OK. We’d place big bets that you’re not storing photos of your naked self on your company’s marketing portal. And maybe no one on your team is as famous as, say, Jennifer Lawrence or Kate Upton. But does this mean your digital assets that are residing out there in their virtual storage locker are 100% safe from data breaches?
Stop and think for a second: Just how secure is your marketing portal?
News about the recent iCloud hacking should put all of us on alert. We live and work online, as does so much of our personal data.
Let’s imagine you’ve partnered with a reputable provider who built, hosts and manages your marketing portal. You have at your fingertips a powerful technology system that lets you store, manage, organize, share and track usage of a massive amount of company data. This includes content, videos, photos and other imagery, logos, proprietary software, and tangible assets your channel partners can access, purchase, distribute, and/or download. They use the online system to select and purchase materials to be printed and delivered across the globe.
That’s a ton of sensitive information. And there’s also the fact that this portal processes credit card transactions from all of your channel partners, wherever they are in the world.
When you stop and think about how much faith you put in your portal – like those stars had faith in iCloud’s security – it should be obvious that you need to question how safe your data is. If you’re considering a system and interviewing providers, we think it’s time to move this topic of security way up to the top of the list. If you don’t feel 100% confident in the security system a technology provider has built into their portal package, you should reconsider.
Ask About Standard Security Features
Certain security features in these systems are standard, like running all data through SSL (Secure Sockets Layer), a cryptographic protocol that was designed expressly for giving customers communication security over the Internet.
Other standard security features of a portal include basic due diligence. Any third party vendors who are part of the portal must have their own strict security processes in place, and these must be made public to the solutions provider. In fact, all vendors should be required to keep the provider up to date on software upgrades and antivirus software updates. The communications between your portal partner and their software vendors must be seamless and thorough. As a customer, you have the right to ask about this.
Credit Card and Other Personal Data
Credit card information is highly sensitive. Marketing portals typically offer this type of financial transaction, so find out how your service provider handles it. Sensitive customer information, including credit card details, should never be stored. And by virtue of the fact that this data is not retained by the system, the surface area for cyber attacks will be reduced.
As an extra measure of security, the third party vendor for financial transactions that your portal provider is working with should have their own system of testing security of data transactions. (At OnFulfillment, we partner with Trustwave for verifying our systems are secure for credit card processing. A standard procedure of theirs is to try and infiltrate our server on a monthly basis.)
Your portal is a complex hierarchy of integrated software applications. Does your portal provider have a best practices policy in place for each application? Is there a team to ensure these guidelines are upheld?
Think about the sheer amount of customer data you will be entering into your portal. This includes names, emails, mailing addresses and other personal data. Is the data encrypted by the system? How long will it be retained there? A good marketing portal provider will discuss this with you, and it’s the type of policy that will need to be addressed regularly over time as your needs change.
Passwords, SSO and Back-Up
Then there’s the red-hot issue of passwords. In the iCloud photo hacking incident, it came to light that in order to reset one’s lost password, iCloud users are asked security questions they previously answered. We all answer these very same questions all the time (mother’s maiden name, favorite dog, etc.). Now that we all live our private lives in public and online, so much of this type of information can easily be found. Our security questions now become meaningless…and far too easy to answer. Apple is tightening up its security system to iCloud with more alerts when a password change is requested or when a new device connects to it.
The password process on your marketing portal needs to be secure. Ask your portal provider about two factors of password authentication – not just the standard one. It’s an extra measure every one of us should be willing to take when our data is at stake. Apple has made this change to iCloud as well.
Speaking of passwords, how many times have you forgotten your password, confused yourself trying to remember which password goes with which site, and *gasp* SHARED your password with another person for the sake of convenience? These are common challenges we've all faced, but on a marketing portal with many users, the issues are magnified and compounded. With many users and roles on your portal you want to ensure users are not sharing passwords, not inconvenienced by forgetting their password, and for your administrator, easily onboarding new users and safely letting others go so they no longer have access. Better yet, if your users are already logged into a corporate network and/or intranet or other type of user portal, wouldn't it be great if they didn't have to log in again to your marketing portal? Enter SSO (single-sign-on). SSO is a smart and secure way to seamlessly log users into websites that are trusted once they log into the site they started from (such as a corporate network portal).
SSO allows users to simply click a link on the originiating website and seamlessly log into your marketing portal with their own identity and permissions without having to type in those credentials. The benefits are many as users don't have to remember a separate login, new users are automatically enrolled, and users who no longer have access on the originating system are automatically barred from further access to your marketing portal. It also eliminates the possibility of password sharing so you can always be sure users belong on your marketing portal with the access they've been granted.
SSO has been around for awhile, and standards have developed (such as oAuth and SAML) which allow many websites to trust each other through SSO. Some portals may even let your users login with Facebook or other common credentials. Be sure to ask if this is a capability supported by your marketing portal.
Finally, inquire about the portal’s back up system. Ideally, your provider will have a redundant system, so there are two separate servers for backing up your data. How often is your data backed up? Ask. At the same time, find out if your portal provider tests the restore function of your database as well as all of your files.
Hopefully, the provider you’re working with or planning on working with has all of these issues covered and can articulate to you and your management team – in plain English – the strength of its security policies and procedures. Inquire. You want to be reassured they have it all covered. They should convince you that they deserve access to your company’s most sensitive data.