Cybersecurity. The mere mention of the word can be enough to scare most employees... Best leave it to the IT team! Yet, as a marketer working within the scientific, industrial, and healthcare sectors understanding cyber risks allows you to maintain trust in your company with your customers.
You might remember the recent Facebook data breach of over 500 million leaked records resulting in Meta being fined $277 million. Or, the 700 million LinkedIn users whose data, including phone numbers, geolocation records, and email addresses, were posted for sale on the dark web in 2021.
Perhaps you are thinking, well, they have millions of user records; what has this got to do with me in a B2B position? As a marketer, you handle data daily, from your CRM to your email software or social media accounts. Knowing what you have on file, where it is stored, and how to access it means you have the best understanding of how a security breach might occur and how to protect your customer’s from a potential attack.
Talking to your IT and CRM experts is essential as a marketing department; understanding lead management, audience segmentations, and marketing strategies can arm your business with the knowledge that allows them to achieve better security and privacy. If you work in a large organization with multiple marketing departments, work together to talk about their processes and ensure that there is a clear source of information on how data is sourced, who looks after it, and who owns it.
Understanding cybersecurity might seem a bit overwhelming, so here are some tips for things you can do as a marketer to improve cybersecurity:
1. Ensure you understand and are compliant with data regulations.
You have the most critical area of responsibility for data regulations where you run your own system, such as your website. In comparison, systems such as your CRM, which the provider owns, also have responsibility for compliance.
2. Know the privacy policies of third-party software or agencies to ensure you are not introducing additional security vulnerabilities.
Third-party software and agencies are most likely given access to your customer data; for example, you might use an email marketing platform to send your marketing mailers. Learn how this data is stored and accessed by their systems so you can be confident that you have taken reasonable provisions to mitigate any risks from a third party.
3. Have password policies that are updated, maintained, and reviewed, including 2-factor authentication and secure password storage.
Strong passwords are the first line of defense that you have. Using password generators and secure password managers only accessible to the user ensures that passwords are complex and not stored with lax security. Multi-factor authentication is a strong second defense, verifying a user’s identity before granting access.
4. Regularly update and secure portable devices.
To prevent vulnerabilities from being exploited, software developers and manufacturers often release updates containing new features, fixes for bugs, and performance improvements. The updates also include security patches and new security features, which it’s essential to keep on top of installing to your devices.
5. Ensure secure wifi is used when working remotely and sensitive data is not accessed in public spaces. When using public/shared wifi, use a VPN.
Unsecured Wi-Fi connections make it much easier for hackers to access private files and information, as it allows strangers to use your internet connection.
6. Keep your team vigilant to attacks like phishing with regular test emails.
Phishing attacks are prevalent, with attacks installing malware, sabotaging systems, or stealing intellectual property or money, usually through malicious links in emails, text messages, and social media messages. Keep your company vigilant of what they should be looking for in a phishing message to reduce the risk of them falling for these, and regular tests will show who may need further training or support in cybersecurity.
TrustArc has recertified AZoNetwork for 2023 for the "Enterprise Privacy & Data Governance Practices Certification program" and we have been certified for the first time in Cyber Essentials Plus Security Standards.