Why Marketeers are so important to your cybersecurity policy

Author: Jenna Bryant

Date: 14th October 2020

Since I started my journey in marketing there have been many changes to the department’s role. One I never considered was how important we would be to our company’s cybersecurity policies.

How marketing has changed

The way we market to both B2B and B2C has changed dramatically over the last decade and even more so this year. We have transferred our skills from offline promotional material to a competitive online world. We have moved from Direct Mail to Email Marketing, Cold Calling to Social Media and our Yellow Pages transformed into Google. As marketing increasingly moves online, naturally we are increasing the number of platforms we use, the volume of data we are collecting and therefore becoming a desirable department to the cybercriminals.

How your website can be a risk

Your website can be your greatest marketing asset but can also be your biggest risk. Not only does it need to be compliant when handling data and placing cookies on devices, but it also needs to be secure from attacks. If your website were to be hacked tomorrow how long could your business survive without it?

Why websites? When we initially think about communicating our products and services to prospects, we start by building a website that we can direct people to. Websites are a key resource of information that your audience can use for research purposes. A key aim for any website though is to communicate with our audience whether that is through web forms, a live chat, or even online orders. 

So, what does your website have to do with cybersecurity? The second someone visits your website; you need to ensure that you are informing them of your cookie policy and the cookies you use should they accept the notification. But when was the last time you updated the cookie policy on your website? When it was built, or perhaps when the regulation first came into effect? Do you even know that there is a ‘Cookie law’?

Another question to consider is, have you used a plugin to ensure that you comply with the regulation. Not all plugins work correctly, and it is still your company’s responsibility to ensure that your website is compliant. Therefore, it may be worth just testing if cookies are placed on your device before you accept and if they are necessary.

So you’ve got passed the cookies, the audience has navigated around the site but now they want more information. They can now either call us, send us an email or fill out our web forms. How confident are you that your web forms comply with GDPR and Privacy and Electronic Communications Regulation (PECR). Do you try and get around the regulations with pre-ticked, opt in/out consent boxes for marketing communications? Another area to consider is whether the audience fully understands what they are signing up to if they complete a form. 

What happens to this data?

As your business collects and grows a database of contacts you need to ask yourself:  

– How does our team collect data?

– How and where is that data being stored?

– How is it shared internally for example with the sales team?

So that’s the compliance side of your website but what about cyber-attacks? Hackers love a website, they can stop your business instantly, add script that would install ransomware on your audience’s devices and even collect data from completed forms. But how do you know how secure your website is? Have you considered having your website pen tested? Some website builder platforms are easier to hack than others, especially if you haven’t updated to the latest versions. With added plugins you are opening more vulnerabilities to your site. So, another question to consider asking yourself is, how secure is your website? Could it be hacked, and do you know how?

What implications can Social Media have?

Social Networks are the biggest source of inspiration for consumer purchases with 37% of consumers finding providers inspiration through channel. (PWC)

To get an audience to your website you need a variety of channels whether it is Facebook, Twitter, Tik Tok, WhatsApp etc. You need to share relevant content that encourages your audience to click through to your website to get more information. Perhaps you want them to read a blog, watch a video or read customer reviews.

When it comes to content you need to consider what you are sharing and who you are sharing this information with. By sharing content online cybercriminals can begin to identify the type of language you use, the style of your posts and collect any contact details you are sharing for your organisation.  

A Cybercriminal can use these details and create a phishing campaign to your team hoping that someone will click a link. They can send it to your [email protected] domain to see if multiple recipients get the email, they can also learn how you set up domain addresses and guess your emails for instance [email protected]name.co.uk. What’s more, they can set up a Spear Phishing attack to the marketing team to get them to open /click in emails. Why the marketing team? It is their job to check out what may be a potential lead for the business and therefore, could be more inclined to research the email.

What if cybercriminals were to send phishing emails that looked like they came from you to your clients and prospects? How much of your client data are you sharing? Are you putting them at risk? Dependant on your organisation you could be sharing company reviews, event photographs of clients or previous work. This could all be used for social engineering.

Now, this isn’t meant to be a scaremongering blog as it may appear, this is more of an awareness piece to get you to think about certain complications that can occur from a simple marketing campaign to generate awareness and business. But without asking a few key questions first, your marketing campaign could be remembered for the wrong reasons.

Conclusion

There is so much to cover in terms of cybersecurity within the marketing department, however, the key takeaway should be that this is not just an IT Issue. Have you recently asked your marketing team how confident they are with the term cybersecurity? Are they able to identify if they are being socially engineered or can spot a phishing email when they could be under pressure to meet deadlines and targets especially during a pandemic? How confident is your team that they are compliant with GDPR, that they are following the processes you have put in place?

Other areas to consider within marketing and sales is how can the GDPR and other cybersecurity regulations be used to your advantage? By complying with these regulations and looking at certifications such as Cyber Essentials and ISO 27001 you can demonstrate to your audience that you care about their data and are a trusted provider.