It is more and more common for information technology to be in the center of marketing and communications. But only a handful of marketing professionals come to think of what an important role security plays for a web service.
If security issues arise on a company's website or other services, it is a serious impediment to the company's image as well – other financial effetcs aside. Therefore it is important to know what information security is made up of.
It all starts with well-developed and well-maintained software. Any software can have vulnerabilities and problems sometimes, but the key factor is how fast they are reacted to. Thus, always make sure that software updates are done daily and that there is a person in charge of things and a clear process in the background. The majority of security issues is due to software that has not been updated.
Make sure that at least the company's public web services and websites are always up-to-date. It is also wortwhile to be certain of the software development practices of the software in use and for example, that OWASP TOP10 principles have been followed. Demand a description of their information security from your suppliers – and it doesn't hurt that it also has been audited by a third party.
Servers and backups – cloud-based service is effortless
Also the security of the servers in use must be actively taken into consideration and the data preferably be updated daily. It's not enough that the software of different applications is up-to-date if the servers themselves are not taken care of. It pays off to use cloud-based services nowadays because the service provider automatically makes sure that the servers are secure and the data backed up.
The monthly cloud-based service payment is also a compensation for your peace of mind when you know that everything is being handled professionally.
Surveillance and active monitoring
All of the company's public services must be actively monitored and surveilled so that no problems occur. The surveillance has to be 24/7, because often the problems don't surface during the office hours in Europe, for example, but in the daytime in the USA. There are ready-made tools for web service surveillance – but the easiest way is to check that monitoring and surveillance are part of the cloud-based service package.
Should information security issues arise – how to react?
Information security issues can also be found in well-maintained web services. For example, the recent Heartbleed SSL vulnerability hit almost all the web services in the world. In these cases it's good to be sure that a reaction order is planned out. Phone numbers to technical liaisons and sources are at hand and the company has the means to inform customers about possible problems or alternative arrangements. It's beneficial to gather the clientele's email and SMS contacts for crisis communication and have a service that handles the communication in a crisis situation. In our email marketing guide you will find a chapter dedicated to crisis communication.
We cover more of informartion security next month by listing the 5 most important things that marketing can do for information security.