Why cyber security should matter to marketing professionals
Whether your company’s website is informational or used for eCommerce, facing a cyber-attack (e.g. distributed denial of service (DDoS) attack, data breach, malware) could not only cost your business millions, but will also put a dent in your brand reputation. So while your IT department will try their best to get your website back on track and secure, you will have to deal with a possible public relations crisis, as well as reassure your customer base and hope they stay with you after the attack.
It’s hard to forget these big cyber-attacks that reverberated across the globe:
- The most recent WannaCry ransomware attack infected more than 230,000 computers and brought the UK’s National Health Service, and other global websites, to a grinding halt, before a curious web security researcher unintentionally flipped the kill switch by registering the domain name he found in the ransomware code.*
- Zomato, a privately owned company headquartered in India offering an online guide to restaurants, cafes and bars worldwide, had some 17 million users’ details stolen in a security breach.*
- Wonga.com, a British payday loan company offering short-term loan products to millions, suffered a major security breach putting around 270,000 clients’ personal information and bank account details at risk.*
- The massive data breaches affecting Google and Yahoo a few years ago – over 1 million stolen accounts are now up for sale on the dark web.*
Talk about financial and reputational nightmares! Cyber-attacks don’t just happen to big companies either - but that said, they don’t have to happen to you if you have the right protection in place.
Cyber-crime is on the rise and the forms of attacks are changing. So if you don’t know what security your company currently has in place, or who your provider is, you should arrange a meeting to discuss all the issues outlined here. At the same time, set up a crisis management team, involving key stakeholders in IT, legal, marketing, and senior management to devise a plan to stay on top of security and enforcement going forward.
Step 1: Cover your assets
Firstly, to defend against cyber-attacks, you need to understand your company’s digital assets. Ask your digital brand protection provider to audit your company’s assets. Find out how many domain names your company owns, which ones are active, and which ones are registered for defensive reasons.
In addition you’ll want to know how many social media usernames are owned? Where are the credentials stored? How many apps do you have and how are they managed? This information is important, just in case the person responsible for these areas leaves the team.
Also, at the beginning of 2017, the Google® Chrome™ browser began marking all HTTP sites as “Not Secure” (regardless of content) in an attempt to alert users to security risks on the pages they visit. Chrome is the most used browser globally,* so it’s important to know whether your company applies the right Secure Sockets Layer (SSL) certificates to its websites, even if the website does not accept transactions. SSLs will prevent your browser from being marked as a security risk.
Once you get the answers to these questions and have a full picture of the situation, consolidating your digital portfolio is the next best step, so you always have an overview of all your assets in one place. Don’t just leave it to your legal or IT departments. All marketers, especially those responsible for their company’s digital presence and online reputation, should have an understanding of the basics of the company’s digital assets.
Step 2: Let’s talk critical
When your portfolio is consolidated, it’s a good time to apply easy and cost-effective security measures to your key domain names.
Your key domain names are usually your main websites or client portals. If it’s your IT or legal department that works day-to-day with your digital brand protection provider, then get them involved here too. Only you will be able to tell them all of the domains you feel are the most critical.
Protecting the business-critical domains with two-factor authentication and multiple locks with manual authorization will prevent domain hijacking, and protect against unauthorized changes and deletions to your critical domain names. Applying these services is relatively affordable - and will secure your main sites.
Step 3:Phishing for information
Now that your business-critical domains are secure, make sure you understand the various types of attacks there are and how they can affect your clients and your company. If your company deals with client-sensitive information, like bank details, addresses, personal details, etc., it’s paramount to communicate with your clients about phishing prevention, for example, by letting them know that your company would never ask for personal information via email.
Your provider should be able to offer you a phishing solution that is tailored to your company and brand, and also help you draft phishing training for employees. Speak with your IT department to understand what protection is applied in-house, as those services vary from provider to provider.
Contact Marie Le Maitre at firstname.lastname@example.org to learn more about CSC’s cyber security solutions.
We’re ready to talk.