Ian Woolley, CRO of Ensighten, advises on how to add security in marketing platforms to ensure website date breaches aren't inevitable
Amazon, Ticketmaster and Carphone Warehouse are just some of the high-profile brands that have fallen victim to cyber-attacks this year – leaving business owners wondering whether website data breaches are inevitable.
It can be a tempting thought when data is being stolen from companies seemingly every day, but hacks can be avoided with careful measures.
While the introduction of the GDPR data regulation earlier this year has placed the onus on companies to be careful in how they collect, store and use data, there is still a problem often being overlooked.
The issue lies with the security of marketing platforms, such as websites and apps, where consumers share personally identifiable information (PII) via chat bots, forms, social media and more.
Ian Woolley, chief revenue officer of California-based global customer data tracking platform Ensighten, says every data owner has a responsibility to protect consumer information shared on these platforms.
Here, he talks about the action that needs to be taken to prevent website breaches.
Is a website breach inevitable?
Facebook’s series of data scandals has landed the ad tech player with not only a record-breaking fine from the ICO but also the loss of one million European daily and monthly active users in just three months.
No business would want to suffer the same fate, yet many data owners have surrendered to the fact that a data breach is inevitable.
This is reinforced by our research into the attitudes and beliefs of enterprises, revealing that nearly half (46%) of enterprises believe they have a probable (or greater) risk of a website data breach.
What’s worse is that 13% of businesses admitted they only check security measures once every six months.
This is both alarming and dangerous for businesses and their customers.
It’s quite incredible that so many businesses could be on the brink of losing huge volumes of customer data and yet little or no action is being taken to prevent or mitigate risk.
This is indicative of the growing global problem. It shouldn’t take a leak or breach to inspire action to improve marketing security when customer details are so sensitive and valuable.
Breaches can occur through various means, such as third-party technologies – these include trackers, chat capabilities, social media and advertising technologies, among many others.
They arise when data is shared without being correctly anonymised, or when customer data (including PII) is passed without a business’s knowledge or consent.
Hackers do not discriminate – any holes in security will be penetrated.
How to prevent a website security breach: Minimise risk
There are various reasons why action isn’t being taken but the top one remains to be that businesses don’t know what action to take as they’re still largely unaware of where the gaps are in their security.
Before precautions can be put in place, organisations must identify if (and why) they are at a potential risk of a data breach.
The hurdles businesses always face is overcoming the security risk involved in both sharing user information to third parties for customer services or marketing purposes and locking down these entry points to garner customer data securely.
This is often due to the fact that there are many third-party technologies running on a website enabling multiple functions and services.
These third-party technologies are invariably not controlled or monitored by the website owner, which can result in security vulnerabilities.
These trusted technologies can often redirect to others that are not placed directly on the site, and data can be extracted and shared from the website instantly, with no justification or permission, unless the business has marketing security under control.
Additionally, many websites now contain form field text boxes, and/or chat boxes, which often collect all types of PII such as financial details, passwords and addresses.
These are also a potential security risk if marketing security software is not deployed and monitored.
There are solutions available to help audit and identify where these potential cracks are in an organisation’s security.
Having a robust marketing security strategy in place allows businesses to whitelist credible vendors to work with, as well as put processes and technology in place to prevent future attacks.
Communicating with customers about cyber security
Investing in a watertight security strategy, and constantly updating and evolving it, is essential to ensure the security of both websites and other marketing channels.
But to instil trust in consumers, businesses must be transparent with how they use and protect data.
Apple’s recent website update is a good example of a brand taking steps to help consumers understand what happens to their data.
Too many companies have paid the price of covering up breaches or being lax on how they are securing data.
Consumers are savvy when it comes to data and respond well to clear communication around how and why it is needed and stored.
Businesses must remember a website breach isn’t inevitable.
It’s no longer about finding a “cure” for data leaks but mitigating the risk in the first place.
Some 67% of enterprises are currently not evaluating, considering, or implementing marketing security solutions for their website – this is shortsighted and irresponsible.
Businesses must turn their eyes inward to their own marketing platforms to identify the potential vulnerabilities that plague all websites.
There is no exception to the rule – those data owners that don’t will become a data breach victim.