How to Use CallRail to Attribute Phone Calls Back to Your Landing Pages

Getting a new client always starts innocently enough. Initial talks go well. Everyone’s on board. But then you get full account access and start digging deeper…

True story: I once worked with a client who was spending tens of thousands each month on PPC. Yet they had zero conversion tracking.

The phone rang, sure. But no one knew why. Everyone just assumed it was… ? Billboards? (Let’s not be ridiculous, here.)

Image via Shutterstock.

“But I have an AdWords call extension,” you claim. “I AM tracking phone calls with events,” you say.

That’s great. A good start. But not nearly enough. Here’s why.

Problem #1: How often do you call a new company directly from an AdWords ad?

Or do you act like a rational human being and click through the ad to the website or landing page to check them out first? That way, you can see if they’re legit or not before picking up the phone to dial. But what happens with your AdWords call extension in this case?

That’s right. You get nothing.

Problem #2: Last touch attribution bias.

AdWords drove the call, but you have no idea which steps before helped to “assist” the conversion. You can’t measure the proper attribution.

Problem #3: You’re only able to see aggregate data.

Let’s suspend disbelief for a second and say someone called you without ever leaving the SERPs, deciding to hand over their credit card to a complete stranger because you just sounded so nice on the phone…

You can still only see aggregate data.

Calls aren’t customers. They’re just calls.

Maybe the prospect’s lost and needs directions. Maybe they want the hours of your location. Maybe the stars aligned and they did become a lead.

Now, all hope is not lost. There is a solution. A way out of this mess. You just need the right tool for the right job.

Enter CallRail.

How to reclaim the phone calls you so rightfully deserve

CallRail can do a few awesome things that will make many of the aforementioned problems go away.

The gold lies in their dynamic keywords pool feature.

Let’s replay the scenario from earlier to see how it works. Someone Googles you, clicks through to a landing page, and possibly might even bounce back to your homepage to find out more about you first.

In the old days, you’d be SOL.

With CallRail’s number insertion, though, your tracking phone number will follow that person from page to page throughout their sessions.

Once someone does call in, you get a wealth of data including the pages they visited during this session, their physical location, and of course, the specific ad or keyword they clicked on in the first place.

The insight will be neatly compiled inside a dashboard for that individual call:

And you know what’s even more glorious?

You can automagically pass this data back to your CRM to track subsequent calls and/or real, honest-to-goodness conversions. (Assuming, of course, that you’re not using a precious “industry specialized” piece of software that doesn’t allow you to do anything with anything.)

Call data now gets passed back and forth. You can even merge it with existing lead data. So you’re not just tracking phone leads anymore, but real dolla dolla billz y’all. #closedloopforthewin

Sounds great, right?

Here’s how to set it up on your campaigns.

Step 1: Start by creating a dynamic keyword pool in CallRail

Log into the CallRail dashboard and head to the Numbers section (denoted with a pound sign):

Next, look for the little button that says, “+ Add a Phone Number”:

After clicking, you’ll get the option to use it online or off (so you can track calls from account-based marketing campaigns for example):

Next, you’ll want to add it to your website.

And then track each individual visitor (as opposed to the campaign).

This way you’ll set up a “pool” of phone numbers that will automatically tie and rotate for each individual website visitor (as opposed to tracking by page).

So let’s now set up that pool.

Go ahead and name the pool whatever you’d like.

The “Destination Number” is the business line your company uses that you want to ultimately ring. We can also edit this later with a “Swap Target.”

Your pool size should depend on how much real-time traffic you get to your site. Generally speaking, you’ll need smaller pool sizes on low traffic sites and larger pool sizes on higher traffic sites.

I believe CallRail’s recommendation is (or was) to look at the number of real-time visitors you’re getting to your site at its peak to gauge the ultimate pool number you might need at any one time.

Next, select which traffic sources you’d like this number pool to track (just default to “All”).

Then you can select a specific area code (toll-free vs. local) you want to use on your website.

