I’ll cover three things today:1 . . . A perspective on the social web (define it Boyd)2 . . . The prevalence and impact of data breaches today3 . . . 11 principles for managing communications on the social web should your organization be faced with a data breach
Definition of ‘data breach’ . . . “A data breach is the intentional or unintentional release of secure information to an untrusted environment . . . It is a security incident in which sensitive, protected or confidential data is copied, transmitted, viewed, stolen or used by an individual unauthorized to do so.”
Before discussing data breaches, their frequency and impact, and how to manage communication around data breaches in social media, I want to make a few foundational points about the relationship between the social web and crisis communications.
In general, digital security is considered a major threat by consumersWhile it appears that the percentage of digital contact as a proportion of all fraud has stayed the same, this is in spite of the fact that our awareness of online security threats has increased significantly
Yet as individuals we are remarkably incautious about what information we share when we go online, especially on platforms like Facebook which we see as a private exchange with friends . . . This is a whole new area of social interest and books are being written about it.There is also something which I like to call the ‘fallacy of the password paradigm’ . . . The believe that our single username and password will protect out account . . . Even though that data is sitting on corporate organizational databases.
Not surprisingly then, identity theft remains the biggest threat even though it has declined by 2.0 % over the past three years.But while individuals are vulnerable given their propensity to share indiscriminately, the biggest security threats are when companies are hacked.
It is difficult to put a dollar value on these breaches since they often resolve very quickly . . . But as we will get to, there are significant so-called ‘soft’ costs that may be more profound.
Nevertheless, the cost to the companies and, therefore, to consumers because we pay through rising product and service costs, is huge. In the last five years, it is estimated that the cost of security breaches over the last twenty years or so is in the neighbourhood of $22 billion.
Sony Corporation in the last year alone has been the target of hacks and inadvertent data breaches affecting in the range of 26 million customers.The highest profile one was the April 26, 2011 attack on Sony’s PlayStation Network.
How are these breaches made?Most are from hacking . . . Relatively few from social tactics such as the release of secure data over Twitter or Facebook for example92% of incidents were discovered by a third party which means:1 . . . Companies are likely not as rigorous as they should be2 . . . Because they are discovered by third parties it means that they are susceptible to being released through social networks like Twitter . . . The social web can easily find out about data breaches before you do . . . And begin the assault on your organization for its lack of diligence etc.
The impact of these data breaches is not so much the dollar cost . . . But the two-fold consequence of the central place the Internet and the social web have in our lives today:1 . . . The level of trust people have in the organization that is the target of the data breach2 . . . The reputation of the organization among governments, suppliers and customers.
These breaches are seldom hidden anymore and it is often people on social networks who 1 . . . Uncover the breach through the immediate evidence they have of their own accounts being hacked.2 . . . Amplify the news of the breach through the social networks which now connect a billion or so of us
So . . . If your organization is hacked
What do you do:
ACL . . . ACCESS CONTROL LIST … a set of data that informs a computer’s operating system about access permissions.POS … POINT OF SALE . . . But also means Parent Over Shoulder when teens are texing.
What do you do:First is to recognize that how you react on the social web will make a difference to both trustand reputation, which in my view are where the worst damage can be done.Second is to recognize that you can avoid what I call the risk of inaction; in other words, you can prepare your social web response in advance in the same way prepare and practice your crisis communication plans.
When you are faced with a data breach, you should use every social channel at your disposal – as soon as possible – to tell customers about the problem and what they should do.
Social Web + Data Breaches = Reputation Risk Boyd Neil National Practice Leader Social Media and Digital Communications firstname.lastname@example.org June 28, 2012
3 The Social Web Changes Crisis Communications Permanently6/28/2012
‘There won’t be a significant event in the future thatwon’t involve public participation… Social media(is) the sociological equivalent of climate change.’ Retired Admiral Thad Allen
5 New voices Two-way channels Providing organizationsempowered through creating opportunities with means to directly digital challenging for dialogue yet to be touch most important traditional media fully exploited audiences primacy Reputation & risk Mobile technologies management models moving us into new impacted: speed, areas still not fully transparency, understood inaccuracy
6 A New Frontier for Risk: Data Breaches6/28/2012
25“[Brands suffering data leaks] should email people, post on Twitter,Facebook and address their customers where they are - you shouldn‟thave to let people do a Google search or find out through word ofmouth.” • Alys Woodward, research director at market intelligence firm IDC Europe
11 principles for managing 26data breach communication on the social web1. Use the social web dammit (and ignore the sarcasm/humour)2. Drive internally for timely notification (1-2 hours)3. Provide interim security advice („change password immediately‟)4. Be transparent about the scope and consequences of the data breach (when known)
11 principles for managing 27data breach communication on the social web5. Coordinate internal protocols for multi-platform communications (Twitter, Facebook, YouTube, etc.)6. Use #hashtags related to incident so your info. is there in frame used to share news (Twitter/Facebook7. Use multiple media formats (visuals + video + text) . . . facilitates sharing
11 principles for managing 28data breach communication on the social web8. Amplify through paid/promoted tweets/Facebook posts9. Reply to social web dialogue + questions with „confident humility‟10. Commit to fixing your firewall and/or internal security processes11. Get ready now for the social web part of the hack dammit