As Cyber Monday approaches, Radmila Blazheska, CMO, SecurityHQ, defines the true impact of security breaches on an organisation's reputation and how to reduce your chances of a debilitating attack through damage control. A cyber-attack and with it a potential data breach, will not just ruin a company’s reputation but has the potential to ruin years of effort from a PR and marketing perspective. A data breach would potentially end in financial loss, risk of brand reputation or essentially business closure.
Regardless of what industry you are in, or how big your organisation, marketing is at the heart of most companies. It is the department that builds on the brand image, conveys the right ethos and promotes the company values. Marketing is what nurtures client relationships and partnerships. It makes information accessible and businesses stand out.
Businesses need and rely on their marketing teams. So, when malicious activity and a single cyber-attack can destroy all this work with one swift move, it is worth dedicating some time to.
Reputation
Think of everything that makes your company what it is today. All the people, the processes, the technology, the relationships, the branding, everything that ever went into creating what your business represents today. This can be destroyed in an instant.
A data breach and with it a PR crisis, has the potential to significantly affect the image of an organisation.
Often seen on par with poor customer service, Forbes' The Reputational Impact of IT Risk
report highlighted ‘that 46% of organisations had suffered damage to their reputations and brand value as a result of a breach. Another 19% of organisations suffered reputational and brand damage as a result of a third-party security breach or IT system failure.’
CSO goes as far as to say that ‘customer loyalty damage is done in the event of a breach, and that sales do take a nose-dive. Target’s sales fell by 46% year-on-year in the fourth quarter of 2013 to $520 million (or 81 cents a share), while eBay (breached mid 2014) admitted declining user activity impacted its quarterly net revenue.’
Image By Arda Savasciogullari / Copyright Shutterstock
Say, for instance, that your marketing team spends months creating a shiny new company website. Between the research, content creation, design, branding, development, review and testing, a lot of time and money is invested in the process. Yet no matter how good your site is, no matter how hard the team worked, no matter how wonderful the words, or how interactive the images, if a data breach occurs within the company, people will have less faith in the service. Also, you will never know the true value of your marketing efforts if your audience does not trust your security/ service.
Social Accounts
The majority of organisations have a public profile. Be it Twitter, LinkedIn, Instagram or Facebook, social media reaches audiences across the globe. From these, links to forums, groups and other social media pages can be accessed. The marketing team dedicates a great deal of time formulating content for these sites, creating posts, coming up with designs and more. But if the account is compromised, this could put the whole operation and company at risk.
You can trust your own marketing team…. surely?
Not only can a security breach occur from outside the company. But employees often threaten the security of a company without even being aware that they are doing so. Sure, malicious activity does happen from time to time, often from a disgruntled employee. But both malicious and accidental threats to the organisation happen internally when the right security measures are not in place.
This is why User Behaviour Analytics (UBA) is essential to understand the actions within an organisation and to highlight and stop unusual activity before the damage is done. By using ML algorithms, expert analysts are able to categorise patterns of user behaviour, to understand what constitutes normal behaviour, and to detect abnormal activity. If an unusual action is made on a device on a given network, such as an employee login late at night, inconsistent remote access, or an unusually high number of downloads, the action and user is given a risk score based on their activity, patterns and time.
Marketing automation
Marketing teams often work with IT or data departments within the company. Usually if the company is small, it may not have a dedicated Data Protection Officer and often the Head of Marketing fills in this position. Hence, marketers need to make sure that all data in the company follows the legal procedures and local/global compliance. Marketing automation platforms need to be reputable and privacy policies on data gathering processing must be regularly updated.
If you share data across different departments, you will need to find out how data is sourced, who looks after it and who owns it. It is important to talk to your IT, data and CRM experts but, most of all, get all of your marketers and marketing team under one roof and talk about their processes. You will be surprised how different teams and departments have different email marketing procedures. In addition, discuss their lead management, audience segmentation or marketing strategy. Who sends what, when and to whom?
Compliance with the right rules and regulations is crucial to cyber security and data protection.
So, as a marketing team, how do you Reduce your chances of attack?
Ensure that you are utilising the right data regulations (GDPR), and that security compliance with these measures are met.
Ensure that password policies are updated, maintained and reviewed regularly.
Ensure security training across the whole of the company, especially in how to spot a phishing attack. Everyone needs to know how to keep their systems safe, and what to do in the event of an attack.
Regularly update and secure portable devices.
During COVID-19, the majority of workforces will be working remotely. When doing so, ensure that your marketing team only uses a trusted and secure WIFI, and are vigilant when it comes to keeping sensitive data private when sharing communal/shared living spaces.
With the upcoming Cyber Monday (30th November), this being one of the biggest campaigns in the year for marketers, lots of hackers will us a multitude of phishing techniques to steal data. Marketers should prepare in advance for this, mainly by checking to see if there are any hoax websites that look like their own. This can be checked via Managed Network Detection and Response.
Image By geen graphy / Copyright Shutterstock
Despite the hard work of your marketing team, it only takes one successful attack to bring all this work crumbling down.