Finally, select whether you want to record calls and add a “whisper message.”

The whisper message is exactly what it sounds like.

When someone calls from your landing page, the person answering the phone at your business will hear a soft whisper message before the call connects. For example, you can set it to say “holiday sale promotion” to alert the person answering the phone to the source of the call.

This can be very helpful to know exactly how to service the customer without asking how they got to you.

(Recording calls is also free FYI.)

Easy enough, right?!

Perfect. Now let’s move on to the next step.

Step 2: Set up your landing page

We created our first dynamic keyword pool in the last step. Now we want to install the script onto our Unbounce landing pages and set up your phone number swap targets.

There are two ways to do it, so let’s start with the lazy easy solution of pointing and clicking with the official integration.

Go into Unbounce and find the company you’d like to integrate with CallRail.

Image source.

Next, click on the “Settings” gear icon:

Image source.

Now select the “Integrations” tab inside CallRail (under “Settings”).

Image source.

And click “Activate” on the Unbounce option.

Image source.

You’ll then be whisked away to Unbounce to Authorize the connection.

Image source.

You can also install the tracking script manually on each landing page if you’d rather not connect at the company level.

First, head over to the “Settings” gear icon and click on “Integrations” to find “Dynamic Number Insertion.”

Then scroll down and you’ll find the tracking JavaScript:

All you’ll need to do is copy and paste this before the closing body tag (</body>) on the pages containing your phone number.

Look for “JavaScripts” down at the bottom of your landing page builder inside Unbounce:

Then paste in your code and select the correct placement (“Before Body End Tag”).

Obviously, save your work — and you’re done. Easy peasy.

Now let’s go update any swap target details on these landing pages.

Head back into CallRail and go to the “Numbers” section again.

Now, select the number pool you just created in the last step by clicking on the little edit pencil icon:

Then, scroll down to point three (“Dynamic Number Insertion”) to add the Swap Target and edit the Pool Size (if needed).

The Swap Target is the phone number you want CallRail to look for on your website and dynamically change it with ones from your keyword pool.

So if you have 123-456-7899 as your company number, you would place that as the swap target so that CallRail can populate new tracking numbers for each visitor.

(You can also add a secondary Swap Target if you have multiple different phone numbers on the page.)

Missing out on precious phone call lead data? CallRail integrates seamlessly with Unbounce landing pages. See other industry leading tools you can connect with your landing pages.

Step 3: Integrate CallRail with AdWords

You’ve already done a lot of work. Nice job! Any calls from “organic” sources of traffic should now be tracked inside CallRail.

However, the entire point of this exercise was to demystify your PPC traffic, so let’s connect CallRail with your AdWords account.

Inside CallRail, go to “Settings,” “Integrations,” and then click on “Google AdWords.”

Once there, click the “Authorize” button at the bottom of the page.

Now “Allow” with your Google account.

Then choose the company you want to integrate with CallRail.

Hit “Activate” and you should be good to go.

Before moving on, though, let’s add keyword-level tracking.

Adding keyword-level tracking

Adding the ?keyword=link parameter to your URLs in AdWords is the last recommended step. Adding this parameter to your ad URLs will make sure individual keyword data displays on your call log and in caller’s timelines (inside CallRail).

Head to your “Shared Library” at the bottom of your AdWords account.

Then head over to the URL options in the bottom right-hand corner.

Here, you have two options:

  1. You can add a tracking template, and
  2. You can set up auto tracking

Here’s how to manually add the tracking data.

Type “{lpurl}” and add the keyword parameter. In this case, {lpurl} represents your final URL, so you won’t have to manually enter your ad URLs.

If your tracking template does not contain a “?” append: “?keyword=link” like so:

Then, hit test and wait for the green light.

Once you’re done, you will start to see keyword data from AdWords inside CallRail.

Hooray! 🎉

Step 4: Add call goals to Google Analytics

If we’re being prudent, there should also be a conversion goal inside Google Analytics.

