Exciting, useful content and more for innovators, like you.

MINDSHARERED DOOR

SECURE ONLINE

STAYING

Red Door MindSHARE: Exciting, useful content and more for innovators, like you | Staying Secure Online

MINDSHARERED DOOR

As we have all heard in recent news, data breaches are in-creasingly becoming a risk within your company. There are many factors to consider when trying to prepare and protect yourself and your customers. We have assembled four experts who share their perspectives on the risks associated with consumer data and steps you can take to protect yourself and, most importantly, the data you collect.

In this MindShare, you will get: • Tips on how to protect your cloud infrastructure from data

breaches • “The New 4Ps of Marketing” – Permission, Preference,

Personalization, and Privacy • The Legal Perspective on Data Breaches & Security • A sample of a data breach response process (Infographic)

Enjoy our latest MindSHARE!

3

MINDSHARERED DOOR

Red Door MindSHARE: Exciting, useful content and more for innovators, like you | Staying Secure Online

TABLE OF CONTENTS

About the Authors

An Ounce of Prevention: Protecting Cloud Infrastructure From Data Breaches

Protecting Consumer Data: What Brands Must Do

Key Things You Need to Know About Data Breaches & Security: A Legal Perspective

Cyber & Privacy Risks Infographic

Questions & About Red Door Interactive

................................................ 5

................... 8

.................................. 12

............................................... 16

[ ]............................................................................... 4

..................................... 18

MINDSHARERED DOOR

ABOUT

AUTHORTHE

PILAR BOWER,Email MarketingManager

Pilar Bower is the Email Marketing Manager at Red Door Interactive. Pilar graduated from University of Miami, Florida and began her career working in the advertising department at The Miami Herald. A move to Los Angeles brought her to The Hollywood Reporter where she managed online ad inventory and launched the Academy Awards and studio microsites, among others. There, she found her calling in the interactive world and, with a move to San Diego in April 2007, joined Red Door Interactive. Pilar is part of the Cross Channel Marketing team at RDI and leads the Email strategy and execution for our clients. Pilar has worked with clients such as California Avocado Commission, Thermador, Bosch, SKLZ, Caldera Spas, and Garden Fresh Restaurant Corp.

Follow me on:

4Red Door MindSHARE: Exciting, useful content and more for innovators, like you | Staying Secure Online

ABOUT

AUTHORSTHE

At HOSTING, we take a multi-level approach to security. We start with a combination of physical and network security. Then we layer in additional services to prevent, protect against, detect and mitigate threats to meet your organization’s specific security requirements.

We offer three security packages delivering varying levels of managed services to help organizations avoid data loss, mitigate security breaches and address information security compliance requirements.

Learn more at:www.hosting.com

The ExactTarget Marketing Cloud from salesforce.com (NYSE: CRM) is the leading 1:1 digital marketing platform, connecting companies with customers in entirely new ways.

Learn more at: www.ExactTarget.com

Pillsbury is a full-service law firm with a keen industry focus on energy and natural resources, financial services, real estate and construction, and technology sectors. We work in multidisciplinary teams that allow us to anticipate trends and bring a 360-degree perspective to complex business and legal issues—helping clients to take greater advantage of new oppo- rtunities and better mitigate risk.

Recognized by Chambers Global as one of the world’s foremost practices, Pillsbury’s Privacy, Data Security & Information Use lawyers regularly work with companies around the globe to address the full range of privacy requirements, needs and issues in a way that balances clients’ thorough compliance with the flexibility to conduct and expand their businesses.

Learn more at:www.pillsburylaw.com

Arthur J. Gallagher & Co. is an international insurance brokerage and risk management firm.Our cross-divisional teams of industry specialists collaborate to address your critical challenges, and serve as a dedicated and active partner to you providing access to our global resources.

Learn more at:www.ajg.com

5Red Door MindSHARE: Exciting, useful content and more for innovators, like you | Staying Secure Online

An Ounce of Prevention: Protecting Cloud Infrastructure

From Data Breaches

Presented by HOSTING

6

MINDSHARERED DOOR

Red Door MindSHARE: Exciting, useful content and more for innovators, like you | Staying Secure Online

An Ounce of Prevention: Protecting Cloud Infrastructure From Data Breaches

Whether you’ve experienced a security breach, must adhere to compliance standards such as PCI and HIPAA, or are just security conscious, there is little argument: Security is essential to protecting your own and your customers’ data. Not only can a security breach launch a public relations nightmare, it can cause downtime and revenue loss that can prove fatal to your business. As your company leverages the many advantages of moving IT infrastructure to the cloud, how can you ensure ‘that your data and applications are safe in today’s ever more threatening environment?’

