Online Marketing Security: The 3 Worst Case Scenarios
In some ways, doing things online is very convenient; in other ways, there are tons of new problems to solve. I appreciate Web Blog Journal for giving me the opportunity to discuss a few difficulties with online marketing, as there are many. For some cool tips on link building, check out their article “Do’s and Don’ts of Old Link Building Methods.”
Products rarely sell themselves. That goes double for online sales because there are no aisles to walk down where a customer might happen to see your product on the shelf. Sure, ads pop up occasionally on websites and social media, but it takes a lot to get the average consumer to click on them.
Just to put the idea out there, only about 0.06 percent of visitors actually click banner ads. That means serious marketing requires effort on the part of your team, not just simply purchasing the space on a popular website. Viral marketing is difficult to achieve, but perhaps pays some of the greatest short-term dividends.
Yet marketing online carries certain inherent risks both to the individual and to the company using it. In some instances, security breaches related to online marketing have resulted in lawsuits, loss of customer faith in the brand and plummeting sales. A breach of security is not just data either.
Financial security is at risk when marketing goes so horrendously wrong that customers begin considering alternatives or associate your brand with incompetence and poor service.When push comes to shove, not every company can keep from folding.
To illustrate that point, here are some serious disasters to learn from:
Apple and U2
As one of the pre-eminent technology companies in the United States, Apple commands a healthy line of products and services. But just like any prestigious company, they are not immune from some hilariously bad marketing decisions. One such incident that went about as bad as you can imagine was the “give away” of U2’s album back in 2014 to all Apple customers—totally free.
The point of the PR move was to generate extra buzz with the announcement of the iPhone 6, the Apple Watch and the Apple Pay service. It seemed like a great idea, as customers are usually into free stuff. What could possibly go wrong?
The One Hundred Million Dollar Mistake
Unfortunately, Apple’s “gift” was not as well received by customers as the company had assumed. When the album suddenly appeared on millions of Apple customers’ iTunes, the company was met with a huge backlash. Only a tiny fraction of Apple’s 500 million users ended up listening to the album.
The issue appeared largely to be that the gift was unsolicited, invasive, and for a time, irremovable. It represented a clear invasion of privacy because the gift wasn’t just left on people’s doorsteps, it was jammed in through their closed windows. Who knew people hated U2 so much?
For most companies, a $100 million dollar mistake would have been enough to close the doors and put the “For Sale” sign out, but fortunately, Apple is a multi-billion dollar company.
Only By Request
Apple’s mistake was in not communicating properly with its customer base. They simply decided to give something away without asking if anyone even wanted it. With their massive technology base, Apple could have easily taken polls, solicited the opinions of its users, or at least asked users if they wanted to add the album to their list instead of just outright adding it.
Their response was to give users the opportunity to remove the album, but they might have done better by offering alternative music choices instead. Consumers love free stuff, but they generally prefer to choose what free stuff they’re going to get. A fan of the Gators isn’t going to respond well to free Seminoles merchandise. Proper research should have been done.
Ashley Madison may be the penultimate example of marketing “barking up the wrong tree.” Several of their commercials were actually banned because of their offensive content. That in and of itself is not the disaster—it may have even been successful at first, as people naturally desire forbidden fruit.
Instead, Ashley Madison’s catastrophe unfolds as their increasing public presence gives way to an internal security breach, revealing that their supposedly “discreet service” is not so discreet at all. In fact, records of users’ transactions, names, addresses, and passwords are all leaked to hackers who threaten to begin publishing said information if their demands are not met.
This leaves the public (and especially customers) asking: how exactly did hackers get access to so much internal data? After all, everything was encrypted. Encrypted right where X marks the spot…
One Box for Many Treasures
The big mistake Ashley Madison’s tech team made was in storing all of their users’ data in the same location. That means a security breach only needed to occur at one point (where everything is stored), and criminals could steal everything at once. Their data was no different to hackers than a jewelry box is a burglar, because all the work was already done for them.
Even worse, it appears Ashley Madison knew they were at risk, just as any good company should. Among supposed concerns were threats to their site’s code (from Cross-Site Scripting, SQL injection, etc.) and threats of malware on company computers.
Yet proper steps weren’t taken to handle the worst case scenario. Had customer data being stored in separate locations, a single breach would not have led to the same level of fallout.
The Enemy Within
Unfortunately, no information ever surfaced about the actual identity of the hackers other than their team name, “Impact Team.” Prosecuting the individuals has thus remained elusive, and ultimately the company’s chief executive, Noel Biderman, resigned from his position.
Whether you agree with the company’s ethical stance or not, they could have handled the breach better. Screening employees regularly and ensuring access is revoked from ex-employees is an absolute must when highly sensitive data is involved. Hacks usually only originate from two different sources: external breaches of poor security (bad passwords, etc.) and internal breaches based on bad practices.
