As 2015 comes to a close, we at ClickMail are busy updating our annual ESP guide, as we prepare to publish the 2016 version in January.
This year, we’re adding a section on the email security of your proprietary data as an important consideration when evaluating ESPs. The topic is timely and critical enough that we thought we’d give you a sneak peek here…
Why security needs to be ever tighter
Major compromises of subscriber data are possible beyond the data banks of giant retailers like Target and health insurers like Anthem. Despite great effort to protect stored data in recent years, even the biggest email service providers are vulnerable to attack—and not only vulnerable to attack, but actual victims of such security breaches. Some ESPs are still recovering from data breaches that happened as long as four years ago. In fact, at least eight large email service providers are known to have been breached by one crime ring, and earlier in 2015, three suspects were identified and charged in that case.
For this reason, we suggest you consider the email security options when looking for a new ESP. While you want the tried-and-true, across the board security measures such as SOX and HIPAA compliance, network intrusion detection, employee screening, monitored access, etc., you also might want to consider an additional way to keep proprietary data secure while still using it for email marketing purposes.
Two capabilities enable you to do this on the ESP end:
- Encrypted fields: Encrypted fields let you store sensitive data in encrypted form within the vendor’s database as opposed to storing data as clear text.
- Tokenized sending: Tokenized sending lets you store data internally only but still access it for email marketing purposes via an API call. The platform service provider stores a token in lieu of an email address (or other sensitive field) per recipient. When it’s time use the data to do a send to the customer, the provider submits an API request with the token to fetch the data from the client via a custom-built API. The email address (or other data) is used for the actual send, and then the ESP purges (virtually instantaneously) the data from their system to ensure the data cannot be obtained if a data breach ever does occur.
These are two ways of protecting your proprietary data (i.e. your customers’ sensitive information) while still being able to use that data for email marketing purposes using an ESP. If you have any concerns at all about protecting that information, learn a bit more about these options and which vendors offer them, or call on ClickMail to help you figure it out.
Some other options for keeping bad guys out
While you’re considering those options, you might also want to dig a little deeper and learn about other levels of security, including:
- Two-factor authentication for protection of consumer data when they are logging in from a new machine
- IP address restrictions that prevent specified non-authorized websites, FTP sites, domains, computers or groups of computers from gaining access to sites, directories or files
- Required password updates, by a set expiration date
Sadly, the “bad guys” aren’t going away any time soon. Instead, they are getting ever more sophisticated. In the U.S. alone, about 15 million people are victims of identity theft every year. You need and want that consumer data in order to deliver more targeted and even personalized email marketing. But with that comes an obligation to protect that data, and you’ll need an ESP that can help.
Look for the 2016 ESP guide
As stated earlier, this is just one addition to the annual ESP guide that will be released in January. Watch this space to know when it’s realized, or follow us on Twitter or LinkedIn instead!