With its reliance on the collection and translation of prodigious quantities of carefully-gathered data, marketing has—and always will be—a data-informed discipline.
Such large-scale collection of personal information delivers invaluable datasets to businesses, informing the advertising, branding, pricing, and sales towards their target consumer groups.
But while the ubiquity of this data collection is taken for granted, it’s crucial that its security isn’t.
Because the large datasets that businesses collect are a hacker’s dream. Accessing this data allows external users the opportunity to compromise individuals’ identities, and profit directly from their personal information.
With the personal and private nature of what’s being collected, it’s imperative that strict information security (InfoSec) is taken into account by teams, departments, and businesses undertaking any marketing activities.
The rise in data security breaches
The prevalence of data breaches is increasing. According to the 2019 IBM Cost of a Data Breach Report, since 2014—a span of just six years—the likelihood of a business experiencing a data breach has grown by 31%.
In fact, the current chance of a business experiencing a data breach within any two-year period is at almost 30%.
But it doesn’t necessarily occur the way one would think. The concept of ‘hacking’ is changing, and the most successful security breaches are less reliant on repeated, targeted malicious attacks. It’s certainly not the high-octane, techno-driven, dark-light experiences presented in television crime dramas.
A much simpler affair, the biggest data risks for businesses come from commonly exploitable weaknesses. Weaknesses such as easily-guessable passwords, unencrypted data, or default system credentials. Issues that, were they addressed at the outset, would not present as a security threat.
These weaknesses, at their core, are the result of human error: laziness.
With such sensitive data in their care, marketers and businesses are 100% responsible for the data that is being collected for their purposes, and need to be held accountable for its security.
Insecure data is bad business
According to the 2019 IBM Cost of a Data Breach Report, the average total cost of a data breach for an Australian organisation is $2.12 million—or a cost of $110 per lost record in Australia. That’s a $110 loss for something as simple as a name or email address, let alone a password.
But data breaches cost businesses more than money. If clients and customers lose trust in what a business will do with their data, then their simplest option is to stop using that business’ service.
Take for example the 2018 Cambridge Analytica data scandal. After 50 million Facebook accounts were found to have been compromised, delivering highly-sensitive personal data to Cambridge Analytica, there were mass calls from customers to delete Facebook.
Their reputation took a massive hit, and their stocks dropped by as much as 5%, with their market cap losing approximately $13 billion in value. In recent news, Facebook has been fined $5 billion by the US Federal Trade Commission for this misuse of information.
Now while scandals on this scale aren’t likely to manifest for most businesses, it just goes to show that cyber security is an increasingly serious issue, with increasingly serious repercussions.
And, alarmingly, it’s smaller businesses who are more likely to experience a data breach than larger businesses—with the results having a much greater relative impact.
Understandably, consumers are now more wary than ever of data security. If a globally-trusted organisation like Facebook can’t be relied upon to keep their information safe, who can?
With this in mind, it’s up to businesses of all sizes to demonstrate their commitment to InfoSec best practices.
How to tackle this issue
Dealing with a data security threat doesn’t just mean notifying clients and customers when their data has been compromised. A business simply owning up to their lack of data security does not remove the fact that the data has been compromised.
It’s incumbent on responsible businesses to understand exactly what data they are collecting, where it is held, who has access to it, how it is transmitted across the internet, how protected that information is from exposure, and to use these points to generate a robust cyber security plan that ensures the reduction of the chance of this information becoming compromised in the first place.
To take the first step towards developing a holistic cyber security plan, marketing departments and businesses should consider the following points that will see them on the path to delivering robust, secure InfoSec.
- Develop strict documentation practices to determine exactly what customer data is being collected and transmitted.
- Develop a swift, thorough data breach response plan.
- Interview all internal staff and third parties who handle your data, to ensure they’re treating your data with the security it requires.
- Investigate the processes in place for destroying data. For example, what happens to data when you upgrade a server, or after a website form is submitted?
- Conduct regular independent security audits of all systems that hold and transmit data.
- Ensure SSL certificates are applied to all systems that hold customer data, to ensure all sensitive data is transmitted securely.
- Educate staff on best practices for handling of information. People are usually the weakest link when it comes to comprised data, so the better their understanding of InfoSec, the better a business’ security protocols will be.
This last point is critical. A business that has a culture of strong data security, while not necessarily inoculated against threats, will be much less prone to breaches than a business who thinks the height of security is adding a number at the end of their generic passwords.
As the threats to data security grow, businesses can’t afford to ignore how their customer information is being handled. Data breaches, regardless of their nature or scale, result in reputational damage, shedding of clients, and monetary loss.
When it comes to data security, businesses performing marketing activities of any kind should be prudent in the decisions they make on where and how they store their users’ information, and have detailed plans in place to keep it secure.
The right InfoSec practices should be built in to organisational protocol—it’s just good business.