Your data will never truly be 100%, 100% of the time. There will be flaws. There will be gaps. There will be misalignment.

Triangulating data points from several different sources helps you handicap this risk.

That means we also want to integrate CallRail with Google Analytics while we’re at it. To do so, head to “Settings,” “Integrations,” and “Google Analytics.”

When there, drop in your Google Analytics ID and hit “Update.”

Next, head to Google Analytics to create a new call goal.

Go to “Admin” (the gear icon in the lower left-hand corner), then “View” and finally “Goals” in the upper-right corner:

Click for larger image.

Now select the bright red “+ New Goal” button.

Once inside, click on “Custom” down below because we’re about to get a little fancy.

Enter the name and select event.

Now we need to customize the event conditions to make sure your data will be labelled properly.

So drop “Phone” into the Category option.

And “Save” the new goal!

Step 5: Integrate CallRail with your CRM (like HubSpot) for full-funnel Attribution

Wouldn’t it be nice if you could now see which phone calls resulted in closed deals paying you the big bucks?

After all, you should be making strategic PPC decisions based on meaningful data (revenue, Cost Per Lead, etc.) and not just vanity metrics (new leads, Cost Per Click, etc.).

The good news is that you can with CallRail.

Head back into “Settings” and “Integrations”, then look for your favorite CRM.

We’ll use “HubSpot” in this example to show you how these integrations work.

Scroll down to HubSpot and hit the “Activate” button.

Then you’ll need to grab your HubSpot ID to finalize this integration.

So head to HubSpot, log in, and grab the “Hub ID” in the top right-hand corner of your screen.

Simply copy that number and head back to the CallRail HubSpot Integration screen, paste it in, and hit “Authorize.”

You can also select to create a new lead inside HubSpot each time someone calls. You won’t have their name and email at this point necessarily, but you can merge it on subsequent calls.

Next, HubSpot will ask you to select the account to link CallRail with and then “Grant access.”

And that’s it! Now, your calls will create new leads in HubSpot and integrate the data.

Step 6: Measuring campaign performance back to ad spend

Now you’ve completed all the hard work.

The only thing that’s left is to actually use the data once it starts rolling in.

When you log into CallRail, the dashboard right in front of you will list out some of the most recent activity.

Click for larger image.

Let’s break down this down (by number):

  1. This is your Keyword Pool name for each call
  2. The campaign keywords from that drove each click and then call (if there’s nothing showing up, it’s most likely organic as opposed to a PPC call)
  3. The specific campaigns (pulling in PPC data) that drove each click and call
  4. Your landing page where the call initiated
  5. And finally the Lead Status for each (so you can record the number of good, quality leads vs. the junk)

Why is this useful?

Now this data will help you figure out:

  • Which keywords are performing well and driving calls.
  • Which campaigns are performing well and driving calls.
  • Which landing pages are performing well and driving calls.
  • And where the F*@#$ %$ your customers are actually coming from!!!

You can now also view some of this data inside AdWords, too.

Go under “Tools” and look for “Conversions.”

Then you can now see AdWords phone calls ready to track through the CallRail integration we set up earlier.

And because we dot all i’s and cross all t’s, you can see this data inside Google Analytics now, too.

Log in and head over to “Behavior,” then “Events,” and finally “Top Events.”

Here you will see the phone call goal you created earlier in this article. If you click on that phone text link, you can see even deeper data:

Click for larger image.

The reporting format varies based on whether the call was received via a source tracking number or a keyword tracking number with the following attributes:

  • Source Tracker: Incoming call via [tracking number] – [source name]
  • Keyword Tracker: Incoming call via Keyword Tracker

Next, in the event action table, you can click on each action for more details.

Like the phone number that just called you.

And that’s it!

Phew, we made it.

Thanks for sticking around to the end. I think you deserve the rest of the day off.

Before I say goodbye…

Phone calls produce the best conversion rates of any sales channel. They eclipse lead gen data from your standard website form fill.

