The threats we face, like the lives we live, are primarily digital, not physical; we fear hacking, leaking, and other means of infiltration. We fear the anonymous intruder, the pilfered account, the mysterious email – and the sanctity of the server that protects – with breakable locks – our customers’ data.
The pace and efficacy of cyber-attacks has only increased over the past few years. A pandemic that has forced us inside and onto our computers has, in turn, given life to another: one of cyber threats. On average, an organisation is a victim of ransomware every 10 seconds worldwide.
Most of us live on the periphery of this activity, or in the eye of it. It persists in the background, spoken about in news stories, removed from our day-to-day concerns. Cyber incidents happen to others, and not to us; to those that are careless with their computers and passwords, and lax with their lapsed security software.
Change provides opportunity. Workers operating from home are exposed to a new cybersecurity reality. Security teams may set policies, but it is workers themselves that must follow them and stay vigilant. In 2021, 95% of cybersecurity breaches were caused by human error, and phishing attacks – attacks in which a fraudulent digital communication is sent to prompt action from the user, or to elicit the disclosing of sensitive information – account for more than 80% of reported security incidents.
But with the stage set, what does it have to do with digital marketing?
In 2022, a successful digital marketing strategy is cyber-aware. It is mindful of the attack vectors, with priorities that acknowledge the potential severity of any incident. Loss of customer trust. Ransomware. Brand and reputation damage inflicted through leaked documents or hacked accounts. It doesn’t take a lot of imagination to envisage the scope of possible consequences. Trust is a bridge made of sticks. Constructed assiduously from individual interactions, communications and product successes. Compromises to it are not forgiving.
Operating outside of the company firewall – not quite the all-in-one solution it once was – digital workers must maintain their own cyber-safe spaces. Gone are the days of relying squarely upon an in-house IT department. Rather, cyber mindfulness is a constant, necessary part of creating successful digital marketing strategies, and of being a digital marketer.
This requires us to reevaluate the extent of a digital marketer’s remit. Digital communications are more than their content; they are the medium in which they’re expressed. They are as much about what the person hears – and how they hear it – as what is said. Leaked information tells a contorted story. Publicised cyber incidents can cause audiences to view your communications (and brand) differently; early product leaks deprive launches of their momentum; and some internal communications should remain just that.
What digital marketing strategies must consider (and digital marketers should know)
The onus has shifted to workers to maintain vigilant, knowledgeable and aware. In an age of overlapping boundaries, in which we’re relied upon to perform multiple roles, the purview of digital marketers is ever-changing, and often expanding. Most digital marketers now handle their own CMS; they may be elected the custodians of an organisation’s entire website and subdomains. Many young companies rely upon third party providers to take care of their core IT needs, such as website development, leaving digital marketers to shepherd these efforts, and to identify when a potential issue arises.
And then there’s a whole bunch of backend threats to consider, such as those that may crop up on ecommerce websites. What responsibilities exist will only increase as more fringe technologies are included, such as blockchain technologies – which emphasise users’ control and responsibility – behind cryptocurrency and NFTs.
Obviously, organisations have a role to play in this. It is on security teams to educate workers on what to look out for, and what to be careful of. Still, to make cyber awareness a permanent chapter in your digital marketing strategy, start by considering these two essential vectors.
Email: the devil you know
Let’s start with the not-so-discreet elephant: email, that ever-present, ever-necessary daily tool. This is where the majority of phishing attacks occur. While social media channels are the predominant means for communicating with external audiences, email remains the go-to tool for internal comms.
And that’s an issue. We’re less vigilant in our own houses, and the same is true of email. Typically, only our work colleagues know our email addresses, or message us. But the difference between a genuine email sent from a colleague may be as little as the ‘h’ at the end of ‘Sarah’; Sara, meanwhile, wishes to do us harm, and is able to affect the tone of our colleague to such a degree that we don’t notice the discrepancy. Indeed, 97% of users cannot identify a sophisticated phishing email.
Digital communication strategies need to take this into account, providing a list of dos-and-don’ts and flags to watch out for. Organisations operating an owned email domain can enforce policies on password changes and complication, but this, in an age of 2FA, is a less likely attack vector. It’s what a user elects to do themselves that is behind the most common cyber incidents. More often than not, we open the door.
Malware and viruses
Compared to the more fashionable cyber threats, malware appears positively retro. A danger that belongs to the noughties, and which we all stopped talking about with the proliferation of sophisticated anti-virus software. And there’s the rub. More is invested in developing cyber capabilities than it was a decade ago. Software can only protect that which it’s been programmed to identify. New threats – or ‘zero-day attacks’ – are a different story. It is only once an organisation has been impacted that the attack, and the vulnerability it exploits, is known, resolved and can be defended against.
Taking on malware can be as easy as clicking a file on an email, Telegram or WhatsApp. It can be a Google Doc shared by a familiar address, only to contain additional links disguised to take the user astray. This is why antivirus extensions are necessary. Not just on the browser, but on all applications the user uses for external and internal communications. It also means being extra vigilant, double checking the usernames, emails and phone numbers of contacts. 48% of malicious email attachments are office files. Cocooned within the familiar, acting without thinking is easy, and this is the condition that nefarious actors rely upon.
In our next piece, we’ll discuss lesser-known vectors, and how security-savvy digital marketers can account for them in their strategy. For more information on what’s been discussed here, contact us today.