SlideShare a Scribd company logo

Cyber Security 101: What Your Agency Needs to Know

Sandra Fathi
Sandra Fathi

PR Council's Genome Series Webinar on Cyber Security 101 for Agencies.

Business
1 of 43
Download to read offline
PROPRIETARY & CONFIDENTIAL March 4, 2010Affect Strategies CYBER SECURITY 101: What Your Agency Needs to Know PR Council Genome Series May 4, 2017
PROPRIETARY & CONFIDENTIAL PRESENTERS Sandra Fathi, President, Affect PR Council Board Member sfathi@affect.com @sandrafathi Simon Russell Managing Partner, BeCyberSure simonr@becybersure.com Vince L. Martinez Partner, K&L Gates LLP Vince.martinez@klgates.com
PROPRIETARY & CONFIDENTIAL I.  Cyber Security 101: What you need to know about cyber security and threats in an agency environment II.  Legal Ramifications: Cyber security and the law, the agency’s responsibilities and liabilities III.  Crisis Communications: When it happens to you, a plan of action AGENDA March 4, 2010Affect
PROPRIETARY & CONFIDENTIAL DEFENDING ENTERPRISE INTEGRITY Making InfoSec Part of the Culture Simon Russell, Managing Partner, BeCyberSure North America
PROPRIETARY & CONFIDENTIAL Defending(Enterprise(Integrity((( What is “Cyber Security”?( •  The(process(of(applying(security( measures(to(ensure( confiden9ality,(integrity,(and( availability(of(data( •  Essen9ally,(protec9on(against( Cyber(Risk( What is “Cyber Risk”?( •  “Cyber(Risk”(means(any(risk(of( financial(loss,(disrup9on(or(damage( to(the(reputa9on(of(an(individual(or( organiza9on(from(some(sort(of( failure(of(their(informa9on( technology(systems(
PROPRIETARY & CONFIDENTIAL ( All#Organiza+ons#are#suscep+ble#to#both#internal#&#external#a7acks( (
PROPRIETARY & CONFIDENTIAL Defending(Enterprise(Integrity((( Method# Problem# Solu+on# Wireless#Hotspots,# Bluetooth#+#Mobile# Subject(to(man(in(the( middle(aEacks( Public(WiHFi(/(VPN( Printers# LogHin(details(are( recorded( Default(password( Invoice#Processing#+# Payroll# Payment(redirec9on( Conveyancing( Payroll(Intercep9on( Loss(of(PII( Policy(and(procedures.( Friday(aPernoon( syndrome( Phishing#+#Ransomware# # Loss(of(data(/(access( Training( The#Cloud!# Lack(of(control( Use(2(FA(and(encryp9on( IT’S#ALL#TOO#EASY#
PROPRIETARY & CONFIDENTIAL The#Value#of#a#Hacked#Email#Account#
PROPRIETARY & CONFIDENTIAL The#Value#of#a#Hacked#PC#
PROPRIETARY & CONFIDENTIAL EXCUSES#FOR#NOT#ADDRESSING#CYBER# Defending(Enterprise(Integrity((( •  Usually easier targetI’M TOO SMALL •  All data has value or you could be a stepping stoneNOTHING WORTH STEALING •  Every organization is of interest to the criminal – they do not discriminate MY TYPE OF BUSINESS IS NOT A TARGET •  Not the point- there are other assets to stealI DON’T HANDLE MONEY •  You are still responsible - the responsibility is not outsourced I OUTSOURCE IT, PAYMENTS, ETC •  Not any more! SOMEONE ELSE WILL PAY IF SOMETHING GOES WRONG (e.g. banks, insurance)
PROPRIETARY & CONFIDENTIAL (( 12© 2015 Optimal Risk and its partners/affiliates. All rights reserved. Source: 2014 Verizon Data Breach Investigations Report Secs# Mins# Hrs# Days# Weeks# Months# Years# Compromise( 19%( 42%( 12%( 23%( 0%( 5%( 1%( Exfiltra9on( 3%( 27%( 21%( 21%( 18%( 9%( 0%( Discovery( 0%( 3%( 11%( 17%( 16%( 41%( 11%( Containment( 0%( 2%( 5%( 42%( 22%( 29%( 0%( Timespan of events by % of Web App breaches In 50% of breaches, data is stolen in hours 41% of breaches are not discovered for months Be Very Worried 40% of companies experienced a data breach 61% of espionage is not discovered for months More than 50% of companies do NOT conduct security testing 38% of companies are not capable of resolving an attack 51% increase of companies reporting >$10M loss 34% of companies do not know if/ how
PROPRIETARY & CONFIDENTIAL # Hidden#Costs#of#a#breach# Defending(Enterprise(Integrity(((
PROPRIETARY & CONFIDENTIAL PEOPLE#not#devices# ! Majority(of(breaches(occur(due(to(human(error( ! Training(and(awarenessH(Change(culture( SECURITY#over#compliance# ! Whilst(there(is(no(avoiding(compliance,(approaching(security( as(a(boxHchecking(exercise(is(a(huge(mistake.(If(you(are(secure( and(up(to(best(prac9ces(for(NIST(or(CIS(for(example(you(will(be( compliant(with(most(regulator s(requirements( Defending(Enterprise(Integrity((( Think(Human(NOT(Cyber(
PROPRIETARY & CONFIDENTIAL What(Steps(Should(You(Take?( •  Info(Security(audit(to(expose(holes(in(architecture,( focus(on(what(data(you(have(and(where(it(sits.(( •  Policies(and(Procedures( •  Social(engineering(tes9ng(i.e.(Phishing(( •  Ongoing(Penetra9on(tes9ng( •  Staff(training( •  System(monitoring( •  Think(about(3rd(party(risks( # #Defending(Enterprise(Integrity(((
PROPRIETARY & CONFIDENTIAL ! SECURITY!NOT(COMPLIANCE.(( ( ( HUMAN(NOT(CYBER.(( Defending(Enterprise(Integrity((( THINK…
Regulatory and Legal Considerations
Basic Incident Response Steps •  Recognize the occurrence of an incident. •  Notify and assemble the incident response team to begin the investigation. •  The internal team can include IT, Security, HR, Counsel, Compliance, business heads and IR. •  The external team can include outside counsel, technological consultancies and crisis management / public relations firms. •  Identify and fix (or contain) the technological issue. •  Determine any legal obligations and comply. •  Determine if any public reporting obligations exist. •  Communicate with the public as appropriate. •  Eradicate remnants of the security incident and recover business operations.
Data Breach Notification Requirements •  The primary consideration is the exposure of personally identifiable information (PII). •  All states except AL and SD require companies to notify affected individuals when their PII has been compromised. •  There are variances in notification laws and the types of data considered PII. •  Most states require notice as soon as reasonably possible; a few require notice within 30 to 45 days of discovery. •  Certain federal laws, such as HIPAA and GLBA, require companies to notify affected individuals. •  Certain federal regulators, including the FTC and FCC, are active within their jurisdictions. •  Breach notification can also be a function of contract, which should be known before an incident occurs.
Notifying Law Enforcement •  Relevant federal law enforcement agencies include the FBI and the Secret Service. •  The Department of Justice has issued guidance for interacting with federal law enforcement authorities in the wake of a cybersecurity event. •  https://www.justice.gov/sites/default/files/criminal-ccips/legacy/ 2015/04/30/04272015reporting-cyber-incidents-final.pdf •  State Attorneys General may also be required to be notified. •  It is a best practice to have pre-established contacts with law enforcement before an event. •  Remember that law enforcement has different goals than you when responding to a cybersecurity event, and the logistics and possible issues surrounding law enforcement involvement should be understood beforehand.
Public Company Reporting Obligations •  The SEC’s Division of Corporation Finance offered guidance in 2011. •  https://www.sec.gov/divisions/corpfin/guidance/cfguidance-topic2.htm •  The guidance gives context to materiality in several parts of periodic reports. •  Some incidents may be described generally in quarterly and annual filings. •  Filing a Form 8-K is most appropriate for events of immediate material consequence to investors. •  The SEC has not yet brought an enforcement action for inadequate cybersecurity disclosure, but has frequently indicated its interest in doing so.
Recent Regulatory Developments •  The New York Department of Financial Services recently implemented regulations for certain financial institutions: •  http://www.dfs.ny.gov/legal/regulations/adoptions/dfsrf500txt.pdf •  Affects both businesses registered under the New York Banking, Insurance and Financial Services Laws, as well as certain third parties that service those businesses. •  Contains specific technological measures required of covered entities. •  The Colorado Division of Securities recently proposed enhanced cybersecurity measures for broker-dealers and investment advisers: •  https://drive.google.com/file/d/0BymCt_FLs-RGUWl5c3lDUVlzeDg/view •  Specifies what measures firms should consider in order to have “written procedures reasonably designed to ensure cybersecurity.” •  Takeaway: More regulators are beginning to list specific measures required.
Consequences of a Cyber Incident •  Major damage to the company’s operations, customer loyalty, reputation and financial results. •  Litigation, settlement, repair and remediation costs in recent cases have reached into the tens of millions of dollars, including: •  Example: Target - breach related costs approaching $180 million per latest Form 10-K. •  Shareholder derivative actions, including against directors •  Customer class actions •  Litigation with (former) business partners •  Regulatory investigations, actions and remediation oversight •  Example: FTC v. Wyndham Worldwide Corp. •  Inadequate or misleading data security protections can be charged as unfair and deceptive trade practices. •  Activist investor campaigns
Roles for Outside Counsel •  Extend attorney-client privilege to response advice. •  Extend work product protection to investigative documentation. •  Hire other third parties as agents of the legal engagement. •  Establish contact with law enforcement. •  Identify likely regulators and applicable standards and guidance. •  Identify legal and contractual obligations to notify or report. •  Ensure legal accuracy of public statements.
PROPRIETARY & CONFIDENTIALAffect SCALE OF THE ISSUE
PROPRIETARY & CONFIDENTIAL WHY DO AGENCIES THINK THEY ARE IMMUNE?
PROPRIETARY & CONFIDENTIAL WHAT’S THE SCENARIO •  Scenario #1: A reporter tweets that they’ve broken a story about your data breach – you were unaware that the press was aware. •  Scenario #2: IT department detects a breach and informs the PR department that it has been mitigated. •  Scenario #3: The FBI calls to tell you that they are investigating your data breach. •  Scenario #4: The IT department reports a breach to PR, but has no idea how large it is or what the total impact will be. •  Scenario #5: A Hacker threatens to release your client’s data if you don’t pay $100,000 in Bitcoin You need a plan and you needed it yesterday.
PROPRIETARY & CONFIDENTIAL THE THREAT IS REAL •  The Element of Surprise: breaches are often leaked to the media before full investigations are complete •  Under Pressure: Customers, media, employees etc. demand information •  The Gift that Keeps on Giving: Data breach incidents tend to have more than one news cycle •  Social Media Wildfire: False information spreads quickly on sites like Twitter, Facebook and LinkedIn If you are prepared for data breach response, you have a better chance of controlling your message and preserving your reputation.
PROPRIETARY & CONFIDENTIALAffect CORE CONCEPTS CRISIS COMMUNICATIONS 4 Phases of Crisis Communications 1.  Readiness 2.  Response 3.  Reassurance 4.  Recovery
PROPRIETARY & CONFIDENTIALAffect PHASE 1: READINESS PREVENTATIVE MEDICINE Anticipating a Crisis 1.  Crisis Mapping (SWOT Analysis) 2.  Policies and Procedures (Prevention) 3.  Crisis Monitoring 4.  Crisis Communications Plan 5.  Crisis Action Plan 6.  Crisis Standard Communications Template
PROPRIETARY & CONFIDENTIALAffect THREAT MAPPING RISK ASSESSMENT Internal •  Employees •  Facilities •  Vendors/Suppliers •  Distributors/Resellers •  Product External •  Acts of Nature •  Market •  Legal Restrictions/Law •  Customers •  Advocacy Groups Anticipating & Understanding Threats to a Business People, Products, Facilities, Environment, Information
PROPRIETARY & CONFIDENTIALAffect INFORMATION THREATS What’s in your files? 1.  HR – Name, Address, Social Security 2.  Payroll – Name, Address, Social Security & Bank Account 3.  Customer – Name, Address, Credit Card & Bank Account 4.  Vendor – Name, Address, Credit Card & Bank Account 5.  Other – Medical Records, Demographic Information, Email, File Servers etc.
PROPRIETARY & CONFIDENTIALAffect CRISIS COMMUNICATIONS ANTICIPATING THREATS Create A Chart: Potential Informational Threats to Your Business HR Sales Marketing Finance Rank Order High Risk to Low Risk
PROPRIETARY & CONFIDENTIALAffect CRISIS TOOLKIT RESPONSE RESOURCES 1. Develop materials: •  Messages/FAQ •  Prepared statements •  Press release template •  Customer letters 2.  Train employees •  Awareness •  Anticipation •  Organizational Preparation 3. Prepare channels: •  Hotline •  Dark site •  Social Media 4. Data Breach/Customer Assistance Resources •  Microsite/Landing Page FAQ •  Identity Theft Remediation Services •  Force Password/Account Information Change •  Special Customer Advocate/Team
PROPRIETARY & CONFIDENTIALAffect IMMEDIATE ACTION BEST PRACTICES Preparing a Response 1.  Don’t delay 2.  Acknowledge situation 3.  Acknowledge impact and ‘victims’ 4.  Commit to investigate 5.  Commit to sharing information and cooperation with relevant parties 6.  Share corrective action plan if available 7.  Respond in the format in which the crisis was received**
PROPRIETARY & CONFIDENTIALAffect RESPONSE OUTLINE CRITICAL INFORMATION Prepare a Template Crisis Response: 1.  What happened? 2.  What do we know about it? 3.  Who/what was impacted? 4.  How do we feel about it? (How should we feel?) 5.  What are we going to do about it? 6.  When are we going to do it? 7.  When/how will we communicate next?
PROPRIETARY & CONFIDENTIALAffect CUSTOMER COMMUNICATION Notice of Data Breach 1.  Introduction: Why are we contacting you? 2.  What happened? 3.  What information was compromised? 4.  What are we doing to remedy the situation? 5.  What can you do to prevent/mitigate further risk? 6.  Where can you find more information?
PROPRIETARY & CONFIDENTIAL BREACH NOTIFICATIONS SAMPLES
PROPRIETARY & CONFIDENTIALAffect PHASE 3: REASSURANCE DOSE OF MEDICINE Who to Reassure? How to Reassure? 1.  Develop full response plan 2.  Put plan into action: Immediate remedy 3.  Communicate results of plan and impact 4.  Reaffirm commitment to correction 5.  Demonstrate results of program
PROPRIETARY & CONFIDENTIALAffect PHASE 4: RECOVERY LONG-TERM TREATMENT PLAN Rebuilding reputation, trust and customer loyalty Implementing preventative measures for long-term crisis mitigation and/or prevention 1.  Review need for operational, regulatory, environmental and employee changes 2.  Develop long-term plan including policies and prevention tactics 3.  Reassess crisis plan 4.  Regain customer/public trust
PROPRIETARY & CONFIDENTIALAffect 1.  Implement Policies to Address Potential Vulnerabilities 2.  Establish a Regular Review Cycle for Information Security 3.  Establish Inter-Departmental Cooperation 4.  Establish a Framework for Response 5.  Build a Data Breach Crisis Toolkit 10 KEY TAKEAWAYS CRISIS COMMUNICATIONS FOR DATA BREACHES
PROPRIETARY & CONFIDENTIALAffect 6.  Know Where & How to Respond 7.  Prepare Your Employees in Advance 8.  Establish Assistance Services for those Impacted 9.  Know the Law Regarding Reporting in All Regions of Operations 10.  Be Honest, Be Transparent 10 KEY TAKEAWAYS CRISIS COMMUNICATIONS FOR DATA BREACHES
PROPRIETARY & CONFIDENTIALAffect RESOURCES White Paper: Crisis Communications in the Social Media Age Download at: Affect.com
PROPRIETARY & CONFIDENTIAL March 4, 2010Affect Strategies Thank you Slides Available: Slideshare.net/sfathi Sandra Fathi, President, Affect PR Council Board Member sfathi@affect.com @sandrafathi Simon Russell Managing Partner, BeCyberSure simonr@becybersure.com Vince L. Martinez Partner, K&L Gates LLP Vince.martinez@klgates.com

