Marketers are unabashed in their use of technology solutions, increasingly depending on various applications to help automate, measure, communicate, optimise and analyse marketing activities.
With the introduction of these new technologies, marketers are opening themselves up as a target for hackers and exposing companies to the risk of a cyberattack.
Marketers by their nature are easy to target, they tend to have a larger presence on social media, sharing more personal information than their counterparts.
Hackers are continually looking to compromise businesses or individuals that make themselves a soft target, and social engineering is just one tactic used to gather information to prepare an attack.
More marketing tools means more potential vulnerabilities.
Driving revenue and brand awareness are typically top of mind priorities for marketers.
Today, every marketer needs to be aware of where their customer data is stored, how it was collected, do they have permission to use it and are they keeping it secure? With the introduction of GDPR in 2018, there are serious consequences for those companies that fail to adequately protect and manage the personal data they hold.
Customers provide personal and possibly sensitive information on the understanding that companies will protect their data responsibly.
When a company has a data breach there are consequences.
Not only is there is a breakdown in brand integrity, but it can impair a firm’s relationship with its customers and negatively impact trustworthiness. The result being a loss of customers to competitors and the need to invest in remedial actions to help the brand recover.
The brand of a company is one of its most valuable and desirable assets. It is also the asset that when compromised is hardest to fix. Despite the risk, many marketers fail to see the consequences of not thinking about cybersecurity in how they perform their role.
Cybersecurity for Marketers, how to make it a team effort.
In 2019, pretty much everyone and everything is online, always connected, in an environment with porous perimeters. That means known vulnerabilities can be easily exploited because of a lack of security and oversight.
Theft, whether of a financial nature or of proprietary data we know is a growing problem. But in addition criminals are also trying to capture and decrypt our online activities, steal our identity and fool us into engaging with fake websites.
One of the most common forms of hacking is stealing your login credentials and taking over your personal identity to gain access to business applications, taking personal data or stealing money.
While cyberattacks are growing increasingly sophisticated in their execution, the main reason for breaches tends to be a lax approach to cybersecurity among employees.
Cybersecurity cannot be achieved without addressing the human factor - 95% of all data breaches can be traced to human causes, that occur unintentionally or with malicious intent.
Typically, as systems themselves have become harder to penetrate, the hackers have sought out softer targets. The easiest plan of attack has been to leverage social engineering to target identity theft.
And even when systems have been designed to minimise risks, an individual employee can undo the best of cybersecurity plans – all it takes is a click on the wrong website or opening the wrong email to let a criminal in.
Education is key to protecting your brand. Learn from the mistakes of other companies that have fallen victim to a malicious cyberattack but failed in how they managed the fall-out and the consequences on their brand reputation.
Hiring a security expert such as Worktools can be invaluable in the fight against cyberattacks. Providing specialised knowledge, with the potential to save a company money and their brand reputation in the long-run.
Informed staff and a secure system can build the foundation for a strong cybersecurity defence and help to effectively manage an attack if one does occur.
Back up everything.
Often, the information stored in a laptop can be of more value to a criminal than the laptop itself.
Protect yourself from losing data by regularly backing it up, either with an external hard drive or more common now is to use a cloud storage solution.
Data backups protect your data from being stolen, but they are also a safe option in case you lose hardware or are the victim of ransomware, whereby the machine is made inoperable until payment is made to the attacker.
Many common software programs and applications like Microsoft Word, Microsoft PowerPoint, Dropbox, and Evernote have options for you to encrypt specific files and set passwords for them. And, don’t forget to accept the latest updates to the software you are running.
Remember to protect devices with strong passwords, frequently update them and never share them.
Many of us will use a weak but memorable password because it’s a shortcut. Passwords need to be anywhere between 12 to 20 characters long and a combination of upper and lower-case letters, symbols and numbers if it is to stand up to hacking attempts.
Two-factor authentication, also known as 2FA is an additional security layer helping to address the vulnerabilities of a standard password-only approach. A common and effective example of this involves a code sent to your smartphone which you must enter in addition to your password.
Issues when working over a public Wi-Fi.
If you regularly use public Wi-Fi networks it makes sense to keep your antivirus software up-to-date and running when you are accessing a network.
You’ll also need to make sure that you are using a legitimate Wi-Fi hotspot. To do this make sure you know the specific name of the network, and log on to that exact one.
Anyone using public Wi-Fi is especially vulnerable to a man-in-the-middle (MITM) attack because the information transmitted is generally unencrypted.
A MITM attack is where a third-party intercepts communication between two participants. Instead of data being shared directly between server and client, that link is broken by the uninvited guest. The hacker, through a compromised router will try to retrieve information from your device.
Hackers often create bogus hotspots with a similar or vague name that shows up alongside the authentic networks. If you're not actively using a hotspot, turn off Wi-Fi so that your device is not visible to others.
Always check that your Internet browser shows a URL beginning with "https" and a padlock icon. As an added security measure, make sure you always log out when you’re leaving a network so that nobody can take over your session.
What marketing tasks are most susceptible to an external threat?
Email marketers tend to be in the sights of hackers, as they are the most easily identifiable party that they would want to impersonate. And email tends to be the “weapon of choice” when it comes to criminals trying to exploit system vulnerabilities or innocent people.
Phishing scams are rife right now, and it’s very important that marketers ensure that their marketing communications cannot be misrepresented in a malicious way.
With the proliferation of smartphones there is also a high risk of cyber criminals using familiar brands names or in-market campaigns to solicit victims to click on loaded links, visit fake websites or engineer confidential information by pretending to be a genuine company.
The use of in-app messaging tools, SMS and text messages has also been used by fraudsters frequently.
The following are some of the fraudsters “tools of the trade” that marketers need to be aware of:
Malware (i.e. ‘malicious software’) refers to harmful programmes and software that allow hackers to access or destroy data on an infected system.
Email is the most common method used to deliver malware: a recent estimate is that 80-90% of ransomware attacks for example come via email.
Hackers often distribute malware by disguising it as a downloadable file, such as a Word document, PDF, .exe file, etc. They usually attach them to emails, in-app messaging, social media posts or have victims download links on websites in a form that looks genuine.
Once malware is on a system, the hacker can access data, monitor keystrokes, activate webcams, or remotely take control of a machine. Ransomware is a common form of malware, which locks your data and demands a ransom payment to release the data.
Similar to malware, phishing involves tricking a user into clicking loaded links to acquire personal information, such as passwords, by posing as someone legitimate or an organisation or brand familiar to that person.
It can be conducted via a text message, social media or by phone, but most people use the term 'phishing' to describe attacks delivered by email.
Phishing can also happen over social media, where hacked accounts share links via a status update or private message. This type of phishing is often effective, as users are likely to trust links sent by people they know.
So, what can marketers actually do?
Marketing can play a number of roles in a company’s robust approach to cybersecurity:
Become more involved in understanding how the data is managed and protected.
Ensure to assess external vendors in partnership with IT, as third parties in the supply chain are often key sources of vulnerabilities.
Communicate externally in a way that makes customers feel safe, without revealing too many details.
Know and understand the relevant data governance regulations on how you collect, use and disclose customer data.
At Worktools in addition to the managed services we also provide a range of consulting services, which can be offered on a one off or ongoing basis. This can range from a short risk assessment to managing your cybersecurity strategy.
Let us help you look after your data, your reputation and legal compliance. As an outside provider Worktools can do initial security assessments and ensure that everything is secure, both locally and through remote access.
Image source: www.freepik.com