very week, it seems that another hacking takes place (and this is just the big companies that are reported and noted in the news). Further down the pipeline, hackings are a daily occurrence and it’s a constant threat for small businesses. These days, hackers have several techniques they use to obtain private data and information from companies of all sizes. In this guide, we want to prepare businesses for the threat of hacking.
We’ve seen this term thrown around lots in recent years, but the definition suggests somebody modifying a platform or the features of a platform to gain access in a way that the platform wasn’t designed to allow. These days, hacking is commonly linked to the digital world and an example would be hacking a Facebook Ads account to gain access to the sensitive customer data.
Hacking takes place every day. For example, a marketing team might notice activity they didn’t authorize and see campaigns on their ad account spending thousands of dollars.
In this data-driven world, hacking also presents a trust issue with consumers. With this in mind, there’s a burden of responsibility on marketing teams to keep their accounts secure and protected.
Simply put, yes.
We understand, not everything seems like a real threat until it gets closer, but eventually, it’s too close to ignore and we need to take action. Unfortunately, some businesses fail to recognize the credibility of the hacking threat until they are affected. Suddenly, the hacker has generated $20,000 in ad spend, performing ads are deleted, and they lose access to all Google products for a couple of weeks while the platform investigates the hacking.
According to Varonis and other sources, social engineering and phishing attacks affected over six in ten businesses in 2018. On average, just 5% of company folders have proper protection against hackers. Since 2014, the number of security breaches experienced has increased by two-thirds. Between January and July 2019, 4.1 billion records were exposed (and the credibility and reputation of brands fell dramatically as a result).
We could go on, but the point is that hackers are a very real problem for both businesses and individuals. Initially, the focus was on multi-national corporations because these were high-risk, high-reward projects, but recently businesses of all sizes along with municipalities and hospitals are being targeted. It seems the focus is on infiltrating ad accounts and marketing teams. So if you’re a small business, you are no longer immune to the threat of hacking.
How can a hacker damage your business? Firstly, they can cause financial damage by creating ad campaigns and running up a bill in your name. Additionally, they can affect company systems and the way that customers pay bills. As an indirect impact, the time required to fix hackings can slow operations, affect consumer trust, and reduce sales. Of course, costs also come when trying to boost security efforts after hacking.
Secondly, we’ve touched on it already, but hackings can impact the image and reputation of a brand. As soon as a company is the subject of hacking, it makes consumers question whether they can trust the brand with important information such as personal data and bank details. Sometimes, hackings will lead to reimbursements while many customers simply move across to a competitor.
After all this, it’s fair to say that those who ignore hacking as a threat do so with potentially disastrous consequences.
For those in a marketing team, the heart will beat a little quicker knowing that this is a key area for hackers right now. But why is this the case? Essentially, it comes down to data. Even without knowing it, marketing teams hold the most important of all data gathered by a business. Mistakenly, companies often believe that the most important information and therefore needs the most protection include:
On the contrary, most hackers are more interested in the customer data held by every single marketing department. Regardless of size, every company has at least some information on customers and this is the holy grail for hackers. Why is this information so valuable? Because it opens up doors to more hackings and criminal activity. While some will steal the identity of your customers, others will attack the customers or take their assets wherever possible.
Another reason why marketing departments are attractive to target for cybercriminals is that there are multiple points of entry. Rather than one soft spot in the security wall, marketing teams have to contend with various systems that are visible to the public. While ad accounts have proved particularly fruitful for hackers recently, other cyberattacks have occurred against company websites and other vulnerable points. In fact, some companies have even been attacked through the website builder they use.
Depending on your own marketing department’s operation, they probably use at least one, if not several, SaaS (Software as a Service) tool every day. Initially, it might seem worthwhile to outsource server space for example, but this also means relinquishing control over security and providing another potential access point for hackers.
Every year, businesses handle increasing amounts of personal and sensitive consumer data. This is great for ad creation and product development, but it’s also an attractive proposition for hackers. As marketers, we’re encouraged to have open and trusting relationships with third parties, and this has led to the rise of spearphishing.
Spearphishing is essentially where cybercriminals take advantage of the need for trusting relationships by specifically targeting an employee within a company. After selecting a target, the hacker will build trust with them (as the employee is taught to do) before then attacking at the right time to gain access to sensitive consumer data.
Marketing departments across the United States are under the microscope, so it’s time to take the hacking threat seriously and introduce measures to ensure your team isn’t the next to make headlines for the wrong reasons.
Firstly, every member of the marketing team should be aware of the importance of security, and this is something you can ingrain with a security culture in the company. With everybody understanding what they should and shouldn’t do, it will at least eliminate hackings from silly mistakes and errors.
You can encourage a security culture through meetings, reminders, training sessions, and by allowing employees an element of responsibility and accountability over the protection of important data. In addition to the marketing team, everybody within the business must understand the stress the business is under to prevent an attack. Often, business leaders keep this heightened awareness isolated within the IT group when educating and involving all employees can actually help towards achieving the shared goal.
With everybody moving in the same direction, the next tip is to always keep software and security programs updated. We know, there seems to be a new update every day and you just want to get on with some work. However, these updates aren’t just aesthetic improvements to the software. Instead, they normally contain critical security upgrades. Whether it’s a security program or any other third-party software, the developers are always working to improve security and negate the effects of cybercriminals. If you fail to perform these updates, it leaves the business vulnerable to attack.
This is something that seems long-winded because it can make logging in harder, but it could just save your accounts from hackers. With ad accounts and other potentially sensitive accounts, make sure to turn the 2FA (two-factor authentication) system on. If an unauthorized device tries to log into an account, it will ask for an authorization code sent to a pre-agreed device. If the hacker doesn’t have your mobile phone, for example, they won’t have the code and can’t access the account.
Did you know that the 2013 Target hacking took place because the criminals gained access through a subcontractor? This is perhaps the biggest example you’ll see why you need to check the security credentials of all third-party companies close to your own. Before working with a new company, ask about their security systems - they should be at least as good as yours. You could have the best security possible, but this means nothing if you introduce a new weak point.
Finally, we also recommend taking the time to understand vulnerabilities. Even the biggest companies with millions to spend on security have to worry about certain vulnerabilities; it’s impossible to ensure 100% safety from cybercriminals. The more you understand, the better positioned you are to act when something goes wrong.