Reduce risk of email data breach

Share this content:
Steve Webster
Steve Webster

The recent headlines about email data breaches have rightly caused all of us to review our security procedures and policies. No system is perfectly secure, but there are steps to take in order to avoid a breach, as well as some defined next steps.

Email service providers (ESPs) are a favorite target of hackers. They actively work to penetrate and to gain access to ESPs' customer databases. Protecting customers' privacy and data is an ongoing process that requires constant review and collaboration between a marketer and its ESP. Here's a list of tactics a marketer can do today to reduce the risk of an email data breach:

  • Constrain email data to only what's actually needed for email marketing. Don't store customer data with your ESP that you don't need for your email marketing program. 
  • Review customer data access policies and restrict access to only those employees who really need it. Take advantage of an ESP's access-control features to ensure that only specific users have access privileges to download or view data. 
  • Shut down user accounts of departed employees.
  • Encode or encrypt private customer data where possible. For example, if you use customer zip codes to determine the store that's nearest them, consider replacing these with the nearest store's ID.
  • Place secret, hard-to-guess "honeypot" email addresses on your list, and monitor the email these receive. If these addresses begin to receive email from sources other than your brand, it could be an indication that your list may have been compromised. Contact your ESP immediately to request an audit of your account.
  • Periodically review access logs provided by the ESP, particularly list-downloading activity.

Preparing for a possible breach can help to minimize the fallout if one does occur. For example, be transparent in your privacy policy. Tell customers what data is being collected, how it's used, and whether or not third-party vendors assist in managing the data. Summarize the privacy policy on the email signup page in plain, everyday language.

Consider an email data breach an inevitability, rather than a possibility, and develop a response plan, including customer communications. If a breach does occur, follow these steps:

Gather all the facts from your ESP.  You'll need to know what data may have been compromised; what data definitely was compromised; exactly when the breach happened; and whether the attacker knows it is your brand's data.

Put your communication plan into action. Contact your affected customers in a timely fashion. Tell those customers whose data (email addresses or personally-identifiable information) was compromised exactly what happened, to the best of your knowledge, and what are their potential risks. Be clear and concise. Customers may only read the first few lines of such alerts. 

Remember that this will be a public communication accessible to everyone, including the press. 

Post an FAQ on your website where customers and others can find more information, and update it as your investigation progresses.

Steve Webster is the chief strategy officer at iPost, an email service provider he cofounded in 1996.


Next Article in Email Marketing

Sign up to our newsletters

Company of the Week

We recently were named B2B Magazine's Direct Marketing Agency of the Year, and with good reason: We make real, measureable, positive change happen for our clients. A full-service agency founded in 1974, Bader Rutter expertly helps you get the right message to the right audience at the right time through the right channels. As we engage our clients' audiences along their journey, direct marketing (email, direct mail, phone, SMS) and behavioral marketing (SEM, retargeting, contextual) channels deliver information relevant to the needs of each stage. We are experts at implementing and leveraging marketing technologies such as CRM and marketing automation in order to synchronize sales and marketing communications. Our team of architects and activators plan, execute, measure and adjust in real time to ensure the strategy is working as needed and change things if it's not.

Find out more here »

Career Center

Check out hundreds of exciting professional opportunities available on DMN's Career Center.  
Explore careers in digital marketing, sales, eCommerce, marketing communications, IT, data strategies, and much more. And don't forget to update your resume so employers can contact you privately about job opportunities.

>>Click Here

Relive the 2017 Marketing Hall of Femme

Click the image above