Phone calls from AdWords are especially lucrative because these people are often already at the bottom of the funnel; they’re ready to take action and sign up or get started immediately.

But if you’re not tracking any of them, you can’t determine which campaigns, individual landing pages, or keywords are driving the best ROI (and not just lead counts).

Thankfully, there’s CallRail + Unbounce. A match made in PPC heaven.

You can run through the steps listed in this article, finally close the phone call loop, and reclaim those conversions that are so rightfully yours — because you can’t take credit for conversions if you don’t know where they came from.


Digital Marketing News: Better Text Ads, Lifestyle Templates &amp; AMP for AdWords

Seven Tips for Writing Better-Performing Expanded Text Ads [Infographic] Writing text ads is a challenge – how can you be compelling enough to drive a conversion with such limited space? There are several tricks of the trade explored in this new infographic. MarketingProfs Google to Advertisers: Get Your Mobile Landing Pages Ready Google recently announced that in two weeks, AdWords advertisers can use AMP pages as landing pages for their ads. This provides a seamless user experience when searching through Google and could have implications for page rank. Search Engine Journal The print catalog era is over — but Facebook wants to revive it on your iPhone Do you miss the good old days of ordering from a catalog? Not many do. However, the lifestyle inspiration we all get from magazines is something that we haven’t been able to replicate as well with our digital ads. Facebook is trying to close that gap with their new ‘Lifestyle Templates’. Business Insider Amazon Is Opening Up Its Ads Business, and Marketers See a Big Opportunity to Shake Up Search According to AdWeek, “After testing search-based ads with agencies and brands, Kenshoo (a company that helps marketers manage search spend across platforms) is making Amazon ads readily available to all marketers through an API integration today.” AdWeek Instagram Expands Access to Branded Content Tools After months of testing, Instagram has granted access to advertisers to its Branded Content tools. These will allow advertisers simplify the process for working with creators (and vice versa). Social Media Today Google responds to Apple’s Intelligent Tracking Prevention with AdWords tracking update The news of Apple’s Intelligent Tracking Prevention in Safari has upset the advertising industry – but as usual, we have Google to the rescue. According to Search Engine Land, “Google has developed a new Google Analytics cookie that will be used to capture campaign and conversion data from Safari in a way that conforms with ITP.” Search Engine Land Amazon ‘1-Click’ patent expires today, get ready for faster web-wide checkout Amazon’s patent on ‘1-Click’ checkout has expired – this means that eCommerce platforms can now duplicate this functionality on their own sites. This is expected to reduce cart abandonment for shopping sites and make a more convenient user experience. Marketing Land 73% Of Broadband Consumers Want To Tightly Control Their Personal Data According to MediaPost: “A large majority (73%) of U.S. broadband consumers express a desire to keep tight control over access to their personal data, with nearly half being very concerned that someone will access the data without their permission, according to a new report by Parks Associates.” MediaPost What were your top digital marketing news stories this week? We’ll come back next week with more top digital marketing news. Have something to share? Email the newsroom or Tweet to @toprank.

The post Digital Marketing News: Better Text Ads, Lifestyle Templates & AMP for AdWords appeared first on Online Marketing Blog – TopRank®.

Online Marketing Blog – TopRank®

Social Media Marketing News

Infographic: Typography in Emails – The Divine Story of Modified Typeface

If you have ever had to hand-code an email, then you know how insanely difficult it can be to get your email looking just right. I would say it’s more tedious and tricky than regular web development. This infographic does a good job of showing you how to get your typography licked for your email campaigns. If you are serious about keeping your brand styling consistent across all marketing channels, then this is one area not to overlook. Take a look at the infographic below to learn all the tiny details of lassoing your typography for your future email campaigns….

The post Infographic: Typography in Emails – The Divine Story of Modified Typeface appeared first on The Daily Egg.

