Headlines around data breaches have become the new norm in today’s digital age. These kinds of headlines are accompanied by new financial consequences for the breached companies in the form of hefty potential fines for non-compliance and class-action lawsuits for failing to adequately protect consumer data.
Enterprise executives around the world watch such news with great interest, but very few of them have taken the time to turn a critical eye inward on their own companies’ data security practices. But here’s the truth of it: all enterprises that do business and collect data online are vulnerable to the types of security breaches but nearly zero executives have a real understanding of where the greatest risks lie and how they can be prevented.
That needs to change—and fast. As executives sit down with their 2019 budgets, there’s a key concept that needs to be guiding their decision-making for the coming year and beyond: marketing security.
When news breaks around a company’s data breach, the focus of the story is usually that a breach occurred and X number of people were affected. Rarely do reporters delve into the specific vulnerability that allowed the breach to occur in the first place. But if you dig below the surface, you’ll find that breaches happen for a number of reasons — and all of them stem from the fact that proper controls are not in place.
Whenever a company has a third-party technology on its site that it does not control, it introduces a vulnerability in its data security. Breaches can occur through third-party tags, trackers, chat capabilities, social media and advertising technologies, to name just a few.
One common manifestation of a company’s loss of control is unauthorsied third-party tag piggybacking. Tags are small snippets of code that are placed on a website or app to collect data from a digital property. Authorised tags — which might be first-party or third-party — serve a variety of necessary functions on a site, including enablement of logins, taking payment details or collecting PII when registering for a particular service. Tag piggybacking, however, occurs when one third-party tag invokes another. In this way, dozens or even hundreds of tags that the website owner doesn’t know about can be placed on a site. Through these tags, malicious code can be installed on your site or on customer devices, granting access to any personal information users give you.
Third-party technologies can also lead to the leakage of sensitive and PII data to third parties. To do business, digital properties frequently need to pass user information to third parties for marketing or customer service purposes. Data breaches occur when such data is passed without being properly anonymised, or when customer data (including PII) is passed without an enterprise’s knowledge or consent.
The above types of breaches are preventable through the proper implementation of marketing security measures. Unfortunately, most organisations don’t enact such measures until a breach has already occurred and the damage has been done. And make no mistake: Such damage is not limited to fines around regulations like GDPR. Companies that fail to prevent breaches also face weighty losses through class-action lawsuits, not to mention long-term damage in consumer trust and spending.
It’s time for executives to stop merely reading the data breach headlines and pontificating on procedural tweaks and to instead take action to prevent similar devastating incursions into their own data. These days, marketing security is a concept that companies can’t afford to neglect. Protecting an enterprise’s data isn’t just a good idea. A strategic marketing security investment is necessary for the survival of today’s customer-centric organisation.
Interested in hearing industry leaders discuss subjects like this and sharing their experiences and use-cases? Attend the Cyber Security & Cloud Expo World Series with upcoming events in Silicon Valley, London and Amsterdam to learn more.