Marketers, we have a problem

And that problem is security.
Much of what marketing does is build profiles of customers by collecting huge amounts of data on every customer. That data collection is facilitated by compliant customers that provide all sorts of personal data just because they’re politely asked by a retail clerk.
There will always be people who comply with data requests, but I expect more customers to be wary of sharing information at the register.
I’m not the only one, a recent NY Times blog post from one of their security researchers: Stop asking me for my email address. She discusses how much information companies ask for and how complacently consumers hand it over without asking about security.

The point is that no company is secure. None of them. Not when they are up against an increasingly sophisticated, elusive enemy. But the problem is not just retailers, or technology companies or hackers, it’s us.
We regularly hand over data simply because we’re politely asked. We don’t read privacy policies, or ask companies whether our email addresses and passwords will be “salted” or “hashed,” encrypted with long or short keys, or whether those keys will be stored on separate systems from the ones they can unscramble.

The underlying problem is that marketers and the companies they work for, are not taking security seriously enough. The collection of reams and reams of personal data, from PII through to email opens and clicks, makes this data a prime target for criminals.
It concerns me that security breaches are getting bigger and taking more data and affecting companies with large customer bases.
Security has to become a bigger priority for companies.

Spamtraps, again.
Welcome to our new site

Related Posts

People are your weakest link

Social engineering is a long standing way to compromise security. Chunkhost reports today that they discovered accounts being compromised through social engineering of Sendgrid support. While the compromise did not work it was a close call. The only thing that saved the targeted customers was their implementation of 2 factor authentication.
We know many of our customers individually and personally, and are still careful about changing contact addresses and passwords. With larger customer bases, it’s vital that every person in the change follow security processes.

Read More

Is your data secure?

Not just secure from outside forces, but also secure from employees?
In a recent survey published by Help Net Security, approximately half of all employees said they would take data, including customer data, when leaving a job.
This has major implications for ESPs, where employees have access to customer data and mailing lists. There are at least 2 cases that I am aware of where employees have walked out of a company with customer mailing lists, and I’m sure there are other incidents.
ESPs should take action to prevent employees from stealing customer data.

Read More

Experian selling data to identity thieves

If you’re not following or reading Brian Krebs, you should be. He does some of the best investigative reporting in the email, security and internet space. Today’s blog post is a disturbing look into the data selling and identity theft industries. Brian details evidence that shows Experian (yes, that Experian) has been selling consumer data to identity thieves.
 
 

Read More