The Daily Egg

Facebook disables feature that let marketers target ‘Jew haters’

(Reuters) — Facebook said on Thursday it was temporarily disabling the ability of advertisers to target based on people’s self-reported education and job information after a report that those features allowed targeting based on anti-Semitic topics.

ProPublica, a non-profit news organization based in New York, reported hours earlier that Facebook’s self-service ad-buying platform had allowed marketers to target ads at people who, on their Facebook profile, had listed phrases such as “Jew hater” as their field of study or work.

Some 2,300 people had expressed interest in the topics “Jew hater,” “how to burn Jews” and “History of ‘why Jews ruin the world’,” according to ProPublica’s investigation.

Facebook, the world’s largest social network, confirmed the ProPublica investigation.

Once people put those phrases on their Facebook profiles, the anti-Semitic topics automatically migrated onto the company’s advertising platform, as if they were education or job data that would be useful to marketers, Facebook said.

“We are removing these self-reported targeting fields until we have the right processes in place to help prevent this issue,” Facebook said in a statement late on Thursday.

“We want Facebook to be a safe place for people and businesses, and we’ll continue to do everything we can to keep hate off Facebook,” it said.

Facebook initially responded to the ProPublica report by removing the topics in question from its ad system. However, other news reports, including from Slate magazine, then discovered that hateful topics were more widespread in the ad system’s targeting capabilities.

As Facebook has given advertisers greater power to micro-target their messages using a self-service platform, the company has at times failed to ensure they comply with its terms and conditions.

Last year, ProPublica reported that Facebook allowed advertisers to exclude users by race when running housing or other ads, despite a prohibition on such ads under the U.S. Fair Housing Act 1969.

Facebook said last week an operation likely based in Russia spent $ 100,000 on thousands of U.S. ads promoting social and political messages over a two-year period through May, fueling concerns about foreign meddling in U.S. elections.

The company said it shut down 470 “inauthentic” accounts as part of an internal investigation into those ads.

Facebook and rival Google, owned by Alphabet, dominate the fast-growing market for online advertising, in part because they let marketers target their ads based on huge volumes of data.

Facebook reported $ 27.6 billion in 2016 revenue, the vast majority from advertising.

Ad campaigns that used the anti-Semitic categories on Facebook were not widespread, the company said.

“Given that the number of people in these segments was incredibly low, an extremely small number of people were targeted in these campaigns,” Facebook said.

One change Facebook said it was considering was adding more thorough reviews of targeting categories before they show up in the self-service platform.

(Reporting by David Ingram; Editing by Paul Tait)

Social – VentureBeat

Social Media Marketing News

Do you ever worry you’re building the wrong kind of business?

Lately we’ve been obsessed with a simple idea here at Fizzle.

When we hear a success story from someone who built a business, there’s usually a distinct turning point in the story. This turning point revolves around something the entrepreneur changed that made everything click.

Sometimes the change is small, other times it’s a larger pivot. But in each case, the change seems to lead to building a business that isn’t just a good idea, but is also a great fit for that specific entrepreneur.

So our idea goes something like this: what if the success of a business depends less on the strength of the business idea itself, and more on how well that business idea fits the entrepreneur behind it?

If that’s the case, then the classic advice around business ideas is way off. Traditional business advice might tell you to focus on market, demand, product, operations, sales and finance. But what if your chances of success depend more on things like energy, experience, skills, money, people, lifestyle, personality and vision?

Do you ever worry you’re building the wrong kind of business? Have you tried to follow traditional business advice, but found that it just didn’t fit?

Today we’d love to hear from you. Are we on to something with this idea? Please leave a comment below and tell us if you ever worry you’re building the wrong kind of business for you.


