Marketers’ Fast Track to Thinking Like a Security Expert

Luke Probasco , Product Marketing Manager Reading estimate: 5 minutes


People standing under an umbrella

The amount of customer data at marketers’ disposal can range from basic email addresses to extensive files that include names, birthdays, credit card numbers, interests, preferences and more. But regardless of the data volume marketers have, nobody values it more than they do – except for hackers.  

You’ve read about ever-increasing cybersecurity incidents where thousands of customers’ data have been leaked. The fallout from attacks like ransomware, phishing and distributed denial of service (DDoS) is devastating, especially if sensitive consumer information gets compromised. And with new web attacks occurring at the astonishing rate of every 39 seconds, no company is safe—not even small businesses, who might assume their data is small potatoes to hackers. Not so: a Forbes article reports that smaller companies are three times more likely to be targeted than the larger prey you’ve probably heard about like the T-Mobile, Samsung and GoDaddy hacks.

The IT department will be fighting on the front lines if a hacker targets your company but marketers also have an enormous stake in guarding website security. Working with IT to help protect your customers’ data as you go about your daily activities is easier than you think. We’ll walk through a few situations that marketing may encounter and how they can choose features and digital tools that help guard their most precious asset: customer information. 

Look Beyond SLAs

You likely won’t find any specific security-related guarantees in your hosting provider’s service level agreements (SLAs) but they’re still a good starting point to make sure you have the foundational support to help keep your site available. Here are a few things to look for:

  • Industry-standard levels of availability. They usually range from about 99.5% to 99.9% and should be clearly spelled out. To give you more context, 99.9% availability equals roughly eight hours and 45 minutes of downtime per year. With 99.99% availability, you can expect about 52 minutes and 35 seconds of yearly downtime.

  • Some form of compensation if your provider fails to meet its uptime commitment. It is always a good sign that the vendor has the resources to mount a quick response to service disruptions.    

  • Specific documentation that backs up the provider’s ability to meet SLA commitments. Keep an eye out for performance metrics or third-party validations.

Pantheon delivers all of these things and more. Many customers particularly appreciate the option to choose an SLA that guarantees 99.99% uptime.  

Defend Against One of the Most Popular Types of Attacks: DDoS 

According to NetScout, 2021 saw 9.75 million DDoS hacks, with DDoS extortion and ransomware attacks on the rise. Even if a DDoS attack is relatively short—say, an hour—any amount of time your website is unavailable, or even slow to load, is too long. Marketers spend a lot of time providing extraordinary online experiences to see brand engagement blown up by a cyberattack. 

What security tools and features help quickly shut down an attack—or, better yet, prevent it?  No hosting provider can guarantee a website will never be hacked, but some are better than others when it comes to securing your organization against cyberattacks. Here’s what to look for:

  • Automated updates: There are a couple of reasons why this feature matters to marketers. First, a WordPress or Drupal site that’s lagging on core version updates makes it easy for hackers to waltz into your site and wreak havoc. Second, the faster and easier it is to update your site’s modules and other themes and plugins, the quicker IT can focus on your feature requests. Pantheon’s Autopilot makes updates a snap by automatically finding, testing and applying WordPress and Drupal updates.

  • Use secure, encrypted connections to help protect against DDoS attacks: It’s critical to keep digital content safe when it’s being processed and distributed to its audience. Pantheon uses a content delivery network (Global CDN), and it’s included as a core feature in all packages. For enterprise-grade security, Pantheon offers Advanced Global CDN+WAF/IO. It provides many features, among them blocking access to websites from blacklisted countries. It’s like a high-pressure hose for putting out raging DDoS fires—it stops everything, buying valuable time to figure out where the attack is coming from.

Keep Passwords From Becoming Pass-Throughs for Hackers

In the fall of 2022, Fast Company suffered a crippling hack that shut its site down for more than a week—devastating for any organization but unheard of for a media company. According to, the hacker, who broke into Fast Company‘s content management systems (CMS), claimed he obtained access by exploiting an easy-to-guess default password used across several Fast Company accounts. From there, the bad actor was allegedly able to access sensitive information, which he used to send two “obscene and racist” push notifications to Apple News followers. 

The hacker claimed that breaking into Fast Company’s CMS didn’t require any special skills, going so far as to say that anyone could’ve done it. Beyond following well-known defense practices, such as using strong passwords for every account or data encryption, what can marketers do to help protect business and customer data? 

Make sure your web hosting provider offers Security Assertion Markup Language (SAML) integration. SAML enables other security features like multi-factor authentication (MFA) and single sign-on (SSO). 

  • MFA requires a combination of two or more authenticators to verify user identity, providing an additional security layer to block hacking attempts. 

  • SSO helps protect usernames and passwords—a favorite target for hackers: the more often users log in, the more attack surfaces they can exploit. As an added bonus, SSO can boost staff productivity by allowing them to sign in once to access and authenticate on multiple applications. 

Pantheon web hosting enforces strict passwords; each site’s database gets a unique long password to help prevent dictionary attacks, otherwise known as password guessing. The Pantheon platform also makes it easy to use SAML/SSO/MFA for Drupal and WordPress.

Regulatory Compliance Pays Big Dividends to Marketers 

According to PwC data, 85% of consumers wish there were more companies they could trust with their data. With customer trust becoming harder to win but easier to lose, demonstrating compliance with regulations becomes a competitive advantage for marketers. 

Keep in mind that if you rely on a web hosting platform to keep customer data safe, your organization’s compliance is only as good as that of its service provider. Mishandled data leaves your business vulnerable to security breaches that can start a cascade of consequences—lost customer trust and brand damage chief among them. 

Pantheon’s Systems and Organization Controls (SOC) 2 compliance provides third-party assurance regarding the adequacy of its information security system and covers the Security and Availability Trust Services Criteria. Pantheon also complies with all applicable data privacy laws, including the General Data Protection Regulations (GDPR).  



Discover More

Elevating Your Agency, Part One: More than Just a Tech Shop

Josh Koenig
Reading estimate: 5 minutes

How I Made It: the Anatomy of the WebOps Certification

Steve Bresnick
Reading estimate: 4 minutes

The "Too Long; Didn't Read" Version of Pantheon’s Docs

Steve Persch
Reading estimate: 2 minutes

Try Pantheon for Free

Join thousands of developers, marketers, and agencies creating magical digital experiences with Pantheon.