Recommended

Key Findings from the 2015 IBM Cyber Security Intelligence Index
Key Findings from the 2015 IBM Cyber Security Intelligence IndexKey Findings from the 2015 IBM Cyber Security Intelligence Index
Key Findings from the 2015 IBM Cyber Security Intelligence IndexIBM Security
 
Cyber Security Incident Response Planning
Cyber Security Incident Response PlanningCyber Security Incident Response Planning
Cyber Security Incident Response PlanningPECB
 
A Guide to Disaster Preparedness for Businesses
A Guide to Disaster Preparedness for BusinessesA Guide to Disaster Preparedness for Businesses
A Guide to Disaster Preparedness for BusinessesAdvanced Imaging Solutions & Pinnacle
 
Cyber security-in-india-present-status
Cyber security-in-india-present-statusCyber security-in-india-present-status
Cyber security-in-india-present-statusRama Reddy
 
NCSAM = Cyber Security Awareness Month: Trends and Resources
NCSAM = Cyber Security Awareness Month: Trends and ResourcesNCSAM = Cyber Security Awareness Month: Trends and Resources
NCSAM = Cyber Security Awareness Month: Trends and ResourcesStephen Cobb
 
Must Know Cyber Security Stats of 2016
Must Know Cyber Security Stats of 2016Must Know Cyber Security Stats of 2016
Must Know Cyber Security Stats of 2016DWP Information Architects Inc.
 
