Hard to hack, by Help AG’s Soumya Prajna

Cybersecurity specialist Help AG's head of marketing & communications, Soumya Prajna explains the practicalities of protecting the customer in the age of big data.

As Gary Vaynerchuk rightly said, the best marketing strategy is care. I believe this becomes ever more pertinent as we evolve marketing and communications in the hyperconnected world. It is important for us to understand the concept and criticality of data and take the right decisions as part of a sustainable and successful marketing strategy.

Customer data is an invaluable resource for marketers, enabling us to target specific audiences with highly personalised content. The digital transformation of the marketing industry has unleashed the potential for highly effective and context-aware outreach that creates better results for the business.

However, big databases of customer information are a veritable goldmine for cyber attackers.

Additionally, today’s consumers are highly tuned in to the issues of data privacy and security. Increasingly concerned with what data companies are collecting from them, and how that data is being used and stored, the growing frequency of high-profile data breaches is only making consumers more wary.

Data-driven marketing must be combined with robust cybersecurity measures to protect customer data and minimise the risk of breaches that can damage a company’s reputation, disrupt business and lead to customer attrition.

Best practices for protecting
customer data

Marketers should deploy moderation when it comes to gathering customer data, which should be collected and used in compliance with regulations and governance frameworks on a local and a global scale (such as GDPR) as well as industry best practices.

It is crucial to limit employee access to customer data by defining access on an individual level, based on an employee’s role and the information they require to do their job. Even within the marketing team, not every member requires equal access across the board; for example, a market research expert will not need the same data as a copywriter. This strategy reduces the number of endpoints that can be compromised.

It is also best to avoid spreading data across lots of vulnerable storage media, as this opens up a multitude of access points to hackers.

Other best practices for protecting customer data include regularly updating software to install security patches; always using strong and unique passwords (consider using a password manager); and using encryption technologies.

A wise option is for companies to rely on a trusted managed security services provider (MSSP) to protect their data rather than doing it themselves, which involves a huge investment in terms of time and resources and forces them to extend themselves beyond their core business.

In tandem with these security measures, marketers should proactively inform customers about the organisation’s data privacy and cybersecurity policies and practices, as consumers value corporate transparency, especially when it comes to personal data.

Collaboration between marketing and
IT teams

Cybersecurity efforts should not be limited to the IT department. A ‘people-first’ approach that places employees at the centre of the cybersecurity strategy with a focus on promoting end-user best practices is key to turning them from the weakest link in the security chain to the organisation’s first line of defence.

There needs to be ongoing active communication and alignment between the marketing team and the IT department to ensure the right security decisions are made. Adoption of any new technological tools or platforms should be done in conjunction with the IT and/or cybersecurity department. This should be coupled with continuous monitoring and patching of vulnerabilities, adoption of the right security measures, utilisation of the right data protection methods, and constant efforts to minimise exposure points that could be leveraged by bad actors as a doorway to harm the organisation.

Marketers should also continuously educate themselves on cybersecurity and data protection best practices, with the guidance of the IT team.

In the event of a breach, marketers bear the responsibility of managing crisis communications and coordinating disaster management to ensure business continuity. They should have a solid understanding of cybersecurity and data protection as it pertains to their work, as well as of the company’s security and privacy policies.

Cybersecurity is invariably important to all employees in an organisation, so there should be regular training on how to spot and evade cyber-attacks such as social engineering and malware. Marketers are especially at risk of being targeted by attackers, as they are often in charge of sensitive customer data.

The marketing team should work hand-in-hand with the IT department to create ongoing internal security awareness initiatives that are customised depending on behavioural analysis and aim to educate employees about the best practices around cybersecurity and data protection in an engaging, useful way. For example, mock phishing campaigns of different levels can spot weak links within the organisation and identify where additional training and awareness is required.

Best practice is key

The digital transformation of marketing has enabled practitioners to target individual customers in highly personalised and effective ways. However, the accumulation of personal customer data by organisations creates a lucrative target for cybercriminals.

By implementing cybersecurity best practices such as only collecting necessary data, limiting access to data and centralising data storage, companies can prevent disastrous data breaches, hence avoiding downtime and associated losses to assets, including but not limited to brand reputation. Organisation-wide awareness of cybersecurity risks and best practices must also be created through employee training programmes and other internal initiatives. To maintain customer trust and organisational reputation, marketers must combine their data-driven strategies with proactive cybersecurity efforts.

The world is only going to get more connected. Data is the new oil, and analytics is as good as the purpose it is used for. It is not about if, but rather when you might be the next victim, and the best solution is to adopt a proactive approach and focus on creating a smart and secure digital culture in organisations.