In promoting a company and its products, marketing oversees critical points of contact between the business and its customers.
Marketing teams make sure a company and its products are known in the broader market, gain the interest of potential customers and guide customers through the buying process. Just as importantly, marketing teams promote and steward a company’s brand — one of its most valuable assets.
Their connection between a business and its customers also makes marketers attractive targets for cybercriminals.
Cyber Threats Against Marketing Teams
Because marketing teams handle sensitive and often confidential data, work with various internal and external partners and access a range of applications, the cyber threats against marketing departments are pervasive.
Let’s examine a few of the ways the security of the business is tied up in marketing activity.
Marketing teams and their affiliates have access to highly valuable company information, such as upcoming product launches, new business plans and proprietary data. Because they are often advertising or investing in market research, marketing teams also maintain access to commercial bank accounts. Marketing teams are high-value and vulnerable targets.
Small–to-midsize (SMB) businesses are especially susceptible. In the United States, federal regulations don’t require banks to reimburse commercial bank accounts if they’ve been breached. It’s one reason why 60% of SMBs go bankrupt within the first six months after a data breach.
Leaked Executive and Marketing Communications Can Jeopardize Company Value
Marketing teams at public companies safeguard critical business interests. Pre-public information like product launches, leadership changes and earnings reports have millions or even billions of dollars vested in their remaining non-public until a sanctioned date and time. Marketing or communications departments manage these functions.
In the past, cybercriminals have passed on pre-public information to fraudsters to trade, making millions of dollars from stolen information and manipulating stock values in the process.
Customer Data Passes through Marketing (and MarTech)
In addition to its own valuable internal data, marketing handles existing and potential customers’ Personally Identifiable Information (PII). This data can include social security numbers, driver’s license numbers, financial information, medical records and biometrics.
Customers entrust their data to companies, but when that information falls into the wrong hands, the consequences can be devastating for both the customer and the company. This is especially true for business-to-consumer (B2C) companies.
After an employee at US Cellular inadvertently downloaded malware onto their work computer, cybercriminals accessed their Customer Relationship Management (CRM) software to steal consumers’ home addresses, personal numbers, credit card information and similar data. In a case like US Cellular, breaches create distrust among both current and potential customers, hampering future marketing initiatives.
Marketing Works with a Range of Outside Agencies and Contractors
Depending on the industry, company size and the product being promoted, marketing teams employ a variety of functions and roles. Those may include public relations (PR), social media, graphic design, digital advertising, print advertising, partnerships and demand generation.
Many companies have these functions in-house, while other firms have a mix of contractors, vendors and third parties. Analyst Relations (AR) firms and Search Engine Optimization (SEO) agencies are two highly-specialized partners that are popular to outsource.
With an extended network of users and IT perimeter, marketing teams are a focal point for outside connections — and non-secure endpoints. While the marketing team internally may be covered by IT governance, partner agencies and vendors may not be protected.
Security Gaps of MarTech
Marketing Technology (MarTech) enables marketers to get their jobs done. Many stacks include CRM platforms like Salesforce and Hubspot, analytics tools, ad programming platforms, automation tools, design software and digital project management software such as Asana, JIRA (Atlassian), Wrike and others. Many MarTech tools are online and some lack critical security features.
Those with security gaps have even leaked confidential internal and customer data. A few years ago, companies that were storing their passwords in Trello, a project management tool, unintentionally leaked their own data, customer data, as well as credentials to important internal systems.
Many Trello boards themselves were without a password until the company implemented a security patch. For some companies, the damage to reputation and customer trust was already done.
According to the 2022 Consumer Impact Report published by the Identity Theft Resource Center, a non-profit organization that helps victims of identity theft, social media account takeovers increased by more than 1000% between 2020 and 2021. Over half (51%) of social media account takeovers resulted in the victim losing funds or sales revenue as the result of their account being compromised.
High-profile corporate accounts are especially likely to find they’re in the crosshairs of cybercriminals. In July 2022, Anaheim Disney’s Facebook and Instagram accounts were breached and used to post offensive content. Disney later apologized for the incident, but not before fans, families and park visitors expressed anger at the posts.
Disgruntled former employees with access to these accounts can be the source of these attacks. While many companies have policies and processes in place to offboard employees, some former employees maintain access to social media accounts after their employment ends.
In a worst-case scenario, an angry former employee of a British music and entertainment retailer live-tweeted a call announcing layoffs at the company.
Shadow MarTech Leaves IT in the Dark
Shadow IT consists of applications and environments outside of IT’s administration and often without their knowledge. These tools may be intentionally hidden or just an oversight. They still put an organization’s security at risk.
Shadow MarTech can be as seemingly harmless as using an unapproved personal device to conduct official business. In other situations, the tools available in the official MarTech stack may lack the necessary capabilities for a marketing team to do their job. An employee may go out of their way to use unauthorized software — whether maliciously or not.
User Education and Non-Compliance
Marketers are just as susceptible to bad security practices as the rest of their organization. As Keeper’s 2022 Cybersecurity Census found, a culture of compliance is critical to an organization’s security. Fifty-four percent of surveyed IT leaders said that they were prioritizing investing in security awareness training, with 50% saying they aimed to back projects that promoted a culture of compliance.
The security practices of the marketing team, as external-facing brand representatives that handle sensitive company and customer information, are key to overall organizational security.
How IT and Marketing Can Secure Users and Technology
As any PR professional knows, the best response is to have a plan. Marketing teams should proactively put together a public-facing strategy for data breaches and account takeovers, as well as the reputational damage that can stem from such cyber attacks.
The best PR plan for security, though, is preventative. It starts with enterprise password management, covering marketing teams as well as the rest of the organization. Keeper Password Manager enables marketing teams, their partners and contractors to securely access and use applications — all under the visibility and control of the IT team.
The marketing team at Ravensburger AG, the German maker of jigsaw puzzles, toys and boards, uses Keeper to securely access shared accounts throughout its MarTech. Features like One-Time Share are also popular among marketing teams that need to securely access and share records.
Many IT Administrators also leverage BreachWatch®, a powerful business dark web monitoring tool, to protect all their passwords — including those used by vendors and contractors. BreachWatch catches whether any accounts or passwords that appear on the dark web and immediately notifies Admins, all while using Keeper’s proprietary zero-knowledge architecture to protect stored information.
Protect your Marketing Team and Organization with Keeper
The right software goes a long way to enabling IT teams to better secure every user on every device and application. IT teams should work hand-in-hand with marketing, as well as other departments throughout their organization, to defend against cyber threats.
Keeper offers a full suite of cybersecurity solutions to improve your marketing team’s cyber resilience. Whether you want to increase the security of your MarTech, reduce password-related help desk inquiries, conduct a password audit for shared social media accounts or secure valuable company information, Keeper has product offerings to help identify potential vulnerabilities and security gaps.
Request a quote from the Keeper team to see which solutions fit your organization. Or try it for free down below.