber insurance too can be part of your risk management strategy.
5. Collaborative Leadership
Technology can only aid in ensuring safety, but it is up to the individuals to take responsibility and ownership for it. Security of the website and other platforms, earlier considered as the responsibility of the IT department, is now everyone’s duty. Often, companies do not follow effective security monitoring and the weaknesses get exposed at the time of an acquisition when the buyer conducts the due diligence processOpens a new window . In the acquisition process of Yahoo, Verizon was able to identify vulnerabilities in the security system. Along with the data breaches that Yahoo experienced earlier, it resulted in the reduction of the sale price by $350 million.
On many occasions, the lack of a holistic approach toward security creates separation and silos. The marketing department represents the face of the business and is well-positioned to act as a bridge connecting various verticals like IT, Legal, Finance, Procurement, etc. There should be internal forums to discuss ideas and raise concerns within the organization. Security training and certification for employees need to be imparted from bodies like ISACA, CEH, CISSP, CISA, etc. The C-level engagement helps to ensure sufficient resource allocation for security along with the active participation of the team members.
We are living in a fast-changing technological environment and cyber threats are also continuously evolving. So, ensuring the security of your martech stack is not a one-time task and there is no single strategy that fits all. We need to keep learning about the latest threats and making changes to our security measures accordingly.