Managing a Hack: A Communicator's Guide to a Data Breach
1. PROPRIETARY & CONFIDENTIAL March 4, 2010Affect Strategies
MANAGING A HACK:
A Communicator’s Guide to a Data Breach
Sandra Fathi
President, Affect
Email: sfathi@affect.com
tweet: @sandrafathi
web: affect.com
blog: techaffect.com
PRSA International Conference, Indianapolis
October 24, 2016
2. PROPRIETARY & CONFIDENTIALAffect
SANDRA FATHI
BIO
Founder and president of Affect, a public relations and social media firm
specializing in technology, healthcare and professional services
o Board Member, PR Council
o Board Member, PRSA-NY
o Past Tri-State District Chair, PRSA
o Past President, PRSA-NY Chapter
o Past President, PRSA Technology Section
sfathi@affect.com
@sandrafathi
3. PROPRIETARY & CONFIDENTIALAffect
CRISIS WORK
SAMPLE EXPERIENCE
o Data Breaches, Identity Theft, Website Hacks, Malware
(Multiple Companies)
o Hurricane Sandy, Hurricane Irene (ConEd)
o Worker Strike, Manhole Cover Explosion, Building Explosion (ConEd)
o Hit & Run (By Company Employee)
o Sexual Harassment and Executive Misconduct (By CEO)
o Executive Arrest for DUI
o Terrorist Activity Interrupts Operations (Tech Company)
o Foreign Mafia Threats on Executives
o Employee Kidnapping/Release by Militia (EDS)
4. PROPRIETARY & CONFIDENTIAL
THE THREAT IS REAL
• The Element of Surprise: breaches are often leaked to the media before full
investigations are complete
• Under Pressure: Customers, media, employees etc. demand information
• The Gift that Keeps on Giving: Data breach incidents tend to have more than
one news cycle
• Social Media Wildfire: False information spreads quickly on sites like Twitter,
Facebook and LinkedIn
If you are prepared for data breach response, you have a better chance of
controlling your message and preserving your reputation.
5. PROPRIETARY & CONFIDENTIAL
WHAT’S THE SCENARIO
• Scenario #1: A reporter tweets that they’ve broken a story about your data
breach – you were unaware that the press was aware.
• Scenario #2: IT department detects a breach and informs the PR department
that it has been mitigated.
• Scenario #3: The FBI calls to tell you that they are investigating your data
breach.
• Scenario #4: The IT department reports a breach to PR, but has no idea how
large it is or what the total impact will be.
You need a plan and you needed it yesterday.
19. PROPRIETARY & CONFIDENTIALAffect
PHASE 1: READINESS
PREVENTATIVE MEDICINE
Anticipating a Crisis
1. Crisis Mapping (SWOT Analysis)
2. Policies and Procedures (Prevention)
3. Crisis Monitoring
4. Crisis Communications Plan
5. Crisis Action Plan
6. Crisis Standard Communications Template
20. PROPRIETARY & CONFIDENTIALAffect
THREAT MAPPING
RISK ASSESSMENT
Internal
• Employees
• Facilities
• Vendors/Suppliers
• Distributors/Resellers
• Product
External
• Acts of Nature
• Market
• Legal Restrictions/Law
• Customers
• Advocacy Groups
Anticipating & Understanding Threats to a Business
People, Products, Facilities, Environment, Information
21. PROPRIETARY & CONFIDENTIALAffect
INFORMATION THREATS
What’s in your files?
1. HR – Name, Address, Social Security
2. Payroll – Name, Address, Social Security & Bank Account
3. Customer – Name, Address, Credit Card & Bank Account
4. Vendor – Name, Address, Credit Card & Bank Account
5. Other – Medical Records, Demographic Information, Email, File Servers
etc.
22. PROPRIETARY & CONFIDENTIALAffect
CRISIS COMMUNICATIONS
ANTICIPATING THREATS
Create A Chart:
Potential Informational Threats to Your Business
HR Sales Marketing Finance
Rank Order
High Risk
to
Low Risk
23. PROPRIETARY & CONFIDENTIALAffect
CRISIS TOOLKIT
RESPONSE RESOURCES
1. Develop materials:
• Messages/FAQ
• Prepared statements
• Press release template
• Customer letters
2. Train employees
• Awareness
• Anticipation
• Organizational Preparation
3. Prepare channels:
• Hotline
• Dark site
• Social Media
4. Data Breach/Customer Assistance
Resources
• Microsite/Landing Page FAQ
• Identity Theft Remediation
Services
• Force Password/Account
Information Change
• Special Customer Advocate/Team
24. PROPRIETARY & CONFIDENTIALAffect
IMMEDIATE ACTION
BEST PRACTICES
Preparing a Response
1. Don’t delay
2. Acknowledge situation
3. Acknowledge impact and ‘victims’
4. Commit to investigate
5. Commit to sharing information and cooperation with relevant parties
6. Share corrective action plan if available
7. Respond in the format in which the crisis was received**
25. PROPRIETARY & CONFIDENTIALAffect
RESPONSE OUTLINE
CRITICAL INFORMATION
Prepare a Template Crisis Response:
1. What happened?
2. What do we know about it?
3. Who/what was impacted?
4. How do we feel about it? (How should we feel?)
5. What are we going to do about it?
6. When are we going to do it?
7. When/how will we communicate next?
26. PROPRIETARY & CONFIDENTIALAffect
CUSTOMER COMMUNICATION
Notice of Data Breach
1. Introduction: Why are we contacting you?
2. What happened?
3. What information was compromised?
4. What are we doing to remedy the situation?
5. What can you do to prevent/mitigate further risk?
6. Where can you find more information?
30. PROPRIETARY & CONFIDENTIALAffect
PHASE 3: REASSURANCE
DOSE OF MEDICINE
Who to Reassure? How to Reassure?
1. Develop full response plan
2. Put plan into action: Immediate remedy
3. Communicate results of plan and impact
4. Reaffirm commitment to correction
5. Demonstrate results of program
31. PROPRIETARY & CONFIDENTIALAffect
PHASE 4: RECOVERY
LONG-TERM TREATMENT PLAN
Rebuilding reputation, trust and customer loyalty
Implementing preventative measures for long-term crisis mitigation
and/or prevention
1. Review need for operational, regulatory, environmental and employee
changes
2. Develop long-term plan including policies and prevention tactics
3. Reassess crisis plan
4. Regain customer/public trust
32. PROPRIETARY & CONFIDENTIALAffect
1. Implement Policies to Address Potential Vulnerabilities
2. Establish a Regular Review Cycle for Information Security
3. Establish Inter-Departmental Cooperation
4. Establish a Framework for Response
5. Build a Data Breach Crisis Toolkit
10 KEY TAKEAWAYS
CRISIS COMMUNICATIONS FOR DATA
BREACHES
33. PROPRIETARY & CONFIDENTIALAffect
6. Know Where & How to Respond
7. Prepare Your Employees in Advance
8. Establish Assistance Services for those Impacted
9. Know the Law Regarding Reporting in All Regions of Operations
10. Be Honest, Be Transparent
10 KEY TAKEAWAYS
CRISIS COMMUNICATIONS FOR DATA
BREACHES