Editorial Articles

Jason McSweeney, Technical Director at Emailcenter, explains why marketers must understand threats posed to their customer data

Data breaches seem to be increasingly frequent within large organisations. This year brands such as Play.com, M&S and the Playstation network were hacked. What is worrying for marketers, however, is that data breaches have now reached their departments. Email Service Providers (ESPs) are the latest targets, enabling hackers to gain access to customer data lists.

This type of data breach has a huge effect on customer confidence and loyalty. Consumers not only feel more wary of sharing personal data, but are also left jaded by the constant stream of apology emails arriving in their inbox. Anything affecting customer relationships becomes the marketing department’s domain and as such, data security is now as vital for the marketer as it is for the IT team.

The millions of email addresses residing in a company’s customer database are extremely valuable to hackers. They have multiple tried and tested ways of gaining access to this data, including techniques such as introducing malware, viruses and SQL injections. However, the greatest risks to an organisation lie in the threats they cannot control. Third party ESPs, for example, are given access to confidential data to carry out email campaigns on behalf of their clients. Regardless of the security a company has in place, if its ESP suffers a breach, its data is vulnerable.

Earlier this year, several major ESPs fell victim to sophisticated attacks, providing a wake-up call for the entire industry. A database of ESP employee email addresses was infiltrated by hackers, and personalised emails were sent to them. Anyone opening the attachment on this email found their anti-virus software disabled and malicious code installed in its place, first on the PC, then on the entire network. It is believed that in at least one instance this code not only enabled hackers to steal passwords, but also to remotely control PCs.

Breaches like this become headline news, make customers nervous and can impact sales. However, marketers can protect themselves and their customers by taking steps such as:

• Investing in the best anti-virus protection or Data-Loss Prevention (DLP) solutions.
• Making passwords virtually impossible to guess and rotating them regularly.
• Using a secure connection to transfer data to ESP systems.
• Reducing the number of people who have full access into the ESP, to limit vulnerability.

Marketers can also add additional layers of security to protect their internal data. These include adding an unbreakable third level of authentication. For example, staff and customers can be given a USB key which plugs into their PC. When logging onto the system, users press a button on the USB key which sends a unique encrypted code that completes the login. The code cannot be guessed or used twice, ensuring no-one can get access unless they are physically pressing the button.

The final threat is the unknown one. There is always a new threat on the horizon. While marketers cannot prevent this, there are ways they can prepare:

• Develop a culture of data security – train people to think about the potential impact of everything they do with data. This enables staff to identify threats and deal with them before they arise.
• Do not rely on the IT department to manage security. Marketers should review their own data security on a regular basis.
• Choose partners carefully – organisations are only as strong as their weakest point. If a third party with access to customer data does not have a strong security ethos, it is time to find one that does.

Marketers do not need to fear data security. However, failure to understand and take steps to manage it both internally and with suppliers could render the best laid marketing strategies completely ineffective, leaving companies with a much bigger mountain to climb to win back customer loyalty.

Jason McSweeney, Technical Director, Emailcenter
http://www.emailcenteruk.com/