Five Reasons Why Marketing Needs to Care About Cybersecurity
- Marketing moves fast and worrying about cybersecurity is often the least of our worries.
- Cybercriminals understand we’re working fast and target our computers because we are likely to do what comes naturally: click, download, forward, open.
- Alas, organizational security teams struggle to keep us safe and often put limits on our ability to get stuff done because of the risk. But marketing can change the game.
I am an IT nightmare.
I click. I download. I forward. I do it fast and frequently.
While security is on my mind because I work at a security company, it’s often an afterthought as I go through my day moving as quickly as I can to get the right information to the right folks. If you’re in marketing and reading this, there’s a good chance you aren’t even aware of how every email attachment, download and link is now the target of most cybercriminals. And frankly, if you were working for me, that’s how I’d want it. I have no idea how folks get their jobs done when there are restrictions in place.
If you’ve been frustrated or hindered by your organization’s security policy, keep reading.
In support of my fellow marketers, here are five reasons why you should care about cybersecurity and what you can do to improve access for your team.
1. Cybercriminals are actively targeting end users.
88% of Chief Information Officers say end users are the weakest link in their security strategy. That’s us. The worker-bees. Here why: we fundamentally operate with consistent human behavior. Someone asks us a question, we answer. Someone provides a link, we click. We are polite, responsive, results-driven folks who others come to for answers. It’s weird for us to think someone is trying to harm us or the company. Knowing you are ripe for the picking is half the battle.
2. Email is an extremely hot target.
I’m sure you’ve been warned. Email attachments can be dangerous. You think it’s an invoice or a resume or the creative brief you’ve been waiting for from your agency. But the cybercriminals know how you work. They are extremely savvy and can recreate an invoice that, after a couple minutes, delivers malware that can ask for ransom or simply starts encrypting the information on your machine. Then it creeps out to the network. Not only are your documents corrupted, but your organization’s intellectual property is at risk. Knowing what to trust and what not to trust puts a tremendous burden on your team, yet we can’t live without email attachments and getting email from strangers is normal for marketing folks.
3. Files can be dangerous.
An easy tradeshow giveaway is a USB drive loaded with collateral or an app or some other marketing tool that we hope makes it home with our prospect and they download all the marketing goodness. Unfortunately, that’s no longer a safe way to market. USB drives and their associated files are targets for cybercriminals who once again know we’ll do what comes naturally: plug in the drive and download the files. Malware delivered. You might not even know it until it’s triggered or wakes up. Some malware loads and morphs so it can’t be discovered by anti-virus tools. Knowing what to trust suddenly becomes our burden.
4. Clicking a simple link can deliver malware.
This is maybe the worst because we click links all day long and do it quickly and without much thought. It’s worse if you are responsible for marketing or competitive research or social media. We click and scan and evaluate and move with a nimbleness that might cause a security professional to plotz. At any point I have at least 10 browser tabs open. The problem is, malware is delivered by what we call malicious phishing links. Once you click, information is downloaded (that you likely aren’t aware of) and you are breached. That fast. That painless. We have customers who used to keep their employees from clicking on anything – they were completely blocked – unless the company deemed the site to be trusted. It’s that serious.
5. You can change the rules; there’s a security solution that protects all these things.
Now that you understand the vulnerability, here’s the good news: there’s a security solution that will let your folks get back to work. This is why you need to care about cybersecurity. If your team has been restricted or constrained, that doesn’t have to be the case. The technique is called application isolation and it’s a term you can drop on your security team to start the discussion.
When application isolation is used to put each of the activities I listed above into a little virtual container that allows you to interact with the content (email attachment, file or link) without it infecting your computer. It stays in that container until you close the item and then it goes away. The IT team can see what happened and follow-up but you are completely safe.
My marketing team can click with confidence because we have application isolation.
I understand you don’t likely drive any security decisions. But you can influence the decision especially when it comes to risk and innovation. Now that you understand the risk, you can be sensitive to what’s a stake. It’s a big deal and we marketing folks are potential points of ingress. In the old days, innovation and productivity were typically compromised in favor of reduced risk. But that no longer has to be the case.
With Bromium, you can let your team get back to work and your IT department can relax. Turn on Facebook, peck through Twitter, forward email attachments, open that invoice, it doesn’t matter. You’re safe.