How to Collaborate with Influencers to Increase Your Conversions: Examples and Tools


Influencer marketing has been on the rise for a couple of months now, but how many marketers really understand how to use the tactic effectively? It’s not really about buzz. A traffic boost is fine, but how often can you really reach out to niche influencers to collaborate on something? They have their own lives and they are pretty busy people. Influencer-driven projects cannot happen too often. You cannot build your site on them (in most cases), and those traffic boosts they trigger are only temporary. But is it possible to use influencer outreach to improve your bottom line? How…

The post How to Collaborate with Influencers to Increase Your Conversions: Examples and Tools appeared first on The Daily Egg.

The Daily Egg

How to Protect Customer Data — and Your Company


Most of us have probably seen that commercial where the bank security guard stands idly by during a robbery, explaining that he’s just there for monitoring, not preventing. It’s a good illustration of how important it is for businesses to think about digital integrity holistically rather than one piece at a time.


Your online presence is the face your company shows the world. It’s your identity. And it tells customers as much about your credibility and integrity as any business strategy. Customers want to know that they can trust your content and what is behind it – that it says what it means, that it’s consistent, that it’s accurate, and that you stand by it. And they want to know how you’re going to protect the information they share with you.

Your online presence tells customers as much about your credibility as any business strategy, says @kpodnar.
Click To Tweet

While developing a digital policy may not be at the top of your things-to-spend-time-and-money-on list, it really should be because the consequences of not having a policy are scary.

HANDPICKED RELATED CONTENT: Identity Matters: How Content Strategists Build Trust and Loyalty

Why is digital integrity important?

Let’s start with data breaches since that’s the issue that captures the most headlines. From forensics and fines to lawsuits and lost time, the expenses associated with a breach pile up quickly. And that’s just the beginning.

A distributed denial of service (DDoS) attack, for example, could prevent you from conducting business for a time. And if the attack slows your site’s load time, your customers may not do business with you. Research shows that nearly half of all customers won’t wait more than three seconds for a page to load. They click over to a competitor – and a lot won’t come back.

Then there’s a general lack of confidence. How are customers supposed to trust you with their business when you aren’t even taking care of your own digital security?

How can your subscribers trust you with their business if you can’t guard their personal data? @kpodnar
Click To Tweet

Your online integrity is about a lot more than just protecting the audience’s personal information (although that’s important, too). It requires a multifaceted, holistic digital policy incorporated into your daily business processes.

Let’s look at what that means.

HANDPICKED RELATED CONTENT: The Democratization of Distrust Is Our Biggest Opportunity

Components of a holistic digital policy

Data collection

Brands slowly but surely have adopted a more-is-more mindset when it comes to data. The more data points, the better, right? Even at brick-and-mortar stores, it’s hard to make a purchase without being asked for name, address, phone number, email, or maybe even birthday. And, sure, your business can do a lot with that information in terms of market segmentation and analytics.

But … the more data you collect from your audience, the more you – and they – stand to lose if you suffer a breach. To put it in business terms, you need to do a risk-benefit analysis. If you’re truly using all the data you’re collecting – and the return on investment is worth the risk – fine. But if you’re collecting data just because you can, the risks quickly outweigh the benefits. Collect data only when it’s critical to your business.

Collect data only when it’s critical to your business, says @kpodnar.
Click To Tweet

Questions to ask:

  • What information do we collect from our customers? Where do we keep it? How do we secure it?
  • Who wants the data (marketing, product development, etc.)? What do they do with it? Could others within our company use the same information to increase the benefits, making the risk worthwhile?
  • What information do we really need to collect from our customers, and why do we need it?
  • How does each data point enhance or support our business model?

Data storage

The natural result of collecting a lot of data is the need to store that data. And stored data is a liability. Do you really need to keep email addresses and purchase histories from people you haven’t connected with in years? Customer data collection isn’t a situation for, “Well, it might come in handy someday.” The safest remedy is to store only as much data as is critical to your business.

It might help to think of it this way: Imagine you had a breach, and you’re in a face-to-face meeting with a customer whose personal data was stolen. How comfortable would you be looking that customer in the eye and explaining your need for each data point?

