Q&A: Why Cybersecurity for Marketing Is Vital for SMBs
Cybersecurity and marketing may not seem like the most natural bedfellows, but it’s becoming more apparent every year that safeguarding the data that your marketing uses is essential for any business, regardless of size.
Falling foul of a data breach can cause irreparable harm to your business, and torpedo your marketing efforts by undermining trust in your brand with customers.
With cybersecurity high on the agenda for 2020, 2021 appears to be heading in much the same direction, and security is sure to be a key consideration for SMBs this year too.
We sat down with Jamie Judkins, ES99’s Vice President of Sales, and Cory Zwickel, Impact’s Indianapolis MIT District Manager, to talk about cybersecurity as it pertains to SMB marketing—what the current environment looks like, what businesses are getting right and wrong, and what direction we’re heading in. Take a look!
How would you describe the current landscape of marketing security?
Jamie Judkins: Current MarTech solutions are becoming increasingly robust with more and more capabilities and technical functions (think of your CRM [customer relationship management tool]), so as far as marketing goes, the landscape for technology is very positive. Then it’s a matter of protecting the data that we use, and that’s where I feel the industry is playing catchup.
Cory Zwickel: With the ever-expanding reach of marketing technology, security has to be increased moving forward. Generally, there are multiple organizations and individuals who access and manage marketing systems, which increases the number of ways the bad actors can gain access to marketing systems. The current landscape of security is limited in this sense, but there are technologies out there to immediately increase some of these vulnerabilities.
How would you describe the preparedness of SMBs as regards marketing security?
JJ: Very low. We must start doing a better job of bridging the gap between marketing software and security and technology. SMBs I work with on a daily basis fall short in two areas. Firstly, they simply underestimate the power of marketing technology for their campaigns, Secondly, they do not understand how to protect it and manage it safely, if at all.
CZ: I would absolutely agree that the preparedness is very low, in my opinion this is due to the willingness of most people to admit that they are a target of some type of attack. The truth is in this day and age, everybody is susceptible. This goes for both the SMBs and their partners; we all need to be able to take the step of acknowledging this fact which leads to businesses and individuals getting up to speed in their preparedness.
Why is it important for marketers to ensure the data they handle is protected?
JJ: This isn’t speculative—cybersecurity attacks to SMBs alone are up over 400% this year, and an average SMB could not survive a bad data breach. Many people think of the “obvious” stuff like their computers and hard drives and servers and emails, but security issues are happening all over, wherever data is dispersed or collected, including marketing. Your CRM can be hacked, a cybercriminal can use social engineering to manipulate people on social media—that’s part of why I feel this topic is so vital for us to be having right now.
CZ: Data is the number one target of bad actors—without data there is no leverage for financial gain. Most SMBs invest in protecting the data “behind their four walls,” but what happens to a business if the data they use to communicate with and gain more customers is compromised? This is why it’s important to protect data in your business, wherever it may be.
What are the most prominent attack vectors that businesses should be aware of?
JJ: Social engineering is one of the most prominent issues to be aware of in marketing. This is a cyber criminal attempting to access valuable information by tricking victims into handing over their data. A huge percentage of people use the same username and password for their email, bank accounts, social media, etc, so once they have one, they often have them all. This is a huge issue for SMBs right now, and cyber criminals are targeting them more than ever.
CZ: I 100% agree with Jamie that social engineering is the largest threat to SMBs when it comes to marketing security. As Jamie pointed out the ability to get your customers to give their personal information away would be, in some cases, an event that most SMBs would not recover from. If we are looking at it from a pure marketing standpoint, the ability for a bad actor to gain access to your marketing channels allows them to deliver a message to your customer base, both active and future, that could permanently change the way a business is perceived in the public space. The loss of trust leads to the loss of current customers and the inability to gain new customers because your reputation is tainted.
I already have a firewall, so I’m good, right?
JJ: If we’re still in 2002! In all honesty, a lot of this comes down to how much we want to decide to live in blissful ignorance or decide to deal with and prepare for reality. If we can admit and agree upon, as statistics are increasingly showing, that anxieties about security in 2021 are valid, then we can make some progress. The question is, are we protecting our marketing data in a way that keeps up with the threat? It’s just so easy to keep heads in the sand until you feel the burn of a fire snapping at your leg, but you don’t want to pull your head out and find it’s too late to escape the fire!
