Digital marketing and cybersecurity: A very practical checklist
Those of us who work in digital marketing deal a lot with confidential information, and we need to do what we can to protect it from the bad guys. But there are other more recent threats that are increasing the importance of cybersecurity.
Many recent cybersecurity examples often involve ransomware, where a hacker gets inside a corporate network and “dwells” there for months, figuring out where the important information resides and learning how to shut down that network. At some point, the hacker encrypts every computer connected to the network, shutting down any access or use, and holds the information hostage for some outrageous sum of money. These attacks are becoming more frequent, thanks to software applications that literally provide a “kit” for ransomware attackers.
If you work for a company, or you own your own company, your own work habits can either be safe or unsafe. You can be leaving doors open for these attackers or keeping them out. Our work with a company called Blue Team Alpha has brought me up to date on the types of attacks that are taking place and the vulnerabilities we all need to avoid.
Here are some things you need to watch out for and habits you need to develop in order to stay safe.
Don’t assume you are “too small to be attacked.” According to sources cited by Forbes, 58 percent of cyber attacks target small businesses, and 60 percent of small businesses that are victims of a cyber attack never reopen. When Blue Team Alpha is hired to deal with a ransomware attack, the first thing the client says is, “We didn’t think we’d be a target.” We are all targets now.
Teach all of your employees to be skeptical. All a hacker has to do to obtain access to a company’s network or a person’s personal information is to send an email that looks legitimate but is a bogus request for information. Whenever you get an email or a text that asks you to click a link and sign in—and the link you’re clicking on is not the one you think it is—you can be playing right into a hacker’s hands. Instead, don’t click. Go straight to the actual website and sign in separately. If there really is a problem, there will be some sort of alert signaling an issue, and you can resolve it. If there isn’t, you will know that the email was a fake.
Never, ever assume your malware application is keeping you safe. No single application can cover all the vulnerabilities.
Never, ever provide someone with a username and password in a single channel. First, make sure that the person asking is really the person you think it is. One thing hackers do is hack into a top executive’s email account and start sending emails on that person’s behalf, even asking clients to “send money to this other bank account” via email. Second, if you are sure that the request is legitimate (make sure by some other method than email), provide the username in one channel and the password in another, without saying what it is for. Better yet, pick up your phone and call the person. Whenever you type something in, it can be intercepted.
Use only secured networks. Public Wi-fi an open door for hackers. They can even get so deep into your computer that they can capture your keystrokes, which reveal your username and passwords as you type.
Beware of people getting into your ad accounts. Speaking of digital marketing, here’s a real-life example: a company owner advertising on Facebook had her computer hacked. The hackers figured out how to get into her Facebook account by capturing keystrokes, and started running ads on her account. Fortunately she caught it quickly, cancelling her card and stopping further ads from running, within an hour of the breach. But it created all sorts of serious problems with the Facebook algorithms and bots, which are now convinced that she runs inappropriate ads.
If you are attacked, and you have no backup, you’re really in trouble. Backup your own computer daily onto a removable chip or drive. Unplug the computer and the backup drive every night, and put them in a fireproof safe. I have all my “work” files in one folder, and that’s the one I back up. If you do most of your work in the cloud, backup your cloud resources to a third-party service and to your own backup drive at least once a week. Then at least you can go back to work immediately if the hacker is trying to shut down your business.
However...if you are attacked, disconnect from the internet and the network, but leave the machine running. There are clues in the memory of the machine that will be erased when the computer is shut off. Doing anything after the hacker attacks could thwart the detective work the experts need to do. Get a cybersecurity expert involved, ASAP.
Use a password management program. Most of us have to remember hundreds of passwords now, and using the same password for everything is an open invitation to be attacked. Once that password appears on the dark web, you’re toast.
Ask a cybersecurity firm to monitor the dark web for your accounts so you can be alerted if something is compromised. When something is compromised, change the passwords on the accounts immediately. And let one of these password management programs generate your passwords for you. Sometimes it is a tiny bit less convenient, but it will save you a lot of grief in the long run.
Don’t let your browser save your passwords. This is a big no-no. If you let your browser save your passwords and a hacker gets into your computer, he’ll have access to all your cloud-based applications, social accounts, bank accounts, and more. Instead, use the browser plugin that comes with the password manager of your choice. This will allow you to authenticate before allowing access to the passwords, stopping attackers in their tracks.
Make sure your computer is set to do automatic updates. This ensures that you are using the applications that have been strengthened against hacking with new fixes.
Encrypt your computer. This will make it a lot harder for a hacker to steal your data, especially if they gain physical access to your computer via theft. if they get in. You can encrypt individual folders and passwords to open them, which is good for financial and personal information.
You simply can’t be casual about cybersecurity anymore. If you are working on a computer every day—and who isn’t?—you have to be aware and intentional about this. Having your work life shut down due to a ransomware attack, or having your identity stolen can be a big, fat disaster that will be very difficult to recover from. It’s just not worth it.
But there’s more when it comes to marketing and cybersecurity. One of marketing’s key jobs is to make sure that your company can be trusted. Sure, if you do get hacked and you have cybersecurity insurance, some of the cost of the attack will be covered. But what about your reputation? Ransomware puts all of your business records at risk, and the information and trust that your customers or clients have put in you.
You have plans. First Midwest Bank has ideas to help grow your business. Visit FirstMidwest.com/SmallBusiness
This article was written by Kristin Zhivago from Business2Community and was legally licensed through the Industry Dive publisher network. Please direct all licensing questions to firstname.lastname@example.org.