It’s 3 a.m. – Do You Know Where Your Customer Data Is?

As email marketers we are always looking to move faster and choose more nimble solutions to help us do our job. Despite this predilection for improving our output with speed and technology, we sometimes forget that we are the owners of one of the most valuable assets a company has – the customer data file.

The LinkedIn security breach that occurred earlier this month is just the latest reminder of the value of customer data and the extent hackers will go to get it. In this situation, hackers were able to obtain 6.5 million passwords out of the 160 million possible for LinkedIn’s entire user base. Data breaches seem to be coming at greater frequency – especially for companies with lots of rich customer data – but LinkedIn is catching more heat than most for its lax data security. In fact, a disgruntled user has just filed a $5 million lawsuit (likely to soon be a class-action suit) that claims the company’s password security policies didn’t adhere to standard encryption practices that make passwords hard to decipher should they be accessed by an unauthorized third party.

The lawsuit isn’t just another blow to the company’s reputation, this attack against its security practices and leadership has cast doubt on one of the most popular social networks on the Internet. If this isn’t keeping LinkedIn executives up at night, it should be. Once users begin worrying about the security of a website, a slowdown in traffic is almost inevitable. And for a company that makes money off of ads and services delivered to members when they’re spending time on their site, this is a big deal.

Of course, what happened to LinkedIn could happen to any company that finds itself in the cross-hairs of a talented and dedicated group of hackers. The key is to minimize your risk. Even if you know your company has better security policies in place than LinkedIn, what about the vendors with whom you share data? If your customer data gets breached while it’s in the possession of an authorized third party, you can bet your customers will hold you directly responsible. And ultimately you are. Understanding the security policies of your vendors and potential partners should be an ingrained part of your internal processes.

As email marketers, it’s commonplace to outsource data. But that also means we are exposed. How quickly we forget that multiple email service providers, most notably Epsilon, have had serious security breaches that have exposed customer data for some of the world’s biggest brands. As consumers, we have all received troubling messages from reputable companies like TiVo, U.S. Bank, and Best Buy. I’m sure these brands thought they were doing all the right things in maximizing the value of the customer data file. Yet, with one malicious hack, the consumer trust was temporarily broken. When quality of service is the only substantial difference between most brands, maintaining consumer trust is paramount.

So, with all of this in mind, you need to ask yourself an important question. Is this the type of risk you should take with your email circulation list? I’m not sure it makes sense…especially when there are options for maintaining control of your customer data while still leveraging it to send relevant messages that properly reflect the customer relationship. Let LinkedIn be a wake-up call for scrutinizing your own practices for keeping your customer data secure.

Related reading