2015 is shaping up to be the year of the data breach, with TalkTalk the latest brand to join the ‘hacked!’ headlines. The telecoms company experienced a DDoS (distributed denial of service) attack which resulted in reports that customer data was at risk.
This, hot on the heels of a string of similar breaches affecting the likes of Uber, Experian and of course Ashley Madison, is likely to deal a real blow to TalkTalk’s brand but the financial costs associated with the breach may also mount quickly if sensitive data has indeed been acquired.
The repercussions of these attacks are felt across a business – from legal teams to customer services – however marketers are in a strong position to protect their brand from a crisis before it hits. Digital platforms are approaching ubiquity amongst all brand audiences, and the opportunity for innovative and effective campaigns means that marketers are usually at the forefront of a business’s digital footprint.
As part of this role, it’s crucial that even non-technical stakeholders take an active interest in securing the online channels that their brands use.
Encryption, encryption, encryption
Hackers are increasingly creative with their methods, and with each platform there will be new risks, but securing users’ data should be your top priority.
First of all, assess just how much data you need. As marketers we love to gather as much customer information as possible, but each additional piece of data increases the severity of a data breach.
Secondly, assess how it’s stored. TalkTalk is currently under fire for not encrypting customer data, and this is also what made Ashley Madison’s leak possible.
When encrypted effectively, stored data is completely unreadable with the naked eye, even to those with privileged system access. This is difficult to implement if that data needs to be sorted or easily searchable, so using a dedicated data service from the likes of Amazon or Google is the best course of action – they employ thousands of data experts to secure their servers and manage the data held on them.
Likewise, credit card details are best handled by specialist payment providers – don’t take the risk of storing them on your own servers.
Shut the back door
The next step is to address the likely vulnerabilities in your brand’s array of apps and sites.
A staple feature of your websites should be HTTPS, a communication protocol that prevents data from being accessed across devices on a network; it also authenticates sites so users know to trust them when filling out forms, or logging in to a service. If your site uses a non-HTTPS page, email addresses and passwords can be accessed over open Wi-Fi networks – that data can be lifted even before the form is submitted.
Discuss less obvious ‘backdoor’ routes into your systems with development teams, and troubleshoot them. Common vulnerabilities can be found in staging sites – where websites are hosted while being built – or test environments for apps that aren’t properly secured or taken offline. Additionally, flaws can be found in old software versions or third-party software (the Heartbleed bug exploited a flaw in commonly used OpenSSL security technology).
While using strong encryption methods and reliable service providers is a solid grounding for data security, marketers must also be aware that online risks come in all shapes and sizes. They might not even come from code but from a social engineering scam like phishing, which can be far more sophisticated than just a dodgy email.
This is a dynamic and expansive field – as much so as the media and marketing world. Maintaining an ongoing conversation with your IT teams and developers as well as vigilance across all your digital access points will result in a good first line of defence for your customers and, ultimately, your brand.
Jason Cartwright is CEO of Potato