In today’s world, marketers must capitalize on customer data to provide personalized experiences. And the only thing more vital than the collection and activation of that data? It's security.
Customers expect you to protect the data they’ve shared and maintaining that trust is critical to marketing success. That means you need a marketing platform that doesn’t treat security as an add-on. You need a marketing platform — and partner — that approaches security as a priority.
To ensure the technology you use values security as much as you do, it’s essential you ask the right questions. Start here:
1. How do you assess risk?
If a vendor doesn’t have an immediate answer to this question, consider it a huge red flag. In general, security risks stem from threats (the potential dangers to your data) and vulnerabilities (the flaws in your operations and/or programs that could allow threats to become real). While no risk (large or small) is welcome, it’s important to note that some have a greater impact than others.
The vendor you choose should perform regular risk audits and assessments. A risk assessment takes into consideration potential qualitative and quantitative effects, including harm to your brand’s reputation, financial impact, and time lost to resolve the issue. The greater the risk, the more resources the vendor should allocate to it.
2. How do you manage your own data?
One of the biggest indicators as to whether a marketing platform prioritizes security is how it handles its internal data. A solid platform vendor will have the technical defenses in place you expect for your data (detailed in the next question), as well as internal security training to educate employees on expectations for managing sensitive information.
Most importantly, the right vendor will be able to clearly communicate the security protocols and measures they have in place. They will understand how important data security is to your brand and take whatever steps necessary to prove their internal data is protected with the same care yours will be.
3. What are your defensive layers?
It’s not enough for a vendor to just say they have security measures in place; they need to show you specifically how they will guard your data. A layered defense, which should include firewalls and servers that check for malware and viruses, puts various measures (or layers) in place to keep data secure. No single method on its own can fully protect data. And while it’s impossible to have 100% security, these layers get you closer to it.
At the most basic level, the platform should include access control, like role-based authorization. Users should only have access to the information essential to carry out the responsibilities of their job. Marketing solutions should have their own layers built within the program and allow for you to integrate your own.
Pro tip: When you’re talking layers, listen for words like multi-factor authentication and encryption.
- Multi-factor authentication: In addition to a username and password, this requires another verification step. Look for a platform that has an automated password reset feature, which requires all users to change their password every several months.
- Encryption: Simply put, encryption translates information into a scrambled code, which can only be opened and accessed by those with the associated decryption key. At a minimum, the marketing platform you select should offer encryption at rest (e.g., when data is sitting on a hard drive) and in transit (when data is moved to a third-party location outside of your company).
4. When does security come into play during implementation?
If they’re not talking security with you from the start, beware. Data security is a serious issue for companies today and should be treated as such by the vendor you select. It should not be “bolted on” as an afterthought. Security and privacy should be baked into the program.
Executive involvement in the security process is also a testament to a vendor’s priorities. With their years of experience and knowledge, security leaders truly understand the value of data protection to an organization’s overall success. They should be present for initial conversations and available to engage with any questions or concerns moving forward.
The threat of data breaches is real and can do serious damage to any business. You know how important it is to secure your customers’ personal information. That’s why the marketing platform you choose needs to give security the respect it deserves. Asking the right questions before you sign on the dotted line can help ensure your customer data is protected by your brand and the tools you use.
To learn more about how Cheetah Digital makes security a priority from the start, contact us here.
Patrick Benoit is the Deputy Chief Information Security Officer for Cheetah Digital. He previously served as an Executive Business Partner for Experian, Client Delivery Executive for Dell Services, and an IT Director after selling his business, a Dallas-based business and technology consulting firm, which he founded in 1992.