It’s been a tough decade for data security.
The five biggest data breaches (in terms of customers affected) have happened in the last 10 years, according to CSO.
I suppose it shouldn’t surprise us that in this digital age where we can give out personal information so freely, those who wish to use that data nefariously can do so more easily than ever before.
While the burden of setting up systems and processes to protect client and prospect data doesn’t fall on the shoulders of marketing and PR professionals, it’s still our job to deal with the fallout if that data is compromised.
With that in mind, let’s take a look at ways that marketers can lead the cybersecurity charge, and the cost of doing nothing.
The consequences of complacency
If you experience a data breach, of course you’re going to invest time, money and resources into rectifying it.
However, if there’s no obvious threat, it becomes a tricky game of risk assessment. There’s significant cost when it comes to cybersecurity, especially when you consider:
- Information infrastructure changes
- Company training on security best practices
- Any personnel changes that might be necessary
- Any third-party assistance required (lawyers, cybersecurity experts, etc.)
Those costs, however, may be dwarfed by the impact of an actual data breach.
The Ponemon Institute publishes an annual study focused on the financial impact of data breaches on companies around the world. In 2017, they found that the average data breach in the U.S. costs companies a whopping $7.32 million, up 5 percent from last year, according to Scrypt. That stat is alarming for two reasons:
- That’s about twice as high as the global average (which actually saw a decline from 2016), meaning the U.S. is going in the wrong direction.
- A data breach can be absolutely devastating for a small- to medium-sized business.
The study also shows data breaches cost an average of $225 per compromised record, with breaches in the financial services and healthcare industry clocking in significantly higher.
Of course, the amount of data that can be compromised at a small company is significantly smaller than a larger company. Still, a big company has a significantly better chance of recovering from a data breach than a smaller one.
And that’s not taking into consideration the lasting impact that breach has on customer trust. It’s difficult enough to repair a bad Google review.
How can marketers prevent data breaches?
While network infrastructure and server firewalls may be outside of your control, there are many things marketers can do to improve cybersecurity and make sure your company stays safe.
Use a secure network
This one seems like a no-brainer. And if you’re working in the office, your organization likely has several layers of protection built into the network you’re using.
But we all know you’re not always working in the office. Gallup’s report on the American workplace suggests 43 percent of employed Americans work remotely and HiveDesk’s survey of digital marketing agencies reported that employees at 20 percent of those agencies had completely virtual teams. That suggests that employees in general, and marketers in particular, are left in control of their own security.
If you’re working at home, make sure your WiFi network is encrypted (WPA2) and hide your network so others have to know what it’s called in order to see it. Yes, this is still hackable if some jerk has his heart set on it. But it’s much harder.
As for throwing your laptop in your backpack and heading to the coffee shop to do some work? The cybersecurity purists would tell you never use public WiFi if you have sensitive info on your computer. Like … ever. Instead, use your smartphone as a hotspot. Again, still hackable. But a hacker will probably target the other 20 people at the cafe using the public WiFi before trying to breach your hotspot.
Protect your customer and prospect data
You might not have access to credit card information or Social Security numbers. But marketers still have quite a bit of data about customers, clients and prospects. And those lists can be as valuable to cybercrooks as they are to your business.
Kristina Podnar for the Content Marketing Institute says that two critical parts of secure data are responsible data collection and storage practices.
“Brands slowly but surely have adopted a more-is-more mindset when it comes to data,” she says in a blog about the importance of digital integrity for marketers. “The more data points the better, right?”
“But,” she continues, “the more data you collect from your audience, the more you — and they — stand to lose if you suffer a breach.”
She goes on to point out that, after collecting all this data, we also have to store it somewhere. We then end up with massive stores of customer data that we might not even use, oftentimes for far longer than necessary.
Marketers should start thinking like a minimalist and only collect customer and prospect data that’s absolutely necessary to the business, and put together criteria for purging outdated or irrelevant data on a regular basis.
Podnar suggests taking it to the extreme. In the case of a data breach, “How comfortable would you be looking that customer in the eye and explaining your need for each data point?”
Ask for your company’s security measures and response plan
Would you rather tell your audience the ways you proactively protect their valuable information or would you rather send out one of those emails telling them you’re sorry and you’re working hard to identify the problem?
There are two critical parts to this:
- A system to protect employee and customer data
- A plan for identifying, containing and repairing a data breach
These might be things outside your control as a marketer but critical to the story you’re able to tell to your audience.
I asked two people on our IT team about these things and immediately received a detailed explanation of all the systems put in place to make sure client data is safe along with a detailed six-step incidence response plan outlining the protocol in the event of a breach.
No, there isn’t a whole lot I could have done if they said there was no plan. But now I have a newfound respect for the work they do and I got a chance to brag about them just now.
You can do the same thing! Ask about your company’s plan. If you don’t have one, the first section of this blog makes a pretty compelling business case for why it’s important, especially if you’re a small business.
There are several governing bodies in the world of computer security and lots of certifications available for individuals. If you’re a financial service marketer or work in the healthcare field (where the cost-per-compromised-record is almost double the average), these sorts of credentials can go a long way in giving clients peace of mind and prospects extra assurance that they can trust you with their important data. You may also want to check out the Small Business Administration’s top 10 cybersecurity tips.
Better safe than sorry
There’s a lot to unpack in the cybersecurity conversation. Lots of things outside our control make us feel like there’s nothing we can do to help. But there’s so much you can do as a marketer to keep valuable data safe, help push your organization toward a more robust policy and ultimately tell a compelling story to your audience.
While the current climate of data breaches, cybersecurity and privacy online might be scary, there’s no better time to have a conversation about it.