Lately, everything is either online or requires you to do something online. However, our reliance on tech invites a new question: Is it all secure? With online campaigns booming, marketers are stressing themselves out about it. So, we asked all the important questions about cybersecurity in marketing.
We have all heard horror stories about cybersecurity fails. Whenever it happens, it becomes a major talking point on either the news or social media.
Marketers find themselves in a unique position. Their jobs used to be all about billboards and print ads. They kept their client information in a locked cabinet and their contacts in a rolodex. I might be exaggerating, but you get the idea.
Now, information is stored in clouds and every campaign needs to have some sort of online component if you want it to be successful.
All of this opens the door to cybersecurity risks — risks that marketers cannot afford and definitely shouldn't ignore.
That is why Alrika Möller from media update spoke to Jaya Baloo, the cybersecurity expert for the 2024 SingularityU South Africa Summit.
How does cybersecurity impact a company's brand and reputation?
You might have seen that recently there was an outage of a cybersecurity company that caused ripple effects across the entire planet. Then every time you turned CNN on, you saw that company's name next to the word "outage". That is not a great PR look.
That had a very direct impact on a company that actually provides cybersecurity, but imagine what happens to companies that are the victims of ransomware!
There are now going to be increasing disclosure laws and regulations that require companies to disclose when they have been a victim of a hack. This is already the case in the United States, where you have to file a 10K report to the Securities and Exchange Commission when you are a listed company and you have had a security breach. This is also the case in Europe.
I think that this will slowly become the case, globally, across the world, where you'll need to make it known when you have had a cyber-security breach. You cannot just "pave" your way out after an incident occurs. You need to actually start investing before it happens in order to take solid preventative actions.
When it comes to a brand's reputation, consumers will ask how they can trust someone to be the custodian of their data, to provide them [with] a service, or to give them goods if they do not know how to take care of themselves in terms of security.
This is going to be the foundational duty of care expectation that customers of enterprises will apply to companies they buy from.
Therefore, cybersecurity will increasingly become a "license-to-operate" requirement. So you won't have a license to operate if you don't do cybersecurity well. People are not very forgiving of companies that have had a transgression by being hacked unless it is something that was beyond their control; even so, they have a very low tolerance for those things.
If an attack happens, this affects your reputation. Often, the tactics used by the most advanced attackers don't differ significantly from those used by the 15-year-old kid down the street.
They sometimes use similar tactics and tools, and being revealed as vulnerable still begs the question, how well prepared were you, really?
What are key cybersecurity threats that marketers should be aware of?
Part of brand and reputation management means that you should look out for a brand's spoofing. There are so many cybercriminals who want to take a trusted brand and [make it] look like their attacks are coming from them. If you look carefully, you will see that a lot of phishing attacks try to impersonate strong brands.
This is why, in order to protect your brands and reputation, you must employ measures to prevent spoofing of e-mail addresses by running protocols called:
-
DMARC (Domain-based Message Authentication, Reporting and Conformance)
-
SPF (Sender Policy Framework), and
-
DKIM (DomainKeys Identified Mail).
That is just to protect e-mail so that no one else can impersonate brands by purporting to be them.
Also, if you look online (if you are working at a telecom, for example), and you go hunt the use of your brand, you will find that there may be many other companies globally that have the same look and feel as your website — and are now offering iPhones for significantly lower prices, for instance; it is just a scam.
Being a trusted brand actually brings about an attraction to hackers to try to impersonate you in order to get to their victims.
It is important to be aware of this, as scams that you may have thought were originally out of your control — and not your responsibility — suddenly do become part of your responsibility because they have such a strong brand impact. You need to be extra vigilant in order to protect those brands.
What essential cybersecurity measures should marketing agencies implement to protect their intellectual property?
It is really important to use encryption for intellectual property protection. That sounds difficult, but believe me, it is not. If you have ever used a tool called Signal, which is on your phone, instead of WhatsApp, you are using encryption. When you use WhatsApp, you are using encryption.
