#Ghostery#security#vendor management#data leakage#e-commerce#tags

Why failing to keep track of tags could cost you

Damian Scragg
|Sep 7|magazine10 min read

The spectre of security vulnerabilities and potential for data leakage is a major concern for enterprises, and it’s one that should be taken seriously. Companies spend significant resources trying to prevent malicious hackers from gaining access to their sites and information. Why? Because there’s simply too much to lose if their sites are breached, yet these same companies pay very little attention to an issue that can be just as problematic as hackers: the growing number of third party tracking technologies (referred to as “tags”) on their sites.

Third party tags can create digital blind spots and increase the likelihood of data breach vulnerabilities, but many businesses are completely unaware of the risks they pose. More surprisingly, a significant number of businesses are already aware of these potential issues, but simply ignore them. No matter what their level of awareness is, a majority of companies don’t understand how to defend themselves against these problems. What’s particularly concerning is that the number of individual third party tags is growing every day. The more tags introduced into the web ecosystem, the harder it can be for your IT and marketing teams to discern how each one affects your site security and functionality.

Just what do businesses stand to lose by ignoring the risks posed by third party tags?

Non-secure tags can trigger mixed content warnings on your pages, and users often interpret these warnings as a sign that transactions on a site might not be secure. In fact, our recent joint study with Ponemon Institute discovered that as many as 57 percent of online customers abandon their shopping cart when they receive a mixed content warning. In addition, non-secure tags increase the potential for harmful man-in-the-middle attacks. The result is that it’s costing you easy revenue, but also damaging your brand image as customers flock to competitors in search of a more secure e-commerce experience.

Data leakage, a hot topic right now, can also occur as a result of these unmanaged third party tags. When your site shares the same tag with another site, data that has been collected through that tag can potentially be transferred to other sites using it. That can have tremendous consequences if tags on your site overlap with those of your competitors, who could access this information and use it to their advantage.

As problematic as these issues can be, with the right policies in place, you can protect your site and keep your users’ digital experience at a high level. First and foremost, having an accurate picture of all your tags and how they function is essential for understanding what potential issues could affect your site. Having full transparency into the tags allows you to measure how effectively they are working, determine whether or not there are overlapping tags with your competitors, and identify where and how these third party tags were loaded onto your site. Using that information, you can quickly and easily make decisions about which tags need to be revised, or even removed.

Also pivotal to the digital technology management process is establishing strong vendor management policies. Having agreements in place at the start of a relationship with a vendor grants you greater control over what tags can be placed on your site, and assures you won’t be caught unaware when new tags from unknown, non-secure sources end up on your site.

This problem isn’t going away anytime soon, and too few businesses have instituted the proper procedures and measures to protect themselves. If your company isn’t regularly monitoring tags and vendor agreements, the result could be a loss of revenue, confidence in your brand, and control of your data and your site. But it’s not too late to take the necessary steps to protect your site and customers. Instituting smarter strategies for digital technology management – aided by greater transparency and comprehensive data – is how companies prevent these problems from happening in the future.

Damian Scragg is Ghostery’s Managing Director EMEA