Two words every marketing team wants to avoid? “Security breach.” Here’s what your team can learn from the Twitter hack and the Canva and Facebook data breaches to avoid costly brand repercussions.
A security breach is the bane of any company, but the impact isn’t limited to the company’s IT/infosec teams and the finance department. Marketing teams, who are often on the frontlines of protecting the brand’s reputation as well as public-facing communications with customers and press, know all too well that if their customers’ data is compromised, the reputation of the brand is also compromised. And that can be devastating.
One of the most common causes of data security breaches? Poor password hygiene. Many employees are likely to reuse easy-to-remember passwords and store and share passwords in non-secure places, mainly because their daily tasks are demanding enough. The best way for a company to stop breaches is to set password guidelines and encourage employees to be more invested in the overall security of the company—because every team is affected when a breach occurs.
Here are three dramatic “cautionary tales”—the Twitter hack, Canva breach, and Facebook breach—and what your marketing team can learn from them to avoid a brand reputation disaster.
The cyberattack: Social engineering
How they did it: Through a coordinated social engineering attack that targeted Twitter employees in summer 2020, hackers were able to gain entry to the company’s internal systems and publish fake tweets seemingly from celebrities and high-profile figures, including President Barack Obama and Kim Kardashian, promoting a bitcoin scheme.
What your company can learn: The cybercriminal in this scenario posed as Twitter’s own IT department to gain access to the company’s servers through its employees. To avoid something like this at your business, make sure employees are able to distinguish a real email from a phishing email, and prep them on things to look out for in internal communication so they can know whether or not a request for credentials is legitimate.
Canva data breach
The cyberattack: Data breach
How they did it: A well-versed hacker was able to unencrypt, access, and download data from 139 million user passwords, as well as expose the passwords of 4 million Canva customers in this data breach.
What your company can learn: How many customers are in your database? This number can determine the reach and damage of a potential hack—both from a monetary and a public image standpoint.
Facebook data breach
The cyberattack: Data breach
How they did it: Hackers accessed and exposed 600 million Facebook passwords that had been stored in plain text for over seven years.
What your team can learn: The reason a password hack can be so effective is because of the number of users that reuse passwords for multiple accounts, including ones that are meant to protect sensitive data.
Data breaches and hacks can happen to even the most tech-savvy companies, and the culprits are often compromised employee passwords. Marketing teams, who often have access to databases of company and customer data, are acutely aware of the potential disaster of a breach or hack. The security breach cost is not only financial but also greatly impacts the brand’s reputation.
What it means for your customers
Consumers are more aware than ever of social media privacy issues and social media security issues, especially given the recent hacks over the years of major companies that they trust, like the Twitter and Facebook data breaches, and the slew of cyberattacks in 2021. A security incident can sever a customer’s relationship with a brand forever.
What your company can do to stop breaches
- Make sure your team is aware of the realities and impact of a security incident at your company. A strong security culture is the #1 defense against a data breach—in addition to tech, security is a human problem. Your company’s security solutions should align with their beliefs and existing behaviors.
- Implement a social media governance plan. Social media can be a major asset to any company, but understanding the security risks of third-party apps is essential. Policies for social media use, plus strategies for when a security incident occurs, are the first steps to preventing a breach.
- Set guidelines for password use. Set your team up with the right tools like a password manager to ensure that passwords are strong, securely stored, and never reused.
- Get security alerts. The best way to mitigate the cost of a cybersecurity incident is to act quickly. The sooner you know of a breach, the sooner you can develop a plan of action.