MindSHARE: Staying Secure Online

Exciting, useful content and more for innovators, like you.
MINDSHARE
RED DOOR
SECURE
ONLINE
STAYING

Red Door MindSHARE: Exciting, useful content and more for innovators, like you | Staying Secure Online
MINDSHARE
RED DOOR
As we have all heard in recent news, data breaches are in-
creasingly becoming a risk within your company. There are
many factors to consider when trying to prepare and protect
yourself and your customers. We have assembled four experts
who share their perspectives on the risks associated with
consumer data and steps you can take to protect yourself and,
most importantly, the data you collect.
In this MindShare, you will get:
• Tips on how to protect your cloud infrastructure from data
breaches
• “The New 4Ps of Marketing” – Permission, Preference,
Personalization, and Privacy
• The Legal Perspective on Data Breaches & Security
• A sample of a data breach response process (Infographic)
Enjoy our latest MindSHARE!

3
MINDSHARE
RED DOOR
TABLE OF CONTENTS
About the Authors
An Ounce of Prevention: Protecting Cloud
Infrastructure From Data Breaches
Protecting Consumer Data: What Brands Must Do
Key Things You Need to Know About Data
Breaches & Security: A Legal Perspective
Cyber & Privacy Risks Infographic
Questions & About Red Door Interactive
................................................ 5
................... 8
.................................. 12
............................................... 16
[ ]
............................................................................... 4
..................................... 18
MINDSHARE
RED DOOR
ABOUT
AUTHOR
THE
PILAR BOWER,
Email Marketing
Manager
Pilar Bower is the Email Marketing Manager
at Red Door Interactive. Pilar graduated from
University of Miami, Florida and began her
career working in the advertising department
at The Miami Herald. A move to Los Angeles
brought her to The Hollywood Reporter where
she managed online ad inventory and launched
the Academy Awards and studio microsites,
among others. There, she found her calling in the
interactive world and, with a move to San Diego
in April 2007, joined Red Door Interactive. Pilar
is part of the Cross Channel Marketing team at
RDI and leads the Email strategy and execution
for our clients. Pilar has worked with clients such
as California Avocado Commission, Thermador,
Bosch, SKLZ, Caldera Spas, and Garden Fresh
Restaurant Corp.
Follow me on:

4Red Door MindSHARE: Exciting, useful content and more for innovators, like you | Staying Secure Online
ABOUT
AUTHORS
THE
At HOSTING, we take a multi-level
approach to security. We start with
a combination of physical and
network security. Then we layer
in additional services to prevent,
protect against, detect and mitigate
threats to meet your organization’s
specific security requirements.
We offer three security packages
delivering varying levels of
managed services to help
organizations avoid data loss,
mitigate security breaches and
address information security
compliance requirements.
Learn more at:
www.hosting.com
The ExactTarget Marketing Cloud
from salesforce.com (NYSE: CRM)
is the leading 1:1 digital marketing
platform, connecting companies
with customers in entirely new
ways.
Learn more at:
www.ExactTarget.com
Pillsbury is a full-service law
firm with a keen industry
focus on energy and natural
resources, financial services,
real estate and construction, and
technology sectors. We work
in multidisciplinary teams that
allow us to anticipate trends and
bring a 360-degree perspective
to complex business and legal
issues—helping clients to take
greater advantage of new oppo-
rtunities and better mitigate risk.
Recognized by Chambers Global
as one of the world’s foremost
practices, Pillsbury’s Privacy, Data
Security & Information Use lawyers
regularly work with companies
around the globe to address the
full range of privacy requirements,
needs and issues in a way that
balances clients’ thorough
compliance with the flexibility
to conduct and expand their
businesses.
Learn more at:
www.pillsburylaw.com
Arthur J. Gallagher & Co. is an
international insurance brokerage
and risk management firm.
Our cross-divisional teams of
industry specialists collaborate to
address your critical challenges,
and serve as a dedicated and
active partner to you providing
access to our global resources.
Learn more at:
www.ajg.com

An Ounce of Prevention:
Protecting Cloud Infrastructure
From Data Breaches
Presented by HOSTING

