Agency Security

It is well accepted that the office of the CMO will manage the bulk of such technology projects as marketing automation, website back-end integration and CRM systems in the years ahead. However, the hard-learned lessons of security and deployment processes have yet to be fully adopted by marketing teams, which can have serious consequences. That’s because there is often a gap between getting things done and getting things done securely.

Marketing often moves at a pace that traditional, and often arduous, IT policies and procedures will not allow or cannot keep up with. Moreover, IT departments may not be willing or capable of supporting newer and untested technologies within their environments. This often results in “shadow IT,” with Marketing using independent data stores, vendors and SaaS, and insecurely sharing files and credentials to get things done. These can be dangerous practices with an end result as harmless as a defaced website, up to hijacked social media accounts or worse—inexcusable (and avoidable) infiltration of customer data.

Agencies are also at risk. In today’s world of big data, agencies have essentially become outsourced analytics firms, mining through petabytes of customer data that can be released accidentally or maliciously. That means the days of agencies playing hard and fast with client information are numbered, and they must start acknowledging they are the custodians to vital client data.

Is your agency hacker proof?

Agencies hold the keys to clients’ networks and website CMSs; CRM, SEM and social media logins; competitive research, ad DMPs and financial information. Unfortunately, they are also targets of increasing attempts by hackers and corporate espionage actors to infiltrate vulnerabilities on their networks. How easily can it be done? Very. A few spear phishing emails to to the HR department with an infected “resume.docx” file or PDF, or an urgent “invoice” sent to the accounting department from a well-known vendor and your network is compromised with a simple click. You get the idea.

To protect ourselves and our clients’ confidential information from these disaster scenarios, basic password and sharing policies need to be written, implemented and enforced. Regular patching should be performed on all desktops, servers, network devices, and mobile devices that are joined to the network. Secure file sharing, security roles and segmentation, and two-factor authentication will extend protection. Having secure backups provides not only a safety net for accidental deletes, but a way to recover data that may be encrypted through ransomware such as CryptoLocker and other malware. Most of all, education and a small dose of IT paranoia can foster a culture of security awareness and practices, without hindering the creativity an agency needs to thrive.

Agencies have the duty to shepherd their staff, their vendors and their clients towards adopting proper IT security for everyone’s good. They cannot ignore the issue and hope that the watershed moment happens, (if it hasn’t already) to some other firm first. An attack on one is a risk to the integrity of all.

Let’s avoid at all cost the uncomfortable phone call from our client that traces a network compromise or data breach back to the agency and or its subcontractors. Marketing departments and agencies have taken on the responsibilities of the CIO and CTO, and have inherited the burden of implementing proper IT practices. Basic password management, code repositories, and change management processes will help protect agencies and the client information they are entrusted with.

This is no longer an option—it’s an imperative in the digital age.

 Vin Tran  Vin Tran
Director, Innovation Lab  

Leave a reply

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>