Because of what they do, marketing departments are potential cybersecurity risks themselves, and digital bad actors are well aware of it. "Since marketers are more closely connected to networking on social media, they share a lot of close-to-home data," writes Sam Bocetta, a now-retired security analyst with the Department of Defense with 30-years of experience. "It can turn into a simple endeavor for cybercriminals looking to social specialist their way inside an organization."
According to Bocetta, attackers employ social engineering to get marketers and their assistants to open or click on fake email—or other messaging applications—solicitations with the intent to infect the victim's digital device with malware. It's a common ploy, but marketing departments are particularly prone to spearphishing, since it's their job to check out what may appear to be a business lead.
Bocetta points out additional areas where marketing teams need to be cautious:
- When working with outside vendors and software programs that require the exchange of delicate and confidential company information;
- When installing new marketing tools, marketing personnel need to collaborate with members of the IT department, in particular, those responsible for cybersecurity, to ensure company and customer information remains secure;
- During each new merger or acquisition, as either can create or expose new vulnerabilities.
"Marketing and advertising teams should regularly reevaluate how they approach cybersecurity—especially during a merger and acquisition—and to work in tandem, not separately, with the IT department," concludes Bocetta. "Security programs and processes should be woven into everything that digital marketers do, making them genuine stewards of information-security best practices."
Just like IT, HR, Legal, your Board and Sales, your marketing people are high-risk employees that should be stepped through 5-star new-school security awareness training. TechRepublic has the full story.