Every day, billions of pieces of content are produced, posted, and shared online. From articles about the latest presidential tweetstorm to emails about the upcoming sale at Macy's, some of this content is helpful and, at the very worst, innocuously annoying. But with so much material circulating, it's no surprise that an abundance of misinformation, scams, and far more sinister schemes are whirling around right along with it. From phishing to sextortion to fraud, there have never been more online threats to learn about and guard against.
As marketers and communications professionals, we have to be keenly aware of the ways criminals, trolls, and peddlers of bad information can take advantage of the platforms and tools we use. The brands we work with have the same responsibility, which is why more and more strategies for combating online scams and other nefarious activity are being developed and implemented across industries.
Here are three of the most effective ways companies can keep themselves and their customers safe as they navigate an increasingly complex digital environment.
Make security training accessible and painless
While conversations about digital security are often centered on all the ways technology can be compromised, one of the most vulnerable pieces of hardware is in your own head. Adam Marre, a former special agent in the FBI's Cyber Division and an information security expert at Qualtrics, says through his company's data platform he discovered that, although people claimed to know what they were supposed to do regarding security, they weren't actually doing it. "Digital security will steadily improve," he says, "but only at the speed at which we educate human beings to be secure with the technology they're using. Closing the gap between perceived understanding and actual behavior is vital to creating a security culture."
That's where training comes in, but it has to be done right. Almost everyone who has worked in a corporate environment has had the mind-gelatinizing experience of sitting through hour after hour of "training modules" (a term that manages to capture just how monotonous these experiences are). But when it comes to digital security, the last thing a company wants to do is bore its employees to the point of disengagement.
NINJIO is a company that understands this fact better than just about anyone else, which is why it has developed a suite of Hollywood style, micro-training videos (called "episodes" and released once per month) and resources that teach employees how to defend themselves and the company against the vast array of security threats online. Unlike the dry and boring lectures most employees are subjected to, NINJIO episodes are slickly produced, animated mini-features that draw upon real-life data breaches that have made headline news to build memorable narratives.
NINJIO CEO Zack Schuler founded the company on the belief that keeping employees engaged is priority number one, which is why he hired Bill Haynes (writer and producer on CSI:NY and Hawaii 5-0) to develop each episode and Ben Reynolds (a professional animator) to bring them to life. From episodes that teach employees about compliance with various regulations like GDPR, to episodes that educate viewers about common forms of hacking (such as phishing, smishing, business email compromise, and data theft), NINJIO has an extensive library of engaging content that can prepare employees for just about anything.
Spread the word about safety and security
It's vital to recognize that some groups are especially vulnerable to online exploitation - children most of all. This is why Thorn, a nonprofit co-founded by Ashton Kutcher that develops technology to protect children from sexual abuse online, is so important.
Thorn works with law enforcement agencies, tech companies, and other nonprofits to identify and help children who are victims (or at risk) of sexual abuse, trafficking, and other forms of exploitation. "Spotlight" is Thorn's AI-powered data collection and analysis platform for law enforcement, and it has identified almost 32,000 victims of human trafficking - more than 9,000 of whom are children. The organization recently introduced safer, a complete software solution for any company that hosts user-generated content to help stop child sexual abuse images from spreading across their platform. This easy-to-deploy tool helps companies protect the reputation of their platform while ensuring that they take a stand against egregious abuse images that tend to permeate platforms that host user-generated content.
As effective as Spotlight is, Thorn CEO Julie Cordua points out that child sexual abuse is "not something that will be solved with one type of solution. Rather, it's going to take a holistic approach." According to Cordua, this approach includes educating children, caregivers, and teachers; getting companies to prioritize the safety of children; reforming policies and laws to account for the changing nature of sextortion and other crimes against children; and having difficult public conversations.
In 2017, Thorn launched its Stop Sextortion campaign, which aims to raise awareness about the crime, eliminate stigma, and provide help for victims of sexual exploitation. Thorn released a PSA that explains how sextortion works and encourages viewers to promise to support their friends if they're ever the victims of sextortion. The campaign introduced the hashtags #FriendsFirst and #NoShame, which were shared across all Thorn's social media channels and included in the PSA. This should be a reminder that marketers and communications professionals have an essential role to play in fostering digital safety and security.
Your customers need to be part of the security conversation
Considering the fact that intelligent and cautious employees, managers, and even CEOs fall for phishing schemes, use insecure credentials, and make other security mistakes all the time, why would you expect your customers to be any different?
There are many ways companies can ensure that their customers are pursuing best security practices, from prompts for password updates and identity verification to guidelines for handling and sharing sensitive personal information to transparency about data policies, risks, and potential breaches. After GDPR came into force last year, transparency has become more crucial than ever.
End-user safety and security has more impact on businesses as more companies complete their digital transformation. Instead of viewing these requirements as obstacles, companies should regard them as invitations to reinforce their security platform and improve their relationships with customers.
"The traditional mindset towards managing risk has focused almost exclusively on preventing loss," remarks Jason Tan, CEO of Sift, a company that empowers online businesses (from digital disruptors to Fortune 500 companies) to unlock new revenue without risk by dynamically preventing fraud and abuse. "The organizational structures, processes, and tools that accompany legacy approaches sprang from a single goal: risk mitigation. Little or no emphasis was placed on maintaining a great customer experience, increasing user engagement, or enabling revenue growth."
According to Tan, a better approach is to invest in Digital Trust and Safety solutions: a holistic approach to fraud prevention and customer experience, focusing on customer journeys rather than customer actions, and fraudsters' behavior rather than their attacks.
"Clearly, something is broken. The status quo for risk management is not up to the challenges faced by today's organizations: meeting customers' incredibly high expectations, while also protecting their business and users from bad actors."
Tan is certainly not alone in his thinking. As reported by PwC, 69 percent of consumers believe "companies are vulnerable to hacks and cyberattacks," while 25 percent think "most companies handle their sensitive personal data responsibly" and just 10 percent "feel they have complete control over their personal information." Digital Trust and Safety creates a bridge between companies and customers. By making transparency and communication integral parts of your company's security architecture, you'll remind customers that you're doing everything possible to safeguard their sensitive personal information.
As our professional, commercial, and personal lives continue to migrate online, there will be more and more opportunities for hackers, thieves, predators, and unscrupulous people of all types to exploit any security gaps they can find. "Security" is often a word we associate with lectures from stuffy IT managers and annoying identity verification gauntlets, but that attitude is exactly wrong. Security encompasses everything we care about - from our personal identities to our most private thoughts and messages to the safety of our children. It's time for companies to start treating it as such.