How to do marketing securely in 2020

Like every other aspect of business, marketing has changed dramatically in recent years. But how should it be done to maximise security? Sam Bocetta explains

The world of digital marketing moves rapidly, and your marketing plan for 2020 probably contains some novel approaches that would not have made an appearance a decade ago. In fact, the rise of new paradigms like ‘open marketing' have even led some to claim that traditional marketing is dead, and that the old certainties of the industry have been radically disrupted.

This embrace of new techniques is to be welcomed if it makes marketing more effective, but there is a danger than in the process we forget about some basic principles of what makes a good marketing campaign. One of these principles is security.

Today, marketing security (sometimes called MarSec) is more important than ever. As marketers use more and more digital channels to engage with audiences, they open themselves up to more and more vulnerabilities. Each new platform comes with opportunities, but it also comes with risks.

What is marketing security?

Data security is now a concern across all industries. In just the last year, there have been many stories about huge organizations falling victim to hacks and data leaks.

As marketers use more and more digital channels to engage with audiences, they open themselves up to more and more vulnerabilities

The Indian government ID database, Aadhaar, got hacked and the private information of more than one billion Indian residents was leaked. Uber has recently been fined a record $148 million for not disclosing the details of a 2016 hack. Capital One suffered a massive data breach last year that affected more than one hundred million US citizens despite their staff being alerted to security issues before the breach.

Despite these headlines, marketing departments remain under-informed about cybersecurity tactics, and are under-protected as a result. There is a tendency for marketers to think of cybersecurity as something that the "IT guys" need to worry about, and to ignore the fact that security is a cross-cutting issue that has implications for every business function and department.

Marketing security is also becoming more important because of the rising importance of trust in marketing. Many companies now stress their responsible approach to consumer data is a key part of their marketing messaging.

Marketing cyber threats and how to avoid them

In fact, marketing departments are among the largest targets for hackers, for two main reasons.

because marketing departments are charged with managing a company's website and social media channels, they are more exposed to cyber threats

The first is that these departments remain under-resourced and under-informed when it comes to cybersecurity. The second is that, because marketing departments are charged with managing a company's website and social media channels, they are more exposed to cyber threats.

Below, we'll run through six key threats that should be taken into account when developing a marketing strategy for 2020, and how to limit them. Some of these solutions are technical, and can be as easy as switching web hosts to a more secure provider or Others require a shift in the way that marketing departments behave.

Malware

The biggest threat to marketing departments in 2020 remains malware. Because marketers typically have the most direct contact with the public of any team in an organization - via email, social media, and other channels - they are also the most exposed part of an organization to malware.

The threat of malware is two-fold. Malicious programs can be used to steal the personal information of customers, and this can then be sold on by hackers. Secondly, however, some malware can be used to hijack a marketing department's website or social media channels.

More than 70% of WordPress sites are not optimized for security, and this makes them a major target

This second type of attack is typically more damaging, because it is more public: the reputational loss incurred by companies who have their channels compromised in this way is often far greater, and harder to repair, than a "traditional" hack.

Protecting against malware is a two-step process. There is certainly a role for technical tools such as malware scanners, but these are typically the responsibility of IT professionals. For their part, marketers should ensure that all of their staff know how to spot a suspicious email attachment, and recognize the importance of keeping their software up to date.

WordPress security

WordPress is by far the most popular Content Management System (CMS) for small businesses. As a result, almost every marketing campaign will at least partially rely on this platform.

WordPress is actually a very secure platform when it is used correctly, and marketers take the time to secure their website correctly. The problem is that many do not. More than 70% of WordPress sites are not optimized for security, and this makes them a major target.

To make matters worse, many companies link their WordPress account directly to their company email, which remains the primary target for most hackers: with a compromised company email account, they can send out spam in your name in order to infect your customers with malware.

If you are planning on using WordPress in your 2020 marketing campaigns, make sure that you install security plugins, and ensure that your site is hosted by a company who takes your security seriously.

The customer as a threat

There is another reason - beyond the technical issues mentioned above - why marketers are particularly under threat from hackers. They spend a lot of time building trust with customers, and can be quick to trust customers who are actually looking to hack them.

In many cases, hackers will target social media accounts not because they want to steal customer information, but simply to cause chaos

In 2020, this is more true than ever. With 79% of customers trusting online reviews as much as personal recommendations, many brands are actively encouraging employees to engage directly with customers through customer review systems. But the consequence of this is that in some cases marketers can naively give "customers" significant levels of responsibility and access, in order to showcase their strong consumer community.

In some cases, the "customers" who approach marketing departments in this way are not legitimate, and are using the approach to "scope" a company for potential security vulnerabilities. Even if customers want to genuinely get involved, however, they can end up causing damage to your brand by posting content that is off-message.

The solution to this problem is not as easy as those mentioned above. Rather than deploying technical tools, avoiding threat vectors like this requires marketers to perform careful checking that the "customer" they are interacting with is legitimate. This can be done by checking the IP address of contacts, for instance, because many leads coming from a single IP is an indication that a customer is not who they say they are.

Social media

Social media is a powerful tool for marketers, and many marketing strategies in 2020 will use social media as the primary channel for disseminating key messaging.

Unfortunately, hackers know this. In many cases, hackers will target social media accounts not because they want to steal customer information, but simply to cause chaos and damage the reputation of your brand. Companies whose social media accounts have been compromised have been known to pay large ransoms to hackers to get control back.

Limiting this threat involves a number of different steps. You should ensure that your social media accounts are secured with strong, unique passwords. You should only give access to staff who actually need it to do their job.

many marketers are simply unaware of just how sensitive the information they hold is

Another extremely useful tool in this regard is a social media monitoring tool. Tools like this will give you real-time information on mentions of your brand, and can be used to spot a "brand-jacking" attempt at the earliest stage, before it can do much damage.

Secure your sensitive information

The final reason why marketing departments are such a huge target for hackers is that many marketers are simply unaware of just how sensitive the information they hold is. Even a list of customer names, contact details, and addresses is valuable to hackers, and many make a lucrative living from selling such details on the so-called 'dark web'.

Ensuring this data is protected is as much the responsibility of marketers as it is of IT. This can be done in several ways. You should ensure that this information is encrypted when it is being stored, and use an AES-256 based VPN service to encrypt communications within the marketing team. Not only will this improve the security of your operation, but stressing that you take data security seriously can't even form part of marketing campaigns.

The importance of protecting sensitive customer data has been recognized by law. The EU's General Data Protection Regulation (GDPR), as well as the California Consumer Privacy Act (which takes effect in 2020), put in place tight regulations about how anyone - including marketers - can work with sensitive customer information.

The bottom line

There is a tendency for organizations, even in 2020, to view their budget for 'marketing' and their budget for 'cybersecurity' as two separate spending lines. In reality, cybersecurity is an issue that should lie at the heart of every function a business undertakes.

Ultimately, investment in cybersecurity will save companies money in the long term, because prevention is almost always less expensive than clearing up after a major incident.

Sam Bocetta is a freelance journalist specialising in US diplomacy and national security, with emphases on technology trends in cyberwarfare, cyber defence, and cryptography