Breaking down the cyber security framework closing critical it security gaps
Breaking down the cyber security framework closing critical it security gapsBreaking down the cyber security framework closing critical it security gaps
Breaking down the cyber security framework closing critical it security gapsIBM Security
 
Top Cyber Threat Predictions for 2019
Top Cyber Threat Predictions for 2019Top Cyber Threat Predictions for 2019
Top Cyber Threat Predictions for 2019PECB
 

Recommended

Key Findings from the 2015 IBM Cyber Security Intelligence Index
Key Findings from the 2015 IBM Cyber Security Intelligence IndexKey Findings from the 2015 IBM Cyber Security Intelligence Index
Key Findings from the 2015 IBM Cyber Security Intelligence IndexIBM Security
 
Cyber Security Incident Response Planning
Cyber Security Incident Response PlanningCyber Security Incident Response Planning
Cyber Security Incident Response PlanningPECB
 
A Guide to Disaster Preparedness for Businesses
A Guide to Disaster Preparedness for BusinessesA Guide to Disaster Preparedness for Businesses
A Guide to Disaster Preparedness for BusinessesAdvanced Imaging Solutions & Pinnacle
 
Cyber security-in-india-present-status
Cyber security-in-india-present-statusCyber security-in-india-present-status
Cyber security-in-india-present-statusRama Reddy
 
NCSAM = Cyber Security Awareness Month: Trends and Resources
NCSAM = Cyber Security Awareness Month: Trends and ResourcesNCSAM = Cyber Security Awareness Month: Trends and Resources
NCSAM = Cyber Security Awareness Month: Trends and ResourcesStephen Cobb
 
Must Know Cyber Security Stats of 2016
Must Know Cyber Security Stats of 2016Must Know Cyber Security Stats of 2016
Must Know Cyber Security Stats of 2016DWP Information Architects Inc.
 
Breaking down the cyber security framework closing critical it security gaps
Breaking down the cyber security framework closing critical it security gapsBreaking down the cyber security framework closing critical it security gaps
Breaking down the cyber security framework closing critical it security gapsIBM Security
 
Top Cyber Threat Predictions for 2019
Top Cyber Threat Predictions for 2019Top Cyber Threat Predictions for 2019
Top Cyber Threat Predictions for 2019PECB
 
Webinar - Cyber Hygiene: Stay Clean at Work and at Home
Webinar - Cyber Hygiene: Stay Clean at Work and at HomeWebinar - Cyber Hygiene: Stay Clean at Work and at Home
Webinar - Cyber Hygiene: Stay Clean at Work and at HomeWPICPE
 
Outlook Briefing 2016: Cyber Security
Outlook Briefing 2016: Cyber SecurityOutlook Briefing 2016: Cyber Security
Outlook Briefing 2016: Cyber SecurityMastel Indonesia
 
CSE 2016 Future of Cyber Security by Matthew Rosenquist
CSE 2016 Future of Cyber Security by Matthew RosenquistCSE 2016 Future of Cyber Security by Matthew Rosenquist
CSE 2016 Future of Cyber Security by Matthew RosenquistMatthew Rosenquist
 
The IBM X-Force 2016 Cyber Security Intelligence Index
The IBM X-Force 2016 Cyber Security Intelligence IndexThe IBM X-Force 2016 Cyber Security Intelligence Index
The IBM X-Force 2016 Cyber Security Intelligence IndexKanishka Ramyar
 
Ethical Hacking vs Penetration Testing vs Cybersecurity: Know the Difference?
Ethical Hacking vs Penetration Testing vs Cybersecurity: Know the Difference?Ethical Hacking vs Penetration Testing vs Cybersecurity: Know the Difference?
Ethical Hacking vs Penetration Testing vs Cybersecurity: Know the Difference?PECB
 
Top 12 Cybersecurity Predictions for 2017
Top 12 Cybersecurity Predictions for 2017Top 12 Cybersecurity Predictions for 2017
Top 12 Cybersecurity Predictions for 2017IBM Security
 
Cyber Resilience
Cyber ResilienceCyber Resilience
Cyber ResilienceIan-Edward Stafrace
 
What trends will 2018 bring for Business Continuity Professionals?
What trends will 2018 bring for Business Continuity Professionals?What trends will 2018 bring for Business Continuity Professionals?
What trends will 2018 bring for Business Continuity Professionals?PECB
 
The State Of Information and Cyber Security in 2016
The State Of Information and Cyber Security in 2016The State Of Information and Cyber Security in 2016
The State Of Information and Cyber Security in 2016Shannon G., MBA
 
Enterprise Cyber Security 2016
Enterprise Cyber Security 2016Enterprise Cyber Security 2016
Enterprise Cyber Security 2016Supply Chain Coalition
 
ICION 2016 - Cyber Security Governance
ICION 2016 - Cyber Security GovernanceICION 2016 - Cyber Security Governance
ICION 2016 - Cyber Security GovernanceCharles Lim
 
Cybersecurity: The Danger, the Cost, the Retaliation
Cybersecurity: The Danger, the Cost, the RetaliationCybersecurity: The Danger, the Cost, the Retaliation
Cybersecurity: The Danger, the Cost, the RetaliationPECB
 
Cyber Hygiene
Cyber HygieneCyber Hygiene
Cyber HygieneGAURAV. H .TANDON
 
Cyber security-report-2017
Cyber security-report-2017Cyber security-report-2017
Cyber security-report-2017NRC
 
Cyber Risk Management in 2017: Challenges & Recommendations
Cyber Risk Management in 2017: Challenges & RecommendationsCyber Risk Management in 2017: Challenges & Recommendations
Cyber Risk Management in 2017: Challenges & RecommendationsUlf Mattsson
 
Summer internship - Cybersecurity
Summer internship - CybersecuritySummer internship - Cybersecurity
Summer internship - CybersecurityAbhilashYadav14
 
Building Cyber Resilience in the Digital Economy
Building Cyber Resilience in the Digital EconomyBuilding Cyber Resilience in the Digital Economy
Building Cyber Resilience in the Digital EconomyAgus Wicaksono
 
See How You Measure Up With MaaS360 Mobile Metrics
See How You Measure Up With MaaS360 Mobile MetricsSee How You Measure Up With MaaS360 Mobile Metrics
See How You Measure Up With MaaS360 Mobile MetricsIBM Security
 
Shift Toward Dynamic Cyber Resilience
Shift Toward Dynamic Cyber ResilienceShift Toward Dynamic Cyber Resilience
Shift Toward Dynamic Cyber ResilienceDarren Argyle
 
Insights into cyber security and risk
Insights into cyber security and riskInsights into cyber security and risk
Insights into cyber security and riskEY
 
The Unseen Enemy - Protecting the Brand, the Assets and the Customers
The Unseen Enemy - Protecting the Brand, the Assets and the Customers The Unseen Enemy - Protecting the Brand, the Assets and the Customers
The Unseen Enemy - Protecting the Brand, the Assets and the Customers BDO_Consulting
 
Cybersecurity crisis management a prep guide
Cybersecurity crisis management a prep guideCybersecurity crisis management a prep guide
Cybersecurity crisis management a prep guideJoAnna Cheshire
 

More Related Content

What's hot

Webinar - Cyber Hygiene: Stay Clean at Work and at Home
Webinar - Cyber Hygiene: Stay Clean at Work and at HomeWebinar - Cyber Hygiene: Stay Clean at Work and at Home
Webinar - Cyber Hygiene: Stay Clean at Work and at HomeWPICPE
 
Outlook Briefing 2016: Cyber Security
Outlook Briefing 2016: Cyber SecurityOutlook Briefing 2016: Cyber Security
Outlook Briefing 2016: Cyber SecurityMastel Indonesia
 
CSE 2016 Future of Cyber Security by Matthew Rosenquist
CSE 2016 Future of Cyber Security by Matthew RosenquistCSE 2016 Future of Cyber Security by Matthew Rosenquist
CSE 2016 Future of Cyber Security by Matthew RosenquistMatthew Rosenquist
 
The IBM X-Force 2016 Cyber Security Intelligence Index
The IBM X-Force 2016 Cyber Security Intelligence IndexThe IBM X-Force 2016 Cyber Security Intelligence Index
The IBM X-Force 2016 Cyber Security Intelligence IndexKanishka Ramyar
 
Ethical Hacking vs Penetration Testing vs Cybersecurity: Know the Difference?
Ethical Hacking vs Penetration Testing vs Cybersecurity: Know the Difference?Ethical Hacking vs Penetration Testing vs Cybersecurity: Know the Difference?
Ethical Hacking vs Penetration Testing vs Cybersecurity: Know the Difference?PECB
 
Top 12 Cybersecurity Predictions for 2017
Top 12 Cybersecurity Predictions for 2017Top 12 Cybersecurity Predictions for 2017
Top 12 Cybersecurity Predictions for 2017IBM Security
 
What trends will 2018 bring for Business Continuity Professionals?
What trends will 2018 bring for Business Continuity Professionals?What trends will 2018 bring for Business Continuity Professionals?
What trends will 2018 bring for Business Continuity Professionals?PECB
 
The State Of Information and Cyber Security in 2016
The State Of Information and Cyber Security in 2016The State Of Information and Cyber Security in 2016
The State Of Information and Cyber Security in 2016Shannon G., MBA
 
ICION 2016 - Cyber Security Governance
ICION 2016 - Cyber Security GovernanceICION 2016 - Cyber Security Governance
ICION 2016 - Cyber Security GovernanceCharles Lim
 
Cybersecurity: The Danger, the Cost, the Retaliation
Cybersecurity: The Danger, the Cost, the RetaliationCybersecurity: The Danger, the Cost, the Retaliation
Cybersecurity: The Danger, the Cost, the RetaliationPECB
 
Cyber security-report-2017
Cyber security-report-2017Cyber security-report-2017
Cyber security-report-2017NRC
 
Cyber Risk Management in 2017: Challenges & Recommendations
Cyber Risk Management in 2017: Challenges & RecommendationsCyber Risk Management in 2017: Challenges & Recommendations
Cyber Risk Management in 2017: Challenges & RecommendationsUlf Mattsson
 
Summer internship - Cybersecurity
Summer internship - CybersecuritySummer internship - Cybersecurity
Summer internship - CybersecurityAbhilashYadav14
 
