We’ve all seen the scary headlines. Network security breaches at trusted brands have become a regular occurrence. Every business will be breached at some point in time. Including yours.
As a marketer, you may think that network security is not your responsibility. However, according to Gartner research, technology is now the single largest category of marketing expense budgets. And with increased martech spend comes increased responsibility.
Fortunately, there are many systems and approaches you can implement to mitigate that risk.
Adopt a layered approach to security
With any breach, the period of exposure is critical. You must aim to quickly close down the window of opportunity for hackers. But with so many different possible access points in a network this is not always easy.
One common approach to reducing exposure is called defense in depth. This means that your security systems are layered so that hackers have to breach multiple systems in order to get to valuable data. Think of this like castle, moat, and drawbridge defenses. Each layer works independently to slow down or stop attackers before they can get to your crown jewels – i.e. customer data.
There are lots of different monitoring and security checkpoints you can use for defense in depth. Here are some common ones to consider:
Is the password protected so it can’t be shared?
Do you use two-factor authentication?
Did someone log into a system they never usually use?
The more checkpoints you have to detect anomalous behavior, the more you narrow the window of exposure. Each checkpoint is an opportunity to block access and stop potential thieves.
The power of encryption
While defense in depth is a good approach to security, it is not perfect.
Imagine an organized attacker who could sneak past layers of security through a "low & slow" attack, which is hard to detect as it looks like normal behavior. The attacker has breached your inner sanctum and opens the treasure chest that contains your most valuable data. However, when they open it, all they find is a bunch of numbers or gibberish that has no value.
This is the power of encryption. It protects data even when all the surrounding security systems fail. Encrypted data is incomprehensible without a key to decrypt it. Breaking the encryption would take more computing power than most people will ever have access to.
While your network might be breached, your data is not. This is crucial. There will always be network breaches, but a data breach is much more serious. The recently enacted GDPR (General Data Protection Regulation) means you can face massive fines for data breaches.
Encryption is effectively your get-out-of-jail-free card – if you’ve had a network breach but your data was encrypted, you and your CIO can sleep soundly at night.
If you want to protect data to the highest standard and encrypt a database, your campaigns won’t deploy quite as fast. On the other hand, if you protect data better than your competitors, that might be a unique selling point.
The cost of encryption
So why don’t we all use encryption as a standard practice? While some businesses are better at it than others, there’s also a risk/reward calculation involved.
For example when you send an email campaign using encryption, you will have to decrypt on the fly. While there are ongoing advancements in the data encryption field, which speed up the process of encryption and decryption, there’s still a time (and therefore cost) implication.
Marketers need to work with martech vendors to balance the value of data security against the ideal speed for campaign transmission. If you want to protect data to the highest standard and encrypt a database, your campaigns won’t deploy quite as fast. On the other hand, if you protect data better than your competitors, that might be a unique selling point.
In addition, encryption means different things to different people. Here are several questions to consider:
Once the data is decrypted, how long does it stay decrypted and in what format?
Where precisely does it get decrypted before it hits your campaign?
You might encrypt your storage data and archived data – but what about real-time data within apps?
Marketers have a lot to learn about data security. However, you’re not in this alone. Understanding these concerns is another great reason to befriend your security team. Also, ask your martech vendor what they are doing to protect your data. As a service provider, we work diligently with our clients to help improve their data management and compliance.
Jill Knesek is the Chief Security Officer (CSO) for Cheetah Digital, where she is responsible for providing enterprise-wide leadership in developing, planning, coordinating, administering, managing, staffing, and supervising all aspects of information security. This includes developing a world-class security framework for clients and the business as a whole, as well as security governance, policy development, security training and awareness, and security project portfolio development. She has more than 25 years of experience in cybersecurity, working in both internal and client-facing roles. She served as a Special Agent for the FBI, assigned to the Cyber Crime Squad in the Los Angeles field office and was the case agent for several high-profile cases, including the infamous Kevin Mitnick and Mafiaboy investigations. Prior to joining Cheetah Digital, Jill worked as the CISO for Mattel and BT Global Services. She is a frequent industry speaker, has written and published several articles, and has been recognized a number of times for her service to the security industry; notable awards include "The Chief Information Security Officer 100 2017" and the "Top 10 Women in Cybersecurity".