Brand protection is critical to virtually every type of organization. But whose job is it to protect the corporate identity? If you were to ask someone in the average company whose job it is to protect the corporate brand, the easy answer is “everyone.” While it is true that everyone in the company must be a good brand steward, it is critical for organizations to clearly define who is responsible for brand protection. This article explores the shift in brand protection, how that has influenced who is responsible for brand protection, and what the company and individuals can do to execute the brand protection strategy.
The Shift in Brand Protection
A brand is defined in the modern lexicon as any way a company uniquely identifies itself – whether in the physical or digital world. The concept of the company “brand” is not new. However, brand protection went digital in the 1990s and early 2000s. The main focus of brand protection at that point was the corporate website and related assets. At the time, IT staff were responsible for detecting website defacements and digital misuse. The non-digital pieces of brand protection were, more often than not, the sole responsibility of the marketing department.
As technology evolves into the digital world, a brand is no longer just a company’s logo or website. Brand protection has expanded to include data breaches, Denial of Service (DoS and DDoS) attacks, information theft, and ransomware. Additionally, the brand exists and must therefore be protected in everyday speech, social media, the digital footprints of employees and executives, and many other places.
Challenges of Assigning Responsibility
The shift in brand protection has forced companies to evolve and expand their brand protection strategy. Brand protection now includes stakeholders from the legal department, marketing, Information Technology, and cybersecurity. However, organizations face a few key challenges when assigning responsibilities.
– Anyone can create brand assets.
As the ubiquity of cloud services continues to drive innovation, virtually anyone can create cloud-based assets without the traditional pathways and checkpoints of company IT. That means the marketing department can develop and launch an entire website with sensitive information without ever having to talk to other departments. This is quite common and a source of many breaches and brand damage.
– Employees pose a significant brand risk.
The most challenging component of brand protection is the human aspect. Like it or not, employees are representatives of their brand. While technology can manage digital assets, it is difficult to control what people do or say. Drawing a line between the personal digital footprints of employees and their work identities is more involved than we would like. Many organizations have policies that state how employees should protect their private information and provide education on how to safely and appropriately engage online. Privacy must be considered, but the brand must be protected – and this is where the most difficult of current issues happen. Should employees be monitored outside of work for what they say online or where their private information is exposed? That’s an interesting question that intersects corporate HR policies, privacy and information technology policy, and brand protection. People are the company’s most important assets but are also the most difficult to predict and engage from a brand protection perspective.
– Security is often outsourced.
Enterprises typically have large security teams led by a Chief Information Security Officer (CISO) with significant influence and decision-making power. Mid-market organizations often do not have experienced teams or a corporate executive in charge of security. Many of these organizations outsource their security to managed service providers (MSPs) and must therefore adopt alternative strategies. Outsourcing highly specialized functions like cybersecurity is a smart move for mid-market organizations, but that doesn’t absolve these companies from responsibility. In these cases, the company must own the brand protection strategy with a clear definition of how the brand needs to be monitored and enforced. At the same time, the MSP will execute the technical processes of monitoring and enforcement. This shared responsibility can work very efficiently or cause chaos if poorly defined – leaving finger-pointing when there’s a serious lapse.
How Can Brands Be Protected?
For mid-sized organizations, brand protection is a team effort where each department plays a critical role. Once the core strategy is set by one of the company’s leadership, each department enacts processes and tools to monitor and enforce brand strategy. MSPs play a key role for mid-sized businesses regarding brand protection. They provide scale, the ability to execute, and specialized knowledge that enable IT and security to be effective – without having to build out massive teams in-house.
From a cybersecurity perspective, the goal is to ensure all company assets are known, monitored, and protected to minimize a potential attacker’s opportunity. For example, monitoring the company’s internet presence, also known as an attack surface, can be done efficiently at scale through an MSP. Monitoring mentions of the company’s brand in social media, registrations of domain names similar to the company’s, and other digital monitoring are more examples of where it makes sense to engage an MSP to execute the brand protection strategy the company has defined. The company’s IT department must then ensure that the threats and issues the MSP identifies are acted upon and remediated. This is where accountability comes in. Someone must be held accountable for ensuring the remediation of any identified issues and enforcement of policies. These must all be implemented together, in concert, and be continuously re-evaluated. Failure to do so will result in compromised assets your organization didn’t even know it should be protecting.
Understanding all the places where brands exist is nearly impossible and requires sophisticated processes, tools, and large security teams. An entire market segment of brand protection service providers has exploded as the need for their services overwhelms even the largest IT teams. For example, solutions like Media Sonar’s Digital Risk Assessments provide organizations with a report of identified risks and exposures related to a brand’s digital footprint.
Final accountability and stewardship must reside somewhere – and it’s up to each organization where they choose to place it. Some organizations develop a council, while others appoint one of their executives accountable for the brand. The trick is to understand that there must be a responsible party who sets policy, many different departments within the company, and likely MSPs who execute that policy. No matter how your organization protects its brand, you must consider as many angles of attack and misuse as possible. When your organization intersects policy, execution, and enforcement in the right combination and with the right stakeholders, protecting the corporate brand will have a positive impact.