Building Cyber Resilience in the Digital Economy
Building Cyber Resilience in the Digital EconomyBuilding Cyber Resilience in the Digital Economy
Building Cyber Resilience in the Digital EconomyAgus Wicaksono
 
See How You Measure Up With MaaS360 Mobile Metrics
See How You Measure Up With MaaS360 Mobile MetricsSee How You Measure Up With MaaS360 Mobile Metrics
See How You Measure Up With MaaS360 Mobile MetricsIBM Security
 
Shift Toward Dynamic Cyber Resilience
Shift Toward Dynamic Cyber ResilienceShift Toward Dynamic Cyber Resilience
Shift Toward Dynamic Cyber ResilienceDarren Argyle
 
Insights into cyber security and risk
Insights into cyber security and riskInsights into cyber security and risk
Insights into cyber security and riskEY
 

What's hot (20)

Webinar - Cyber Hygiene: Stay Clean at Work and at Home
Webinar - Cyber Hygiene: Stay Clean at Work and at HomeWebinar - Cyber Hygiene: Stay Clean at Work and at Home
Webinar - Cyber Hygiene: Stay Clean at Work and at Home
 
Outlook Briefing 2016: Cyber Security
Outlook Briefing 2016: Cyber SecurityOutlook Briefing 2016: Cyber Security
Outlook Briefing 2016: Cyber Security
 
CSE 2016 Future of Cyber Security by Matthew Rosenquist
CSE 2016 Future of Cyber Security by Matthew RosenquistCSE 2016 Future of Cyber Security by Matthew Rosenquist
CSE 2016 Future of Cyber Security by Matthew Rosenquist
 
The IBM X-Force 2016 Cyber Security Intelligence Index
The IBM X-Force 2016 Cyber Security Intelligence IndexThe IBM X-Force 2016 Cyber Security Intelligence Index
The IBM X-Force 2016 Cyber Security Intelligence Index
 
Ethical Hacking vs Penetration Testing vs Cybersecurity: Know the Difference?
Ethical Hacking vs Penetration Testing vs Cybersecurity: Know the Difference?Ethical Hacking vs Penetration Testing vs Cybersecurity: Know the Difference?
Ethical Hacking vs Penetration Testing vs Cybersecurity: Know the Difference?
 
Top 12 Cybersecurity Predictions for 2017
Top 12 Cybersecurity Predictions for 2017Top 12 Cybersecurity Predictions for 2017
Top 12 Cybersecurity Predictions for 2017
 
Cyber Resilience
Cyber ResilienceCyber Resilience
Cyber Resilience
 
What trends will 2018 bring for Business Continuity Professionals?
What trends will 2018 bring for Business Continuity Professionals?What trends will 2018 bring for Business Continuity Professionals?
What trends will 2018 bring for Business Continuity Professionals?
 
The State Of Information and Cyber Security in 2016
The State Of Information and Cyber Security in 2016The State Of Information and Cyber Security in 2016
The State Of Information and Cyber Security in 2016
 
Enterprise Cyber Security 2016
Enterprise Cyber Security 2016Enterprise Cyber Security 2016
Enterprise Cyber Security 2016
 
ICION 2016 - Cyber Security Governance
ICION 2016 - Cyber Security GovernanceICION 2016 - Cyber Security Governance
ICION 2016 - Cyber Security Governance
 
Cybersecurity: The Danger, the Cost, the Retaliation
Cybersecurity: The Danger, the Cost, the RetaliationCybersecurity: The Danger, the Cost, the Retaliation
Cybersecurity: The Danger, the Cost, the Retaliation
 
Cyber Hygiene
Cyber HygieneCyber Hygiene
Cyber Hygiene
 
Cyber security-report-2017
Cyber security-report-2017Cyber security-report-2017
Cyber security-report-2017
 
Cyber Risk Management in 2017: Challenges & Recommendations
Cyber Risk Management in 2017: Challenges & RecommendationsCyber Risk Management in 2017: Challenges & Recommendations
Cyber Risk Management in 2017: Challenges & Recommendations
 
Summer internship - Cybersecurity
Summer internship - CybersecuritySummer internship - Cybersecurity
Summer internship - Cybersecurity
 
Building Cyber Resilience in the Digital Economy
Building Cyber Resilience in the Digital EconomyBuilding Cyber Resilience in the Digital Economy
Building Cyber Resilience in the Digital Economy
 
See How You Measure Up With MaaS360 Mobile Metrics
See How You Measure Up With MaaS360 Mobile MetricsSee How You Measure Up With MaaS360 Mobile Metrics
See How You Measure Up With MaaS360 Mobile Metrics
 
Shift Toward Dynamic Cyber Resilience
Shift Toward Dynamic Cyber ResilienceShift Toward Dynamic Cyber Resilience
Shift Toward Dynamic Cyber Resilience
 
Insights into cyber security and risk
Insights into cyber security and riskInsights into cyber security and risk
Insights into cyber security and risk
 

Similar to Cyber Security 101: What Your Agency Needs to Know

The Unseen Enemy - Protecting the Brand, the Assets and the Customers
The Unseen Enemy - Protecting the Brand, the Assets and the Customers The Unseen Enemy - Protecting the Brand, the Assets and the Customers
The Unseen Enemy - Protecting the Brand, the Assets and the Customers BDO_Consulting
 
Cybersecurity crisis management a prep guide
Cybersecurity crisis management a prep guideCybersecurity crisis management a prep guide
Cybersecurity crisis management a prep guideJoAnna Cheshire
 
David doughty presentation 181119
David doughty presentation 181119David doughty presentation 181119
David doughty presentation 181119David Doughty
 
Law Firm Hacked by Cyber Criminals
Law Firm Hacked by Cyber Criminals Law Firm Hacked by Cyber Criminals
Law Firm Hacked by Cyber Criminals Richard Brzakala
 
Best practices to mitigate data breach risk
Best practices to mitigate data breach riskBest practices to mitigate data breach risk
Best practices to mitigate data breach riskLivingstone Advisory
 
Cybersecurity in the Boardroom
Cybersecurity in the BoardroomCybersecurity in the Boardroom
Cybersecurity in the BoardroomMarko Suswanto
 
[Webinar Slides] Data Privacy for the IM Practitioner - Practical Advice for ...
[Webinar Slides] Data Privacy for the IM Practitioner - Practical Advice for ...[Webinar Slides] Data Privacy for the IM Practitioner - Practical Advice for ...
[Webinar Slides] Data Privacy for the IM Practitioner - Practical Advice for ...AIIM International
 
Privacy Do's and Don'ts for Customer Service Representatives
Privacy Do's and Don'ts for Customer Service RepresentativesPrivacy Do's and Don'ts for Customer Service Representatives
Privacy Do's and Don'ts for Customer Service RepresentativesArt Hall
 
4th Digital Finance Forum, Simon Brady
4th Digital Finance Forum, Simon Brady4th Digital Finance Forum, Simon Brady
4th Digital Finance Forum, Simon BradyStarttech Ventures
 
Deconstructing Data Breach Cost
Deconstructing Data Breach CostDeconstructing Data Breach Cost
Deconstructing Data Breach CostResilient Systems
 
Corporate & Regulatory Compliance Boot Camp - Data Privacy Compliance
Corporate & Regulatory Compliance Boot Camp - Data Privacy ComplianceCorporate & Regulatory Compliance Boot Camp - Data Privacy Compliance
Corporate & Regulatory Compliance Boot Camp - Data Privacy ComplianceFinancial Poise
 
A CIRO's-eye view of Digital Risk Management
A CIRO's-eye view of Digital Risk ManagementA CIRO's-eye view of Digital Risk Management
A CIRO's-eye view of Digital Risk ManagementDaren Dunkel
 
Cyber Risks Looming in the Transportation Industry
Cyber Risks Looming in the Transportation IndustryCyber Risks Looming in the Transportation Industry
Cyber Risks Looming in the Transportation IndustryHNI Risk Services
 
A Brave New World of Cyber Security and Data Breach
A Brave New World of Cyber Security and Data BreachA Brave New World of Cyber Security and Data Breach
A Brave New World of Cyber Security and Data BreachJim Brashear
 
Data breach presentation
Data breach presentationData breach presentation
Data breach presentationBradford Bach
 
Aceds 2015 Cyberseucity and the Legal Profession - NYC - April 7, 2015
Aceds 2015 Cyberseucity and the Legal Profession - NYC - April 7, 2015Aceds 2015 Cyberseucity and the Legal Profession - NYC - April 7, 2015
Aceds 2015 Cyberseucity and the Legal Profession - NYC - April 7, 2015Joe Bartolo
 

Similar to Cyber Security 101: What Your Agency Needs to Know (20)

The Unseen Enemy - Protecting the Brand, the Assets and the Customers
The Unseen Enemy - Protecting the Brand, the Assets and the Customers The Unseen Enemy - Protecting the Brand, the Assets and the Customers
The Unseen Enemy - Protecting the Brand, the Assets and the Customers
 
Cybersecurity crisis management a prep guide
Cybersecurity crisis management a prep guideCybersecurity crisis management a prep guide
Cybersecurity crisis management a prep guide
 
David doughty presentation 181119
David doughty presentation 181119David doughty presentation 181119
David doughty presentation 181119
 
Law Firm Hacked by Cyber Criminals
Law Firm Hacked by Cyber Criminals Law Firm Hacked by Cyber Criminals
Law Firm Hacked by Cyber Criminals
 
Best practices to mitigate data breach risk
Best practices to mitigate data breach riskBest practices to mitigate data breach risk
Best practices to mitigate data breach risk
 
BEA Presentation
BEA PresentationBEA Presentation
BEA Presentation
 
Cybersecurity in the Boardroom
Cybersecurity in the BoardroomCybersecurity in the Boardroom
Cybersecurity in the Boardroom
 
[Webinar Slides] Data Privacy for the IM Practitioner - Practical Advice for ...
[Webinar Slides] Data Privacy for the IM Practitioner - Practical Advice for ...[Webinar Slides] Data Privacy for the IM Practitioner - Practical Advice for ...
[Webinar Slides] Data Privacy for the IM Practitioner - Practical Advice for ...
 
