I’m worried that we’re not doing enough when it comes to security in MOPs. There are some pretty big gaps and I’m not quite sure what to do about it. How do I go about asking for help? Should I create a plan beforehand? How transparent should I be with leadership?
Casey, I can’t thank you enough for that question. I don’t think we talk about security enough in MOPs—but we should. Our marketing automation software holds a ton of sensitive information, whether it’s user account details or some level of personal identifiable information (PII), and our customers trust us to keep it safe. Particularly now, where marketing relies so much on personalization and connecting the dots between what our business offers and our customers’ needs.
The risks of mismanaging this data are huge. For one, if a hacker or bad actor gets access to a pool of customer information, you better believe they’ll use it for nefarious purposes. Whether it’s selling that information to other cyber criminals or your competitors, using it to access your customers’ accounts on other high-value platforms, or blackmailing your company; there’s no shortage of ways your data can be used.
Beyond compromising your customers, a data breach is also bad for business. After they’ve been compromised, companies can spend millions of dollars addressing their security vulnerabilities and the loss of reputation that comes with a cyber attack.
The MOPs teams and businesses that are doing security right are focusing on the following areas:
- Data integrity: What data you collect, how you collect it, where you store it, and how you maintain it can all influence how secure that information is. For instance, there’s no need for you to have your customers’ social security numbers—so don’t ask for them. And if you do have passwords or PII on your marketing systems, you should look into encrypting or hashing them so that if a hacker gets their hands on them, they can’t read anything. You can also evaluate whether there’s even a business need for this sensitive information on your marketing system.
- Controlled access to your systems: Security savvy teams ensure that only the right people have access to the right data—at the right time. It can be dangerous to have too many user accounts with permissions to access and manipulate the information on your systems. Instead, you should take a look at all your roles and permissions, and limit access to the people who need the data on a daily basis. Not everyone should be an admin. In addition, conducting regular scrubs on your systems to remove any old user accounts will also ensure you’re not at risk of a disgruntled employee compromising your data or your systems.
- Robust security policies: Good security should mean that you don’t have to think about security. With solid policies in place that let the right people in and keep the bad actors out, you and your team can focus on what you do best: marketing ops.
If you’re seeing gaps in any of these areas, you should absolutely have a conversation with your security team (if you have one) and your executives. Be fully transparent about what you think is lacking, what the impact of those gaps are, and what the business should be doing instead. If they ask you whether this is an immediate need, the answer is yes. At the end of the day, securing your data is all about being proactive. You need to stay one step ahead of the bad guys—and avoid being the next big data breach in the news.
You’ve got this,