6
MINDSHARE
RED DOOR
An Ounce of Prevention: Protecting Cloud
Infrastructure From Data Breaches
Whether you’ve experienced a security breach,
must adhere to compliance standards such as PCI
and HIPAA, or are just security conscious, there is
little argument: Security is essential to protecting
your own and your customers’ data. Not only can a
security breach launch a public relations nightmare,
it can cause downtime and revenue loss that can
prove fatal to your business. As your company
leverages the many advantages of moving IT
infrastructure to the cloud, how can you ensure
‘that your data and applications are safe in today’s
ever more threatening environment?’
When choosing a cloud service provider—or
evaluating your current provider or internal
infrastructure—make sure you consider the
following to help your business avoid data
loss, mitigate security breaches, and address
compliance requirements:
[ [
SECURITY IS NOT OPTIONAL.
Most organizations do consider security, broadly,
as essential. Fortunately, many services such as
firewalls, malware protection and patching are
becoming commonplace as part of a core security
package. However, others, which constitute a
“complete package,” are far less predominant, e.g.,
log management with alerts, threat management
or file integrity monitoring. It is critical to ask your
service provider or internal IT department about the
completeness of your security package. Having just
a firewall is likely not enough.
source:
www.topchat.com

7
MINDSHARE
RED DOOR
Digital Advertising Overview
PROTECT YOUR APPLICATIONS AS WELL
AS YOUR INFRASTRUCTURE.
If you have an online presence, web application
attacks are a looming threat. According to recent
research performed by Gartner, 70% of all security
vulnerabilities are at the web application layer.
Schedule a time to discuss a web application
firewall with your service provider or internal IT
department to protect against online vulnerabilities
and pervasive threats.
DELINEATION OF RESPONSIBILITY IS CRUCIAL.
Take the time to clearly define security responsibilities
with your cloud service provider upfront. Is it the
cloud service provider’s responsibility to secure all
your applications? Or is it the provider’s responsibility
to secure only the core cloud infrastructure and
your organization’s responsibility for its specific
infrastructure and application environment? Many
service providers will provide a matrix that outlines
the security responsibilities. If you are required to be
PCI compliant, your provider must have the expertise
to make this delineation clear. Avoid getting
blindsided—be certain that both parties are clear
on who does what.

Protecting Consumer Data:
What Most Brands Do
Presented by Exact Target

9
MINDSHARE
RED DOOR
Protecting Consumer Data: What Brands Must Do[ ]
In the “Era of the Individual,” marketing has become
intensely personal as brands are becoming
very adept at using customer data, predictive
analytics, and powerful CRM technology to deliver
promotional offers, invitations, and customer
service communications personalized to the
customer’s preferences and purchase history.
And quite clearly, consumers like the personalized
treatment.
A recent Harris Interactive research study revealed
that 70% of US online shoppers are willing to share
personal preferences to receive more relevant
email. That same study also found that 81% of
consumers are more likely to make additional
purchases from retailers who send personalized
emails based on past buying behavior.
But times have changed. Today’s consumers want
customized content at the speed of a click. But
they also want their personal information to be
protected.
So welcome to the new 4Ps of Marketing:
Permission, Preference, Personalization -- and
most important -- Privacy.
THE NEW “4 PS” OF MARKETING
Most people who studied marketing in college
were taught “The 4Ps of Marketing: Product, Price,
Placement and Promotion.” That framework worked
fine in the era of one-size-fits-all advertising, when
little regard was paid to tailoring product offers to
the needs and interests of the individual consumer.
BRANDS MUST SELF-REGULATE
DATA PRIVACY
When it comes to consumer data privacy, brands
tend to favor self-regulation over legal regulation.
Self-regulation—implemented in conjunction with
internal processes to regulate data collection,
usage and customer choice—can be a very
effective strategy for protecting customer privacy.
Brands must understand that there is a financial
consequence to not taking consumer data privacy
seriously. Brands must view customer data
privacy as a key tenet of customer relationship
management. If they don’t, they risk losing
customers and eroding their brand’s reputation
in the marketplace. When brands protect a
customer’s data, they reinforce the trust their
customers have in them.

10
MINDSHARE
RED DOOR
The Cross-Channel Impact Of Display Advertising
HOW BRANDS CAN PROTECT
CONSUMER DATA
Operating data-driven 1:1 digital marketing programs
requires marketers to closely guard their customers’
privacy and keep their personal information secure.
Here are eight things a company can do to
self-regulate consumer data privacy:
1. When asking consumers to provide
information about their needs, interests, and
personal profile, brands must be completely
open and transparent in explaining why they
are asking for this information, how it will be
used, and how it will be kept private. Provide
access to your company’s Customer Data
Privacy policy and assure the customer that any
information provided will not be shared outside
the company.
2. Create your own Customer Data Privacy
Program to meet your company’s specific
needs and adhere to the standards of your
industry. Form a team that develops and
implements the guidelines and policies for
customer data acquisition, usage and security.
Remember, the primary reason for this program
is to preserve the confidentiality, integrity and
availability of customer information and define
how it will be used for marketing, sales, and
customer service.
3. Get Safe Harbor certified as part of your
standard Privacy Policy. Many ESPs like
ExactTarget adhere to the Safe Harbor
Principles published by the U.S. Department
of Commerce with respect to personal
information received from the European
Union. For more information on Safe Harbor
certification, visit http://export.gov/safeharbor/.
4. Invest in technology that adheres to industry-
recognized standards, such as ISO 27001
data security standards and controls, and
the SAS 70 Audit for data centers. ISO 27001
certification goes beyond the technology
required to keep customer data secure and
helps maintain physical security protocols. A
SAS 70 audit ensures companies or service
providers have adequate controls and
safeguards when they host or process data
belonging to their customers.
5. Build security into software applications with
appropriate firewalls, encryption standards,
anti-virus solutions, network access controls,
and physical security protocols. Incorporating
these tools enable companies to ensure their
Data Security Program is sufficient to guard
against data breaches and hacking attacks.

11
MINDSHARE
RED DOOR
6. At least twice yearly, contract an experienced
third-party firm to conduct a data security audit.
Ethical hacking and penetration tests can
ensure the level of security meets or exceeds
industry guidelines. Often, companies share
these findings with customers to reconfirm
their ongoing commitment to protecting
consumer data.
7. Develop a formalized Business Continuity
Plan and Disaster Recovery Plan to ensure
quick and clean response in the event of
security breaches or business disasters.
Documenting your plans can help ensure
you actively recover from faults at all levels of
your technology infrastructure and operations.
Back-up operations and emergency protocols
should be included in these plans.
8. Consider a premium security offering
from your ESP. In industries like finance,
healthcare or technology where customer
data security is top-of-mind, marketers should
consider offering a second level of security
to customers. Premium offerings can include
additional firewalls and deeper levels of
encryption, or dedicated staff to handle any
security issues more quickly.
THERE’S NO TURNING BACK
The 1:1 marketing train is on the tracks and it’s
not slowing down. As customers demand more
personalized offers and service, customer data will
continue to be “the new black” of marketing. And
protecting the customer’s personal information
must be regarded as one of the unbreakable rules
of responsible marketing.

12Red Door MindSHARE: Exciting, useful content and more for innovators, like you | Media Made Simple
Key Things You Need To Know
About Data Breaches & Security:
A Legal Perspective
Presented by Pillsbury Winthrop Shaw Pittman LLP, Legal

13
MINDSHARE
RED DOOR
Red Door MindSHARE: Exciting, useful content and more for innovators, like you | Media Made Simple
YOU ARE NOT INVINCIBLE.
Data breaches happen daily—to small, medium and
large companies in every industry. At some point,
you will face a data breach. It’s not a question of
“If” it’s a question of “When.” So what do you do?
Be aware, be prepared, be careful, and be ready
to respond:
Key Things You Need to Know About Data
Breaches and Security: A Legal Perspective.[ [
BE AWARE.
Knowing your legal obligations is key. Companies
in highly regulated industries like healthcare and
financial services are used to protecting data and
complying with specific regulations mandating
security requirements. Unregulated companies
have legal obligations to protect data as well.
In the U.S., with the exception of financial services
and healthcare information, most data protection
obligations are driven by state law, with each
state setting the standards required to protect
information of that state’s residents. So if your
business holds data from residents of different
states, you may have different obligations
depending on the states of residence. Some
states, like Mississippi, have few requirements;
others, like Massachusetts, have specific programs
that need to be in place. If you are a merchant
who accepts credit cards you are also bound by
the Payment Card Industry Data Security Standards
for protection of credit card information.
Protected Data: “Personal information” or
“personally identifiable information”. With
some variations, the states require protection
of an individual’s name when it is associated
with either a Social Security Number, driver’s
license or state ID number, financial account
number or health/medical information where
the data is not encrypted. Some states also
include date of birth, passport number or other
information. California recently added one’s
user name and password used to access an
online account to the protected data list.
Common Legal Obligations
• Security: Maintain reasonable
security practices and procedures
to protect against the unauthorized
access, destruction, use,
modification or disclosure of
personal information. (See, for
example, California Civil Code
section 1798.81.5)
• Secure Destruction: Documents,
records or media holding personal
information must be securely

