Guest post by Andy Beohar.
No industry today is immune from cybersecurity risk. While a digital marketing agency may not appear to be a high-risk enterprise, it’s as much in peril as any other company.
As a digital marketer, you need to be conscientious about your security in order to protect your clients. You may have access to hundreds or thousands of customers, and for each of these customers, you might have access to another dozen individual accounts.
Here’s what you need to know about protecting data as a marketer.
Your Client’s Data is in Your Hands
Think about the amount of data you have regarding your customers. It’s probably quite a lot. Not only have they shared information about their company, but you also have access to their social media accounts and websites.
You probably have access to their business information: their full name, address, and maybe even EIN. You may have access to their financial information, too, such as their credit card or checking account.
This is all information that has to be protected, yet many people aren’t as vigilant as they should be. They trade passwords and login information through email, and they’re cavalier about their personal email accounts. But if your data is breached, your clients’ data is breached. And if your clients’ data is breached, the consequences could be significant for both you and them.
Many digital marketers aren’t up to date on their security solutions, because it isn’t a major focus for them. And small businesses, such as boutique digital marketing companies, are actually among the most often targeted by cyber criminals. Cyber criminals know that small businesses collect data, but rarely secure it, and that makes them attractive targets.
The Consequences of a Data Breach
What happens if you experience a data breach? First, you’ll likely lose a significant amount of trust with your customers—and you know what that means. As a digital marketer, you know that issues such as this don’t just go away. Worse, ff your clients post reviews about your data breach, you’ll need to contend with that indefinitely.
So, damage to your reputation is going to be one of the most significant consequences.
But for your customers, the consequences of a data breach could be even more severe. They may find themselves having to update all their personal information, cancel their checking accounts and credit cards, and create all new passwords. Not only is this a nuisance to them, it can lead to real damages, which you may be asked to reimburse them for.
If you mishandled their information, you can expect to be considered a responsible party. And that doesn’t even include the direct expenses of having to improve your own security and clean up your computer systems. You may need to invest in additional security solutions or replace hard drives and other media.
Securing Social Accounts and Owned Media
That’s what happens when a data breach occurs. But marketers don’t just need to worry about traditional data breaches. They also need to worry about social media accounts and owned media accounts getting compromised.
As a marketer, one of the biggest issues is that you have access to a large number of accounts. And these accounts hold additional information about your clients. If these accounts are compromised, it could be both dangerous and embarrassing for your customers.
Your customers could find themselves experiencing a highly visible breach, with their own social accounts or blogs posting offensive content.
Many social marketers use very similar passwords for all their accounts, which can easily lead to many accounts being compromised each time a single account is hacked. That’s very dangerous. If marketers don’t take action to secure their social accounts and owned media, it’s the customers who will ultimately pay.
On-Premise vs. the Cloud
Today, many marketers use both on-premise and cloud-based solutions, and they need to be secured in different ways. When it comes to on-premise solutions, many take it for granted that they’re secure.
But any server connected to the internet is a server that can be vulnerable. And even if you’ve got the world’s best security practices, even a password-protected hard drive can simply be picked up and taken away, if someone wants the data badly enough.
Cloud-based solutions present some security issues because they are exposed. Anyone can log into a cloud solution from anywhere. But that doesn’t make cloud solutions inherently more risky, and many cloud solutions today have some advanced technology that can identify any unusual behavior.
Nevertheless, because cloud solutions can be accessed from anywhere, special care needs to be put into securing them.
How Can You Improve Your Security as a Digital Marketer?
Security is clearly vital. But how do you improve your security as a digital marketer? Most digital marketers aren’t well-versed in security, and consequently may not know where to get started.
Here are a few things that you can do to improve your security right away:
- Keep your passwords unique. Using a password manager can simplify this task, since you need to make sure that these passwords follow good password hygiene. Otherwise, a single account breach could spiral into a multitude of accounts breached. Remember that lengthy, complicated passwords are always best. (If all else fails, you can rely on the XKCD strategy.)
- Be aware of social engineering tactics. Social engineering often takes individuals by surprise, because it doesn’t require any sort of actual data breach. Instead, social engineers just ask for information, sometimes as though they are from the company itself, or from a trusted third party.
- Secure your email account and the devices you use your email on. Email is often a weak link, because people are used to sharing confidential information through it, and because they can access other accounts through it.
- Make sure your cloud documents are protected. Be careful when sharing cloud documents, and take a look at the data you’re sharing. Don’t store information like passwords or financial information in plain text.
- Don’t share your passwords. Keep control of the accounts to a single account manager, and don’t permit multiple employees to log into the same account. This is a recipe for disaster because no one employee is going to feel accountable for guarding the password being breached.
- Use two-factor authentication. Two-factor authentication generally either pings your phone or your email address every time you try to log into an account. If someone gets a client’s login name and password, they still won’t be able to log into the account without access to one of these things.
- Make sure your home computer, laptop, and phone are password protected. If someone gets on your device, you may already have logged into accounts, and they may have access to all of them.
- Log out of accounts when not in use. Staying persistently logged in can open you up to risk, especially if you’re doing so on multiple devices.
By following the above best practices, you can reduce your risk and protect your customers. But it’s also true that criminal attackers are everywhere, and you can’t always completely eliminate your risk.
What you can do is make sure that you aren’t culpable and that it doesn’t occur due to your own personal negligence. Consider also investing in cyber-attack insurance, which can protect you from financial damages associated with cyber attacks.
Andy Beohar is managing partner of SevenAtoms, a HubSpot certified agency in San Francisco. Andy develops and manages ROI-positive inbound and paid marketing campaigns for B2B, SaaS, and eCommerce companies.