We’ve all heard of phishing emails but many of us remain unaware of how severe the impact of a phishing attack can truly be on a business.
Entrepreneurs of the internet era have unparalleled opportunity to reach audiences like never before, the downside of this is the more successful you become with brand recognition the more vulnerable you become to a phishing attack – we have seen smaller sole traders as well as larger corporations all attacked by phishing scams in the last few years but they all share a common trait – the brands had built trust with their consumers.
This threat to your brand is only getting bigger too. Bill Ho, cybersecurity expert and CEO of Biscom has launched a cybersecurity practice specifically aimed at the SME scale. He explains the devastating fallout from being involved in a phishing scam:
“Phishing affects more than just your company. It can erode trust in clients, vendors, co-workers, partners, and more.”
The threat goes deeper than exposing the vulnerability of your network security, a phishing attack damages the public’s perception of your business and can mortally wound the trust you’ve worked tirelessly to obtain.
Think about it from the customer perspective, if you’ve discovered that your personal details have been exposed or leaked, you’re not going to be happy. And you’re definitely not going to stick around with a business that’s an easy target for hacking.
So where does this leave you if you’ve already been involved in a phishing attack?
Well, that depends on how much you’ve been ‘involved’. In any circumstance your best move is to act swiftly and communicate clearly with your customers. For an example from last year, Wonga South Africa were used as the ‘face’ of a phishing scam. Now there was no data hacking, no leaked information or any vulnerability on Wonga’s side. They were simply used as the mask behind which the scam operated. A list of thousands of South African’s contact details was obtained (from where is uncertain) and these email accounts were sent a message from ‘Wonga’. I’ve obtained permission from Wonga to show you one of these emails:
The more cynical among you may be well aware of phishing and have a high scepticism to any message like this, however these scams pray on those more vulnerable on the web.
It’s particularly effective against the generation of grandparents that are now finding their way through the web, who have not yet realised the risks associated with being active online. The unfortunate reality for Wonga here is – they did nothing wrong.
They’re just unfortunate enough to be a trustworthy business with great brand recognition. Due to their size it’s quite likely there’ll be targets on their phishing list who have heard of this brand. Yet as a responsible business you’d better do something before your name gets dragged through the dirt, whether its your fault or not, it’s your problem now!
Related: Dodging Cyber Criminals
In Wonga’s case they immediately set up a fraud hotline so that sceptical customers and victims of the attack could get in contact with the company directly to find out more about the situation and to see if there was anything that the individual could do to protect themselves. Wonga proactively blogged about this and promoted it socially. Raising awareness and addressing the issue head on. This helped customers feel more protected and well informed.
However, this isn’t the approach that every company likes to take there are others (who I have no permission to talk about so will avoid mentioning directly) who have been perceived to be ‘quieter’ about their attacks, adopting a mantra where sweeping bad news under the rug is preferable approach.
While this could work, one runs the risk of being regarded as ‘shady’ to customers, causing a fracture in the business/customer relationship and jeopardising trust.
Trust is so important for brand loyalty that a business needs to implement a phishing attack plan if the worst comes to the worst.
This plan should include:
- An IT expert’s phone number and contact details so that you can call upon an expert immediately for advice about the nature of the attack.
- A customer report form so that any of your customers can report an issue if they feel they have come across something suspicious.
- A dedicated phone number or ‘fraud line’ with a well trained call handler to respond to calls.
- A series of templates for customer emails, incase you need to send information to all of your customers suddenly regarding an attack. (Make sure you get the tone of voice right.)
- A back up server in case you need to move data quickly.
By responding quickly and being reassuring to customers, you can be sure to maintain brand trust throughout any phishing attack. Of course, you may not be able to convince all customers – but by being open and honest and giving customers the information they need, your brand doesn’t need to suffer completely.
How To Get The Most Value For Your Direct Marketing Money
Grant Fleming, CEO of Leadify offers this advice to entrepreneurs and marketers.
It is a common, global problem in the digital age – how do you convert vast amounts of data into demonstrable business value? Marketers aren’t exempt from this conundrum, and the pressure is always on to justify the worth of running a marketing campaign in real world, practical terms.
So how can you glean the most profitability from a campaign? Start by addressing a core challenge: Separating the important data from the not so important.
More particularly, focus on demographic information that is easily accessible like age, gender, location. Then follow up by looking a bit deeper and adding data such as marital status and income. Grant Fleming, CEO of Leadify offers this advice to entrepreneurs and marketers.
1. System essentials
Beyond this, while choosing the right data is key, it’s wise to use the best direct marketing system possible for your marketing needs. For starters, it should report on the data that is most important. It should also offer smart dashboards that displays comprehensive information. And it should accommodate users who want to put analytics and insights together manually.
Related: POPI Proof Your Direct Marketing
Having all three in place – pulling together data, running analytics and translating those into presentable reports – is not just a nice to have. It’s increasingly essential, as direct marketing is fast becoming a saturated space. Figuring out ways to better personalise data, and target and curate the right audience for the right message at the right time has become mission critical.
2. Aid from the machines
The good news is that machine learning is set to take much of the onerous work out of personalising data. But the caveat is that its usage doesn’t exempt you from being involved, as machines still need to be taught what constitutes good data to begin with. You thus need to know and understand how to curate data properly from the outset.
For the foreseeable future, you still need to understand what you are feeding the machine learning algorithms with, and most importantly, testing assumptions. Avoid the tendency to assume that because the results came from a machine, they are correct. Rather, conclusions drawn need to be continually tested, verified and honed where appropriate.
3. Pitfalls and challenges
But, while you may have a basis from which to extract more value from your data, what is preventing you? Among key obstacles that many marketing companies do not realise, is the power of the tools that are available to them, especially those locally produced.
This is to their detriment, as the tools readily available in South Africa boast sophisticated, yet simple, insight dashboards and reporting metrics that could power-up their marketing efforts.
As for a potential opportunity, this too is a topic that is often mentioned in other industries, that of creating greater integration with a variety of tools. In reality, few companies have managed to integrate their digital, social and direct marketing approaches well.
Getting more money out of your data boils down to sorting the wheat from the chaff, having the right system in place, curating data, and finally, using machine learning with an eye towards it being an aid, rather than a replacement for human efforts.
Build A Better Database And Boost Your Audience
Put frankly, if you have not crafted your message so that you are engaging with your audience, with their permission, you will be out of the direct marketing game.
For businesses across the board, one way to get better returns is by improving efficiencies. For marketers in particular, the million rand question is how to build better databases and grow their audience.
Grant Fleming, CEO of Leadify, says that building up an audience around particular marketing messages or strategies rather than pushing out any and all content to anyone, is essential. The latter may have been a trend that TV advertising praised, but it is ineffective as well as wasteful, when applied to direct marketing campaigns.
Marketers also must pay attention to their ‘list hygiene’ i.e. ensure irrelevant messages aren’t being sent to the wrong demographic. Do this by avoiding over-marketing, a factor which may be missed by those operating with a ‘more is better’ mindset. This can derail efforts, as even if people are partially interested in the marketing message, they will reach an unsubscribe point more quickly if marketers press them too often.
Dealing with information deluge
Front of mind for marketers should be that people are being besieged by information more than ever. Additionally, email and SMS channels are especially hotly contested marketing spaces, full of marketing promotions.
Clearly, any marketers who want to increase their opt-ins need to get their message and audience right from the outset, while ensuring that they send carefully crafted campaigns at the right time.
Segmentation needs to become more sophisticated too and is among top marketing trends for 2018. Doing so helps marketers treat their audience differently and adds a level of personalisation to their campaigns.
The Smart Insights report even suggests greater personalisation will result in an increase in conversions, by keeping marketers relevant and in touch with lists’ changing needs and preferences.
Strategies for success
Analytics can play a significant role here.
More granular detail can be built up over time such as what day of the week, and time of the day messages should be sent to particular segmented audiences for the optimal response.
Spread marketing messages out for a while too, and then hone in on specific days of the week, and times of the day, according to the audience being targeted. It’s considerably more effective to target the right audience at the right time than continuously sending general messages all day.
Related: POPI Proof Your Direct Marketing
The importance of A/B testing to help hone the message to your audience also cannot be underestimated. By testing two or more variants, and listening to the feedback received, marketers have a basis from which to optimise their campaigns.
As for databases, is bigger still better? Yes, but only as a starting point for the data to be further segmented and refined, empowering marketers to more accurately define their audiences.
All this may sound like a great deal of work, but the benefit of doing so isn’t just to build an audience. It will also help marketers deal with the increased pressure from the Protection of Personal Information (PoPI) act to ensure they aren’t spamming their audience.
Honour The Opt-out
Gareth Mountain from Olico, explains how PoPI will effect companies undertaking any form of direct marketing, and why it’s important to honour the consumers’ right to opt out of the marketing process.
It’s in a companies’ own best interests to toe the line when it comes to direct marketing best practices. It boils down to the fact that ethically it is the right thing to do, and that they should not wait for the implementation (and subsequent fines) of the Protection of Personal Information (PoPI) act to kick in to respect the consumer.
1. Electronic comms and outbound calling
The most notable point to understand when it comes to electronic channels of communication (email, SMS, Automatic Voice Messaging), is that companies will need explicit opt-in permission to contact the consumer. Here it is not about having the legal right to market to them as the Electronic Communications Act currently specifies, but rather being able to prove that they specifically gave permission for your communication.
This is set to bring about an overall decline in electronic marketing, and securing that valuable opt-in permission is going to be crucial. Yes, some companies will certainly struggle, but by providing relevant, ethical, targeted deals to your consumer database, there’s no reason for them to opt-out, especially if your offers are beneficial.
When it comes to outbound calling, PoPI permits one marketing call to a person, even if they have not opted in. During this call, operators can attempt to get them to opt-in for future marketing (both electronic and voice). While this might protect jobs in the South African call centre industry, it could result in locals receiving more intrusive calls, while less intrusive email and SMS marketing declines.
2. Respect the No
One thing to keep in mind during all marketing communication, is to respect the public’s requests. If a person asks to be removed from your electronic marketing or direct calls, make 100% sure to comply and ensure their number/email does not slip through the cracks to the next campaigns.
On a national level the Direct Marketing Association of SA (DMASA) has established a National Opt Out Database to adhere to. Paid-up members of the DMASA have access to this database as well as the process involved in making sure that their own database corresponds to the DMASA no contact list. This is through a process called “Deduping” and ensures companies do not accidentally market to anyone on this national do-not-call database. DMASA members also need to adhere to the code of conduct which regulates behaviour in the industry.
3. The responsibility of the company
When it comes to a company-wide level, it is best to automate the opt-out process so that human error is taken out of the equation. Keep a record of the opt-outs and inform the consumer that they have indeed been taken off the database.
Related: POPI Proof Your Direct Marketing
One grey area where we believe companies might try and bend the rules, would be to opt-out the consumer on a product-level, meaning that although they have said no for marketing on one brand or product, the company will continue with marketing other products in the stable. It is unlikely, however, that a consumer will decline receiving marketing for one product, and still want communication for another. Rather take them off the database completely.
The reasons why companies must honour opt-outs are numerous, with the fact that the PoPI Act allows for fines of up to R10 million or jail time for violation perhaps standing out as the most prominent. But with the ethical behaviour of companies under the spotlight locally, the moral responsibility of respecting the consumer should not be ignored.
Business Ideas Directory4 days ago
20 Innovative Business Ideas Doing Well Overseas (That Could Make You Money In SA)
Business Advice for Women Entrepreneurs1 week ago
How I Run An International Business From A Remote Beach Town In The Eastern Cape
Entrepreneur Profiles2 weeks ago
Inspiring Entrepreneur Siyanda Dlamini Believes You Need To Back Yourself To Build Your Dreams
Entrepreneur Profiles1 week ago
30 Top Influential SA Business Leaders
Entrepreneur Profiles1 week ago
Kid Entrepreneurs Who Have Already Built Successful Businesses (And How You Can Too)
Entrepreneur Today4 days ago
Nedbank Brings Silicon Valley’s Plug And Play To Africa In Disruption First For The Continent
Business Ideas Directory2 weeks ago
How To Make (A Lot Of) Money On Airbnb
Lessons Learnt1 week ago
6 Habits Long-Time Millionaires Rely On To Stay Rich