Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

FPRA Capital Chapter: Managing a Hack

This presentation was given at the FPRA Capital Chapter's meeting in Tallahasse on May 25, 2017. It covers what communicators need to know in the event of a data breach or cyber security incident.

  • Login to see the comments

  • Be the first to like this

FPRA Capital Chapter: Managing a Hack

  1. 1. PROPRIETARY & CONFIDENTIAL March 4, 2010Affect Strategies
  2. 2. PROPRIETARY & CONFIDENTIAL March 4, 2010Affect Strategies MANAGING A HACK: A Communicator’s Guide to Responding to a Data Breach Sandra Fathi President, Affect Email: tweet: @sandrafathi web: blog: FPRA Capital Chapter May 25, 2017
  3. 3. PROPRIETARY & CONFIDENTIAL SANDRA FATHI Founder and president of Affect, a public relations and social media firm specializing in technology, healthcare and professional services o  Board Member, PR Council o  Past Tri-State District Chair, PRSA o  Past President, PRSA-NY Chapter o  Past President, PRSA Technology Section   @sandrafathi @sandrafathi Affect
  4. 4. PROPRIETARY & CONFIDENTIAL SAMPLE CRISIS WORK o  Data Breaches, Identity Theft, Website Hacks, Malware (Multiple Companies) o  Product Recall for Potential Lead Poisoning (Baby Product) o  Hurricane Sandy, Hurricane Irene (ConEd) o  Worker Strike, Manhole Cover Explosion, Building Explosion (ConEd) o  Hit & Run (By Company Employee) o  Sexual Harassment and Executive Misconduct (By CEO) o  Executive Arrest for DUI o  Terrorist Activity Interrupts Operations (Tech Company) o  Foreign Mafia Threats on Executives o  Employee Kidnapping/Release by Militia (EDS)   @sandrafathi@sandrafathi Affect
  6. 6. PROPRIETARY & CONFIDENTIAL Cyber Threats Insiders Hacktivist Organized Crime Script Kiddies Cyber Terrorist State- Sponsored WHO IS BEHIND IT @sandrafathi Affect
  7. 7. PROPRIETARY & CONFIDENTIAL@sandrafathi Affect
  12. 12. PROPRIETARY & CONFIDENTIAL THE THREAT IS REAL •  The Element of Surprise: breaches are often leaked to the media before full investigations are complete •  Under Pressure: Customers, media, employees etc. demand information •  The Gift that Keeps on Giving: Data breach incidents tend to have more than one news cycle •  Social Media Wildfire: False information spreads quickly on sites like Twitter, Facebook and LinkedIn If you are prepared for data breach response, you have a better chance of controlling your message and preserving your reputation. @sandrafathi Affect
  13. 13. PROPRIETARY & CONFIDENTIAL •  Gmail •  DropBox •  Yahoo •  Oracle •  Snapchat •  Cisco •  Verifone •  Yahoo •  Xbox •  Intercontinental Hotels •  Arby’s •  Wendy’s •  Chipotle •  Dun & Bradstreet •  UNC Healthcare •  Saks Fifth Avenue •  Brooks Brothers DATA BREACHES LAST 18 MONTHS @sandrafathi Affect
  14. 14. PROPRIETARY & CONFIDENTIAL WHAT’S THE SCENARIO •  Scenario #1: A reporter tweets that they’ve broken a story about your data breach – you were unaware that the press was aware. •  Scenario #2: IT department detects a breach and informs the PR department that it has been mitigated. •  Scenario #3: The FBI calls to tell you that they are investigating your data breach. •  Scenario #4: The IT department reports a breach to PR, but has no idea how large it is or what the total impact will be. You need a plan and you needed it yesterday. @sandrafathi Affect
  15. 15. PROPRIETARY & CONFIDENTIAL CORE CONCEPTS CRISIS COMMUNICATIONS 4 Phases of Crisis Communications 1.  Readiness 2.  Response 3.  Reassurance 4.  Recovery @sandrafathi Affect
  16. 16. PROPRIETARY & CONFIDENTIAL PHASE 1: READINESS PREVENTATIVE MEDICINE Anticipating a Crisis 1.  Crisis Mapping (SWOT Analysis) 2.  Policies and Procedures (Prevention) 3.  Crisis Monitoring 4.  Crisis Communications Plan 5.  Crisis Action Plan 6.  Crisis Standard Communications Template @sandrafathi Affect
  17. 17. PROPRIETARY & CONFIDENTIAL THREAT MAPPING RISK ASSESSMENT Internal •  Employees •  Facilities •  Vendors/Suppliers •  Distributors/Resellers •  Product External •  Acts of Nature •  Market •  Legal Restrictions/Law •  Customers •  Advocacy Groups Anticipating & Understanding Threats to a Business People, Products, Facilities, Environment, Information @sandrafathi Affect
  18. 18. PROPRIETARY & CONFIDENTIAL INFORMATION THREATS What’s in your files? 1.  HR – Name, Address, Social Security 2.  Payroll – Name, Address, Social Security & Bank Account 3.  Customer – Name, Address, Credit Card & Bank Account 4.  Vendor – Name, Address, Credit Card & Bank Account 5.  Other – Medical Records, Demographic Information, Email, File Servers etc. @sandrafathi Affect
  19. 19. PROPRIETARY & CONFIDENTIAL CRISIS COMMUNICATIONS ANTICIPATING THREATS Create A Chart: Potential Informational Threats to Your Business HR Sales Marketing Finance Rank Order High Risk to Low Risk @sandrafathi Affect
  20. 20. PROPRIETARY & CONFIDENTIAL CRISIS TOOLKIT RESPONSE RESOURCES 1. Develop materials: •  Messages/FAQ •  Prepared statements •  Press release template •  Customer letters 2.  Train employees •  Awareness •  Anticipation •  Organizational Preparation 3. Prepare channels: •  Hotline •  Dark site •  Social Media 4. Data Breach/Customer Assistance Resources •  Microsite/Landing Page FAQ •  Identity Theft Remediation Services •  Force Password/Account Information Change •  Special Customer Advocate/Team @sandrafathi Affect
  21. 21. PROPRIETARY & CONFIDENTIAL IMMEDIATE ACTION BEST PRACTICES Preparing a Response 1.  Don’t delay 2.  Acknowledge situation 3.  Acknowledge impact and ‘victims’ 4.  Commit to investigate 5.  Commit to sharing information and cooperation with relevant parties 6.  Share corrective action plan if available 7.  Respond in the format in which the crisis was received** @sandrafathi Affect
  23. 23. PROPRIETARY & CONFIDENTIAL RESPONSE OUTLINE CRITICAL INFORMATION Prepare a Template Crisis Response: 1.  What happened? 2.  What do we know about it? 3.  Who/what was impacted? 4.  How do we feel about it? (How should we feel?) 5.  What are we going to do about it? 6.  When are we going to do it? 7.  When/how will we communicate next? @sandrafathi Affect
  24. 24. PROPRIETARY & CONFIDENTIAL CUSTOMER COMMUNICATION Notice of Data Breach 1.  Introduction: Why are we contacting you? 2.  What happened? 3.  What information was compromised? 4.  What are we doing to remedy the situation? 5.  What can you do to prevent/mitigate further risk? 6.  Where can you find more information? @sandrafathi Affect
  27. 27. PROPRIETARY & CONFIDENTIAL PHASE 3: REASSURANCE DOSE OF MEDICINE Who to Reassure? How to Reassure? 1.  Develop full response plan 2.  Put plan into action: Immediate remedy 3.  Communicate results of plan and impact 4.  Reaffirm commitment to correction 5.  Demonstrate results of program @sandrafathi Affect
  28. 28. PROPRIETARY & CONFIDENTIAL PHASE 4: RECOVERY LONG-TERM TREATMENT PLAN Rebuilding reputation, trust and customer loyalty Implementing preventative measures for long-term crisis mitigation and/or prevention 1.  Review need for operational, regulatory, environmental and employee changes 2.  Develop long-term plan including policies and prevention tactics 3.  Reassess crisis plan 4.  Regain customer/public trust @sandrafathi Affect
  29. 29. PROPRIETARY & CONFIDENTIAL 1.  Implement Policies to Address Potential Vulnerabilities 2.  Establish a Regular Review Cycle for Information Security 3.  Establish Inter-Departmental Cooperation 4.  Establish a Framework for Response 5.  Build a Data Breach Crisis Toolkit 10 KEY TAKEAWAYS CRISIS COMMUNICATIONS FOR DATA BREACHES @sandrafathi Affect
  30. 30. PROPRIETARY & CONFIDENTIAL 6.  Know Where & How to Respond 7.  Prepare Your Employees in Advance 8.  Establish Assistance Services for those Impacted 9.  Know the Law Regarding Reporting in All Regions of Operations 10.  Be Honest, Be Transparent 10 KEY TAKEAWAYS CRISIS COMMUNICATIONS FOR DATA BREACHES @sandrafathi Affect
  31. 31. PROPRIETARY & CONFIDENTIAL SCENARIO 1: Prestigious Hospital - Tallahassee Premier Medical Center Your IT department informs you that they’ve just discovered that a hospital server has been breached. They don’t know exactly when it happened, sometime in the last 12 months, but potentially all employee data (10,000 employees) and medical records for approximately 100,000 patients may have been compromised. The data was not encrypted. Assignments: 1.  Craft an action plan for the next 24 hours: What steps need to be taken? Who needs to be involved? 2.  Develop a patient communications plan. Write a data breach notification letter to patients. 3.  Develop an employee communications plan. Write a data breach notification letter to employees. 4.  Develop a plan of action for reassurance and recovery for the long term. WORKSHOP 1 @sandrafathi Affect
  32. 32. PROPRIETARY & CONFIDENTIAL WORKSHOP 2 SCENARIO 2: Financial Services Company – Sunshine Banking You get an influx of calls from customers experiencing trouble with your online banking system. You discover that the bank is the target of a DDoS attack. You, and your customers, cannot access the bank website. The attack is paralyzing your business. The IT department doesn’t currently know how to stop it or how long it will take to remediate the situation. Assignments: 1.  Craft an action plan for the next 4 hours. What needs to happen? 2.  Members of the media are starting to call. Develop a communications plan for media and write a statement or press release. 3.  Develop a communications plan for customers. Write a sample customer communication. 4.  Develop a plan of action for reassurance and recovery for the long term. @sandrafathi Affect
  33. 33. PROPRIETARY & CONFIDENTIAL WORKSHOP 3 SCENARIO 3: Consumer Brand – Promises Wholesome Snacks You just received a call from a reporter from the Tallahassee Democrat asking you to comment on the racist remarks on your Facebook page and the call for a company boycott. You go to the FB page and realize that someone has posted a diatribe of hate speech on your page (in the name of the company) and there have already been over 1000 comments and a call by customers to boycott the company’s products and stores that carry them. You also realize that someone has changed your admin rights and you can no longer access the page. Assignments: 1.  Craft an action plan for the next 12 hours. 2.  Develop a customer communications plan. What are your key messages for customers? 3.  Develop a plan of action for reassurance and recovery for the long term. @sandrafathi Affect
  34. 34. PROPRIETARY & CONFIDENTIAL RESOURCES White Paper: Crisis Communications in the Social Media Age Download at: @sandrafathi Affect
  35. 35. PROPRIETARY & CONFIDENTIAL March 4, 2010Affect Strategies Sandra Fathi President, Affect Email: tweet: @sandrafathi web: blog: Slides Available: