SlideShare a Scribd company logo

Cyber Security 101: What Your Agency Needs to Know

Sandra Fathi
Sandra Fathi

This document provides an overview and agenda for a presentation on cyber security for agencies. The presentation will cover: 1) An introduction to cyber security threats in an agency environment and what agencies need to know. 2) The legal ramifications of a cyber attack and an agency's responsibilities and liabilities. 3) Developing a crisis communications plan to respond when a cyber attack occurs and the steps agencies should take. The document then outlines one section of the presentation on defending enterprise integrity and making information security part of an organization's culture. It stresses the importance of focusing on human factors rather than just cyber defenses.

Business
1 of 43
Download to read offline
PROPRIETARY & CONFIDENTIAL March 4, 2010Affect Strategies CYBER SECURITY 101: What Your Agency Needs to Know PR Council Genome Series May 4, 2017
PROPRIETARY & CONFIDENTIAL PRESENTERS Sandra Fathi, President, Affect PR Council Board Member sfathi@affect.com @sandrafathi Simon Russell Managing Partner, BeCyberSure simonr@becybersure.com Vince L. Martinez Partner, K&L Gates LLP Vince.martinez@klgates.com
PROPRIETARY & CONFIDENTIAL I.  Cyber Security 101: What you need to know about cyber security and threats in an agency environment II.  Legal Ramifications: Cyber security and the law, the agency’s responsibilities and liabilities III.  Crisis Communications: When it happens to you, a plan of action AGENDA March 4, 2010Affect
PROPRIETARY & CONFIDENTIAL DEFENDING ENTERPRISE INTEGRITY Making InfoSec Part of the Culture Simon Russell, Managing Partner, BeCyberSure North America
PROPRIETARY & CONFIDENTIAL Defending(Enterprise(Integrity((( What is “Cyber Security”?( •  The(process(of(applying(security( measures(to(ensure( confiden9ality,(integrity,(and( availability(of(data( •  Essen9ally,(protec9on(against( Cyber(Risk( What is “Cyber Risk”?( •  “Cyber(Risk”(means(any(risk(of( financial(loss,(disrup9on(or(damage( to(the(reputa9on(of(an(individual(or( organiza9on(from(some(sort(of( failure(of(their(informa9on( technology(systems(
PROPRIETARY & CONFIDENTIAL ( All#Organiza+ons#are#suscep+ble#to#both#internal#&#external#a7acks( (
PROPRIETARY & CONFIDENTIAL Defending(Enterprise(Integrity((( Method# Problem# Solu+on# Wireless#Hotspots,# Bluetooth#+#Mobile# Subject(to(man(in(the( middle(aEacks( Public(WiHFi(/(VPN( Printers# LogHin(details(are( recorded( Default(password( Invoice#Processing#+# Payroll# Payment(redirec9on( Conveyancing( Payroll(Intercep9on( Loss(of(PII( Policy(and(procedures.( Friday(aPernoon( syndrome( Phishing#+#Ransomware# # Loss(of(data(/(access( Training( The#Cloud!# Lack(of(control( Use(2(FA(and(encryp9on( IT’S#ALL#TOO#EASY#
PROPRIETARY & CONFIDENTIAL The#Value#of#a#Hacked#Email#Account#
PROPRIETARY & CONFIDENTIAL The#Value#of#a#Hacked#PC#
PROPRIETARY & CONFIDENTIAL EXCUSES#FOR#NOT#ADDRESSING#CYBER# Defending(Enterprise(Integrity((( •  Usually easier targetI’M TOO SMALL •  All data has value or you could be a stepping stoneNOTHING WORTH STEALING •  Every organization is of interest to the criminal – they do not discriminate MY TYPE OF BUSINESS IS NOT A TARGET •  Not the point- there are other assets to stealI DON’T HANDLE MONEY •  You are still responsible - the responsibility is not outsourced I OUTSOURCE IT, PAYMENTS, ETC •  Not any more! SOMEONE ELSE WILL PAY IF SOMETHING GOES WRONG (e.g. banks, insurance)
PROPRIETARY & CONFIDENTIAL (( 12© 2015 Optimal Risk and its partners/affiliates. All rights reserved. Source: 2014 Verizon Data Breach Investigations Report Secs# Mins# Hrs# Days# Weeks# Months# Years# Compromise( 19%( 42%( 12%( 23%( 0%( 5%( 1%( Exfiltra9on( 3%( 27%( 21%( 21%( 18%( 9%( 0%( Discovery( 0%( 3%( 11%( 17%( 16%( 41%( 11%( Containment( 0%( 2%( 5%( 42%( 22%( 29%( 0%( Timespan of events by % of Web App breaches In 50% of breaches, data is stolen in hours 41% of breaches are not discovered for months Be Very Worried 40% of companies experienced a data breach 61% of espionage is not discovered for months More than 50% of companies do NOT conduct security testing 38% of companies are not capable of resolving an attack 51% increase of companies reporting >$10M loss 34% of companies do not know if/ how
PROPRIETARY & CONFIDENTIAL # Hidden#Costs#of#a#breach# Defending(Enterprise(Integrity(((
PROPRIETARY & CONFIDENTIAL PEOPLE#not#devices# ! Majority(of(breaches(occur(due(to(human(error( ! Training(and(awarenessH(Change(culture( SECURITY#over#compliance# ! Whilst(there(is(no(avoiding(compliance,(approaching(security( as(a(boxHchecking(exercise(is(a(huge(mistake.(If(you(are(secure( and(up(to(best(prac9ces(for(NIST(or(CIS(for(example(you(will(be( compliant(with(most(regulator s(requirements( Defending(Enterprise(Integrity((( Think(Human(NOT(Cyber(
PROPRIETARY & CONFIDENTIAL What(Steps(Should(You(Take?( •  Info(Security(audit(to(expose(holes(in(architecture,( focus(on(what(data(you(have(and(where(it(sits.(( •  Policies(and(Procedures( •  Social(engineering(tes9ng(i.e.(Phishing(( •  Ongoing(Penetra9on(tes9ng( •  Staff(training( •  System(monitoring( •  Think(about(3rd(party(risks( # #Defending(Enterprise(Integrity(((
PROPRIETARY & CONFIDENTIAL ! SECURITY!NOT(COMPLIANCE.(( ( ( HUMAN(NOT(CYBER.(( Defending(Enterprise(Integrity((( THINK…
Regulatory and Legal Considerations
Basic Incident Response Steps •  Recognize the occurrence of an incident. •  Notify and assemble the incident response team to begin the investigation. •  The internal team can include IT, Security, HR, Counsel, Compliance, business heads and IR. •  The external team can include outside counsel, technological consultancies and crisis management / public relations firms. •  Identify and fix (or contain) the technological issue. •  Determine any legal obligations and comply. •  Determine if any public reporting obligations exist. •  Communicate with the public as appropriate. •  Eradicate remnants of the security incident and recover business operations.
Data Breach Notification Requirements •  The primary consideration is the exposure of personally identifiable information (PII). •  All states except AL and SD require companies to notify affected individuals when their PII has been compromised. •  There are variances in notification laws and the types of data considered PII. •  Most states require notice as soon as reasonably possible; a few require notice within 30 to 45 days of discovery. •  Certain federal laws, such as HIPAA and GLBA, require companies to notify affected individuals. •  Certain federal regulators, including the FTC and FCC, are active within their jurisdictions. •  Breach notification can also be a function of contract, which should be known before an incident occurs.
Notifying Law Enforcement •  Relevant federal law enforcement agencies include the FBI and the Secret Service. •  The Department of Justice has issued guidance for interacting with federal law enforcement authorities in the wake of a cybersecurity event. •  https://www.justice.gov/sites/default/files/criminal-ccips/legacy/ 2015/04/30/04272015reporting-cyber-incidents-final.pdf •  State Attorneys General may also be required to be notified. •  It is a best practice to have pre-established contacts with law enforcement before an event. •  Remember that law enforcement has different goals than you when responding to a cybersecurity event, and the logistics and possible issues surrounding law enforcement involvement should be understood beforehand.
Public Company Reporting Obligations •  The SEC’s Division of Corporation Finance offered guidance in 2011. •  https://www.sec.gov/divisions/corpfin/guidance/cfguidance-topic2.htm •  The guidance gives context to materiality in several parts of periodic reports. •  Some incidents may be described generally in quarterly and annual filings. •  Filing a Form 8-K is most appropriate for events of immediate material consequence to investors. •  The SEC has not yet brought an enforcement action for inadequate cybersecurity disclosure, but has frequently indicated its interest in doing so.
