As marketers, our goal is to help our organizations grow by building brand visibility, generating leads and creating loyal customers. Unfortunately, many tasks that are routine in the life of a marketer also make us (and our organizations) vulnerable to cybersecurity threats.
With major data breaches at Facebook, Equifax and Verizon dominating the headlines, safeguarding consumer data is top of mind for companies big and small alike. While some might think that small businesses would be less of a target for cyberattacks, the data paints a different picture.
Cyberattacks on small businesses increased 424% in 2018, and according to Verizon’s 2019 Data Breach Investigation Report, 43% of all data breach attacks today target small businesses. With the average cost of a cyberattack running roughly $3 million dollars (including the loss of data, system outages, non-compliance fines, downtime and potential lawsuits), staying ahead of cyber threats can make or break an organization.
In addition to a hefty financial toll, organizations often pay a huge price when it comes to consumer trust and damage to brand reputation. Fortunately, there are steps marketers and other small business stakeholders can take to safeguard organizations against the danger of cyber threats.
Start with a Firewall
Think of a firewall as a protective barrier between your computer and the internet. Firewalls read and analyze incoming and outgoing data and block a slew of threats including malware and outside attempts to access or control your computer. While a hardware firewall protects the entire network from external threats, they aren’t perfect. That’s why it’s important to also layer on software firewalls for individual computers as part of your cybersecurity strategy. That way, if a colleague clicks on a link containing a virus, it won’t infect other computers in your network.
Invest in Anti-Malware (and Keep it Updated)
Install a company-wide solution that includes protection against viruses, spyware, rootkits and ransomware. Some of the top picks for small businesses are Bitdefender’s Endpoint Security, Trend Micro’s Office Scan, and Panda Security’s Endpoint Protection, but there are also many free options available. Since vendors regularly offer patches and upgrades to improve functionality and fix security gaps, make sure to configure your software to install updates automatically.
Forget What You Know About Password Safety
“One of the simplest and most effective means organizations can implement to ensure the security of their data is to follow password best practices. However, these have changed quite a bit in recent years. In 2019, The National Institute of Standards and Technology (NIST), released a new set of guidelines for password security with a few noteworthy changes.
NIST’s recommendations depart from the commonly held principle that passwords should be highly complex and changed on a regular basis. NIST argued that these requirements led to poor password behavior in the long run, such as employees storing complex passwords somewhere insecure, or following a predictable pattern like adding a “1” to an old password. The new guidelines instead propose that employers do away with password complexity requirements and expirations, but do suggest screening of new passwords against lists of commonly used and compromised passwords.”
As the team members who maintain information on potential leads and customers in company CRMs, manage social media accounts and employ a variety of third-party technologies, marketers are frequently on the front lines of managing large consumer data sets. Marketers can help keep their organizations secure by taking a proactive approach to identifying vulnerabilities related to marketing data and collaborating with IT and other departments to minimize these risks.
Marketing teams can also play a vital role in getting all staff up to speed and on board with cybersecurity best practices. Some organizations play to the strength of their marketers’ messaging expertise by appointing them as “cybersecurity champions” and entrusting them with employee education. A strong cybersecurity education program begins at employee onboarding, includes ongoing training, evaluation, phishing simulations, and accounts for all possible scenarios, for instance, when employees access information on mobile or personal devices.
When it comes to cybersecurity, taking a proactive approach is a lot more effective than stepping in for damage control after a hack has occurred. Ensuring that cybersecurity is a part of your small business’s day-to-day operations is the best defense against cyber threats and is much more likely to save you money and preserve your brand’s reputation in the long run.