Questions to ask:

  • What data do we store? Is there a business justification for each data point?
  • Where do we store our data? Who has access to it? What security measures are in place?
  • What are the risks of keeping the data? Does the data include enough points to be personally identifiable? If so, what obligation do we have to our customers?
  • If we do need to store multiple data points, how long do we need to keep them? (For example, do we need to keep a customer’s email address and other information after the conclusion of a trial period?) What processes can we use to make that happen? Should data automatically be deleted after a certain time or should there be a human review process?
  • Are the servers that store sensitive data separate from our servers on less-secure networks? Or could someone access sensitive data by hacking into a less-secure device?

Regulatory requirements

One of the toughest challenges of operating in a global economy is sorting through the applicable rules and regulations. The United States, for example, has laws regulating the collection, use, and storage of customer information. Many states also have their own regulations, some of which are stricter than the federal laws. And it becomes even more complex when your business crosses national boundaries.

To gain a perspective on how complex a process this can be, think about cloud-based services, which are, by nature, independent of a geographic location. What does that mean legally? Do regulations regarding data kept in that cloud service apply based on where the company is headquartered, where it has physical locations, where the customers lives, or where the servers with all of the data are stored? Or all of the above?

This is one area where it’s critical to get professional guidance, whether from an attorney or from a digital policy expert. There are just too many moving pieces to carry that much risk yourself.

Questions to ask:

Prepare for your initial meeting with a professional by jotting down as many relevant facts and questions as you can come up with, such as:

  • How do we figure out which regulations we must comply with? For example, what if we have neither offices nor servers in a given country, but we do have users who live there? What if we have a shared server in a country but conduct no other business there?
  • How frequently do these regulations change, and what’s the best way to keep up with these changes and incorporate them into our digital policy?
  • What are the penalties for a first violation in any given jurisdiction?
  • How can we be sure we’re not breaking any country’s data privacy laws?
  • What are some best practices that other companies have identified?

Incident monitoring and response

Having a good digital policy won’t necessarily stop a breach from happening, but it will go a long way toward mitigating the damages. It’s important to have a crisis response plan that includes everything from the discovery of a breach to communicating the situation to your customers (as well as to any relevant legal agencies). Your policy should identify the person responsible for each step of the response plan and include frequent re-evaluation to make sure each person is still in the same job and knows what to do.

A crisis response plan details how to notify your audience if a data breach occurs, advises @kpodnar.
Click To Tweet

Questions to ask:

  • How do we become aware of a breach? Do we have systems that notify us immediately when unusual activity is detected, or do we only find out when we’re in crisis mode?
  • What do we do to stop an attack once it’s detected? Do the people responsible for mitigating an attack have the proper skills, training, and tools?
  • Who within the company needs to be notified, and in what order? If an attack is detected during overnight hours, can it wait until morning, or are there people who need to be alerted immediately?
  • If an attack is severe enough to cause a work stoppage, do we have a backup plan in place? Does everybody know what it is and how to launch it?
  • What regulations apply? Which authorities must be notified, and whose job is it to do that?
  • Whose responsibility is it to talk to the media?
  • What actions do we need to take on behalf of customers (such as notifying them that their data may have been compromised)?

External risks

As interconnected as businesses are these days, risks don’t exist only within your own walls. Any third party with access to any of your networks is a potential source of a breach. It’s important to think up and down your supply chain, and throughout your partner networks to make sure you’re not unintentionally creating a policy that for all practical purposes doesn’t really protect you.

Questions to ask:

  • What parties have access to our system (vendors, outsourcing partners, consultants, outsourced IT support, SaaS products, etc.)? What digital policies and security protocols do they have?
  • Does the external partner’s policy go far enough? Or have important questions been left unanswered?
  • Does the company follow the digital policy or does it just give lip service?
  • In the case of a breach that originates – intentionally or not – through a third-party provider, who’s liable? Whose response plan takes precedence? Who’s responsible for fines and customer compensation, if relevant?
  • Are the answers to the data security questions spelled out in our contracts?

