The recent implementation of General Data Protection Regulation (GDPR) scared a lot of marketers when it came to the collection of data. And you can read our recent blog about the important steps marketers must take to pay attention to the new requirements in Europe.
But while everyone seemed to be talking about disclosures and privacy policies and statements that make data collection very transparent. I began thinking about the storage and safekeeping of all of that data. As a digital marketing director, I know just how much data is being collected about our clients’ customers every day.
I’m elbow deep in that data, analyzing it and squeezing it dry of any possible customer insights that will help me refine a message, improve a click-through rate, generate just one more lead.
Our access to data and the way it can drive our marketing – its beautiful precision is breathtaking. It can also be very scary (and is the main reason that I, even with my passion for data and MarTech, haven’t purchased an Alexa or a Google Home.)
How secure is your marketing intelligence?
What keeps me up at night beyond the piles of available data and numbers dancing in my head is the cybersecurity question (probably the influence of the computer security analyst that is my father). Once I get consent to collect this information, how do I secure it? How do I comply with the requirements to protect the data that I have collected?
This is where you and I need a professional, and I don’t mean a marketing professional. Too often, companies are looking to their marketing teams and agencies to be the guardians of marketing data and then assuming it’s handled. It’s probably not something your IT department is prepared to handle alone either.
A client of ours recently went through a cybersecurity audit. They hired a highly qualified consultant and he reviewed all of their systems. We handle their marketing, so we were on his call list to discuss the security of their marketing systems, and they have a lot of them – about the CRM, marketing automation, website, etc. It was fascinating just to hear the questions.
Thankfully there was no passing or failing outright. The audit is a great opportunity to identify strengths and vulnerabilities so you can build a plan as to what you’ll address, when and with what resources.
The exciting thing was that we had the confidence to answer positively to many of his questions. Yes, we have plans in place for outages, for breaches, for public relations crises. We have redundancies and automated back-ups. We have monitoring and triggers. Most of the data we collect is stored with reputable sources with firewalls and security protocols. Usernames and passwords have appropriate strength and are managed smartly. Is everything perfect? No. There is no perfect in cybersecurity.
But it was heartening to hear that the cybsersecurity consultant was impressed that we’d given some thought to cybersecurity in our development of marketing programs for this client, and for all of our clients, big and small. That it was a consideration when we made choices for a client, and we were following as many best practices as we knew how to.
What was striking was that the consultant said he didn’t believe that many marketers he’s spoken to in the past have that same diligence, and he was surprised we had as much awareness of the topic as we did.
Your marketing team isn’t excused from cybersecurity responsibility
That got us thinking, that many marketers are in the wilderness about cybersecurity. And with the added pressure of GDPR, there is more risk that you will run afoul of regulations requiring the safekeeping of customer data – marketing data.
So yes, when possible, we recommend a professional review and assessment of your systems for cybsersecurity. But does that mean your marketing professionals are absolved from all guilt – absolutely not! That professional will tell you everyone is responsible for cybersecurity. You need to be working with a marketing company that understands more than how to spell cybersecurity.
Here are some great questions you could ask a marketing firm about the cybersecurity of data they generate and collect in the course of marketing your business:
- What’s your general policy about the collection of user/visitor/customer data online? Who’s data is it? Who is responsible for keeping it safe?
- Where is customer identity data housed? A CRM? Marketing Automation? Are there instances where the data is offline in Excel and Word documents? If so, how are those files kept safe from theft and hacking?
- What security protocols do the software packages that you are recommending I use in my marketing have in place to protect customer data?
We, as marketers, have to keep up with the changing world we live in. I want to stress that you shouldn’t expect a cybersecurity expert to be on the other end of a social media post. But you might also expect that she doesn’t have your company’s login credentials tattooed on her forehead. (And since your company page can likely be reached by logging into her personal Facebook account, it really does matter how much care she is using with her passwords.)
An understanding of the greater depth and responsibility that comes with today’s technology-powered marketing is critical in a marketing partner. Consider this when evaluating your marketing team.