Cyber security needs to be an integral part of any digital marketing team

Building a cyber security strategy for digital marketing professionals cybergate your cyber security partner

Cyber security needs to be an integral part of any digital marketing team

Building a cyber security strategy for digital marketing professionals

Marketing teams and marketing professionals often work with sensitive data such as customer contact data and transactions. Chief Marketing Officers and marketing directors are accountable for the data they (and their teams) handle. They are responsible for how it is utilised, stored and shared with the different stakeholders.

Marketing nowadays is closely connected to IT and to a certain extent it can be regarded as data science. GDPR goes hand in hand with marketing and therefore it is crucial for e-marketers to know how marketing tools are using data. Recent advancements in marketing include the shift from offline to online, the roll-outs of omni-channel marketing mixes and strong data profiling using CRMs and BI tools.

Needless to say, cyber security is crucial to the success of marketing strategies and marketing campaigns. In this blog post, we’ll be focusing on brand theft, third party vulnerabilities and data security weaknesses.

Brand Theft

A brand is more often than not the most invaluable asset of a business. It identifies the organisation, its offerings and the core values it believes in. It is positioned in the market in such a way that it reflects what it stands for. Malicious actors use brand names, emails, domains and other assets and elements without consent (obviously) to generate online traffic, run scammy online businesses or to complete social engineering attacks such as email phishing.

Copyright infringement is included in such situations and lately a sharp increase in fake social media accounts was seen, with hackers impersonating brands they are in no way affiliated with. Marketers need to monitor the virtual world and report any abuse and at the same time manage communication channels with their clients to ensure they don’t end up victims of such malicious actions. In certain instances data breaches are carried out whereby data is stolen. Marketing teams need to be trained to firstly know how to respond and secondly to know how to communicate with the public and other audiences.

Bad pr can crush companies’ reputations and in such instances online reputation (ORM) specialists might need to be roped in. Spoofing is another common manner in which brands are stolen or copied for the benefit of hacker groups. Risks should be identified, mitigated, monitored and managed together with the organisation’s CISO. All digital assets and online efforts of the organisation need to be covered by the organisation’s overarching security strategy. Regular pen tests are to be carried out to pinpoint any weaknesses or holes in applications, systems, cloud or hardware.

Penetration tests help detect holes and therefore protect (and prevent) attacks. Best practices such as using MFA and open source websites’ hardening are to be the order of the day.

Third Party Vulnerabilities

An element which is impacting marketing teams globally, are their party compromises. Toolsets of marketers include the use of open source websites built on WordPress, Drupal or Joomla, social media schedulers, data aggregators and also CRM systems. A zero-trust model is a must when working with third party components or tools. It is crucial that all the marketing tools used by marketing teams are secured. A continuous communication channel with cyber security professionals should be in place to liaise about defense mechanics that would safeguard assets such as WordPress websites.

Data should not be kept raw and encryption best practices are to be implemented to create a cyber hygiene environment. Full accountability of all resources should prevail and the mentality of ‘cyber security is an IT department responsibility’ is to be scrapped once and for all. Marketers are to be aware that data breaches can lead to substantial fines and liability damages. Companies must legally declare a data breach. Cyber awareness training is a way to educate marketers on a granular level on the threats that exist and how not to fall victim to the sophisticated attacks of hackers.

Data Security Weaknesses

The EU has strict laws regarding data storage and processing. When conducting online marketing and online commerce, marketers are to abide by (relatively) new regulations related to the storage of cookies and the management of Personally identifiable information (PII) (that can confirm an individual’s identity). The latter directly affects digital marketing and online advertising, in campaign tactics such as remarketing. When analysing data security weaknesses it is always advisable to take a close look at both the insider and outsider threats.

Segregate data repositories from public facing servers and have the right tools and expertise to defend against ransomware and phishing attacks. The largest vulnerability in any organisation is its own employees, that through malfeasance or lack of knowledge, lead to data breaches. IT and Cyber security experts need to be seamlessly integrated in the digital marketing offering to ensure no holes are left exposed for hackers to take advantage of.

The winning formula for a cyber resilient marketing team or department is to have all its members attend regular cyber awareness training and to work hand-in-hand with the CISO and cyber security specialists. Vulnerability management is to be on spot to view, monitor and act on all vulnerabilities across all the digital platforms (mobile apps, social media channels, CRM, Mass Email platforms and websites). Permissions are to be thoroughly managed and end-point protection should be in place to safeguard all devices being used by the marketing team and external consultants.

The importance of data management should be ingrained in all marketing roles from the CMO right through to the interns. Don’t let your marketers be your greatest threat.

    We are here to help

    francesco mifsud cybergate your cyber security partner
    Francesco Mifsud
    [email protected]

    I live and breathe cyber security and everything else in the discipline. With around a decade of experience in the industry I have had the opportunity to develop skills in penetration testing, cloud security, reverse engineering & exploit development, application security engineering, management and organisation-wide cyber security strategy. I hold a well-rounded set of security certifications such as OSCP, eWPTX and CISSP and have delivered training & workshops at some of the most prestigious hacking conferences such as DEF CON, BRU CON, BSides London and BSides Manchester.