publication of the International Legal Technology Association
Issue link: https://epubs.iltanet.org/i/1031816
44 WWW.ILTANET.ORG | ILTA WHITE PAPER MARKETING TECHNOLOGY Security: A Shared Responsibility between Marketing, IT and Aorneys A key element to success in the realm of information security is building a cross-functional team, led by the designated owner, which can support the marketing team's efforts. For example, there needs to be a legal and compliance liaison, an IT liaison, and an HR liaison. All of these players need to work together to identify issues, thoroughly review the legal and compliance obligations of the organization, effectively address decision points, and then operationalize those decisions in the organization's technology structure and among its employees. 2. Audit your current data and technologies. Keeping an inventory of the different types of data you are currently storing/processing and the technologies you are using will help you develop the right processes to keep them secure. Once you know what data is included in your ecosystem, classify it. Is it internal data, confidential data, personal data, or public data? Under some international laws, you may need to not only know what data you collect and store, but you may also need to analyze your legal basis for processing that data. In other words, your firm will need to undergo a data audit to determine what data points you collect, store, and process, and you will also need to understand all of the uses of the information, ensuring the use is a legal basis under the relevant law that applies. A critical component of any data-driven strategy is to first understand whose data you process, and then determine what laws and regulations apply to that processing. It is imperative to understand what kinds of marketing activities are allowed, and in what circumstances. Once you've labeled and analyzed the legal basis for the processing of the data, decide who should have access to it – remember to limit access to those who absolutely need it, and no more than that. Finally, establish an onboarding/ooarding process to ensure access remains tightly managed. From a technology perspective, knowing which technologies you're using will help you keep up-to-date on any critical patches or updates you should install to keep them secure. At some point, you may have to retire current technologies for security reasons. Maybe the developer of that technology isn't keeping up with security best practices, or maybe it plans to sunset support of the tool in the near future. Performing regular audits will help you plan ahead for these situations. Having a dedicated team, or external vendor, that performs full security assessments for your current technologies can help with this process. Be sure to keep this team informed when you want to add new technologies as well. They can do a pre-assessment and help you decide if the new or emerging technology you'd like to give a try aligns with your firm's security standards. If it does, they'll know to add it to their inventory list for the next audit. 3. Establish a security budget. This one goes hand-in-hand with the previous point. Technology changes much faster than we can keep up. Reserving a contingency fund for unexpected changes will help you stay on top of critical updates. For example, many browsers began rolling out upgrades last year that introduced a warning to users if they visited websites that didn't have an SSL certificate. The warnings labeled these The Why's and How's of a Cyber Attack According to the 2017 Official Annual Cybercrime Report, "cybercrime damages will cost the world $6 trillion annually by 2021." In an attempt to combat this, Gartner predicts that worldwide enterprise security spending will grow eight percent in the next year alone, reaching more than $96 billion. In addition, the Ponemon Institute has concluded that the three occurrences that have the greatest impact on brand reputation are: environmental disasters, poor customer service, and data breaches. These startling numbers have ignited many firms to take action by building an army of innately suspicious employees, all of whom feel empowered to combat any suspicious requests or traffic that comes their way. But how do you educate your people to know what to look out for? What's behind the actions of a malicious hacker? And what methods are they utilizing to tap into your most vulnerable entry points? C O N T I N U E S O N N E X T PA G E