Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Managing a Hack: A Communicator's Guide to a Data Breach

Presented at PRSA International Conference 2016 in Indianapolis on October 24th.

  • Login to see the comments

Managing a Hack: A Communicator's Guide to a Data Breach

  1. 1. PROPRIETARY & CONFIDENTIAL March 4, 2010Affect Strategies MANAGING A HACK: A Communicator’s Guide to a Data Breach Sandra Fathi President, Affect Email: sfathi@affect.com tweet: @sandrafathi web: affect.com blog: techaffect.com PRSA International Conference, Indianapolis October 24, 2016
  2. 2. PROPRIETARY & CONFIDENTIALAffect SANDRA FATHI BIO Founder and president of Affect, a public relations and social media firm specializing in technology, healthcare and professional services o  Board Member, PR Council o  Board Member, PRSA-NY o  Past Tri-State District Chair, PRSA o  Past President, PRSA-NY Chapter o  Past President, PRSA Technology Section   sfathi@affect.com @sandrafathi
  3. 3. PROPRIETARY & CONFIDENTIALAffect CRISIS WORK SAMPLE EXPERIENCE o  Data Breaches, Identity Theft, Website Hacks, Malware (Multiple Companies) o  Hurricane Sandy, Hurricane Irene (ConEd) o  Worker Strike, Manhole Cover Explosion, Building Explosion (ConEd) o  Hit & Run (By Company Employee) o  Sexual Harassment and Executive Misconduct (By CEO) o  Executive Arrest for DUI o  Terrorist Activity Interrupts Operations (Tech Company) o  Foreign Mafia Threats on Executives o  Employee Kidnapping/Release by Militia (EDS)
  4. 4. PROPRIETARY & CONFIDENTIAL THE THREAT IS REAL •  The Element of Surprise: breaches are often leaked to the media before full investigations are complete •  Under Pressure: Customers, media, employees etc. demand information •  The Gift that Keeps on Giving: Data breach incidents tend to have more than one news cycle •  Social Media Wildfire: False information spreads quickly on sites like Twitter, Facebook and LinkedIn If you are prepared for data breach response, you have a better chance of controlling your message and preserving your reputation.
  5. 5. PROPRIETARY & CONFIDENTIAL WHAT’S THE SCENARIO •  Scenario #1: A reporter tweets that they’ve broken a story about your data breach – you were unaware that the press was aware. •  Scenario #2: IT department detects a breach and informs the PR department that it has been mitigated. •  Scenario #3: The FBI calls to tell you that they are investigating your data breach. •  Scenario #4: The IT department reports a breach to PR, but has no idea how large it is or what the total impact will be. You need a plan and you needed it yesterday.
  6. 6. PROPRIETARY & CONFIDENTIALAffect DATA BREACH EPIDEMIC
  7. 7. PROPRIETARY & CONFIDENTIALAffect JAN-JUN 2016
  8. 8. PROPRIETARY & CONFIDENTIALAffect SCALE OF THE ISSUE
  9. 9. PROPRIETARY & CONFIDENTIALAffect OCTOBER 18, 2016
  10. 10. PROPRIETARY & CONFIDENTIALAffect FINDING THE SOURCE
  11. 11. PROPRIETARY & CONFIDENTIALAffect CRISIS WORK SAMPLE EXPERIENCE OCTOBER 18, 2016
  12. 12. PROPRIETARY & CONFIDENTIALAffect CRISIS WORK SAMPLE EXPERIENCE OCTOBER 18, 2016
  13. 13. PROPRIETARY & CONFIDENTIALAffect CRISIS WORK SAMPLE EXPERIENCE OCTOBER 18, 2016
  14. 14. PROPRIETARY & CONFIDENTIALAffect CRISIS WORK SAMPLE EXPERIENCE OCTOBER 18, 2016
  15. 15. PROPRIETARY & CONFIDENTIALAffect CRISIS WORK SAMPLE EXPERIENCE OCTOBER 18, 2016
  16. 16. PROPRIETARY & CONFIDENTIALAffect STATS ON DATA BREACHES
  17. 17. PROPRIETARY & CONFIDENTIALAffect STATS ON DATA BREACHES
  18. 18. PROPRIETARY & CONFIDENTIALAffect CORE CONCEPTS CRISIS COMMUNICATIONS 4 Phases of Crisis Communications 1.  Readiness 2.  Response 3.  Reassurance 4.  Recovery
  19. 19. PROPRIETARY & CONFIDENTIALAffect PHASE 1: READINESS PREVENTATIVE MEDICINE Anticipating a Crisis 1.  Crisis Mapping (SWOT Analysis) 2.  Policies and Procedures (Prevention) 3.  Crisis Monitoring 4.  Crisis Communications Plan 5.  Crisis Action Plan 6.  Crisis Standard Communications Template
  20. 20. PROPRIETARY & CONFIDENTIALAffect THREAT MAPPING RISK ASSESSMENT Internal •  Employees •  Facilities •  Vendors/Suppliers •  Distributors/Resellers •  Product External •  Acts of Nature •  Market •  Legal Restrictions/Law •  Customers •  Advocacy Groups Anticipating & Understanding Threats to a Business People, Products, Facilities, Environment, Information
