As the world becomes increasingly digital, marketers everywhere continue to grapple with the thorny issues around digital marketing. Thankfully, the knowledgeable folk from Ubiquity are here to help you navigate the treacherous e-waters. So, every two months we'll be running a Q+A to answer all your burning questions about digital marketing (send topic suggestions to email@example.com). To get the ball rolling, some sage advice on how to ensure the security of your customer information, a topic that’s been getting a bit of press recently thanks to Telecom, AA and others.
Q: There’s been a lot of talk lately about online security breaches with recent examples of both local and international companies having their customer information accessed by unauthorised users. Are there any steps our marketing team can take to protect our business and our customers from this sort of exposure?
A: The impact of breaches like this can be huge in terms of loss of customer trust and damage to brand reputation, so it’s great to see this issue is being taken seriously.
Under the Privacy Act 1993, New Zealand businesses do have an obligation to protect customer information against loss and unauthorised access but it can be easy to view it as “IT’s problem”. The reality is that as more and more business moves online and identity fraud becomes an increasing threat, customers will demand a high level of protection for their personal information, creating a valuable point of difference for businesses that make security a priority.
It’s now common for customer details to be accessed online by call centre, sales and support staff, and also shared with external suppliers such as email providers and mail houses, so how do you secure it? No system is infallible, unfortunately, but there are some simple safeguards you can take:
- Make sure you manage staff and supplier access to your online software and ensure that only authorised users have a user name and password. Revoke access when employees leave the company and/or suppliers change. As obvious as this may seem, simple oversights like this were quite possibly the cause of at least one of the recently reported leaks.
- Ensure you use strong passwords. Any reputable software will automatically enforce this, requiring a minimum level of complexity such as eight characters with at least two letters and two numbers.
- If it’s practicable, restrict access to your online system to just a few offices or IP addresses. Ideally, you should be able to ring-fence those offices and receive an automated security alert and/or block access if anyone tries to gain access from elsewhere.
- When sending customer data by email make sure you use a password-protected zip. Staff members should have compression software installed on their desktops so they can zip Excel spreadsheets easily (just remember not to send the password details by email).
- If you’re using an external online provider, for example to conduct email marketing or online surveys, ask what security measures they have in place to protect your data. If they’ve had a security audit done you could ask to see the results or you could get your IT department to conduct an audit on your behalf. A company’s client base can also provide a reasonable indication of their commitment to security: if they are already working with large corporates, telcos or banks you can be pretty confident they will have undergone a thorough audit and have strict security measures in place.
- Finally, be wary of free or low-cost online services and providers. Your customer database is a goldmine, be cautious about who you share it with. Tempting as a free solution is, keeping online data secure has a real cost. If a provider isn’t passing that cost on, it may be a sign they’re either not investing in vital security or they are using the data you’re giving them for financial gain in some other way.