Steve Webster, chief strategy officer and cofounder, iPost
April 12, 2011

Reduce risk of email data breach

Steve Webster
Steve Webster

The recent headlines about email data breaches have rightly caused all of us to review our security procedures and policies. No system is perfectly secure, but there are steps to take in order to avoid a breach, as well as some defined next steps.

Email service providers (ESPs) are a favorite target of hackers. They actively work to penetrate and to gain access to ESPs' customer databases. Protecting customers' privacy and data is an ongoing process that requires constant review and collaboration between a marketer and its ESP. Here's a list of tactics a marketer can do today to reduce the risk of an email data breach:

  • Constrain email data to only what's actually needed for email marketing. Don't store customer data with your ESP that you don't need for your email marketing program. 
  • Review customer data access policies and restrict access to only those employees who really need it. Take advantage of an ESP's access-control features to ensure that only specific users have access privileges to download or view data. 
  • Shut down user accounts of departed employees.
  • Encode or encrypt private customer data where possible. For example, if you use customer zip codes to determine the store that's nearest them, consider replacing these with the nearest store's ID.
  • Place secret, hard-to-guess "honeypot" email addresses on your list, and monitor the email these receive. If these addresses begin to receive email from sources other than your brand, it could be an indication that your list may have been compromised. Contact your ESP immediately to request an audit of your account.
  • Periodically review access logs provided by the ESP, particularly list-downloading activity.

Preparing for a possible breach can help to minimize the fallout if one does occur. For example, be transparent in your privacy policy. Tell customers what data is being collected, how it's used, and whether or not third-party vendors assist in managing the data. Summarize the privacy policy on the email signup page in plain, everyday language.

Consider an email data breach an inevitability, rather than a possibility, and develop a response plan, including customer communications. If a breach does occur, follow these steps:

Gather all the facts from your ESP.  You'll need to know what data may have been compromised; what data definitely was compromised; exactly when the breach happened; and whether the attacker knows it is your brand's data.

Put your communication plan into action. Contact your affected customers in a timely fashion. Tell those customers whose data (email addresses or personally-identifiable information) was compromised exactly what happened, to the best of your knowledge, and what are their potential risks. Be clear and concise. Customers may only read the first few lines of such alerts. 

Remember that this will be a public communication accessible to everyone, including the press. 

Post an FAQ on your website where customers and others can find more information, and update it as your investigation progresses.

Steve Webster is the chief strategy officer at iPost, an email service provider he cofounded in 1996.

Similar Articles
Related Topics
close

Next Article in Email Marketing

Follow us on Twitter @dmnews

Latest Jobs:

Featured Listings

StrongMail

StrongMail

We're StrongMail. We cater to enterprises looking for more than just a ...

Bronto Software

Bronto Software

Bronto Software provides the leading marketing platform for retailers and other commerce-focused companies ...

Knotice

Knotice

Knotice allows you to seamlessly manage your multi-channel mix, maximizing the ROI of ...

more »

More in Email Marketing

Relevancy Becomes More Relevant to Emailers

Relevancy Becomes More Relevant to Emailers

Email marketers appear on the cusp of embracing new technology, according to a new survey.

A Fresh Email Strategy for Fresh Water

A Fresh Email Strategy for Fresh Water

How charity: water met its $1.7m fundraising goal in a single month with a more mature email strategy.

The Future of Email Marketing

The Future of Email Marketing

6 trends marketers should watch to ensure long-term success with their email marketing.