The Adestra & Econsultancy Email Marketing Industry Census 2012 has unveiled some frightening statistics – not just lack of awareness around data security issues, but a basic disregard for preventing security breaches. Only 56% of client-side respondents and 47% of supply-side respondents say they (or their clients) have policies and processes in place to guard against breaches of data security. Additionally, a quarter of agencies don’t even know what processes are in place (if any).
A brand’s data is its most valuable revenue tool – one that needs to be carefully protected. In addition, agencies need to prove they respect client data.
In light of the several high profile data breaches via ESPs last year, which saw brand damage to several major brands, the access method was via key-logging to gain (static) passwords. However using authenticated login and/or IP restrictions would prevent this type of intrusion – and only 25% of companies are currently are using this (while even more, 30%, don’t know if they are).
Henry Hyder-Smith, MD at Adestra, says: “Securing data and access methods is essential for any organisation. However, our research shows there is a lack of basic knowledge, and a lack of awareness among staff of the security policies in place, which is very worrying. Companies need to check their own processes or their ESP’s against best practices and ensure proper communication with employees – to keep data integrity and prevent brand damage.”
Linus Gregoriadis, Research Director, Econsultancy adds: “This is the first time since the inaugural Email Census five years ago that we have included questions about data security. The results are very worrying as many companies are not doing what they should be doing to avert risk. Companies should address their data security policies now in order to avoid a world of pain further down the line.”
Given recent and growing concern with regards to data security, this theme is highly relevant, particularly as governments and individuals become more aware of privacy issues. This survey found however that almost half of all company respondents (44%) either had no policies and processes in place, or were not aware of any.
- 16% of company respondents and 24% of agency respondents did not know whether data security measures were in place (either for themselves or their clients).
- Awareness of what specific policies were in place was even lower, with over a quarter of respondents in some areas not knowing whether data security policies existed.
- Only 2% of both client-side and supply-side respondents ranked data security as one of the three areas they need to focus on most in 2012
Of the policies already in place, data access restrictions are the most popular, with 64% of client-side and 63% of supply-side respondents stating they (or their clients) either had them in place or were planning on implementing them. The least implemented policy is authenticated login, within only 25% of companies and 18% of supply-side clients having them in place. IP Restrictions, data seeding and recording any data download is implemented by around one third of brands.