Privacy Do's and Don'ts for Customer Service Representatives
Privacy Do's and Don'ts for Customer Service RepresentativesPrivacy Do's and Don'ts for Customer Service Representatives
Privacy Do's and Don'ts for Customer Service Representatives
 
4th Digital Finance Forum, Simon Brady
4th Digital Finance Forum, Simon Brady4th Digital Finance Forum, Simon Brady
4th Digital Finance Forum, Simon Brady
 
Deconstructing Data Breach Cost
Deconstructing Data Breach CostDeconstructing Data Breach Cost
Deconstructing Data Breach Cost
 
Co3 rsc r5
Co3 rsc r5Co3 rsc r5
Co3 rsc r5
 
Corporate & Regulatory Compliance Boot Camp - Data Privacy Compliance
Corporate & Regulatory Compliance Boot Camp - Data Privacy ComplianceCorporate & Regulatory Compliance Boot Camp - Data Privacy Compliance
Corporate & Regulatory Compliance Boot Camp - Data Privacy Compliance
 
A CIRO's-eye view of Digital Risk Management
A CIRO's-eye view of Digital Risk ManagementA CIRO's-eye view of Digital Risk Management
A CIRO's-eye view of Digital Risk Management
 
Cyber Risks Looming in the Transportation Industry
Cyber Risks Looming in the Transportation IndustryCyber Risks Looming in the Transportation Industry
Cyber Risks Looming in the Transportation Industry
 
A Brave New World of Cyber Security and Data Breach
A Brave New World of Cyber Security and Data BreachA Brave New World of Cyber Security and Data Breach
A Brave New World of Cyber Security and Data Breach
 
Cybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesCybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for Executives
 
Data Privacy Compliance
Data Privacy ComplianceData Privacy Compliance
Data Privacy Compliance
 
Data breach presentation
Data breach presentationData breach presentation
Data breach presentation
 
Aceds 2015 Cyberseucity and the Legal Profession - NYC - April 7, 2015
Aceds 2015 Cyberseucity and the Legal Profession - NYC - April 7, 2015Aceds 2015 Cyberseucity and the Legal Profession - NYC - April 7, 2015
Aceds 2015 Cyberseucity and the Legal Profession - NYC - April 7, 2015
 

More from Sandra Fathi

News Making Machine - How Story Hijacking & Trend Intervention Can Transform ...
News Making Machine - How Story Hijacking & Trend Intervention Can Transform ...News Making Machine - How Story Hijacking & Trend Intervention Can Transform ...
News Making Machine - How Story Hijacking & Trend Intervention Can Transform ...Sandra Fathi
 
Cyber Crime: Preparing Your Organization for the New Normal
Cyber Crime: Preparing Your Organization for the New NormalCyber Crime: Preparing Your Organization for the New Normal
Cyber Crime: Preparing Your Organization for the New NormalSandra Fathi
 
Women's Leadership Conference: Changing Perceptions to Change Reality
Women's Leadership Conference: Changing Perceptions to Change RealityWomen's Leadership Conference: Changing Perceptions to Change Reality
Women's Leadership Conference: Changing Perceptions to Change RealitySandra Fathi
 
Managing a Hack: Orchestrating Incident Response to Preserve Brand Reputation
Managing a Hack: Orchestrating Incident Response to Preserve Brand ReputationManaging a Hack: Orchestrating Incident Response to Preserve Brand Reputation
Managing a Hack: Orchestrating Incident Response to Preserve Brand ReputationSandra Fathi
 
PR in the Era of Fake News
PR in the Era of Fake NewsPR in the Era of Fake News
PR in the Era of Fake NewsSandra Fathi
 
FPRA Capital Chapter: Managing a Hack
FPRA Capital Chapter: Managing a HackFPRA Capital Chapter: Managing a Hack
FPRA Capital Chapter: Managing a HackSandra Fathi
 
Social Shakeup Atlanta: When the Sh*t Hits the Fan - Managing Crises on Socia...
Social Shakeup Atlanta: When the Sh*t Hits the Fan - Managing Crises on Socia...Social Shakeup Atlanta: When the Sh*t Hits the Fan - Managing Crises on Socia...
Social Shakeup Atlanta: When the Sh*t Hits the Fan - Managing Crises on Socia...Sandra Fathi
 
Show Me the Money: PR Metrics that Impress the C-Suite
Show Me the Money: PR Metrics that Impress the C-SuiteShow Me the Money: PR Metrics that Impress the C-Suite
Show Me the Money: PR Metrics that Impress the C-SuiteSandra Fathi
 
Managing a Hack: A Communicator's Guide to a Data Breach
Managing a Hack: A Communicator's Guide to a Data BreachManaging a Hack: A Communicator's Guide to a Data Breach
Managing a Hack: A Communicator's Guide to a Data BreachSandra Fathi
 
Flash Fires: Crisis Communications in the Age of NOW
Flash Fires: Crisis Communications in the Age of NOWFlash Fires: Crisis Communications in the Age of NOW
Flash Fires: Crisis Communications in the Age of NOWSandra Fathi
 
Break From the Pack with Data Visualization & Infographics
Break From the Pack with Data Visualization & InfographicsBreak From the Pack with Data Visualization & Infographics
Break From the Pack with Data Visualization & InfographicsSandra Fathi
 
Fear Factor Metrics: PR Metrics Communicators Fear Most
Fear Factor Metrics: PR Metrics Communicators Fear MostFear Factor Metrics: PR Metrics Communicators Fear Most
Fear Factor Metrics: PR Metrics Communicators Fear MostSandra Fathi
 
Trade Secrets Your Agency Isn't Sharing
Trade Secrets Your Agency Isn't SharingTrade Secrets Your Agency Isn't Sharing
Trade Secrets Your Agency Isn't SharingSandra Fathi
 
Bloggers Speak Out: New paid and pitching techniques to score more placement
Bloggers Speak Out: New paid and pitching techniques to score more placement Bloggers Speak Out: New paid and pitching techniques to score more placement
Bloggers Speak Out: New paid and pitching techniques to score more placement Sandra Fathi
 
Data-Driven PR Measurement (eMetrics Chicago)
Data-Driven PR Measurement (eMetrics Chicago)Data-Driven PR Measurement (eMetrics Chicago)
Data-Driven PR Measurement (eMetrics Chicago)Sandra Fathi
 
Data-Driven PR Metrics: Share of Voice, Competitive Benchmarking, Correlations
Data-Driven PR Metrics: Share of Voice, Competitive Benchmarking, CorrelationsData-Driven PR Metrics: Share of Voice, Competitive Benchmarking, Correlations
Data-Driven PR Metrics: Share of Voice, Competitive Benchmarking, CorrelationsSandra Fathi
 
How to Develop a Content Strategy
How to Develop a Content StrategyHow to Develop a Content Strategy
How to Develop a Content StrategySandra Fathi
 
Payback: The ROI of SM & PR Measurement
Payback: The ROI of SM & PR MeasurementPayback: The ROI of SM & PR Measurement
Payback: The ROI of SM & PR MeasurementSandra Fathi
 
Before Disaster Strikes: Creating an Effective Crisis Communications Plan
Before Disaster Strikes: Creating an Effective Crisis Communications PlanBefore Disaster Strikes: Creating an Effective Crisis Communications Plan
Before Disaster Strikes: Creating an Effective Crisis Communications PlanSandra Fathi
 
Before Disaster Strikes: Creating an Effective Crisis Communications Plan
Before Disaster Strikes: Creating an Effective Crisis Communications PlanBefore Disaster Strikes: Creating an Effective Crisis Communications Plan
Before Disaster Strikes: Creating an Effective Crisis Communications PlanSandra Fathi
 

More from Sandra Fathi (20)

News Making Machine - How Story Hijacking & Trend Intervention Can Transform ...
News Making Machine - How Story Hijacking & Trend Intervention Can Transform ...News Making Machine - How Story Hijacking & Trend Intervention Can Transform ...
News Making Machine - How Story Hijacking & Trend Intervention Can Transform ...
 