When choosing a cloud service provider—or evaluating your current provider or internal infrastructure—make sure you consider the following to help your business avoid data loss, mitigate security breaches, and address compliance requirements:

[ [

SECURITY IS NOT OPTIONAL.

Most organizations do consider security, broadly, as essential. Fortunately, many services such as firewalls, malware protection and patching are becoming commonplace as part of a core security package. However, others, which constitute a “complete package,” are far less predominant, e.g., log management with alerts, threat management or file integrity monitoring. It is critical to ask your service provider or internal IT department about the completeness of your security package. Having just a firewall is likely not enough.

source:www.topchat.com

7

MINDSHARERED DOOR

Red Door MindSHARE: Exciting, useful content and more for innovators, like you | Staying Secure Online

Digital Advertising Overview

PROTECT YOUR APPLICATIONS AS WELL AS YOUR INFRASTRUCTURE.

If you have an online presence, web application attacks are a looming threat. According to recent research performed by Gartner, 70% of all security vulnerabilities are at the web application layer. Schedule a time to discuss a web application firewall with your service provider or internal IT department to protect against online vulnerabilities and pervasive threats.

DELINEATION OF RESPONSIBILITY IS CRUCIAL.

Take the time to clearly define security responsibilities with your cloud service provider upfront. Is it the cloud service provider’s responsibility to secure all your applications? Or is it the provider’s responsibility to secure only the core cloud infrastructure and your organization’s responsibility for its specific infrastructure and application environment? Many service providers will provide a matrix that outlines the security responsibilities. If you are required to be PCI compliant, your provider must have the expertise to make this delineation clear. Avoid getting blindsided—be certain that both parties are clear on who does what.

8Red Door MindSHARE: Exciting, useful content and more for innovators, like you | Staying Secure Online

Protecting Consumer Data: What Most Brands Do

Presented by Exact Target

9

MINDSHARERED DOOR

Red Door MindSHARE: Exciting, useful content and more for innovators, like you | Staying Secure Online

Protecting Consumer Data: What Brands Must Do[ ]In the “Era of the Individual,” marketing has become intensely personal as brands are becoming very adept at using customer data, predictive analytics, and powerful CRM technology to deliver promotional offers, invitations, and customer service communications personalized to the customer’s preferences and purchase history.

And quite clearly, consumers like the personalized treatment.

A recent Harris Interactive research study revealed that 70% of US online shoppers are willing to share personal preferences to receive more relevant email. That same study also found that 81% of consumers are more likely to make additional purchases from retailers who send personalized emails based on past buying behavior.

But times have changed. Today’s consumers want customized content at the speed of a click. But they also want their personal information to be protected.

So welcome to the new 4Ps of Marketing: Permission, Preference, Personalization -- and most important -- Privacy.

THE NEW “4 PS” OF MARKETING

Most people who studied marketing in college were taught “The 4Ps of Marketing: Product, Price, Placement and Promotion.” That framework worked fine in the era of one-size-fits-all advertising, when little regard was paid to tailoring product offers to the needs and interests of the individual consumer.

BRANDS MUST SELF-REGULATE DATA PRIVACY

When it comes to consumer data privacy, brands tend to favor self-regulation over legal regulation. Self-regulation—implemented in conjunction with internal processes to regulate data collection, usage and customer choice—can be a very effective strategy for protecting customer privacy.

Brands must understand that there is a financial consequence to not taking consumer data privacy seriously. Brands must view customer data privacy as a key tenet of customer relationship management. If they don’t, they risk losing customers and eroding their brand’s reputation in the marketplace. When brands protect a customer’s data, they reinforce the trust their customers have in them.

10

MINDSHARERED DOOR

Red Door MindSHARE: Exciting, useful content and more for innovators, like you | Staying Secure Online

The Cross-Channel Impact Of Display Advertising

HOW BRANDS CAN PROTECT CONSUMER DATA

Operating data-driven 1:1 digital marketing programs requires marketers to closely guard their customers’ privacy and keep their personal information secure. Here are eight things a company can do to self-regulate consumer data privacy:

1. When asking consumers to provide information about their needs, interests, and personal profile, brands must be completely open and transparent in explaining why they are asking for this information, how it will be used, and how it will be kept private. Provide access to your company’s Customer Data Privacy policy and assure the customer that any information provided will not be shared outside the company.

2. Create your own Customer Data Privacy Program to meet your company’s specific needs and adhere to the standards of your industry. Form a team that develops and implements the guidelines and policies for customer data acquisition, usage and security. Remember, the primary reason for this program is to preserve the confidentiality, integrity and availability of customer information and define how it will be used for marketing, sales, and customer service.

3. Get Safe Harbor certified as part of your standard Privacy Policy. Many ESPs like ExactTarget adhere to the Safe Harbor Principles published by the U.S. Department of Commerce with respect to personal information received from the European Union. For more information on Safe Harbor certification, visit http://export.gov/safeharbor/.

4. Invest in technology that adheres to industry-recognized standards, such as ISO 27001 data security standards and controls, and the SAS 70 Audit for data centers. ISO 27001 certification goes beyond the technology required to keep customer data secure and helps maintain physical security protocols. A SAS 70 audit ensures companies or service providers have adequate controls and safeguards when they host or process data belonging to their customers.

5. Build security into software applications with appropriate firewalls, encryption standards, anti-virus solutions, network access controls, and physical security protocols. Incorporating these tools enable companies to ensure their Data Security Program is sufficient to guard against data breaches and hacking attacks.

11

MINDSHARERED DOOR

Red Door MindSHARE: Exciting, useful content and more for innovators, like you | Staying Secure Online

6. At least twice yearly, contract an experienced third-party firm to conduct a data security audit. Ethical hacking and penetration tests can ensure the level of security meets or exceeds industry guidelines. Often, companies share these findings with customers to reconfirm their ongoing commitment to protecting consumer data.

7. Develop a formalized Business Continuity Plan and Disaster Recovery Plan to ensure quick and clean response in the event of security breaches or business disasters. Documenting your plans can help ensure you actively recover from faults at all levels of your technology infrastructure and operations. Back-up operations and emergency protocols should be included in these plans.

8. Consider a premium security offering from your ESP. In industries like finance, healthcare or technology where customer data security is top-of-mind, marketers should consider offering a second level of security to customers. Premium offerings can include additional firewalls and deeper levels of encryption, or dedicated staff to handle any security issues more quickly.

THERE’S NO TURNING BACK

The 1:1 marketing train is on the tracks and it’s not slowing down. As customers demand more personalized offers and service, customer data will continue to be “the new black” of marketing. And protecting the customer’s personal information must be regarded as one of the unbreakable rules of responsible marketing.

12Red Door MindSHARE: Exciting, useful content and more for innovators, like you | Media Made Simple

Key Things You Need To Know About Data Breaches & Security:

A Legal Perspective

Presented by Pillsbury Winthrop Shaw Pittman LLP, Legal

13

MINDSHARERED DOOR

Red Door MindSHARE: Exciting, useful content and more for innovators, like you | Media Made Simple

YOU ARE NOT INVINCIBLE.

Data breaches happen daily—to small, medium and large companies in every industry. At some point, you will face a data breach. It’s not a question of “If” it’s a question of “When.” So what do you do? Be aware, be prepared, be careful, and be ready to respond:

Key Things You Need to Know About Data Breaches and Security: A Legal Perspective.[ [

BE AWARE.

Knowing your legal obligations is key. Companies in highly regulated industries like healthcare and financial services are used to protecting data and complying with specific regulations mandating security requirements. Unregulated companies have legal obligations to protect data as well.

In the U.S., with the exception of financial services and healthcare information, most data protection obligations are driven by state law, with each state setting the standards required to protect information of that state’s residents. So if your business holds data from residents of different states, you may have different obligations depending on the states of residence. Some states, like Mississippi, have few requirements; others, like Massachusetts, have specific programs that need to be in place. If you are a merchant

who accepts credit cards you are also bound by the Payment Card Industry Data Security Standards for protection of credit card information.

Protected Data: “Personal information” or “personally identifiable information”. With some variations, the states require protection of an individual’s name when it is associated with either a Social Security Number, driver’s license or state ID number, financial account number or health/medical information where the data is not encrypted. Some states also include date of birth, passport number or other information. California recently added one’s user name and password used to access an online account to the protected data list.

Common Legal Obligations

• Security: Maintain reasonable security practices and procedures to protect against the unauthorized access, destruction, use, modification or disclosure of personal information. (See, for example, California Civil Code section 1798.81.5)

• Secure Destruction: Documents, records or media holding personal information must be securely

14

MINDSHARERED DOOR

Red Door MindSHARE: Exciting, useful content and more for innovators, like you | Staying Secure Online

All About Programmic Buying

destroyed by shredding, erasing or otherwise making the information unreadable when the documents, records or media is being discarded. (See, for example, California Civil Code section 1798.81)

• Data Breach Obligations: Most US states (46 plus the District of Columbia) require security breach notifications to be sent to individuals when their unencrypted personal information has been accessed or acquired by an unauthorized person. (See, for example, California Civil Code section 1798.82, the first of these statutes to be enacted)

BE PREPARED.

Review your company’s data collection, use, storage and transmission practices and identify areas where data is vulnerable to theft, misdirection, unauthorized access or loss. Review your insurance coverage. Use secure transmission for personal information; encrypt laptops, backup media or other portable devices that hold personal information; don’t collect information you don’t really need for your business and get rid of stale data. Form a response team consisting of IT, HR, Risk Management, Legal, Management and PR. Adopt a data breach response plan that outlines how to identify a data incident, how to escalate it to the appropriate people for response, how to manage the investigation and remediation of the incident, and obligations for notification. Keep an up to date contact list for internal staff, outside legal and forensic experts, and your insurance broker include mobile numbers and emails because the breach will invariably hit on the weekend, in the middle of the night or over a holiday. Prepare templates for notification documents. Test the effectiveness of your plan by conducting unannounced drills.

15

MINDSHARERED DOOR

Red Door MindSHARE: Exciting, useful content and more for innovators, like you | Staying Secure Online

BE CAREFUL.

Your home hasn’t been burgled, but you still lock the doors. Your data may not have been stolen, but you still need reasonable security measures to protect it. Technical security, physical security and firewalls are standard, but they are not the complete answer. A large percentage of data breaches occur when an employee shares or loses login credentials, has a laptop stolen, loses a flash drive or mistakenly sends data to the wrong email address. Employee training on an annual basis is a must. Likewise, keep an eye on vendors who have access to data.

BE READY TO RESPOND.

Have your external experts identified and pre-approved by the company and your insurance carrier to avoid delays in responding. Practicing your response to a data breach through planned desktop drills or unannounced drills dramatically reduces the panic that sets in when a data breach hits. Drills build “muscle memory” for your response team in the same way practice drills do for athletes.

When the event hits, assemble the team and execute your plan. Designate a point person for technical investigations and external communications. Engage a forensic consultant. Disconnect or isolate the affected system or equipment. Preserve the “crime scene” by imaging the system. Contact law enforcement and your insurance carrier if appropriate. Document the sequence of the event and all your steps to respond. Restore the integrity of the system before re-connecting. Identify whether personal information was accessed or acquired; contact information for all impacted individuals is needed for notification, though if you have insufficient contact information you can give notice through major statewide media underthe provisions of state law. The form of notification to individuals and to state agencies depends on state laws, so involve the legal department or outside counsel in that process.

16Red Door MindSHARE: Exciting, useful content and more for innovators, like you | Media Made Simple

Cyber & Privacy Risks Infographic

Presented by Arthur J. Gallagher & Co.

17

MINDSHARERED DOOR

Red Door MindSHARE: Exciting, useful content and more for innovators, like you | Staying Secure Online

Cyber & Privacy Risks Infographic

An Evolution of an Insurance Claim:

Below is a sample of a data breach response process and the related costs. A breach in privacy can be caused from a multitude of sources such as, improper disposal of records, equipment theft, hacking, malware, or unauthorized access, and can result in both first- and third-party costs for your company.

[ ]

18

MINDSHARERED DOOR

Red Door MindSHARE: Exciting, useful content and more for innovators, like you | Staying Secure Online

Our experts have helped clients reach and exceed their goals when it comes to online security, and we are here to help you too. If you have any additional questions on the information in this Mindshare, please email Pilar Bower, Red Door Interactive’s Email Marketing Manager: pbower@reddoor.biz

If you have questions relating to the article, An Ounce of Prevention: Protecting Cloud Infrastructure From Data Breaches, please contact Jennifer Hall, Senior Product Marketing Manager, HOSTING, jhall@hosting.com

If you have questions relating to the article, Protecting Consumer Data: What Brands Must Do, please contact Joel Book, Principal, ExactTarget, jbook@exacttarget.com

If you have questions relating to the article, Key Things You Need to Know About Data Breaches and Security: A Legal Perspective, please contact Catherine Meyer, Senior Counsel, Pillsbury Winthrop Shaw Pittman LLP, catherine.meyer@pillsburylaw.com

If you have questions relating to the infographic, Cyber and Privacy Risks, please contact John Kassar, Property Specialist, Arthur J. Gallagher & Co., John_Kassar@ajg.com

We handle a range of services—strategy, SEO, business management, analytics, optimization, creative, user experience and so much more—via expert teams that work in tandem. Click here to contact us, or visit our website to learn more about what we can do for you.

QUESTIONS ON THE INFORMATION IN THIS MINDSHARE?

GENERAL MARKETING QUESTIONS?

- - - - - - - - - - - - - - - - - - - - -

- - - - - - - - - - - - - - - - - - -

- - - - - - - - - - - - - - - - - - - - - - - -

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

- - - - - - - - - - - - - - - - - - - - - - -

LET’S CONNECT: