Who is responsible for customer data protection and website front-end security?

November 13, 2018
Who is responsible for customer data protection and website front-end security?

In today’s online marketing landscape, huge quantities of data are passed between customers and businesses, even before a transaction has taken place, sometimes leading to the security of data being ignored.

However, modern consumers are acutely aware of their personal data, and when things go wrong it can lead to catastrophic brand damage. Front-end web security must be taken seriously by businesses – but where exactly in the business does the responsibility lie?

What is front-end web security?

Front-end security is required to protect your website from malicious attacks against your site or users without the need to access your server, hosting provider or database. It only attacks the front end of your site, potentially stealing customer’s data as they input it or redirecting them to malicious content.

While this might not seem as immediate a threat as a large data hack, it can lead to large numbers of users having their data stolen. Front-end security should be a top priority for all site managers, especially as the popularity of their site or app grows.

Common front-end site security problems and why they are so damaging

One of the most common problems in front-end website security is formjacking or clickjacking.

This is the tricking of a visitor into clicking on something different to what they think they’re clicking on, enabling hackers to steal the personal data they submit. Formjacking is made possible by a script or embedded code on the page that runs without the user’s knowledge.

Malvertising (malicious advertising) is a term that refers to embedding malware within online ads, such as those served up by online advertising networks. These can run on reputable websites undetected, unless businesses take appropriate precautions.

Business owners constantly face these threats and many others. They can lead to the loss of customers’ personal information and financial data, which of course has long-reaching impacts on the financial, legal and brand-reputation aspects of the business.

If a customer’s trust in a brand is broken, it is incredibly hard to repair. The financial impact of brand damage can’t be understated for companies that are found to poorly control their site security. As we’ve previously mentioned, studies have shown that 31% of people actually terminated their relationship with an organization following a data breach. And according to KPMG, almost a fifth of online shoppers would avoid a retailer that’s been the victim of a cybersecurity hack. That is a significant number for any business.

Who’s responsible for front-end site security?

A study by The Ponemon Institute found that both IT and marketing managers think that customer security lies within the other’s responsibility.

The study is quoted in Information Age:

“According to the study … 43% of IT practitioners recognize that a cybersecurity incident could impact the company’s brand value yet 71% don’t see brand protection as their responsibility. Unsurprisingly approximately two-thirds (65%) of senior marketers believe the IT department should take responsibility.”

It could be argued that IT have the technical know-how to oversee the business’s web infrastructure. From the backend to the front, it’s their job to understand the whole picture of how a customer interacts with their systems, and should therefore have oversight of the security of that relationship.

Then again, shouldn’t the marketing department have the responsibility of safeguarding users of the site they produce? Marketers are the owners, designers, and operators of the public-facing website used to interact with the customer. If they own the brand, they are the ones who are damaged when it is harmed.

Even though their budgets and resources are dedicated to the acquisition and retention of customers, the security of those customers must not be disregarded, as long-term, healthy customer relationships are crucial for ongoing business.

Decisions must be made

We’re in an age where marketing and IT are so intertwined it’s surprising the two could be considered so isolated. It seems clear, putting those two arguments together, that the answer doesn’t lie on either end of the spectrum. IT security is marketing security, and the two combined contribute to the overall success of the business’s future. There has been a recent surge of CMOs moving into CIO roles, proving that senior marketers need to have a solid grasp on the security of their site, and understand exactly what processes need to be put in place in order to protect it. This is clearly a task that can no longer be left solely for IT teams to solve.

The important thing to bear in mind here is that while all parties are responsible for website security, decisions do need to be made, and decisions need to be made by leaders. Senior executives need to carefully consider the threats and act decisively to reinforce the security of their sites, protect their customers, and protect their brand.

Organizations must also practice internal transparency, so that the marketing teams are aware of what IT is doing to improve website security and vice versa, to ensure risks can be mitigated quickly.

Ensighten sits directly at the intersection between marketing and security. Request a demo today to see how our privacy tool allows websites to oversee data privacy and manage various marketing technologies safely and securely.

Time to update your browser.

For the best experience of the ensighten.com website, please download one of these free, up-to-date browsers.

Choose from one of the following browsers: