What a whirlwind these past few weeks have been. Email service providers (ESPs) being breached left and right, brands panicking and sending out notice that their customers’ email addresses were “breached” (no, the end-user email addresses were leaked, not breached), people pointing fingers at each other about broken process, etc. saying it is their fault.
But what is the real issue here? Is it that ESPs screwed up? Is it that brands haven’t done enough security checks on their third-party providers? Senders aren’t using enough email authentication technologies? I say no. The issues don’t lie with the vendors nor do they with not following bulk sending common best practices when it comes to email-like branding in the “from” or proper subject lines. The issue actually begins with brands working for their customers, not just in securing the email they send to them, but in how customers can be secure using the email they receive from you.
What I am getting at here is when was the last time you really connected with your customers to let them know how to protect themselves? Take the responsibility and time to tell them about security. What I see today is that we still tend to only focus on the easy marketing and making our living from our emails. It’s as if we are afraid to work with our customers to tell them there are bad people out there; that bad people are after our brands to use them against our customers. We never take the time to tell customers about the things we do to get the emails to them or that things are not just fine and dandy in the email world like many of us wish. We tend to ignore the truly important aspect of education.
A few ideas come to mind here on how we can assure customers we are not just here for our emails to make money, but truly to use them to connect and communicate with our customers. We have all these great email software packages to make things relevant and targeted, but we don’t take the time to ask the customers “how are you?” “Please be careful, customer.” We only seem to communicate when things go bad. Why not be proactive in teaching customers how to protect themselves while using email?
- Just as most of your companies hopefully do, we annually train our employees on the importance of data governance and security. What not to open in email and what to be careful of so an accidental breach is not caused. The same should be done with customers, especially if you’re in a vertical that deals with any personally identifiable information (PII). When was the last time you did that for your customers? Told them specific things to look out for?
- Quarterly alerts
- Don’t be afraid to connect with customers and let them know you are working hard to help and protect them with security measures. Remind your customers that there are things you won’t ask for in email and explain quarterly that there are people trying to act like your brand. Maybe you should be flattered? Let them know about security measures like anti-virus, anti-malware, and anti-spam software. Some of you even have customers who sell it.
- Be hyper-transparent
- Don’t be afraid to tell customers in your privacy policies the vendors you work with and what their security measures are or proactively tell them when you change vendors so they know where their data is moved to and that they can remove it if they want.
You have a huge part in this security game even though you’re just a marketer or big sender. I’ve been reading the Twitter feeds on the most recent rash of data breaches, and customers are upset not knowing that their data was in a third party and not in your brand’s data centers, and as such are now threatening to turn those leaked email addresses off or move to a new one. If they do that, you’re losing a good contact point and the faith of that customer. Don’t fear security. Embrace it. Talk about it. Let your customers know you care about them, their PII, and celebrate their education on the matter.