Why marketers should care about data security and how we handle data security at Supermetrics

In marketing, data reveals a lot about your audience and business performance. That’s why marketers love collecting data and, sometimes, too much of it.

Gathering and using data can be a double-edged sword. If you don’t take it seriously, you can break your customers’ trust and put them at risk.

Keep reading to learn about these risks and the importance of data security for marketers. And how our team at Supermetrics handles data security.

Skip ahead>>

• What’s data security?
• Why should marketers care about data security?
• Pro tips for marketers to protect the data they use
• How we keep data secure at Supermetrics

What is data security?

Data security is the practice of protecting electronic information to ensure its confidentiality, integrity, and availability. Data security is a subset of information security but different from cybersecurity which aims to protect critical systems and sensitive information from digital attacks. The tips we’re sharing focus solely on the security of the data you have access to as a marketer.

Confidentiality

Protecting data confidentiality ensures the data can only be accessed by people who are authorized to access it. One example is having controls in place to prevent a random person from accessing their neighbor’s banking records. In marketing, that might mean keeping your customer’s purchase history available only to team members who need that information for their daily tasks.

Integrity

Protecting data integrity ensures the data stays intact and isn’t altered maliciously on purpose or accidentally. One example is noticing if the balance on someone’s bank account changes without them actually depositing or withdrawing money. In marketing, it might mean limiting edit access to customer files so only certain team members can modify them.

Availability

Protecting data availability means ensuring that the data can be accessed and used when it’s needed. One example is an account balance being available to the ATM when the account owner wants to withdraw money from the account. In marketing, it might mean having proper access to your report—and its data—during a campaign review meeting.

In practice, it can include encrypting data at rest—i.e., when it’s stored on a server or hard drive— setting access control policies, and ensuring the data backup is stored somewhere secure.

Why should marketers care about data security?

Because that’s how you protect and care for your customers. 60% of consumers believe that trustworthiness and transparency are the most important traits of a brand.

According to PwC, 44% of consumers said they would not do business with a company that had experienced a data breach. In other words, data security isn’t only important for the safety of your customers’ information, but it’s also essential for maintaining a good relationship with your customers and growing your business.

Data security is important for businesses of all sizes, but it’s especially critical for marketing businesses and in-house teams because they often deal with sensitive customer information such as client names, emails, targeting data, and even behavioral information.

If this type of data were to fall into the wrong hands, it could be used for identity theft, fraud, or other malicious activities. In addition to the potential financial damage, a data breach could also damage your company’s reputation and lead to a loss of customer trust.

People are more aware than ever of the risks associated with sharing personal information online. As a result, regulations have been written to set guidelines for processing personal data, and individual customers are increasingly hesitant to do business with companies that can’t guarantee the safety of their data.

According to IBM, the average cost of a data breach is over 4 million dollars, where about half the cost was dealing with the breach itself, and half the cost was lost business. So here are some top tips to avoid dealing with the pitfalls of a data breach.

Pro tips for marketers to protect the data they use

Data security isn’t just an IT problem—it’s everyone’s problem. If you’re the one who needs and uses data, you need to be actively working to keep it safe and secure.

Here are some pro tips you can use to keep your customers’ data safe and protect their privacy:

1. Keep your users in mind
2. Encrypt your data at rest
3. Control access to your data
4. Follow applicable laws and regulations
5. Use secure tools to move, manipulate, and store data
6. Regularly review your data security and privacy practices

1. Keep your users in mind

This should go without saying, but it’s easy to forget that all data is usually connected to actual people. To make sure only the least amount of damage is done in case of any issues, you should only collect the data that you actually need but also get explicit consent even for that. To ensure people are okay with giving you consent, you should be fully transparent about how their data is stored and used and give them the possibility to remove their consent at any time.

