How Can Marketing Companies Protect Sensitive Customer Data

Many marketing organisations use outdated software or do not enforce thoughtful authentication and verification procedures, which opens up attack vectors to exploit and use to infiltrate digital infrastructure.

How Can Marketing Companies Protect Sensitive Customer Data

By Rashish Pandey

Cyber threats recognise no boundaries and marketing organisations have not been spared with the spate of cyber attacks targeting the marketing sector. In the Asia Pacific, the Hong Kong Privacy Commissioner for Personal Data (PCPD) received data breach notifications from a digital marketing agency, that was hit with a ransomware attack and exposed the personal data of over 35,000 individuals. This incident prompted the office of PCPD to issue a statement reminding organisations to implement security measures and protect the personal data of customers as mandated by the Personal Data Ordinance.  Earlier this year, AdAge reported that a global marketing company was experiencing "disruption to parts of its IT network" due to a cyber incident. While the company indicated that "no data is at risk", it highlights the dangers of threats of cyber attacks in the marketing industry.

Threat actors have been targeting marketing firms over the last few years because of their connections to large enterprises. Marketing companies have access to market-moving information such as business performance figures, earnings reports or product announcements - all privileged information that can be stolen by fraudsters and sold on black markets. Moreover, marketing firms hold personally-identifiable information (PII) from clients which include names, phone numbers, addresses, and even financial information.

Many marketing organisations use outdated software or do not enforce thoughtful authentication and verification procedures, which opens up attack vectors to exploit and use to infiltrate digital infrastructure. With growing cyber risks, marketing organisations must strengthen their cybersecurity posture to safeguard customer data.

Growth in technology adoption exposes companies to more cyber risks Marketers are using a variety of online tools to design and track campaigns, monitor and find ways to enhance customer experience and respond to demands for personalisation. From Customer Relationship Management (CRM) platforms to marketing automation tools, these cloud-based applications also facilitate collaboration with other departments and branches. However, while these tools allow greater productivity and enable real-time reporting for better business insights, it also open up the network to multiple cyber security vulnerabilities.

Some of the security issues that stem from the use of cloud-based platforms include insecure application user interfaces (APIs), poor access management and misconfigured cloud data storage. For instance, attackers can exploit an API's authentication and authorisation controls to break into the network and gain access to company data. Moreover, intrusions involving cloud-based applications were accomplished using stolen or lost credentials, which makes access management a vital tool to secure the company's IT infrastructure. With current and potential customer data stored in the cloud, a data breach for marketers may result in the use of customer emails for phishing attempts or compromise of customers' digital wallets or third-party payment accounts.

Data privacy concerns on the rise

A single breach can have lasting damage to a brand’s reputation and consumer trust and have a long-term impact on sales and future operations of marketing departments. Globally, the average cost of a data breach is $3.78 million, according to benchmark research conducted by the Ponemon Institute. The loss of business due to customer turnover and reputational damage has significantly contributed to this cost. 

Marketers should remember that when customers fill out forms or respond to surveys, they trust that the company will not misuse their information and implement measures to safeguard their data.

As threat actors are finding more leverage to compromise company networks, and as consumers are increasingly holding companies accountable for protecting their data, chief marketers need to look at cyber security as a shared responsibility with IT leaders and as a key component of all their marketing efforts.

Here are some of the ways companies can protect consumer data:

  1. Utilise user access management tools to monitor access permission to customer data. Most breaches have been carried out through unauthorised users gaining access to a network or valid users escalating access levels. With access management tools, companies can help ensure that only the right person at the right time have access to sensitive networks and data.
  2. Implement integrated security solutions at every stage of the consumer's journey. Cyberattacks can occur at any point in the consumer's journey - from brand discovery to account sign up, from browsing to adding to cart, through checkout. Each of these steps is the possible entry point for bad actors, which underscores the importance of building security into the entire customer experience.
  3. Train and educate employees on how to safeguard customer data. With cybercriminals targeting employees working from home, cyber hygiene such as using strong passwords, keeping work and personal accounts separate, and being mindful of phishing attempts, should be reinforced and highlighted to employees. Exposure of customer data due to poor cyber security practices is one of the largest risks to data privacy. Thus, everyone in the company must be reminded to do their share in upholding cyber security to protect their customers’ data.
  4. Adhere to existing data protection and data privacy laws as these regulations provide the framework to help businesses safeguard their customer data. In several countries, Personal Data Protection Acts (PDPA) have been enabled and enforced for the protection of personal data, as well as acknowledging the rights and obligations of the stakeholders involved.

Furthermore, to establish consistent enforcement of security measures across the entire attack surface, marketing companies can deploy additional protection such as web application firewalls, anti-malware solutions, as well as intrusion and detection capabilities. These additional security solutions are integrated into a high-performing cybersecurity platform with an open ecosystem that spans the extended digital attack surface.

By leveraging automation, proactive threat intelligence, and high-performance firewalls – all under a unified platform – marketing teams achieve end-to-end visibility across the organisation's digital environment without impacting network performance. As a result, marketing companies can truly establish themselves as effective, secure and trusted partners in this competitive industry.

Rashish Pandey is the Vice President, Marketing, Asia at Fortinet