14
MINDSHARE
RED DOOR
All About Programmic Buying
destroyed by shredding, erasing or
otherwise making the information
unreadable when the documents,
records or media is being
discarded. (See, for example,
California Civil Code section
1798.81)
• Data Breach Obligations: Most
US states (46 plus the District
of Columbia) require security
breach notifications to be sent to
individuals when their unencrypted
personal information has been
accessed or acquired by an
unauthorized person. (See, for
example, California Civil Code
section 1798.82, the first of these
statutes to be enacted)
BE PREPARED.
Review your company’s data collection,
use, storage and transmission practices and
identify areas where data is vulnerable to theft,
misdirection, unauthorized access or loss. Review
your insurance coverage. Use secure transmission
for personal information; encrypt laptops, backup
media or other portable devices that hold personal
information; don’t collect information you don’t
really need for your business and get rid of stale
data. Form a response team consisting of IT, HR,
Risk Management, Legal, Management and PR.
Adopt a data breach response plan that outlines
how to identify a data incident, how to escalate
it to the appropriate people for response, how to
manage the investigation and remediation of the
incident, and obligations for notification. Keep an
up to date contact list for internal staff, outside legal
and forensic experts, and your insurance broker
include mobile numbers and emails because
the breach will invariably hit on the weekend,
in the middle of the night or over a holiday.
Prepare templates for notification documents.
Test the effectiveness of your plan by conducting
unannounced drills.

15
MINDSHARE
RED DOOR
BE CAREFUL.
Your home hasn’t been burgled, but you still lock
the doors. Your data may not have been stolen,
but you still need reasonable security measures
to protect it. Technical security, physical security
and firewalls are standard, but they are not the
complete answer. A large percentage of data
breaches occur when an employee shares or loses
login credentials, has a laptop stolen, loses a flash
drive or mistakenly sends data to the wrong email
address. Employee training on an annual basis is a
must. Likewise, keep an eye on vendors who have
access to data.
BE READY TO RESPOND.
Have your external experts identified and pre-
approved by the company and your insurance
carrier to avoid delays in responding. Practicing
your response to a data breach through planned
desktop drills or unannounced drills dramatically
reduces the panic that sets in when a data
breach hits. Drills build “muscle memory” for your
response team in the same way practice drills do
for athletes.
When the event hits, assemble the team and
execute your plan. Designate a point person
for technical investigations and external
communications. Engage a forensic consultant.
Disconnect or isolate the affected system or
equipment. Preserve the “crime scene” by
imaging the system. Contact law enforcement
and your insurance carrier if appropriate.
Document the sequence of the event and all
your steps to respond. Restore the integrity of
the system before re-connecting. Identify whether
personal information was accessed or acquired;
contact information for all impacted individuals
is needed for notification, though if you have
insufficient contact information you can give
notice through major statewide media under
the provisions of state law. The form of notification
to individuals and to state agencies depends on
state laws, so involve the legal department or
outside counsel in that process.

16Red Door MindSHARE: Exciting, useful content and more for innovators, like you | Media Made Simple
Cyber & Privacy
Risks Infographic
Presented by Arthur J. Gallagher & Co.

17
MINDSHARE
RED DOOR
Cyber & Privacy Risks Infographic
An Evolution of an Insurance Claim:
Below is a sample of a data breach response process and the related costs. A breach in privacy can be caused from a
multitude of sources such as, improper disposal of records, equipment theft, hacking, malware, or unauthorized access,
and can result in both first- and third-party costs for your company.
[ ]

18
MINDSHARE
RED DOOR
Our experts have helped clients reach and exceed their goals when it comes to online security, and
we are here to help you too. If you have any additional questions on the information in this Mindshare,
please email Pilar Bower, Red Door Interactive’s Email Marketing Manager: pbower@reddoor.biz
If you have questions relating to the article, An Ounce of Prevention: Protecting Cloud Infrastructure
From Data Breaches, please contact Jennifer Hall, Senior Product Marketing Manager, HOSTING,
jhall@hosting.com
If you have questions relating to the article, Protecting Consumer Data: What Brands Must Do,
please contact Joel Book, Principal, ExactTarget, jbook@exacttarget.com
If you have questions relating to the article, Key Things You Need to Know About Data Breaches and
Security: A Legal Perspective, please contact Catherine Meyer, Senior Counsel, Pillsbury Winthrop
Shaw Pittman LLP, catherine.meyer@pillsburylaw.com
If you have questions relating to the infographic, Cyber and Privacy Risks, please contact John Kassar,
Property Specialist, Arthur J. Gallagher & Co., John_Kassar@ajg.com
We handle a range of services—strategy, SEO, business management, analytics, optimization, creative,
user experience and so much more—via expert teams that work in tandem. Click here to contact us, or
visit our website to learn more about what we can do for you.
QUESTIONS ON THE INFORMATION IN THIS MINDSHARE?
GENERAL MARKETING QUESTIONS?
---------------------
-------------------
------------------------
------------------------------------
-----------------------
LET’S CONNECT:

MindSHARE: Staying Secure Online

More Related Content

What's hot (20)

Viewers also liked (20)

Similar to MindSHARE: Staying Secure Online (20)

More from Red Door Interactive (7)

Recently uploaded (20)

MindSHARE: Staying Secure Online