Assuring data security calls for both high-tech and high-touch

Share this content:

Consider this hypothetical but plausible scenario: Production Agency Inc. sends Service Provider Inc. an unencrypted file listing all current Credit Card Corp. customers and account numbers to be used for a promotional mailing.

The file is transmitted electronically for merging with creative content the same day. A terminated employee of Production Agency Inc. remembers the username and password on the Service Provider Inc. server and waits for the file to be uploaded before making a copy. He then uses the information to post thousands of fraudulent transactions on behalf of those Credit Card Corp. customers.

Service Provider Inc. obviously must react to this breach of security, but over-reaction can be costly and ineffective. One customer wants more cameras, another wants bigger firewalls, and both want encryption.

Service bureau providers that have thrown technology at security holes can attest to its impact on their bottom lines.

Security basics

Data security is a maturing field of information technology that uses risk management to guide responsible IT operations.

Business owners must find and identify confidential data. Social

Security numbers, birth dates, credit card numbers and bank account information are protected by law and must be secured at the highest level. Names and addresses are not legally protected, but must be guarded against competitors.

Ultimately, security is the result of rational decision-making.

Transmitting unencrypted information via e-mail is tantamount to using postcards instead of sealed envelopes. Because there is no expectation of security, whoever sees the information can read it.

Failure to deploy sufficient firewalls, essential to modern security, can be likened to leaving open your front door. And failure to employ cameras and intrusion detection is like leaving a house without an alarm system. The level of security must be commensurate with the value of the information at risk.

Legal compliance

Besides satisfying customers' security requirements, those who store or transfer sensitive information must comply with laws governing the protection of this information. The table provides relevant privacy laws and standards.

Security challenges

Because service providers, especially smaller ones, face daunting data security challenges, some may cut corners to save money, a huge risk when financial statements and personal information are at stake. Indeed, many may not even be aware of the regulations.

Production managers are therefore advised to confirm compliance with internal standards and regulations.When selecting a services provider, they are further advised to require a comprehensive security framework that includes written security policies, reliable infrastructure and continuous security awareness.

Security at the highest levels presents challenges of its own.

Creating a security-conscious enterprise requires significant resources and vigilance.

Investing in firewalls, security appliances and software cannot preclude unencrypted data from being sent via e-mail. Even when dealing with aggressive production schedules, service providers must never lose sight of security concerns, but must balance them against customer demands.

Winning the security game

So how can mailers and their service providers win at the security game? Here are some general guidelines:

1. Don'tignoresecurityholes.Thinkofsecurityasbusinessinsurance.

2. Identify at-risk data. General marketing information can be lowrisk.

Personal financial or medical data are high-risk.

3. Prioritize threats.All security threats have some merit, but not all require equal attention.

4. Act in all parties' best interest. Anyone willing to look the other way to speed the supply chain will not have the same perspective after a security breach.

5.Don't reinvent thewheel. Look to security standards for answers.

For financial and credit cardmailers, the PCI standard is a comprehensive framework for security.

In the final analysis, awinning security strategy calls for investment in both infrastructure and the education it requires to establish and maintain a pervasive security culture.

close

Next Article in Direct Mail

Sign up to our newsletters

Company of the Week

Brightcove is the world's leading video platform. The most innovative and respected brands confidently rely on Brightcove to solve their most demanding communication challenges because of the unmatched performance and flexibility of our platform, our global scale and reliability, and our award-winning service. With thousands of customers and an industry-leading suite of cloud video products, Brightcove enables customers to drive compelling business results.

Find out more here »

Career Center

Check out hundreds of exciting professional opportunities available on DMN's Career Center.  
Explore careers in digital marketing, sales, eCommerce, marketing communications, IT, data strategies, and much more. And don't forget to update your resume so employers can contact you privately about job opportunities.

>>Click Here

Relive the 2017 Marketing Hall of Femme

Click the image above