A couple of major online brands have had to send communications informing users that their data had been comprised, and in one instance it has been confirmed it was a breach at their email marketing service provider.
This is going to happen more
Due to SPAM filters becoming more and more sophisticated it’s becoming less effective to just create emails to SPAM (marc@ marcus@ mark@ etc) so those pesky spammers are turning to hacking to get hold of email addresses.
The value of email databases is often underestimated by marketers, spammers on the other hand know the value and aren’t afraid to “monetise it”.
Email marketing service providers have to have robust infrastructure, as does any organisation which handles customer data, that said no system is 100% hacker proof, so this will happen more.
What you need to do about it
Be as secure as you can, you may think that this is an IT thing but trust me if you have a breach you’ll be in the meeting when it’s discussed what else could have been done to avoid it. This isn’t a post on security but a couple of things you should consider are:
I’ve lost count of the number of clients who have asked very detailed questions about our security then when asked how they upload data we get the response: “Well the developer emails it to me”.
Email in itself shouldn’t be considered a secure method for sending data but the real trouble is that you now have two copies of your data on peoples' desktop, this multiplies very quickly when you have a large marketing team. It only takes one disgruntled employee with a USB key to cause you a lot of headaches.
Integrating your system removes these copies lying around and increases the level of sophistication required to get hold of your data.
Do your due diligence
Where is your data being stored, again we get asked this a lot. The fact is that it doesn’t really make a difference which hosting centre you are in, it’s how you set the machines up which defines how secure your data is.
I’m not expecting you to get familiar with firewall protocols or anything just get a list of questions that your IT guys would ask and discount anyone who doesn’t qualify, no matter how slick the sales pitch.
You as the purchasers can change the market, the second a sales person losses a deal because their company isn’t tight enough on security, you can bet it will be a hot topic at the next board meeting.
But what if you still get hacked?
Communicate quickly, spammers aren’t going to wait four months before sending out their phishing emails, so the minute you have a situation get a communication out so your customers can be on the lookout as soon as they are at risk.
We’re all humans and we all know that sometimes stuff just goes wrong, letting your clients know what happened, what the impact was, and REALLY IMPORTANTLY let them know what YOU are going to do about it.
Make it come from the top, genuinely
Get the guy or girl in the big chair to write the email, you give him the facts and make sure he sees the replies, if possible responding to them personally is sending out the right message.
Don’t play the blame game. You were the company that shared their details, not the contractor. There are plenty of tweets which support this view:
At the end of the day (it gets dark) but also people will judge you on how you respond to these issues not on the occurrence of the issue itself, so be quick be honest then make sure it doesn’t happen again.