  21. 21. PROPRIETARY & CONFIDENTIALAffect INFORMATION THREATS What’s in your files? 1.  HR – Name, Address, Social Security 2.  Payroll – Name, Address, Social Security & Bank Account 3.  Customer – Name, Address, Credit Card & Bank Account 4.  Vendor – Name, Address, Credit Card & Bank Account 5.  Other – Medical Records, Demographic Information, Email, File Servers etc.
  22. 22. PROPRIETARY & CONFIDENTIALAffect CRISIS COMMUNICATIONS ANTICIPATING THREATS Create A Chart: Potential Informational Threats to Your Business HR Sales Marketing Finance Rank Order High Risk to Low Risk
  23. 23. PROPRIETARY & CONFIDENTIALAffect CRISIS TOOLKIT RESPONSE RESOURCES 1. Develop materials: •  Messages/FAQ •  Prepared statements •  Press release template •  Customer letters 2.  Train employees •  Awareness •  Anticipation •  Organizational Preparation 3. Prepare channels: •  Hotline •  Dark site •  Social Media 4. Data Breach/Customer Assistance Resources •  Microsite/Landing Page FAQ •  Identity Theft Remediation Services •  Force Password/Account Information Change •  Special Customer Advocate/Team
  24. 24. PROPRIETARY & CONFIDENTIALAffect IMMEDIATE ACTION BEST PRACTICES Preparing a Response 1.  Don’t delay 2.  Acknowledge situation 3.  Acknowledge impact and ‘victims’ 4.  Commit to investigate 5.  Commit to sharing information and cooperation with relevant parties 6.  Share corrective action plan if available 7.  Respond in the format in which the crisis was received**
  25. 25. PROPRIETARY & CONFIDENTIALAffect RESPONSE OUTLINE CRITICAL INFORMATION Prepare a Template Crisis Response: 1.  What happened? 2.  What do we know about it? 3.  Who/what was impacted? 4.  How do we feel about it? (How should we feel?) 5.  What are we going to do about it? 6.  When are we going to do it? 7.  When/how will we communicate next?
  26. 26. PROPRIETARY & CONFIDENTIALAffect CUSTOMER COMMUNICATION Notice of Data Breach 1.  Introduction: Why are we contacting you? 2.  What happened? 3.  What information was compromised? 4.  What are we doing to remedy the situation? 5.  What can you do to prevent/mitigate further risk? 6.  Where can you find more information?
  27. 27. PROPRIETARY & CONFIDENTIAL CRISIS WORK SAMPLE EXPERIENCE
  28. 28. PROPRIETARY & CONFIDENTIALAffect CRISIS WORK SAMPLE EXPERIENCE OCTOBER 18, 2016
  29. 29. PROPRIETARY & CONFIDENTIAL March 4, 2010Affect
  30. 30. PROPRIETARY & CONFIDENTIALAffect PHASE 3: REASSURANCE DOSE OF MEDICINE Who to Reassure? How to Reassure? 1.  Develop full response plan 2.  Put plan into action: Immediate remedy 3.  Communicate results of plan and impact 4.  Reaffirm commitment to correction 5.  Demonstrate results of program
  31. 31. PROPRIETARY & CONFIDENTIALAffect PHASE 4: RECOVERY LONG-TERM TREATMENT PLAN Rebuilding reputation, trust and customer loyalty Implementing preventative measures for long-term crisis mitigation and/or prevention 1.  Review need for operational, regulatory, environmental and employee changes 2.  Develop long-term plan including policies and prevention tactics 3.  Reassess crisis plan 4.  Regain customer/public trust
  32. 32. PROPRIETARY & CONFIDENTIALAffect 1.  Implement Policies to Address Potential Vulnerabilities 2.  Establish a Regular Review Cycle for Information Security 3.  Establish Inter-Departmental Cooperation 4.  Establish a Framework for Response 5.  Build a Data Breach Crisis Toolkit 10 KEY TAKEAWAYS CRISIS COMMUNICATIONS FOR DATA BREACHES
  33. 33. PROPRIETARY & CONFIDENTIALAffect 6.  Know Where & How to Respond 7.  Prepare Your Employees in Advance 8.  Establish Assistance Services for those Impacted 9.  Know the Law Regarding Reporting in All Regions of Operations 10.  Be Honest, Be Transparent 10 KEY TAKEAWAYS CRISIS COMMUNICATIONS FOR DATA BREACHES
  34. 34. PROPRIETARY & CONFIDENTIALAffect NO ONE IS IMMUNE
  35. 35. PROPRIETARY & CONFIDENTIAL March 4, 2010Affect
  36. 36. PROPRIETARY & CONFIDENTIALAffect RESOURCES White Paper: Crisis Communications in the Social Media Age Download at: Affect.com
  37. 37. PROPRIETARY & CONFIDENTIAL March 4, 2010Affect Strategies Sandra Fathi President, Affect Email: sfathi@affect.com tweet: @sandrafathi web: affect.com blog: techaffect.com Slides Available: Slideshare.net/sfathi

×