Cyber Crime: Preparing Your Organization for the New Normal
Cyber Crime: Preparing Your Organization for the New NormalCyber Crime: Preparing Your Organization for the New Normal
Cyber Crime: Preparing Your Organization for the New Normal
 
Women's Leadership Conference: Changing Perceptions to Change Reality
Women's Leadership Conference: Changing Perceptions to Change RealityWomen's Leadership Conference: Changing Perceptions to Change Reality
Women's Leadership Conference: Changing Perceptions to Change Reality
 
Managing a Hack: Orchestrating Incident Response to Preserve Brand Reputation
Managing a Hack: Orchestrating Incident Response to Preserve Brand ReputationManaging a Hack: Orchestrating Incident Response to Preserve Brand Reputation
Managing a Hack: Orchestrating Incident Response to Preserve Brand Reputation
 
PR in the Era of Fake News
PR in the Era of Fake NewsPR in the Era of Fake News
PR in the Era of Fake News
 
FPRA Capital Chapter: Managing a Hack
FPRA Capital Chapter: Managing a HackFPRA Capital Chapter: Managing a Hack
FPRA Capital Chapter: Managing a Hack
 
Social Shakeup Atlanta: When the Sh*t Hits the Fan - Managing Crises on Socia...
Social Shakeup Atlanta: When the Sh*t Hits the Fan - Managing Crises on Socia...Social Shakeup Atlanta: When the Sh*t Hits the Fan - Managing Crises on Socia...
Social Shakeup Atlanta: When the Sh*t Hits the Fan - Managing Crises on Socia...
 
Show Me the Money: PR Metrics that Impress the C-Suite
Show Me the Money: PR Metrics that Impress the C-SuiteShow Me the Money: PR Metrics that Impress the C-Suite
Show Me the Money: PR Metrics that Impress the C-Suite
 
Managing a Hack: A Communicator's Guide to a Data Breach
Managing a Hack: A Communicator's Guide to a Data BreachManaging a Hack: A Communicator's Guide to a Data Breach
Managing a Hack: A Communicator's Guide to a Data Breach
 
Flash Fires: Crisis Communications in the Age of NOW
Flash Fires: Crisis Communications in the Age of NOWFlash Fires: Crisis Communications in the Age of NOW
Flash Fires: Crisis Communications in the Age of NOW
 
Break From the Pack with Data Visualization & Infographics
Break From the Pack with Data Visualization & InfographicsBreak From the Pack with Data Visualization & Infographics
Break From the Pack with Data Visualization & Infographics
 
Fear Factor Metrics: PR Metrics Communicators Fear Most
Fear Factor Metrics: PR Metrics Communicators Fear MostFear Factor Metrics: PR Metrics Communicators Fear Most
Fear Factor Metrics: PR Metrics Communicators Fear Most
 
Trade Secrets Your Agency Isn't Sharing
Trade Secrets Your Agency Isn't SharingTrade Secrets Your Agency Isn't Sharing
Trade Secrets Your Agency Isn't Sharing
 
Bloggers Speak Out: New paid and pitching techniques to score more placement
Bloggers Speak Out: New paid and pitching techniques to score more placement Bloggers Speak Out: New paid and pitching techniques to score more placement
Bloggers Speak Out: New paid and pitching techniques to score more placement
 
Data-Driven PR Measurement (eMetrics Chicago)
Data-Driven PR Measurement (eMetrics Chicago)Data-Driven PR Measurement (eMetrics Chicago)
Data-Driven PR Measurement (eMetrics Chicago)
 
Data-Driven PR Metrics: Share of Voice, Competitive Benchmarking, Correlations
Data-Driven PR Metrics: Share of Voice, Competitive Benchmarking, CorrelationsData-Driven PR Metrics: Share of Voice, Competitive Benchmarking, Correlations
Data-Driven PR Metrics: Share of Voice, Competitive Benchmarking, Correlations
 
How to Develop a Content Strategy
How to Develop a Content StrategyHow to Develop a Content Strategy
How to Develop a Content Strategy
 
Payback: The ROI of SM & PR Measurement
Payback: The ROI of SM & PR MeasurementPayback: The ROI of SM & PR Measurement
Payback: The ROI of SM & PR Measurement
 
Before Disaster Strikes: Creating an Effective Crisis Communications Plan
Before Disaster Strikes: Creating an Effective Crisis Communications PlanBefore Disaster Strikes: Creating an Effective Crisis Communications Plan
Before Disaster Strikes: Creating an Effective Crisis Communications Plan
 
Before Disaster Strikes: Creating an Effective Crisis Communications Plan
Before Disaster Strikes: Creating an Effective Crisis Communications PlanBefore Disaster Strikes: Creating an Effective Crisis Communications Plan
Before Disaster Strikes: Creating an Effective Crisis Communications Plan
 

Recently uploaded

Call Girls Service In Old Town Dubai ((0551707352)) Old Town Dubai Call Girl ...
Call Girls Service In Old Town Dubai ((0551707352)) Old Town Dubai Call Girl ...Call Girls Service In Old Town Dubai ((0551707352)) Old Town Dubai Call Girl ...
Call Girls Service In Old Town Dubai ((0551707352)) Old Town Dubai Call Girl ...allensay1
 
Dr. Admir Softic_ presentation_Green Club_ENG.pdf
Dr. Admir Softic_ presentation_Green Club_ENG.pdfDr. Admir Softic_ presentation_Green Club_ENG.pdf
Dr. Admir Softic_ presentation_Green Club_ENG.pdfAdmir Softic
 
Falcon's Invoice Discounting: Your Path to Prosperity
Falcon's Invoice Discounting: Your Path to ProsperityFalcon's Invoice Discounting: Your Path to Prosperity
Falcon's Invoice Discounting: Your Path to Prosperityhemanthkumar470700
 
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best ServicesMysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best ServicesDipal Arora
 
Cracking the Cultural Competence Code.pptx
Cracking the Cultural Competence Code.pptxCracking the Cultural Competence Code.pptx
Cracking the Cultural Competence Code.pptxWorkforce Group
 
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service AvailableCall Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service AvailableSeo
 
Chandigarh Escorts Service 📞8868886958📞 Just📲 Call Nihal Chandigarh Call Girl...
Chandigarh Escorts Service 📞8868886958📞 Just📲 Call Nihal Chandigarh Call Girl...Chandigarh Escorts Service 📞8868886958📞 Just📲 Call Nihal Chandigarh Call Girl...
Chandigarh Escorts Service 📞8868886958📞 Just📲 Call Nihal Chandigarh Call Girl...Sheetaleventcompany
 
Organizational Transformation Lead with Culture
Organizational Transformation Lead with CultureOrganizational Transformation Lead with Culture
Organizational Transformation Lead with CultureSeta Wicaksana
 
How to Get Started in Social Media for Art League City
How to Get Started in Social Media for Art League CityHow to Get Started in Social Media for Art League City
How to Get Started in Social Media for Art League CityEric T. Tung
 
Nelamangala Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore...
Nelamangala Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore...Nelamangala Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore...
Nelamangala Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore...amitlee9823
 
Russian Call Girls In Rajiv Chowk Gurgaon ❤️8448577510 ⊹Best Escorts Service ...
Russian Call Girls In Rajiv Chowk Gurgaon ❤️8448577510 ⊹Best Escorts Service ...Russian Call Girls In Rajiv Chowk Gurgaon ❤️8448577510 ⊹Best Escorts Service ...
Russian Call Girls In Rajiv Chowk Gurgaon ❤️8448577510 ⊹Best Escorts Service ...lizamodels9
 
Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...
Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...
Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...lizamodels9
 
BAGALUR CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRL
BAGALUR CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRLBAGALUR CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRL
BAGALUR CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRLkapoorjyoti4444
 
Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876
Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876
Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876dlhescort
 
JAYNAGAR CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRL
JAYNAGAR CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRLJAYNAGAR CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRL
JAYNAGAR CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRLkapoorjyoti4444
 
Call Girls Zirakpur👧 Book Now📱7837612180 📞👉Call Girl Service In Zirakpur No A...
Call Girls Zirakpur👧 Book Now📱7837612180 📞👉Call Girl Service In Zirakpur No A...Call Girls Zirakpur👧 Book Now📱7837612180 📞👉Call Girl Service In Zirakpur No A...
Call Girls Zirakpur👧 Book Now📱7837612180 📞👉Call Girl Service In Zirakpur No A...Sheetaleventcompany
 
Call Girls From Pari Chowk Greater Noida ❤️8448577510 ⊹Best Escorts Service I...
Call Girls From Pari Chowk Greater Noida ❤️8448577510 ⊹Best Escorts Service I...Call Girls From Pari Chowk Greater Noida ❤️8448577510 ⊹Best Escorts Service I...
Call Girls From Pari Chowk Greater Noida ❤️8448577510 ⊹Best Escorts Service I...lizamodels9
 
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...daisycvs
 

Recently uploaded (20)

Call Girls Service In Old Town Dubai ((0551707352)) Old Town Dubai Call Girl ...
Call Girls Service In Old Town Dubai ((0551707352)) Old Town Dubai Call Girl ...Call Girls Service In Old Town Dubai ((0551707352)) Old Town Dubai Call Girl ...
Call Girls Service In Old Town Dubai ((0551707352)) Old Town Dubai Call Girl ...
 