Policy development

Gathering data is the first step. Getting the buy-in to create a digital policy and the authority to implement it is the next step. Usually, this process works best with a cross-functional team so that all interests can be represented.

Questions to ask:

  • Who are our stakeholders? Who will be affected by this policy?
  • What conflicting interests must be managed (such as legal vs. marketing)?
  • Do we have everything we need to know to craft a good policy? Is there anyone we forgot to include?
  • What could go wrong, and what can we do to prevent it?

Change management

Few people like change, and even fewer people like change that seems to be random and unnecessary. That’s even more true when that change makes a process more difficult and time-consuming. Selling the “why” of a digital policy is central to overcoming resistance.

Questions to ask:

  • Can we clearly and consistently articulate the importance of having a digital policy? (Hint: Employees are unlikely to accept “because our lawyers said so” as a compelling reason.)
  • Whose jobs are affected by these changes, and in what ways? What can we do to offset any unintended negative impact?
  • What might employees see as drawbacks of a digital policy, and what benefits can we communicate to counter that perception?

Plan implementation

This is where a lot of digital policies go wrong: Companies stop right before the finish line. But a policy never correctly implemented – or universally ignored – is riskier than not having a policy. That’s because a policy provides documented proof that your company was aware of the risks.

Data security plans go wrong when companies stop before the finish line (correct implementation). @kpodnar
Click To Tweet

Questions to ask:

  • Where does the policy live? How do employees know where to find it when they need it? Do they have immediate access, or do they need to ask for authorization to access the files?
  • Is the policy easy to use? Is there a table of contents that an employee can use to go straight to the appropriate section? Is it searchable?
  • Who can make changes to the document, and are people without authorization to change it technically prevented from doing so?
  • How can we make the policy easier to use? Can we provide employees with a checklist or wizard? Can we incorporate it into our business processes so that much of the compliance happens behind the scenes? How can we make it easy for employees to comply with the policy and difficult to violate it?


“Have a digital policy” isn’t something you can scratch off your to-do list. It’s an ongoing process that must be revisited over the years as people, processes, and technologies change.

Questions to ask:

  • How can we make sure our digital policy is being used? How can we track compliance?
  • What corrective action do we take if the policy is being violated (intentionally or not)?
  • How do we make sure our policy keeps up with changing circumstances and new threats?


If I had one wish for companies struggling with their digital policies, it would be to look at the situation holistically. Think of it like parenting: We don’t prepare our kids for kindergarten and then congratulate ourselves on a job well done. Raising a child is an evolving process, one that includes everything from nutrition to exercise to education to character – and sometimes, eventually, to babysitting grandchildren. While you might not feel the same passion for your digital policy as you do for your children, both require supervision, care, and nurturing.

Sign up for our weekly Content Strategy for Marketers e-newsletter, which features exclusive stories and insights from CMI Chief Content Adviser Robert Rose. If you’re like many other marketers we meet, you’ll come to look forward to reading his thoughts every Saturday.

Cover image by Skeeze via

The post How to Protect Customer Data — and Your Company appeared first on Content Marketing Institute.

Content Marketing Institute

Happy Labor Day!

Today is Labor Day in the U.S., a time to celebrate the potency and dignity of work — and the regenerating power of a little time off. The Copyblogger team will be back starting tomorrow with lots more content for you … including your September Creativity and Productivity prompts later this week. Have a wonderful
Read More…

The post Happy Labor Day! appeared first on Copyblogger.

Related Stories

  • A Quick Note About the History of Labor Day That You May Not Realize …
  • Happy Labor Day!


7 Steps to Grow a Blog Post

Last week I talked about how writers seem like magicians, because we have the power to create something out of nothing. An important point to note about magicians, though: They don’t really do magic. Instead, they study and practice specific behaviors until they can create that illusion of creating something out of nothing. And of
Read More…

The post 7 Steps to Grow a Blog Post appeared first on Copyblogger.