Click to learn more about author Cindy Zhou.
As the chief marketing officer (CMO) of a cybersecurity software company, I spend a lot of time on data security for our content marketing. However, in many organizations, security is a frequently overlooked area for marketers.
In today’s business landscape, brand reputation – a job heavily supported by the CMO – goes hand in hand with cybersecurity. The uptick in the news on data breaches, nation-state hacking, and privacy regulations can have a material impact on a brand. Therefore, I urge my peers to make company security and data protection a priority as the stakes for brand damage and fines have never been higher.
Here are five important data security tips for CMOs to stay ahead of the headlines:
1. Partner with the chief security officer. Get to know and become partners with the chief security officer (CSO). The CSO and CMO must meet regularly to ideate and inform each other of changes in privacy regulation and data handling, and review the security of key marketing assets such as the company website. This is also the time to discuss communication protocols in case of a data breach, leading to tip number two.
2. Formulate a crisis communications plan. Preparation is half the battle. It is important to consider all the scenarios in which the company can be exposed – a data breach, ransomware attack, executive scandals, etc., and ensure a plan is ready to go should the worst happen. Privacy regulations such as the General Data Protection Regulation (GDPR) require companies to report data breaches in under 72 hours. CMOs need to know as soon as the company is aware of a potential breach. Once a plan is established, a run-through is key. Practice and stress-test your plan, similar to a fire drill, with mock scenarios and responses. Does everyone on the team know who and how to contact team members quickly, including every employee’s mobile phone number? Is there a crisis distribution list with levels of urgency that leads directly to the C-Suite for high severity? These are the types of questions that need to be asked before an emergency occurs.
3. Prioritize employee security education. With all the changes in data privacy and sophistication of hackers, prioritizing security training company-wide is crucial, and CMOs need to ensure this happens for marketers. The marketing organization can also assist the CSO with company-wide communications when rolling out security awareness programs internally. This training will help employees better understand how to respond to customer requests to remove their information, spot phishing attempts, and use multi-factor authentication (MFA) to secure their log-ins. It is also great for promoting strategies for strong password hygiene (no password123, please!), such as setting a monthly reminder to update highly targeted passwords for their martech log-ins and company social media accounts.
4. Conduct a vendor security audit before purchase. When considering any marketing technology software, a best practice is to first work with the CSO’s office for a security audit before purchase. This process adds another layer of accountability with the vendor when it comes to data processing and ensuring security protocols are followed. It is also a good idea to check in with vendors annually to ensure their security protocols are being properly maintained.
5. Regularly update privacy notices and secure web forms. Create a regular cadence of reviewing and updating website privacy policies and consent banners. Regulations globally are changing, and marketing teams need to ensure these notices to visitors are up to date. Update web forms to include validation rules and add an in-client bot detector such as reCAPTCHA to prevent bot form fills and spam. Robust protection measures on your lead generation forms can prevent problems later down the road.
As marketing continues to become more data-centric, the importance of security education and data handling is critical. CMOs are at the front line of brand reputation and customer communication. That is why it is time for CMOs to play an active role in company security.