Falcon Invoice Discounting platform in india
Falcon Invoice Discounting platform in indiaFalcon Invoice Discounting platform in india
Falcon Invoice Discounting platform in india
 
Dr. Admir Softic_ presentation_Green Club_ENG.pdf
Dr. Admir Softic_ presentation_Green Club_ENG.pdfDr. Admir Softic_ presentation_Green Club_ENG.pdf
Dr. Admir Softic_ presentation_Green Club_ENG.pdf
 
Falcon's Invoice Discounting: Your Path to Prosperity
Falcon's Invoice Discounting: Your Path to ProsperityFalcon's Invoice Discounting: Your Path to Prosperity
Falcon's Invoice Discounting: Your Path to Prosperity
 
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best ServicesMysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
 
Cracking the Cultural Competence Code.pptx
Cracking the Cultural Competence Code.pptxCracking the Cultural Competence Code.pptx
Cracking the Cultural Competence Code.pptx
 
(Anamika) VIP Call Girls Napur Call Now 8617697112 Napur Escorts 24x7
(Anamika) VIP Call Girls Napur Call Now 8617697112 Napur Escorts 24x7(Anamika) VIP Call Girls Napur Call Now 8617697112 Napur Escorts 24x7
(Anamika) VIP Call Girls Napur Call Now 8617697112 Napur Escorts 24x7
 
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service AvailableCall Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
 
Chandigarh Escorts Service 📞8868886958📞 Just📲 Call Nihal Chandigarh Call Girl...
Chandigarh Escorts Service 📞8868886958📞 Just📲 Call Nihal Chandigarh Call Girl...Chandigarh Escorts Service 📞8868886958📞 Just📲 Call Nihal Chandigarh Call Girl...
Chandigarh Escorts Service 📞8868886958📞 Just📲 Call Nihal Chandigarh Call Girl...
 
Organizational Transformation Lead with Culture
Organizational Transformation Lead with CultureOrganizational Transformation Lead with Culture
Organizational Transformation Lead with Culture
 
How to Get Started in Social Media for Art League City
How to Get Started in Social Media for Art League CityHow to Get Started in Social Media for Art League City
How to Get Started in Social Media for Art League City
 
Nelamangala Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore...
Nelamangala Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore...Nelamangala Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore...
Nelamangala Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore...
 
Russian Call Girls In Rajiv Chowk Gurgaon ❤️8448577510 ⊹Best Escorts Service ...
Russian Call Girls In Rajiv Chowk Gurgaon ❤️8448577510 ⊹Best Escorts Service ...Russian Call Girls In Rajiv Chowk Gurgaon ❤️8448577510 ⊹Best Escorts Service ...
Russian Call Girls In Rajiv Chowk Gurgaon ❤️8448577510 ⊹Best Escorts Service ...
 
Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...
Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...
Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...
 
BAGALUR CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRL
BAGALUR CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRLBAGALUR CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRL
BAGALUR CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRL
 
Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876
Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876
Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876
 
JAYNAGAR CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRL
JAYNAGAR CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRLJAYNAGAR CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRL
JAYNAGAR CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRL
 
Call Girls Zirakpur👧 Book Now📱7837612180 📞👉Call Girl Service In Zirakpur No A...
Call Girls Zirakpur👧 Book Now📱7837612180 📞👉Call Girl Service In Zirakpur No A...Call Girls Zirakpur👧 Book Now📱7837612180 📞👉Call Girl Service In Zirakpur No A...
Call Girls Zirakpur👧 Book Now📱7837612180 📞👉Call Girl Service In Zirakpur No A...
 
Call Girls From Pari Chowk Greater Noida ❤️8448577510 ⊹Best Escorts Service I...
Call Girls From Pari Chowk Greater Noida ❤️8448577510 ⊹Best Escorts Service I...Call Girls From Pari Chowk Greater Noida ❤️8448577510 ⊹Best Escorts Service I...
Call Girls From Pari Chowk Greater Noida ❤️8448577510 ⊹Best Escorts Service I...
 
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...
 