I think it is important to use watermarking techniques. If you have logos, it should be kind of just as easy to use cryptography to do that. We need to think about applying measures and secure storage consistently across all of our intellectual assets in order to actually afford us the intellectual protection that encryption gives us.
How can marketing companies identify and mitigate cybersecurity risks in their digital campaigns?
This depends on how those campaigns are being afforded. I think one of the biggest concerns that I would have if I were running a digital campaign is this: Can it be manipulated? Can it be taken by someone else?
I am thinking very specifically.
Of course, my mind is now in election mode with everything happening in the United States around the election. So, for example, one of the biggest concerns I would have is around election campaigns specifically and those kinds of campaigns. How can your digital assets or digital communications be used or misused by a party that would be opposing you or a competitor?
There are quite a few things that you can think about doing in order to protect against that.
What are fundamental cybersecurity practices that all creatives in the media industry should adopt?
Make sure you have secure platforms and secure applications, and make sure you're using an antivirus, etcetera. Keep your software and your apps up to date, always. It is the basics.
Get the basics right!
How can media companies educate their employees about cybersecurity to ensure a safe working environment?
I think media companies are wonderfully poised to do this.
For the first time earlier this year, instead of getting training that we bought online, we made our own cybersecurity training just for inside our company. We used corporate executives from all across the company, and all over the world, to deliver different parts of our security training.
Everything from how you should do physical security to how you do corporate security, [as well as] managing your machine and what is allowed and what is not allowed in terms of software.
I'm a big fan of employing your own corporate assets in terms of people towards providing your training because I think that delivers the best and most authentic message!
How can marketers integrate cybersecurity into their brand strategy to help build trust with their audience?
That’s a great question. I have worked on marketing campaigns that have very specifically included cybersecurity because it was a cybersecurity company. So that was very natural, but I don't think that there should be some sort of artificial integration unless there is a tagline.
Like maybe, they are doing a marketing campaign to ask users for information, maybe to already say your data is protected. [For example,] if they're collecting data from consumers, they talk about how they do the data protection and that they're not just collecting random information to put it on some random query site, [but] that they talk very thoughtfully about whatever data they're collecting and how long they're using it.
Always provide users with an explanation of your privacy practices. Ask for cookies and specify if you are using trackers for tracking behaviour online. Show that your brand has policies that are privacy and security-minded when you do your work.
I think it speaks volumes about trusting or not trusting these marketers.
The most important thing is to communicate, communicate and communicate some more about what you are doing. If you want your audience to trust you, tell them what you are doing to keep them and their personal information safe.
What role does data protection play in enhancing consumer confidence in a brand?
There are a couple of things here. Customers are very concerned about their privacy. So make sure that they know what you are doing from a data protection perspective, and be communicative. We need to be super explicit about how data is collected, stored and used, always, and for everything.
There must be explicit consent, such as an opt-in (not an opt-out) model. You do not want customers to wander, for example, "I hope they are doing it this way". No, no, no: They should feel assured that they know what you are doing with their data and how you are keeping your brand environment safe.
It must always be consent-driven, more than anything else. The user should be completely in control of the data they share and for which purposes it is being used.
What steps should agencies take to secure clients' data during marketing projects?
The first thing is secure storage. If you're collecting the data, make sure that you collect it securely and then that you store it securely — not in some random open AWS bucket.
When you then subsequently use it, and you're sharing it with sub-data processors, you should have super clear guidelines about how it is being shared and for what purpose, etcetera, and explicitly list those data providers. Constantly review your processes to ensure that you have all measures in place.
How can marketing firms stay up-to-date with the latest cybersecurity trends and threats?
Honestly, I think here it is a question of doing what you do best and keeping to what you do best. I do not think marketing firms should do this on their own. They need to work with partners in cybersecurity that can help them with expertise and specialised resources.
Collaborate with cybersecurity partners who are experts in what they do, so that you can benefit from their skills. Find a strong cybersecurity partner locally — preferably one that you can work with in order to stay up-to-date with cybersecurity trends and threats — and ensure that you have measures in place to mitigate against these.
Did you enjoy this Q&A? Let us know your thoughts in the comments section below.
*Image courtesy of Canva