CZ: Modern firewalls are great and if configured, updated, and managed properly will protect data that lives behind it, but what about the data that lives outside the purview of the firewall? If you are basing your home security on the fact that you have locks on your doors and windows, wouldn’t we say that you are missing a large part of protecting your home? Now and in the future data increasingly lives outside of our networks and the ability to track and secure this data takes more than just a firewall, but it is a good start!
How have customer expectations changed as regards data security? How does this relate to my marketing efforts?
CZ: I think most people are initially hesitant to change, but what seems to be universal currently is a change in mindset around your data in the world. People have generally been perfectly fine with agreeing to share their data with platforms; especially when it comes to social media, and have no problem skimming the terms and conditions before agreeing. But there has been a shift by this user base into wanting to ensure the security of their data and knowing how it is being used by their partners. The shift moving forward that I would see is an increase in SMBs in proactively providing the security details around the housing and usage of the data they are consuming, which leads to the need to increase all security measures within an organization as the interconnection between systems and data continues to grow.
Okay, I get it, security in marketing is important, but my business isn’t that big, so they wouldn’t attack me, right?
JJ: Data security is like insurance; you don’t need it until you do. I have talked to so many businesses who say that they’ve never been breached. It’s also those same businesses that tell me, as a small, aerospace gears manufacturer, where 5 clients make up 80% of their business, that if their data was breached, they’d lose all 5 of those clients because it would be a major red flag, and they have other vendors they can use. That is the reality most SMBs have to contend with.
CZ: This is always an interesting thing to hear from SMBs. The idea that the size of the organization determines if you will be a target is a very old school mentality to hold. SMB leadership need to start thinking the way that the bad actors think which is all data has a value, whether that value be millions or thousands of dollars. The better way to look at this is the easier it is to gain access the more valuable the data, meaning if a bad actor can easily gain access to 10 companies and make $100,000 dollars each or struggle to access 1 company for $1 million dollars, they will take the easier route to make their money. Cyber criminals always look for the path of least resistance.
What do you consider the biggest mistakes business owners make when it comes to marketing security?
JJ: Not treating it like regular “data” in their business. For some reason, many people skip over thinking to leverage and protect their marketing data in ways that are most meaningful for business growth.
CZ: To expand on what Jamie said I think it is increasingly important for SMBs to understand who has access to their marketing systems and data. But also, to what level they have access, the old saying “too many cooks in the kitchen” comes to mind; only I would say rather than the product being negatively affected this leads to too many ways for bad actors to get into the kitchen
What steps can I take to ensure my marketing security is up to standard?
JJ: First of all, you can’t do anything with what you aren’t familiar with. Do you know all the areas that data is collected or pushed out regarding marketing? I would encourage the first step to be a full audit of understanding where and how you’re collecting and pushing out data. I think many business owners and executives would be alarmed to find how many areas that are “out there” and unprotected or not being leveraged to their best advantage.
CZ: This a great point—understanding what and how data is accessed must be the first step in getting security guidelines in place. From a basic auditing standpoint, I would say ensuring that the proper certificates, registrars, and hosts are not only in place, but reviewed on an annual basis. Once you have a handle on how data is accessed the next step needs to be documenting who has access and to what level their access is granted. Employees themselves are the largest threat to an SMBs security posture from a social engineering standpoint, so making sure leadership and executives have an understanding of the user security settings goes a long way in developing their security standards.
What’s your outlook on marketing security as it relates to SMBs going forward?
JJ: We always see a nuanced trickle-down effect of what big businesses are adapting eventually reaching a model that makes sense for SMBs. Big businesses understand how to monetize and protect their marketing data. This is just starting to become a priority to most SMB executives and owners. I believe the outlook will continue to be that it is slightly misunderstood to those that it should matter most to, but that these executives know it’s important. Because of that, I’d recommend that SMBs at least start the conversation on what this may mean for your business yesterday, today, or tomorrow. This isn’t going away, and the longer we keep our heads in the sand, the more at risk we will be.
CZ: From the IT side of things, security has become an active conversation with business systems and data, I think that including the data used and collected through marketing will join this conversation. Like I have said previously, it is all about education and the more SMB leadership is willing to look outside of their four walls for insights into security the more it will be a part of the conversation. The days of set it and forget it security across all aspects of a business are behind us, and those that change with the times will be in a position to properly protect their customers’ data and themselves for the long haul.
Subscribe to our blog to receive more insights into business technology and stay up to date with marketing, cybersecurity, and other tech news and trends (don’t worry, we won’t pester you).