If your business is like most, you probably have a marketing portal—a system that allows you to store, manage, organize, share and track massive amounts of sensitive company data and content. This could include everything from documentation and collateral to videos, photos, logos, proprietary software, and other tangible assets that internal teams as well as external partners can access, download and distribute. Since partners are sometimes required to purchase materials, the system also processes and stores credit card information.
That’s a lot of sensitive information. And it begs the question: just how secure is your marketing portal?
Every day, we hear about new security breaches that compromise our personal data. Predators are out there, looking for weaknesses to exploit. If it’s not already, security needs to be at the top of your list when planning, building or updating your marketing portal. If you’re not 100% confident in the security of your portal, you need to rebuild.
Start with the Basics
If you’re working with a third-party solutions provider to build or redesign your portal, you need to establish up front that security is a priority. That means going above and beyond to ensure your sensitive and proprietary data is protected.
It’s best to start with the basics. Some features are a standard part of any package—for instance, running all data through SSL (Secure Sockets Layer), a cryptographic protocol that was designed expressly for giving customers communication security over the Internet. If such features are not part of the base offering, you need to consider finding a new partner.
Other basic security measures are simply common sense. For example, any third-party vendors with access to your portal must have their own strict security policies and procedures in place, and these must be disclosed to the solutions provider. These third-party vendors must also keep the provider informed about any software and antivirus updates. This requires open and honest communication between all parties. As the owner of the portal, it is your responsibility to ensure this.
Protecting Sensitive Personal and Financial Data
Most marketing portals support financial activities such as credit card transactions—a favorite target of predators. Therefore, it is critical to understand how your solution provider handles this data.
Generally speaking, sensitive customer information, including credit card details, should never be stored. If the data isn’t there, it can’t be stolen. That reduces the opportunity for cyberattacks.
Any third-party vendor your provider works with for financial transactions should have their own way of testing the security of data transactions. OnFulfillment partners with Trustwave to test our credit card processing security; one of their methods is to try to infiltrate our server on a monthly basis.
In addition to financial information, your portal will be hosting a huge amount of other customer data, including names, e-mails, home and business addresses, phone numbers and more. Does your provider have a best practices policy that defines where and how long this information will be retained? Will it be encrypted? Is there a team to ensure these guidelines are upheld?
These policies must be discussed and revisited regularly as your needs change, and any good provider will be happy to engage in such conversations.
Passwords, SSO and Back-Up
Passwords used to be the gold standard of security. Now they are often a weak link.
That’s because when users need to reset a forgotten password, they are often asked security questions (mother’s maiden name, first dog, etc.) to prove their identity. Now that we live our lives online, a lot of this information can easily be found, opening doors that imposters easily exploit.
That means your marketing portal’s password protection must be rock solid. Does your provider support extra security measures such as two-factor authentication? These options are critical.
From an administrative perspective, password management is a considerable challenge. With so many users and roles accessing your portal, you want to make it easy for your administrator to easily onboard new users while safely removing old users so they no longer have access.
SSO—single sign-on—is the answer. SSO is a smart and secure way to let users who have logged into a “home” site such as the corporate network access other trusted sites without having to log in again.
With SSO enabled, users logged in to the originating website can seamlessly access your marketing portal with their own identity and permissions without having to enter those credentials. No need to remember multiple user names and passwords. New users are automatically enrolled, and anyone who no longer has access to the originating system is blocked from your marketing portal. SSO also eliminates password sharing, ensuring anyone on your marketing portal is a legitimate user.
Ask your provider if they support SSO; if not, you should probably find one who does. The technology has been around for a while, and new standards such as oAuth and SAML increase the number of sites that can be trusted. In fact, some portals might even allow users to login via Facebook or with other common credentials. Be sure to ask if these capabilities are supported.
Last but not least, your portal needs a backup system to defend against catastrophic failures. Does your provider have a redundant system in place? If so, how often is the data backed up? Does the provider regularly test the restore function and confirm the integrity of your files? Ask. You won’t regret it.
Secure Your Security
If your provider has all of these issues covered and can articulate the strength of its security policies and procedures, you are in good hands. If you have other questions or requirements, be sure to inquire about their ability to support those needs. Make them convince you they deserve to protect your company’s most sensitive data.