2. Encrypt your data at rest

Sometimes, a hacker can access the server that holds the data and can copy files off of it. To prevent them from stealing the data, it’s important that it’s stored with proper encryption so the data can’t be read, even if it could be copied and transmitted elsewhere. You should engage your IT team and make sure they encrypt it using industry-standard algorithms such as AES-256. If you store the data in a cloud service, then one requirement when selecting the service should be adequate data encryption.

3. Control access to your data

You should carefully control who has access to your marketing data to avoid marketing data management challenges. Only authorized users should be able to view, edit, or delete data, and who’s authorized to do what should be defined in a data security policy. This policy should cover everything from how data’s collected and stored to who has access to it, how it can be used, and who owns or is responsible for it.

Many marketers still use personal Gmail addresses for accessing the data, or even worse, shared accounts are used by the whole team, which makes it impossible to control access beforehand or audit access afterward.

4. Follow applicable laws and regulations

It’s important to understand the basics of data protection regulations such as the GDPR, CCPA, and others. They set a fairly straightforward standard for how to process, what to process, and what not to process. While the regulations don’t apply globally, knowing and following them is key, as you may have clients in these regions. Also, consider that you might expand your business at some point, and it’ll be very difficult to change your processes afterward to meet regulatory requirements in new geos.

5. Use secure tools to move, manipulate, and store data

When using marketing data, it’s important to be sure that the tools used to move, manipulate, and store the data are secure. This includes everything from email and file-sharing services to web analytics and marketing automation platforms.

You should also consider the security of the devices you use to access marketing data. Laptops, smartphones, and other devices can be easily lost or stolen. To protect your data, you should encrypt your devices and use strong passwords.

When transmitting data over the internet or other networks, you should always use secure protocols such as HTTPS.

6. Regularly review your data security and privacy practices

The world is constantly changing. Laws and regulations change, data requirements change, tools change, and you change. That means that what was the correct thing to do last year, or even last month, might not be correct or sufficient anymore. To make sure the world hasn’t changed and left you behind, your security and privacy practices need to be reviewed and updated often.

How we keep data secure at Supermetrics

When we talk about data security in marketing, we’re not only talking about how you should follow best practices for your users. Our team also considers all of these factors when developing our products.

Here’s an example of how your data flows securely through our system from your data source to your analytics destination, in this case, BigQuery.

All processed customer data exists as cached data in our systems. We invalidate all caches regularly with the timeline dictated by the design of the data source. Because we only ever cache the data, none of your processed data is ever stored in a backup. You can always fetch fresh data directly from the data source if the caches have been removed.

We do retain your customer access tokens to be able to fetch data at your request or your schedule. These credentials are securely stored encrypted and cannot be read even by Supermetrics staff without a key that’s stored separately.

All connections to any of our services, our web portal, our account management system, and any purchases you make are encrypted by default using industry-standard cryptographic protocols—TLS 1.2+. Any attempt to connect over an unencrypted channel—HTTP—is redirected to an encrypted channel—HTTPS.

We follow industry best practices, including the use of hardened and customized server images, bastion hosts, different types of firewalls, and multi-factor authentication. As a ‘data privacy-first’ organization, we follow regular standards on enforcement of least privilege, monitoring and reviewing our IAM—identity and access management—policies, and security roles.

By using the ‘least privilege’ model for access control, only people who need access are given access by request, not by default. With this model, everyone at Supermetrics has access to the data they need to do their job, but no more.

Two-factor authentication, VPNs, and strong password controls are required for administrative access to systems. All such policies are reviewed regularly. We have various change management and peer review practices within our software development lifecycle to ensure best practices are followed.

External security auditors conduct annual audits of our applications, systems, and processes. We’re also SOC 2 Type II, GDPR, and CCPA compliant.

The best time to start thinking about data security is now

With people becoming increasingly aware of what data is collected from them and how marketers use it, the sooner you can adjust your strategy to take data security into account, the sooner you keep your consumers’ trust. Don’t wait to have a data breach to take action.

About the author

Kurre is the Lead Security Engineer at Supermetrics, currently building the internal security tooling and controls. He’s pathologically curious and wants to solve every puzzle he comes across.