Building a cybersecurity strategy for marketers
By Radmila Blazheska, CMO, SecurityHQ and Eleanor Barlow, Content Manager, SecurityHQ
Marketing teams often work with sensitive data, be it customer or contact data, in your CRM, WordPress site, payment details, and much more. Chief Marketing Officers (CMO’s), Head of Marketing, and Marketing Directors are accountable for data, how it is used, stored, and shared within their marketing teams.
Since GDPR was enforced, most marketeers also hold Data Officer roles, or are very interlinked with these roles, and form the connection between data, IT, and marketing departments. Which is why it is crucial for marketing teams to know how marketing tools are used, stored, and processed, so that if a data breach were to take place, accountability is made clear and next steps are known by all parties.
Three elements that marketing teams need to be especially prepared for are brand theft, supply chain attack/third party vulnerability, and data security weaknesses.
1. Fight Against Brand Theft
Brand theft covers situations whereby any company/user, applies your company information, such as brand name, emails, domains, and elements like that, without permission/agreement. Copyright infringement included. Large companies are often targeted by phishing campaigns and there are also lots of fake social media accounts out there, right now, using y our brand. Which is why, if there is data that has already been stolen or breached, companies need to know about this, to know exactly what has been accessed, so that an action plan can be made.
Marketing teams need to be prepared if a breach is made, as most of the communication will fall onto the marketing team anyway. In turn, marketing teams need to know how to respond to a breach, how to communicate with customers following a breach, how to communicate with the public, with government enforcement, and more. On top of large fines, some brands never recover. Timing is everything, and bad PR can crush companies.
Marketing team individuals are also often targeted as they can easily be spoofed over an email or phone call. Identities of team members can be at risk, which is why Threat & Risk Intelligenceshould be used as a tool to view, monitor, prioritise and analyse all digital elements of your organisation. This includes internet, applications, systems, cloud, and hardware, to help detect and prevent attacks. By using this service, you will be alerted on any infringement both on the open and dark web.
2. Know How to Spot Supply Chain Attack
An element impacting marketing teams, across the globe, are third party compromises and supply chain attacks. Every time there is a data breach of a third-party provider or data aggregator, there is also a data breach of all their users and partners. In response, a zero-trust model should always be implemented when working with a third party. But this is why it is very important that the marketing tools used by the marketing teams are secured.
Most marketers work with WordPress, or similar sites. If their site is attacked, how would they know? If they do not have the training, how would they know what to look for to stop an attack in the first place? When a data breach happens, there is also the question of how to communicate this to the customer base. Companies must legally declare a breach, but not all of them declare it to their customers, and if their data is misused then they are liable to pay substantial fines.
In effect, while basic training is usually presented to every employee, in every company, there is not much education for marketers on a more granular level. There should be more cyber training and awareness for teams, and marketing should work very closely with their IT Teams, data teams, and security teams, to ensure that the brand is protected, and marketing tools are armed against attack.
3. Data Storage & Regulations
With GDPR, there is a fine-tuned process with regards to data storage, and how data is processed. There are also different legalities with regards to data, depending on geolocation. For instance, the EU has strict regulations, and now that the UK has left the EU, there are different regulations in place depending on where the data is coming from.
In addition, there are new regulations regarding cookies, which cannot be automatically stored anymore. This effects digital marketing and advertising, and marketers need to know how to deal with this sensitive information now that laws and regulations have changed.
How Marketing Teams Can Move Forward
In every company, in any industry, marketing teams should have access to Threat & Risk Intelligence (TRI) and they should have more advanced and regular cyber awareness training.
On top of this, security teams should have in place Vulnerability Management to view and act on all vulnerabilities across all your digital platforms. As well as Endpoint Protection, to safeguard both personal and business devices as teams work remotely.
The accountability and liability of data storage should be ingrained in marketing roles. Because, sometimes, our greatest threats are ourselves. Therefore, Cyber Marketing Awareness and training is a must for all marketers, and marketing teams should work with (and alongside) IT and data teams, to make sure that all their data and marketing tools are protected against cyber threats.