Cybersecurity risks, broadly speaking, for businesses are generally twofold. One, your access to your digital channels may be compromised. Second, your customer data may be breached or poached. Globally, a data breach costs businesses about $3.86 million (in the US, the average jumps up to $8M).
Given the significant financial consequences as well as the very public nature of these scandals, all digital strategies should give cybersecurity a serious consideration as part of the planning as well as execution.
These are leading to sensitive customer data (payment data, especially) being breached, and scams infecting email marketing strategies.
Carefully considering cybersecurity risks associated with each channel is critical. It’s also important that you have a cohesive and integrated approach to cybersecurity across all your digital efforts with consistent principles.
Here are three ways to strengthen your defense against bad actors.
Managing Internal Access Better
60% of cyberattacks are done in-house by mostly malicious actors. There is also a small % inadvertent ones who made mistakes. Especially as an organization gets larger, they often get lazy about building and enforcing access principles. Who should have access to the tool at all? Who should have the right to create vs. post vs. edit vs. download? How do we know if it’s them logging in?
Few simple controls such as separating access between content creation vs. reviewing content prior to posting could be helpful. Also, limiting content to projects (‘read-only’ for non-active project contributors) or making employees change passwords often are all easy to implement that could make a significant difference in the safety of your data.
It also should be noted that educating employees in cybersecurity should be a priority as well. The more employees understand the consequences of potential human mistakes or malicious attacks, the more they’ll be careful about how they operate day-to-day. There are easy online courses that businesses can offer to each key employee to help them become a cybersecurity expert.
Intentional Digital Environment Policies Including Encryption
It is nearly impossible now to manage your marketing content without a CMS. You often have a large number of people with access who can create, edit, and post external-facing content on business’ behalf. However, hackers are often very knowledgeable about the commonly used CMS, such as WordPress.
90% of the hacked CMS sites in 2018 were on WordPress. According to a recent report, most of the vulnerabilities were due to add-ons and plugins that businesses often sign up to customize their sites.
There must be policies in place around how to deploy new add-ons when making changes to the development environment.
Similarly, if you use an external CRM software which houses all customer data (including payment data), you need to pay extra attention to how those data are saved and accessed. By encrypting the data and strictly limiting how much each permission employee can see will not only save you from detrimental data loss but also from a potentially giant sum of fine (i.e., GDPR violation). Dixons Carphone, the biggest electrical and mobile phone retailer in the UK, got handed a £400,000 fine in 2015. The fine followed a cyber attack which compromised personal data of over 3 million customers and one thousand employees.
It’s a costly mistake.
Cloud and data architecture service providers such as Amazon and MongoDB are now providing field-level encryption. It allows businesses to further protect highly sensitive data by making decryption more difficult for attackers. Investment into stronger encryption will protect the business from multi-million dollar lawsuits and fines. These could be a result of a data breach, as well as deterioration of customer trust in the brand.
According to one research, 89% of customers expect the retailers they shop to implement the latest financial safety technologies and keep their payment data secure. Customers finding out that your brand hasn’t met their expectations regarding their data security would be devastating to brand perception and loyalty.
Fight Against Non-Human Threats
Bots constitute over half of the web traffic. They are often malicious actors who are trying to scrape data off your sites, overload your channels with spam, or spy on your functions.
Thus, having botnet detection tools is critical to thwarting automated and intelligent attempts to breach your security. Simple CAPTCHA tests are also common barriers that would eliminate a huge portion of these bots.
You should also have a team dedicated to creating a ‘trap’ so that these bots can falsely infiltrate your walls. Obtaining unique signatures of these bots that could help you identify them going forward to block their access.
Vigilance is the key here.