Did you know that the strength of a marketer’s login security can affect the success of their email marketing strategy?
Marketers rarely have cause to think about cybersecurity and its effect on their job, thanks to their internal IT teams and the robust security configurations of whatever SaaS platforms they use.
Like most non-cybersecurity professionals, marketers’ engagement with cybersecurity is almost entirely related to logging in—often perceived as more of an annoyance than anything else.
But what many marketers don’t realize is that the strength of this one element can be the only thing standing between them and weeks, if not months, of deliverability problems for their email marketing.
Why bad actors target marketing teams
More than 90% of data breaches occur due to social engineering tactics, where a message pretending to be from a trusted site is sent to an unsuspecting recipient in order to steal information from them, which often includes their login credentials.
The average bad actor knows attempting to breach a platform by —as Hollywood would put it—“hacking of the mainframe” is a waste of time and energy. That’s because most of these attempts will fail due to robust technical security measures most companies now have in place.
Nowadays, the most common approach is through social engineering, targeting the common vulnerability all platforms have—users with little-to-no cybersecurity training or awareness.
This is what makes marketing teams— with entire databases of people’s personal information at their fingertips—appealing to bad actors.
What these bad actors do and why they do it
I’ve worked in the email industry for years and I’ve seen it happen across multiple platforms—an inactive user (often long gone from the marketing team) or a current user with minimum password security in place has their password stolen in some sort of “spoofing” campaign sent by a bad actor to the user.
Once they’ve acquired the marketer’s credentials, the bad actor works quickly to log into their account, upload their own list of contacts from previous breaches, and send out a mass phishing email. Why do they upload a new list and send phishing content to it? Because their first big prize is to make sure the content is delivered to as many inboxes as possible—hijacking the marketer's sending reputation in the process.
That’s right, years of work by a marketing team to build a strong email reputation can be exploited in a few minutes by a single bad actor. The fallout can be extensive and include sender reputation, business, and legal ramifications.
This means that the marketing team’s sending reputation is no longer trusted by major mailbox providers like Gmail. They’ve also lost some trust with their subscribers. Beyond that, internal colleagues might hold the marketing team responsible for any resulting business or legal ramifications.
How to protect your sender reputation from bad actors
While this might sound daunting, there are a few quick and easy things marketers can do to protect themselves and their subscribers from being hacked. I’ve helped customers work their way back from such experiences over the years—but it can take months of work and strategy delay to heal such deliverability wounds.
4 steps to put in place now
1. Create one-off, complex passwords for each of your user accounts
I know this can feel difficult but creating unique, complex passwords with multiple capitalized and uncapitalized letters, numbers, and symbols could be the key that protects your data from an interested party.
2. Set up two-factor authentication (2FA) for every account
Two-factor (or multi-factor) authentication involves referencing a secondary, trusted device to verify the accessing user has a right to the password. This extra level of security is fantastic as it requires much more effort on the bad actor’s part for circumnavigating the security and it alerts the owner of the verification device that someone else is trying to access their account.
3. Routinely change your passwords
Most sites would say best practice would be to change your password every 3-6 months, but even changing your password once a year is ahead of the curve for most users. Start where you can and then build a reminder and routine for regularly updating your passwords.
4. Remove any unnecessary customer data from your platforms
Increasing privacy legislation around the world requires companies to delete data they hold on customers that isn’t necessary to process for legitimate and agreed upon business purposes. Ultimately, the less data you’re handling, the better.
Cybersecurity isn’t a fun topic to discuss, but its real-world effects on your marketing make it too important to ignore.
You simply must follow best practices to protect yourself and your database from future exploitations outside of your team.
If you are part of a marketing team, I would encourage you to bring up this topic in your next team meeting to encourage small changes that could save you months of work and your company thousands (if not hundreds of thousands) of dollars.