Practice Safe Marketing
Recently I attended a conference on cyber security. The topic didn’t only apply to protecting your ‘business’ in the most vague sense; it also applied to protecting real people. Your clients, your employees, and even your own family. If you’ve ever known anyone that’s gone through identity theft, then you know that it’s a real battle to overcome. It costs each person involved immense stress, cash, and lots of what we value most: our time. In other cases, a lack of cyber security awareness can result in a loss of jobs or the closing of a company. This article is not about generating paranoia. But read the example below of businesses just like yours. As you work on marketing, you can learn how to do it better and keep yourself and others that you depend on out of harm’s way.
At this conference, I heard a speaker who had been hired to test a regional business’s security. How safe were their personnel and client records? After being hired, he didn’t jump into some high-end hacking software and use his unbelievable computer networking skill set to attempt to gain entry to the organization’s computer systems. He left that to Hollywood. His first move was to look at their marketing materials.
This caught my attention.
He perused their online videos, photos, and press releases. This included their public accounts on sites like Flickr, YouTube, and others. Why? As he’d done with other companies prior, he was seeing what information was already freely available to him and the general public. In this particular case, Flickr turned out to be the jackpot. He discovered photos from a marketing event where the CEO was touring a new branch. In the collection of photos, he was able to see computer screens showing the badge software that created security badges to gain access to the premises. He also had photos of the badges of some of the top level management including badge numbers, full names, etc. This information would allow him to walk right in to various locations and directly access their systems – he could buy the software and duplicate the badges exactly using the photos. While working for other companies, he most commonly finds marketing photos showing passwords taped to the walls (usually in the background behind a group of smiling employees, apparently thrilled to give anyone the opportunity to hop onto their private company network and turn their great day upside down).
How about some more evidence? Check out this story from this April where a company representative inadvertently revealed password information on live TV during an interview.
And what about YouTube? It’s so rampant that even we see it. This is an example we found on YouTube in a promotional video just this week:
How do you avoid this? Here are a few quick tips:
- Prior to the shoot, go through the your environment and do a spot check for sensitive information.
- Do not allow photos or video of computer screens to be taken.
- Insist that you review all marketing content prior to publication, especially if you have hired a third-party photographer or videographer.
- Have a second set of eyes review your marketing materials – don’t be afraid to get a non-marketing perspective now and again.
- While you may not be able to control all the habits of your staff (see the reviewing steps above), ultimately the solution is to stop posting sensitive data in print. Recommend that your staff use password managers* – no more paper, no more post-it notes, etc. And the same goes for your client and HR records that sit out on tables and desks.
With more and more demand from clients, patients, etc. to see behind the scenes and receive a more personal touch, it’s tempting to let the cameras roll and show off your awesome business. But it’s important to also take steps to protect what you hold dear.
*NOTE: Password management: We recommend KeePass for its simplicity, but also check out this list of 2015’s best password managers.