Marketers, we have a problem

And that problem is security.
Much of what marketing does is build profiles of customers by collecting huge amounts of data on every customer. That data collection is facilitated by compliant customers that provide all sorts of personal data just because they’re politely asked by a retail clerk.
There will always be people who comply with data requests, but I expect more customers to be wary of sharing information at the register.
I’m not the only one, a recent NY Times blog post from one of their security researchers: Stop asking me for my email address. She discusses how much information companies ask for and how complacently consumers hand it over without asking about security.

The point is that no company is secure. None of them. Not when they are up against an increasingly sophisticated, elusive enemy. But the problem is not just retailers, or technology companies or hackers, it’s us.
We regularly hand over data simply because we’re politely asked. We don’t read privacy policies, or ask companies whether our email addresses and passwords will be “salted” or “hashed,” encrypted with long or short keys, or whether those keys will be stored on separate systems from the ones they can unscramble.

The underlying problem is that marketers and the companies they work for, are not taking security seriously enough. The collection of reams and reams of personal data, from PII through to email opens and clicks, makes this data a prime target for criminals.
It concerns me that security breaches are getting bigger and taking more data and affecting companies with large customer bases.
Security has to become a bigger priority for companies.

Related Posts

People are your weakest link

Social engineering is a long standing way to compromise security. Chunkhost reports today that they discovered accounts being compromised through social engineering of Sendgrid support. While the compromise did not work it was a close call. The only thing that saved the targeted customers was their implementation of 2 factor authentication.
We know many of our customers individually and personally, and are still careful about changing contact addresses and passwords. With larger customer bases, it’s vital that every person in the change follow security processes.

Read More

Brian Krebs wins the Mary Litynski award

A little late, but I’ve been in sessions most of today. M3AAWG announced this morning that Brian Krebs won the 2014 Mary Litynski award. This award is given to people who work tirelessly to make the internet a better place.
I first had the pleasure of listening to Brian give the keynote address at a MAAWG conference many years ago. His ability to infiltrate some major spam operations and online forums for criminals is amazing. He’s also had retaliation attempts, including being SWATed and having heroin delivered to his house.
If you get a chance to hear Brian speak, I strongly encourage you to do so. His knowledge is outstanding and his speaking style is entertaining. I’ve learned a lot from Brian over the years and I’m pleased he won this award and that M3AAWG recognized his contribution to stopping abuse online.
M3AAWG press release

Read More

Experian selling data to identity thieves

If you’re not following or reading Brian Krebs, you should be. He does some of the best investigative reporting in the email, security and internet space. Today’s blog post is a disturbing look into the data selling and identity theft industries. Brian details evidence that shows Experian (yes, that Experian) has been selling consumer data to identity thieves.
 
 

Read More