Reduce risk of email data breach

Share this article:
Steve Webster
Steve Webster

The recent headlines about email data breaches have rightly caused all of us to review our security procedures and policies. No system is perfectly secure, but there are steps to take in order to avoid a breach, as well as some defined next steps.

Email service providers (ESPs) are a favorite target of hackers. They actively work to penetrate and to gain access to ESPs' customer databases. Protecting customers' privacy and data is an ongoing process that requires constant review and collaboration between a marketer and its ESP. Here's a list of tactics a marketer can do today to reduce the risk of an email data breach:

  • Constrain email data to only what's actually needed for email marketing. Don't store customer data with your ESP that you don't need for your email marketing program. 
  • Review customer data access policies and restrict access to only those employees who really need it. Take advantage of an ESP's access-control features to ensure that only specific users have access privileges to download or view data. 
  • Shut down user accounts of departed employees.
  • Encode or encrypt private customer data where possible. For example, if you use customer zip codes to determine the store that's nearest them, consider replacing these with the nearest store's ID.
  • Place secret, hard-to-guess "honeypot" email addresses on your list, and monitor the email these receive. If these addresses begin to receive email from sources other than your brand, it could be an indication that your list may have been compromised. Contact your ESP immediately to request an audit of your account.
  • Periodically review access logs provided by the ESP, particularly list-downloading activity.

Preparing for a possible breach can help to minimize the fallout if one does occur. For example, be transparent in your privacy policy. Tell customers what data is being collected, how it's used, and whether or not third-party vendors assist in managing the data. Summarize the privacy policy on the email signup page in plain, everyday language.

Consider an email data breach an inevitability, rather than a possibility, and develop a response plan, including customer communications. If a breach does occur, follow these steps:

Gather all the facts from your ESP.  You'll need to know what data may have been compromised; what data definitely was compromised; exactly when the breach happened; and whether the attacker knows it is your brand's data.

Put your communication plan into action. Contact your affected customers in a timely fashion. Tell those customers whose data (email addresses or personally-identifiable information) was compromised exactly what happened, to the best of your knowledge, and what are their potential risks. Be clear and concise. Customers may only read the first few lines of such alerts. 

Remember that this will be a public communication accessible to everyone, including the press. 

Post an FAQ on your website where customers and others can find more information, and update it as your investigation progresses.

Steve Webster is the chief strategy officer at iPost, an email service provider he cofounded in 1996.

Share this article:
You must be a registered member of Direct Marketing News to post a comment.
close

Next Article in Email Marketing

Sign up to our newsletters

Follow us on Twitter @dmnews

Latest Jobs:

More in Email Marketing

Google Inbox Clicks With Marketers

Google Inbox Clicks With Marketers

Email marketing experts see largely positives in the new mobile app that gives people greater control of and access to their inboxes.

Engagement: The Secret Ingredient to a Tasty Marketing Campaign

Engagement: The Secret Ingredient to a Tasty Marketing ...

Organic yogurt company Stonyfield says it's discovered the right recipe for an enthralling digital campaign.

8 Email Marketing Myths Debunked

8 Email Marketing Myths Debunked

Our experts set the record straight.