While traditional marketing has no place and no need for worry about marketing security, the new world of marketing tells a different story altogether.
As digital marketing becomes a significant part of most brands’ marketing mix, security becomes a very pressing concern. In the recent month, a series of cyber attacks occurring in succession highlights the dire consequences of having lax digital marketing security.
Adobe suffered a cyber security breach last month affecting 38 million customers. Customer IDs, encrypted passwords, credit and debit card numbers were stolen during the breach. The hackers responsible for this incident now possess with them the power to potentially take complete control of the affected accounts and indulge in extreme mischief.
Popular social media tool Buffer was also hacked last week. Affected brands had spam content posted from their social media accounts that were connected to Buffer. In that same week, Malaysian hybrid airline Malindo Air had its Twitter account hacked, discovering the breach only after several insulting tweets were posted from its profile.
Malindo struggled to regain control of its Twitter account, only to subsequently lose its access again to the determined hacker. The struggle escalated further as the hacker assumed Malindo's stolen identity and offered 100,000 free air tickets, much to the horror of the brand.
These incidents are nothing short of nightmares for any marketer - many of whom are not trained to counter cyber attacks. So we ask the question, could any of these hacking incidents have been prevented?
The answer to that is that while it is extremely difficult to defend against a determined hacker, there should absolutely be no reason for marketers to make things easier for any potential cyber attacker.
Planting the seeds of disaster
Currently, there is a noticeably low level of awareness of digital security amongst marketers. Most marketers are not trained to fully understand the dangers and implications of not having digital protection measures. As a result, very little resources (if any at all) are allocated to digital marketing protection security policies for marketing campaigns and administrative access protocols for supporting agency are almost nonexistent. This provides loopholes for any potential hacker to exploit the brand of their choice.
On the occasions that marketers do rely on experts, the responsibility usually falls onto their respective marketing agencies. However, most agencies are generally not equipped to advise, prevent or handle digital security threats.
It is a known fact that digital applications are seldom developed in-house by these agencies and digital marketing development is often subcontracted by agencies to developers who either possess the technical capabilities or are more cost effective. Even then, these developers might further subcontract portions of their work to another party.
So in reality, no one is really fully responsible for the security of the entire project.
Prevention is better than cure
Marketers must learn to defend their brands' key digital communication assets. While digital marketers are not the ones who directly implement security measures, they still need to be aware of the potential threats and impact to their business when engaging in digital marketing activities.
Investment into security should not be an after thought, but an immediate consideration as akin to buying an insurance policy. It is advisable to adopt a "need to access" policy. Not everyone needs to have the all powerful administrator access to your digital marketing assets. This protective stance will only grant access rights on a work needs basis.
So regardless of seniority, you only have access to what you need to get your job done and nothing else. This limits the number of people having unlimited access to any digital marketing properties, reducing the probability of an online virus attack that could potentially hijack the access.
When using agencies or external parties, marketers should also ensure that proper security measures are in place. Agencies should give a reasonable account of how potential security issues will be handled. Should further subcontracting be required, agencies must disclose this to the marketers and take full responsibility for the project.
Essentially, marketers should not simply entrust the responsibility of marketing security into the hands of others, but also take ownership to ensure that it is in place.
Should an internal IT security department exist, consult them early for advice before developing any digital marketing plans. However, never allow security implementation be taken to extremes to the point it cripples the marketing initiative. There should be a fine balance of both. It also doesn't hurt to invite the IT specialists to audit the security readiness of digital marketing assets from time to time.
New demands on marketers
New world realities are currently challenging the status quo. Now marketers are no longer just the executors, but are also protectors and defenders of their brands. Digital marketing has changed the rules and more is now demanded of any marketer.
Marketers can no longer afford to be complacent about digital marketing security. Let us not be naive. The new world is a very scary place and the threats are very real. Peace of mind comes only with a price of being ever vigilant.
The author is Ryan Lim, founder & business director of Blugrapes