IBM Corp. last week dubbed 2011 the Year of the Security Breech when it released its newest white paper, “X-Force 2011 Midyear Trend and Risk Report.” According to the paper, “The boundaries of business infrastructure are being extended—and sometimes obliterated—by the emergence of cloud, mobility, social business, big data and more, while the attacks are getting more and more sophisticated, often showing evidence of extensive preoperation intelligence collection and careful, patient, long-term planning.”
While it's true only some breeches involve email, there are still plenty of email-related attacks—enough that all companies should be thinking about security and its effect on the overall email marketing strategy, said George DiGuido, VP-email marketing at Zeta Interactive. “There's an increased sensitivity to security,” he said. “We see a lot of our clients are really worried. They don't want to be the next Sony having to explain why customer data has been breached.”
DiGuido had these four tips to help b-to-b marketers improve their email security focus.
- Make sure data is encrypted. Customer data should be encrypted when it's sitting on your servers as well as when it's being transferred from application to application—from a CRM program to your marketing automation program, for instance—and from your organization to a third-party provider such as an opt-out provider or partner. “Encryption is the main way you can keep your subscriber data safe, especially when it moves,” he said. Data transfer leaves subscriber information especially vulnerable, so make sure your ESP or other marketing provider uses encryption at all times, DiGuido said.
- Isolate and separate databases from the Internet. According to the IBM report, bandits are exploiting every possible avenue—including malware, mobile device security holes, phishing and third-party cloud-based applications—to find their way into an organization and steal all kinds of customer data. Spear phishing, “highly directed and targeted at relatively few and very specific individuals within an organization,” according to the IBM white paper, becomes easier when the criminal has a significant amount of data about a target. For these reasons, it's important to keep all customer data and databases offline and away from Internet access. “Place it in an environment that doesn't have direct access to the Internet,” DiGuido said.
- Limit the data that you pass along. When you upload email addresses to an ESP or online CRM provider, there's no reason to include more than a name and email address, DiGuido said. While it might take a little work to separate that data from the rest of the customer record, it's worth it because a name and email address is worth far less to criminals than a name, address, purchasing history, title, physical address and other personally identifiable data. “Only send through what you'll be utilizing for a campaign,” he said. “Even in the most secure environment there's a human touch, which means there's a chance for data theft or loss.”
- Educate your subscribers. Be upfront and honest about what data is used for and where it's going to be stored. Also, make sure that any third-party offers are approved by you before they go out. If email is going from a third party, make sure the creative and the offer dovetail with what your subscribers agreed to receive. “A lot of times our customers are hesitant to put that on the registration form, so we started adding a brief couple of lines to the confirmation message,” DiGuido said. “ 'Thanks, here's what we're doing and what you can expect.' Then there are no surprises.”