Cyber Security 101: What Your Agency Needs to Know

  • 1. PROPRIETARY & CONFIDENTIAL March 4, 2010Affect Strategies CYBER SECURITY 101: What Your Agency Needs to Know PR Council Genome Series May 4, 2017
  • 2. PROPRIETARY & CONFIDENTIAL PRESENTERS Sandra Fathi, President, Affect PR Council Board Member sfathi@affect.com @sandrafathi Simon Russell Managing Partner, BeCyberSure simonr@becybersure.com Vince L. Martinez Partner, K&L Gates LLP Vince.martinez@klgates.com
  • 3. PROPRIETARY & CONFIDENTIAL I.  Cyber Security 101: What you need to know about cyber security and threats in an agency environment II.  Legal Ramifications: Cyber security and the law, the agency’s responsibilities and liabilities III.  Crisis Communications: When it happens to you, a plan of action AGENDA March 4, 2010Affect
  • 4. PROPRIETARY & CONFIDENTIAL DEFENDING ENTERPRISE INTEGRITY Making InfoSec Part of the Culture Simon Russell, Managing Partner, BeCyberSure North America
  • 5. PROPRIETARY & CONFIDENTIAL Defending(Enterprise(Integrity((( What is “Cyber Security”?( •  The(process(of(applying(security( measures(to(ensure( confiden9ality,(integrity,(and( availability(of(data( •  Essen9ally,(protec9on(against( Cyber(Risk( What is “Cyber Risk”?( •  “Cyber(Risk”(means(any(risk(of( financial(loss,(disrup9on(or(damage( to(the(reputa9on(of(an(individual(or( organiza9on(from(some(sort(of( failure(of(their(informa9on( technology(systems(
  • 7. PROPRIETARY & CONFIDENTIAL Defending(Enterprise(Integrity((( Method# Problem# Solu+on# Wireless#Hotspots,# Bluetooth#+#Mobile# Subject(to(man(in(the( middle(aEacks( Public(WiHFi(/(VPN( Printers# LogHin(details(are( recorded( Default(password( Invoice#Processing#+# Payroll# Payment(redirec9on( Conveyancing( Payroll(Intercep9on( Loss(of(PII( Policy(and(procedures.( Friday(aPernoon( syndrome( Phishing#+#Ransomware# # Loss(of(data(/(access( Training( The#Cloud!# Lack(of(control( Use(2(FA(and(encryp9on( IT’S#ALL#TOO#EASY#
  • 10. PROPRIETARY & CONFIDENTIAL EXCUSES#FOR#NOT#ADDRESSING#CYBER# Defending(Enterprise(Integrity((( •  Usually easier targetI’M TOO SMALL •  All data has value or you could be a stepping stoneNOTHING WORTH STEALING •  Every organization is of interest to the criminal – they do not discriminate MY TYPE OF BUSINESS IS NOT A TARGET •  Not the point- there are other assets to stealI DON’T HANDLE MONEY •  You are still responsible - the responsibility is not outsourced I OUTSOURCE IT, PAYMENTS, ETC •  Not any more! SOMEONE ELSE WILL PAY IF SOMETHING GOES WRONG (e.g. banks, insurance)
  • 11. PROPRIETARY & CONFIDENTIAL (( 12© 2015 Optimal Risk and its partners/affiliates. All rights reserved. Source: 2014 Verizon Data Breach Investigations Report Secs# Mins# Hrs# Days# Weeks# Months# Years# Compromise( 19%( 42%( 12%( 23%( 0%( 5%( 1%( Exfiltra9on( 3%( 27%( 21%( 21%( 18%( 9%( 0%( Discovery( 0%( 3%( 11%( 17%( 16%( 41%( 11%( Containment( 0%( 2%( 5%( 42%( 22%( 29%( 0%( Timespan of events by % of Web App breaches In 50% of breaches, data is stolen in hours 41% of breaches are not discovered for months Be Very Worried 40% of companies experienced a data breach 61% of espionage is not discovered for months More than 50% of companies do NOT conduct security testing 38% of companies are not capable of resolving an attack 51% increase of companies reporting >$10M loss 34% of companies do not know if/ how
  • 14. PROPRIETARY & CONFIDENTIAL What(Steps(Should(You(Take?( •  Info(Security(audit(to(expose(holes(in(architecture,( focus(on(what(data(you(have(and(where(it(sits.(( •  Policies(and(Procedures( •  Social(engineering(tes9ng(i.e.(Phishing(( •  Ongoing(Penetra9on(tes9ng( •  Staff(training( •  System(monitoring( •  Think(about(3rd(party(risks( # #Defending(Enterprise(Integrity(((
  • 16. Regulatory and Legal Considerations
  • 17. Basic Incident Response Steps •  Recognize the occurrence of an incident. •  Notify and assemble the incident response team to begin the investigation. •  The internal team can include IT, Security, HR, Counsel, Compliance, business heads and IR. •  The external team can include outside counsel, technological consultancies and crisis management / public relations firms. •  Identify and fix (or contain) the technological issue. •  Determine any legal obligations and comply. •  Determine if any public reporting obligations exist. •  Communicate with the public as appropriate. •  Eradicate remnants of the security incident and recover business operations.
  • 18. Data Breach Notification Requirements •  The primary consideration is the exposure of personally identifiable information (PII). •  All states except AL and SD require companies to notify affected individuals when their PII has been compromised. •  There are variances in notification laws and the types of data considered PII. •  Most states require notice as soon as reasonably possible; a few require notice within 30 to 45 days of discovery. •  Certain federal laws, such as HIPAA and GLBA, require companies to notify affected individuals. •  Certain federal regulators, including the FTC and FCC, are active within their jurisdictions. •  Breach notification can also be a function of contract, which should be known before an incident occurs.
  • 19. Notifying Law Enforcement •  Relevant federal law enforcement agencies include the FBI and the Secret Service. •  The Department of Justice has issued guidance for interacting with federal law enforcement authorities in the wake of a cybersecurity event. •  https://www.justice.gov/sites/default/files/criminal-ccips/legacy/ 2015/04/30/04272015reporting-cyber-incidents-final.pdf •  State Attorneys General may also be required to be notified. •  It is a best practice to have pre-established contacts with law enforcement before an event. •  Remember that law enforcement has different goals than you when responding to a cybersecurity event, and the logistics and possible issues surrounding law enforcement involvement should be understood beforehand.
  • 20. Public Company Reporting Obligations •  The SEC’s Division of Corporation Finance offered guidance in 2011. •  https://www.sec.gov/divisions/corpfin/guidance/cfguidance-topic2.htm •  The guidance gives context to materiality in several parts of periodic reports. •  Some incidents may be described generally in quarterly and annual filings. •  Filing a Form 8-K is most appropriate for events of immediate material consequence to investors. •  The SEC has not yet brought an enforcement action for inadequate cybersecurity disclosure, but has frequently indicated its interest in doing so.
  • 21. Recent Regulatory Developments •  The New York Department of Financial Services recently implemented regulations for certain financial institutions: •  http://www.dfs.ny.gov/legal/regulations/adoptions/dfsrf500txt.pdf •  Affects both businesses registered under the New York Banking, Insurance and Financial Services Laws, as well as certain third parties that service those businesses. •  Contains specific technological measures required of covered entities. •  The Colorado Division of Securities recently proposed enhanced cybersecurity measures for broker-dealers and investment advisers: •  https://drive.google.com/file/d/0BymCt_FLs-RGUWl5c3lDUVlzeDg/view •  Specifies what measures firms should consider in order to have “written procedures reasonably designed to ensure cybersecurity.” •  Takeaway: More regulators are beginning to list specific measures required.
  • 22. Consequences of a Cyber Incident •  Major damage to the company’s operations, customer loyalty, reputation and financial results. •  Litigation, settlement, repair and remediation costs in recent cases have reached into the tens of millions of dollars, including: •  Example: Target - breach related costs approaching $180 million per latest Form 10-K. •  Shareholder derivative actions, including against directors •  Customer class actions •  Litigation with (former) business partners •  Regulatory investigations, actions and remediation oversight •  Example: FTC v. Wyndham Worldwide Corp. •  Inadequate or misleading data security protections can be charged as unfair and deceptive trade practices. •  Activist investor campaigns
  • 23. Roles for Outside Counsel •  Extend attorney-client privilege to response advice. •  Extend work product protection to investigative documentation. •  Hire other third parties as agents of the legal engagement. •  Establish contact with law enforcement. •  Identify likely regulators and applicable standards and guidance. •  Identify legal and contractual obligations to notify or report. •  Ensure legal accuracy of public statements.
  • 25. PROPRIETARY & CONFIDENTIAL WHY DO AGENCIES THINK THEY ARE IMMUNE?
  • 26. PROPRIETARY & CONFIDENTIAL WHAT’S THE SCENARIO •  Scenario #1: A reporter tweets that they’ve broken a story about your data breach – you were unaware that the press was aware. •  Scenario #2: IT department detects a breach and informs the PR department that it has been mitigated. •  Scenario #3: The FBI calls to tell you that they are investigating your data breach. •  Scenario #4: The IT department reports a breach to PR, but has no idea how large it is or what the total impact will be. •  Scenario #5: A Hacker threatens to release your client’s data if you don’t pay $100,000 in Bitcoin You need a plan and you needed it yesterday.
  • 27. PROPRIETARY & CONFIDENTIAL THE THREAT IS REAL •  The Element of Surprise: breaches are often leaked to the media before full investigations are complete •  Under Pressure: Customers, media, employees etc. demand information •  The Gift that Keeps on Giving: Data breach incidents tend to have more than one news cycle •  Social Media Wildfire: False information spreads quickly on sites like Twitter, Facebook and LinkedIn If you are prepared for data breach response, you have a better chance of controlling your message and preserving your reputation.
  • 28. PROPRIETARY & CONFIDENTIALAffect CORE CONCEPTS CRISIS COMMUNICATIONS 4 Phases of Crisis Communications 1.  Readiness 2.  Response 3.  Reassurance 4.  Recovery
  • 29. PROPRIETARY & CONFIDENTIALAffect PHASE 1: READINESS PREVENTATIVE MEDICINE Anticipating a Crisis 1.  Crisis Mapping (SWOT Analysis) 2.  Policies and Procedures (Prevention) 3.  Crisis Monitoring 4.  Crisis Communications Plan 5.  Crisis Action Plan 6.  Crisis Standard Communications Template
  • 30. PROPRIETARY & CONFIDENTIALAffect THREAT MAPPING RISK ASSESSMENT Internal •  Employees •  Facilities •  Vendors/Suppliers •  Distributors/Resellers •  Product External •  Acts of Nature •  Market •  Legal Restrictions/Law •  Customers •  Advocacy Groups Anticipating & Understanding Threats to a Business People, Products, Facilities, Environment, Information
  • 31. PROPRIETARY & CONFIDENTIALAffect INFORMATION THREATS What’s in your files? 1.  HR – Name, Address, Social Security 2.  Payroll – Name, Address, Social Security & Bank Account 3.  Customer – Name, Address, Credit Card & Bank Account 4.  Vendor – Name, Address, Credit Card & Bank Account 5.  Other – Medical Records, Demographic Information, Email, File Servers etc.
  • 32. PROPRIETARY & CONFIDENTIALAffect CRISIS COMMUNICATIONS ANTICIPATING THREATS Create A Chart: Potential Informational Threats to Your Business HR Sales Marketing Finance Rank Order High Risk to Low Risk
  • 33. PROPRIETARY & CONFIDENTIALAffect CRISIS TOOLKIT RESPONSE RESOURCES 1. Develop materials: •  Messages/FAQ •  Prepared statements •  Press release template •  Customer letters 2.  Train employees •  Awareness •  Anticipation •  Organizational Preparation 3. Prepare channels: •  Hotline •  Dark site •  Social Media 4. Data Breach/Customer Assistance Resources •  Microsite/Landing Page FAQ •  Identity Theft Remediation Services •  Force Password/Account Information Change •  Special Customer Advocate/Team
  • 34. PROPRIETARY & CONFIDENTIALAffect IMMEDIATE ACTION BEST PRACTICES Preparing a Response 1.  Don’t delay 2.  Acknowledge situation 3.  Acknowledge impact and ‘victims’ 4.  Commit to investigate 5.  Commit to sharing information and cooperation with relevant parties 6.  Share corrective action plan if available 7.  Respond in the format in which the crisis was received**
  • 35. PROPRIETARY & CONFIDENTIALAffect RESPONSE OUTLINE CRITICAL INFORMATION Prepare a Template Crisis Response: 1.  What happened? 2.  What do we know about it? 3.  Who/what was impacted? 4.  How do we feel about it? (How should we feel?) 5.  What are we going to do about it? 6.  When are we going to do it? 7.  When/how will we communicate next?
  • 36. PROPRIETARY & CONFIDENTIALAffect CUSTOMER COMMUNICATION Notice of Data Breach 1.  Introduction: Why are we contacting you? 2.  What happened? 3.  What information was compromised? 4.  What are we doing to remedy the situation? 5.  What can you do to prevent/mitigate further risk? 6.  Where can you find more information?
  • 37. PROPRIETARY & CONFIDENTIAL BREACH NOTIFICATIONS SAMPLES
  • 38. PROPRIETARY & CONFIDENTIALAffect PHASE 3: REASSURANCE DOSE OF MEDICINE Who to Reassure? How to Reassure? 1.  Develop full response plan 2.  Put plan into action: Immediate remedy 3.  Communicate results of plan and impact 4.  Reaffirm commitment to correction 5.  Demonstrate results of program
  • 39. PROPRIETARY & CONFIDENTIALAffect PHASE 4: RECOVERY LONG-TERM TREATMENT PLAN Rebuilding reputation, trust and customer loyalty Implementing preventative measures for long-term crisis mitigation and/or prevention 1.  Review need for operational, regulatory, environmental and employee changes 2.  Develop long-term plan including policies and prevention tactics 3.  Reassess crisis plan 4.  Regain customer/public trust
  • 40. PROPRIETARY & CONFIDENTIALAffect 1.  Implement Policies to Address Potential Vulnerabilities 2.  Establish a Regular Review Cycle for Information Security 3.  Establish Inter-Departmental Cooperation 4.  Establish a Framework for Response 5.  Build a Data Breach Crisis Toolkit 10 KEY TAKEAWAYS CRISIS COMMUNICATIONS FOR DATA BREACHES
  • 41. PROPRIETARY & CONFIDENTIALAffect 6.  Know Where & How to Respond 7.  Prepare Your Employees in Advance 8.  Establish Assistance Services for those Impacted 9.  Know the Law Regarding Reporting in All Regions of Operations 10.  Be Honest, Be Transparent 10 KEY TAKEAWAYS CRISIS COMMUNICATIONS FOR DATA BREACHES
  • 42. PROPRIETARY & CONFIDENTIALAffect RESOURCES White Paper: Crisis Communications in the Social Media Age Download at: Affect.com
  • 43. PROPRIETARY & CONFIDENTIAL March 4, 2010Affect Strategies Thank you Slides Available: Slideshare.net/sfathi Sandra Fathi, President, Affect PR Council Board Member sfathi@affect.com @sandrafathi Simon Russell Managing Partner, BeCyberSure simonr@becybersure.com Vince L. Martinez Partner, K&L Gates LLP Vince.martinez@klgates.com