As a marketer working in the cyber-security industry, I'm bombarded with news about data breaches all the time—in my emails, my news feed, my co-workers' conversations around me... And as hard as it is to admit, it all starts to normalize and become a part of my every day.
However, when Deloitte, one of the biggest accountancy firms, got hit with a breach in September— I thought, "What a PR nightmare" and began to wonder about what the marketing and PR implications are for cyber security.
Although we marketers may not be the ones providing technical support or implementing security applications in our workplaces, what can we do—if anything—to prevent breaches security like that one from happening?
My job responsibilities (and yours, I'm sure) cover a wide range of channels: At 9:00 AM I can be looking at advertisement statistics and analytics, by 3:00 PM I can be checking out an event location, and when 6:00 PM rolls around I'm finishing up sending over emails to potential leads. Because my work varies so much, I use a multitude of platforms that are largely Cloud-based.
Now don't get me wrong... The myriad of platforms make my workflow a whole lot easier, but the lack of integrations into one seamless platform inevitably means that information is being distributed to multiple locations. That information could be anything from company financial figures to customer contact information—which, if it fell into the wrong hands, could mean bad business.
US credit monitoring agency Equifax revealed, also in September, that it had had 143 million customer contacts stolen in a hacking incident. That's not something I would ever want to be cleaning up, but it was a reminder that without taking the proper measures within my marketing responsibilities... that could be me.
So, what are some things that we as marketers can do to deflect or even block the cyber-breach blow?
After some reflection, based on my experience working for a security company I came up with top four tips for fellow marketers.
1. Make friends with the IT folks
Unfortunately, I don't have a tech background, and though I love to learn about the intricacies of the cyber systems that I come across each day, sometimes it's not the best idea to be reading through "IT for Marketing Dummies" while I'm trying to do my job. So, get to know the IT managers in your company and feel free to ask them questions (as long as you're not impeding their jobs, of course). The modern-day office isn't about being separated by office and cubicle walls, so you have a great opportunity for interdepartmental communication and cooperation.
After all, if you come across an unfortunate scenario of your data being breached, your IT-manager will have to do the bulk of the cleaning up. So, when in doubt, talk to them to avoid risking mishaps. Ask: What protocols or systems are put in place in terms of security, and how can you help make their job a lot easier?
2. Be informed about your platforms
Just as even a well-known company can be subject to a breach, even the shiniest applications can be vulnerable to attacks. Do some research and make sure that the platforms you're using are not only reputable but also secure. Do they back up their data? Do they use multi-factor authentication? Those are just some of the questions you should be asking yourself.
If you're using customer relationship management (CRM) software to collect customer or lead data for your email direct messages (EDM), then make sure you're getting only what's necessary and that the platform uses encryption of some kind to ensure that the data is safe.
Also, don't hesitate to ask your platform or software providers how much access they have to your data. Some CRM tools use client contact bases to distribute contacts to third-party applications, and that's probably not something your contacts signed up for.
3. Transparency is best
Whether it's through EDMs or through offline events, I meet a lot of people on a daily basis. And online or offline, it's consistent: People prefer honesty. Be open about your security policies, and let your customers as well as your website visitors know ahead of time before any major changes take place.
Assure them of the safety of their data (and ensure that their data is actually safe), and you'll find that they will be much more willing to purchase or partner with your company.
4. Take initiative
I'm fortunate to work at a company that prioritizes security, so there are tools already in place to make sure that connections are secure before they're even initiated. However, not every marketer works for a cyber-security company, so maybe you need to be the one who takes initiative and is proactive about security protocols.
What can you do? Start with your own marketing channels. If you find that your company's website does not have SSL (meaning your communications are not encrypted), perhaps you can talk with your IT manager about getting that process started. If your applications are not secured, perhaps it's time to start thinking about a Web application firewall (WAF).
Maybe you're part of a startup or NGO and lack the funds. Fortunately, free security tools are becoming more common, and some tools go so far as to offer commercial licenses to nonprofits free of charge.
Other services offer other means of lowering cost. Whether that's charging by traffic level (meaning that if you have a low-traffic website, you may be getting service for free or at least at a very low cost) or offering free features such as SSL and DDoS mitigation, there are solutions that offer a terrific way to begin implementing security into your organization.
At the end of the day, security doesn't have to be expensive. The important thing to take away is that even a little bit of investment can go a long way in securing your customers' data as you go about your marketing and lead-generation efforts.