A company’s main enemy is thus itself. Ashley Madison should have ensured all its employees had security software installed in the form of anti-virus programs and Virtual Private Networks (VPNs) to safeguard their larger database from breaches without. This is crucial because it prevents a single compromised device from becoming the Trojan horse.
A different business model might also benefit Ashley Madison, as its practices literally attract detractors. Focusing on building their image as a securities company will help rebuild their reputation and make customers know it is safe to trust them again. In this way, time is their greatest ally, as people tend to forget mistakes made with time.
Alcohol salesmen aren’t necessarily renowned for tactful advertising. Beer commercials are usually about having a party with a whole lot of attractive people wearing either very nice clothing or very little clothing. Coors decided to try something a bit more creative.
Guerilla marketing is sometimes very effective, and Coors planned to capitalize on a hot summer in 2014 by hiding briefcases across Canada and encouraging their fan-base to tweet photos of the briefcases in order to gain access to their contents. After all, who doesn’t like a little treasure hunt?
But what looked good online translated very poorly to real life.
The Lone Suitcase
Fears of terrorism and one too many movies have caused the public to associate a chained up suitcase with explosives. And while Coors was certainly looking to do some “explosive advertising,” they hadn’t figured people would call the police to bring the bomb squad against their little caches.
The campaign had two very negative outcomes. Not only did it fail to promote Coors by engaging its customers, but it also annoyed potential customers by interfering with their lives. When the bomb squad comes in, the whole area has to shut down, and that means traffic delays.
It also revealed a startling lack of connectedness with reality on the part of Coors. Customers value a company that “gets it,” and this was proof that, at least temporarily, Coors wasn’t one of those who did.
Research, Research, Research
Had Coors done even a little research, they may have come across the failed guerrilla marketing campaign of Cartoon Network some years ago. Both companies made the mistake of not properly notifying the cities in advance about their marketing campaign. Had the police and other officials were notified in advance, a scare would have been easier to prevent.
What’s more, Coors should have known better than to use a suitcase for their scavenger hunt. Plenty of much more innocuous items exists that would have accomplished the exact same goal but without giving the impression of a bomb. Prevention of a PR disaster is always easier than cleaning up the mess afterward.
Assume the Worst, Plan for Failure
All three companies missed a huge step in marketing their brand. Optimism for their product kept them from assuming that their plans might fail, that the worst might happen and that they might be out a whole lot of money for it. But each example can teach us how to make marketing safer and more success.
Ashley Madison teaches us about the importance of securing your company’s data, its constituents’ devices, and access to both of the former. They were successful in the sense that passwords and other data stored by the company were encrypted. But that data was all stored in the same location, making it ripe for the picking.
Individually, Ashley Madison should have implemented a policy that required all computers accessing their network to be up to date and secured with the best software available. As I mentioned before, there are two main types of software a standard user should have:
- Anti-virus software
- A VPN service
Anti-virus software should be kept updated and run regularly. For a company, that software should be provided as a commercial license, ensuring the highest level of performance.
A VPN should be used by employees of the company who use their own computers because it’s the only way to ensure their connections are encrypted and safe. Accidentally accessing an insecure WiFi network (any network without a password) opens the device to hacks and data theft that could ultimately represent Ashley Madison’s data breach.
Routine screenings of company devices can also help reveal security holes that might be later exploited. Former employees are one of the biggest dangers if their accounts aren’t removed once they exit the company, as their permissions might allow them to participate in the foul play.
All three of our examples missed the boat in terms of understanding the social consequences of their actions. While Ashley Madison’s entire business is offensive to some, Apple committed the cardinal sin of forcing a product customers didn’t ask for into their hands.
Being sensitive to customer needs safeguards the company’s image, and it creates a sense of loyalty between both parties. Coors believed they were being sensitive to their customers by offering a fun game to play over the summer when in reality they succeeded only in threatening people’s peace of mind.
The context of marketing is inseparable from a successful campaign. Had Coors run its campaign in January 2001, they might have been very successful. But waiting until terrorism had become an everyday concern made their campaign a failure.
Naturally, all three companies apologized for their missteps. As expected as the response is, just issuing an apology is rarely enough. A simple “I’m sorry” is hardly going to save your company from a class action suit for negligence.
Not All Publicity is Good
There’s a saying in advertising that bad publicity is better than no publicity. While sometimes that’s true, you should aspire to learn from these PR disasters and avoid bad publicity like the plague.
The difference in the technological age is that the internet doesn’t forget so quickly. For years, company missteps can be remembered in the form of memes and running jokes. It continues to tarnish the company image after the fact.
Do your business a favor: learn from others’ mistakes. And if you’ve made mistakes before, tell us about them below!
About the Author:
Cassie Phillips is a writer and technical enthusiast who works for SecureThoughts.com. As an advocate of security, she spends much of her time advising other writers and marketers how to stay safe both socially and financially while still doing their jobs effectively.