Skip to content
Industry Insights

A Chief Marketing Officer’s Perspective on Insider Risks

For many CMOs in tech, this year’s been tough. While revenue is likely growing rapidly, our remote teams have felt more disconnected than ever (despite the virtual team-building activities we’ve all hosted). Even though the market in high tech is booming, you’ve likely faced higher turnover than usual. I know I have.

Many of you might think that your marketing team members don’t pose much risk when they leave your organization. Typically, they may take some analyst reports with marketing best practices or benchmarks they’ve downloaded, maybe the plan for a paid media campaign they’re proud of, or some great examples of copywriting, along with pictures of the team and other personal effects. While that’s an accurate list – and what I’ve seen departing employees request to take with them – your marketing team members often have access to other valuable data. Data that may impede your company’s ability to compete. Data you should be watching, like:

  • Product Road Maps: Your product marketing team typically has access to your organization’s road map, or if you’re moving quickly, some of the upcoming product releases you intend to announce at the next big trade show.
  • Competitor Battlecards: Your product marketing team typically also is the nucleus that holds all of your competitor battlecards. You know, the battlecards your team uses to train your sellers and that highlight the specific differentiators you want your teams to lead with. Not great if they fall into the wrong hands…
  • Prospect and Customer Lists: In most cases, the majority of your marketing team has direct or indirect access from any device through a simple user-id and password to your cloud-based CRM systems. This on-demand access means a departing team member can easily download everything from your qualified accounts, top leads, prospects, existing opportunities (with pipeline), and customers (with revenue). At Code42 this is the type of data we’ve seen departing employees try to exfiltrate (and not just in marketing). The good news is that Incydr, our Insider Risk Management solution, can now detect these exfiltrated files – even when they’re happening off-network or sent to a personal device (or phone)!
  • Investor Communications and Filings: If you’re about to go for another round of funding, announce the next quarterly earnings release, or are fortunate enough to be working on an Initial Public Offering (IPO), you know how tightly controlled internal access to these documents are. On the flip side, your designated team members, under strict NDA, may be collaborating nights and weekends with external bankers and advisors as well as your finance and executive teams going back and forth, switching a word, updating a figure, or rewriting an entire paragraph in a confidential document. Many of these exchanges happen over cloud-based collaboration tools and data rooms – all of which can be accessed with a username and password. Documents like this are at risk of being accidentally sent, printed, or uploaded to the wrong place.

One of our values at Code42 is “presume positive intent”, and as the leader of an amazingly talented group of marketers, a group that is working hard to keep building awareness, creating demand, funneling opportunities, partnering with sales, and collaborating with a number of agencies to drive revenue growth, I know that mistakes can happen. In fact, in the past year, we have seen three insider risk events per week per marketing FTE. Many of these events result in our security team running a quick investigation via Slack and educating my team on the best ways to collaborate and protect our data. And truth be told, as employees of the leading Insider Risk Management software company, my team knows better than to try to sneak data out the door. But when I think of some of my peers, I can’t help but wonder how many accidental, or intentional leaks they may be experiencing.