Is your agency a back door for cyber hackers?
Accessing client information from the servers and cloud systems of agencies can be like taking candy from babies, claims security expert Christopher Rodrigues.
Cloud computing, mobility and the internet of things are megatrends that are reshaping the IT infrastructures of agencies of all sizes.
This is particularly relevant when you consider the fact that agencies frequently store client data from some of the world’s largest brands and corporations.
Many ad agencies seem to think that data protection and cyber security are issues for their clients, but the agency’s systems could actually be a back door for hackers to get access to those very clients.
Finding ways to maintain proper security as the diversity of technologies continues to grow is an increasing challenge.
External data sources, mobile devices and cloud platforms all provide valuable services, but they also create new potential avenues for intrusion. Each and every endpoint is a potential door into an organisation’s IT systems and data, and hackers need only to open one to wreak havoc. It takes just one vulnerable host to infect an entire network.
Many small to mid-sized agencies don’t think they need to protect themselves, but I’ve heard some horror stories. I know of one small Sydney-based digital agency which was crippled by a cyber attack – all of its IP was stolen and the company was ruined. Below are some best practices that advertising and digital agencies should consider when looking at cybersecurity. A key point all along would be – ‘Prevention is Better than Cure’.
Define, Educate and Enforce Policy
Marketing agencies have staff from all walks of life – they might be creatives, account managers, developers or designers. It’s important to educate all your staff, whether they are digitally savvy or not, about cyber threats e.g. phishing, spear phishing, social engineering, and so on. It’s all about being socially aware, and actually having a security policy – many agencies don’t.
Spend some time thinking about what applications you want to allow in your network and what apps you do not want to run in your network. Educate your employees on acceptable use of the company network. Make it official. Then enforce it where you can. Monitor for policy violations and excessive bandwidth use.
- Maintain your Network Like Your Car
Make sure you patch your system. Ensure your operating systems of laptops and servers are updated, and use security products rather than just relying on an anti-virus to block malicious traffic. The focus should be on blocking and prevention rather than just detecting.
- Mobile Devices
Today every business is a mobile business and employees use a wide variety of personal devices on the job. This is particularly the case with client-facing businesses like advertising agencies. With this comes added responsibility of safeguarding business data, providing secure mobile access to business documents and keeping mobile devices safe from threats. This should be company policy and Mobile Threat Prevention should be top of mind.
- Cloud Caution
Cloud storage and applications are more commonly used than ever before. Be cautious – think prevention and think encryption. The amount of content being produced by agencies is staggering, meaning cloud storage in incredibly common. Agencies need to be sure to encrypt content before sending it to the cloud (including system backups), while checking the security of their cloud provider.
- Advertising
Use third parties to validate the ads you’re serving aren’t malvertising. Malvertising can be implemented either by threat actors directly buying ad-space, or by threat actors compromising an ad-server and injecting malicious content to the benign ads.
Encrypt Everything
Data is the word on every marketers lips at the moment, and agencies are increasingly becoming data firms. This means data storage. One data breach could be devastating to your company or your reputation. Protect your data by encrypting sensitive data. And make it easy for your employees to do so. Ensure encryption is part of your corporate policy.
Cyber security is critical for all businesses in today’s digital world. But it is particularly important for advertising and digital agencies, due to the potentially confidential data they store, the large quantities of content and data they produce and the access they have to the systems of multinational clients.
Christopher Rodrigues is the regional general manager of Check Point, a global security firm
