As a security professional, risk is something I do my best to calculate and minimize. But the reality is, it can never be completely eliminated and should never be ignored.
In security circles, the word risk has a very specific definition. So, before we get into the details of specific risks, it’s important to know what risk actually means when it comes to data security.
Risk is what happens when threats (i.e., all the things that could go wrong) meet your system’s vulnerabilities (i.e., gaps in your system’s security). Simple enough, right? When the threats and vulnerabilities combine to create risk, “threat actors” (hackers, malware, or just unaware employees) can either intentionally or unknowingly sneak in through those gaps. Ultimately, the top risks companies face boil down to data, data, and (you guessed it) data.
As marketers, it’s your responsibility to minimize those risks as much as possible. The first step toward preparing for those risks is to identify their sources. These can vary significantly, but some of the most common include:
1. Excessive data privileges
Part of the onboarding process for any new employee is giving them access to the files and business information they need to carry out their day-to-day work. For the sake of convenience, many companies have one blanket set of permissions, which often includes far more access than many employees will need. Each of these access points presents a gap in your system (i.e., a vulnerability).
The solution is simple: have an access plan. System administrators should have established tiers of access that can be applied as needed. The plan should also include processes for when a person leaves your company to ensure access to all systems and programs is removed. And make sure your data owners regularly review who has access to what and make changes to access privileges when necessary.
2. Abuse of data access
Even with the correct privileges in place, instances still occur where an employee either does something they shouldn’t or doesn’t do something they should to protect confidential information. The result? Compromised data. Whether intentional or unintentional, this abuse of data access can have serious repercussions.
Intentional abuse of access can be difficult to prevent, but you can mitigate unintentional abuses with proper and regular security training. Communicating the severity of data loss and what needs to be done to prevent it goes a long way toward ensuring that security is a priority across your organization — and that everyone is held accountable for doing their part. Educating employees on even the basics of data security (i.e., updating passwords at least every 90 days), paired with company-wide best practices, can have a huge impact in keeping data locked down.
3. Mismanaged (and unmanaged) sensitive data
A third risk stems from mismanagement of various levels of data. Again, for simplicity’s sake, organizations may use just one overarching approach to customer and company data protection. But not all data is created equal. A customer’s email address is not as sensitive as their Social Security number, which isn’t as sensitive as their credit card number. Each should be treated with different levels of security.
While marketing data can live in your customer engagement platform, more confidential customer information should be more securely protected via password, the appropriate amount of encryption, and multi-factor authentication. All of these add additional layers of protection for your most sensitive data.
When you understand the potential risks to your data security, you can better measure risk, create a security plan, and prevent potential security crises. With this ability, you can avoid the potential financial, time, and the reputational impact these risks can create if they do occur.
Keep security a priority within your marketing platform by making sure the vendors you partner with see it as essential and not an afterthought. With all stakeholders on board, you can have peace of mind knowing your data is in good hands. To learn more about how Cheetah Digital makes security a priority from the start contact us here.
Patrick Benoit is the Deputy Chief Information Security Officer for Cheetah Digital. He previously served as an Executive Business Partner for Experian, Client Delivery Executive for Dell Services, and an IT Director after selling his business, a Dallas-based business and technology consulting firm, which he founded in 1992.