Recent Regulatory Developments •  The New York Department of Financial Services recently implemented regulations for certain financial institutions: •  http://www.dfs.ny.gov/legal/regulations/adoptions/dfsrf500txt.pdf •  Affects both businesses registered under the New York Banking, Insurance and Financial Services Laws, as well as certain third parties that service those businesses. •  Contains specific technological measures required of covered entities. •  The Colorado Division of Securities recently proposed enhanced cybersecurity measures for broker-dealers and investment advisers: •  https://drive.google.com/file/d/0BymCt_FLs-RGUWl5c3lDUVlzeDg/view •  Specifies what measures firms should consider in order to have “written procedures reasonably designed to ensure cybersecurity.” •  Takeaway: More regulators are beginning to list specific measures required.
Consequences of a Cyber Incident •  Major damage to the company’s operations, customer loyalty, reputation and financial results. •  Litigation, settlement, repair and remediation costs in recent cases have reached into the tens of millions of dollars, including: •  Example: Target - breach related costs approaching $180 million per latest Form 10-K. •  Shareholder derivative actions, including against directors •  Customer class actions •  Litigation with (former) business partners •  Regulatory investigations, actions and remediation oversight •  Example: FTC v. Wyndham Worldwide Corp. •  Inadequate or misleading data security protections can be charged as unfair and deceptive trade practices. •  Activist investor campaigns
Roles for Outside Counsel •  Extend attorney-client privilege to response advice. •  Extend work product protection to investigative documentation. •  Hire other third parties as agents of the legal engagement. •  Establish contact with law enforcement. •  Identify likely regulators and applicable standards and guidance. •  Identify legal and contractual obligations to notify or report. •  Ensure legal accuracy of public statements.
PROPRIETARY & CONFIDENTIALAffect SCALE OF THE ISSUE
PROPRIETARY & CONFIDENTIAL WHY DO AGENCIES THINK THEY ARE IMMUNE?
PROPRIETARY & CONFIDENTIAL WHAT’S THE SCENARIO •  Scenario #1: A reporter tweets that they’ve broken a story about your data breach – you were unaware that the press was aware. •  Scenario #2: IT department detects a breach and informs the PR department that it has been mitigated. •  Scenario #3: The FBI calls to tell you that they are investigating your data breach. •  Scenario #4: The IT department reports a breach to PR, but has no idea how large it is or what the total impact will be. •  Scenario #5: A Hacker threatens to release your client’s data if you don’t pay $100,000 in Bitcoin You need a plan and you needed it yesterday.
PROPRIETARY & CONFIDENTIAL THE THREAT IS REAL •  The Element of Surprise: breaches are often leaked to the media before full investigations are complete •  Under Pressure: Customers, media, employees etc. demand information •  The Gift that Keeps on Giving: Data breach incidents tend to have more than one news cycle •  Social Media Wildfire: False information spreads quickly on sites like Twitter, Facebook and LinkedIn If you are prepared for data breach response, you have a better chance of controlling your message and preserving your reputation.
PROPRIETARY & CONFIDENTIALAffect CORE CONCEPTS CRISIS COMMUNICATIONS 4 Phases of Crisis Communications 1.  Readiness 2.  Response 3.  Reassurance 4.  Recovery
PROPRIETARY & CONFIDENTIALAffect PHASE 1: READINESS PREVENTATIVE MEDICINE Anticipating a Crisis 1.  Crisis Mapping (SWOT Analysis) 2.  Policies and Procedures (Prevention) 3.  Crisis Monitoring 4.  Crisis Communications Plan 5.  Crisis Action Plan 6.  Crisis Standard Communications Template
PROPRIETARY & CONFIDENTIALAffect THREAT MAPPING RISK ASSESSMENT Internal •  Employees •  Facilities •  Vendors/Suppliers •  Distributors/Resellers •  Product External •  Acts of Nature •  Market •  Legal Restrictions/Law •  Customers •  Advocacy Groups Anticipating & Understanding Threats to a Business People, Products, Facilities, Environment, Information
PROPRIETARY & CONFIDENTIALAffect INFORMATION THREATS What’s in your files? 1.  HR – Name, Address, Social Security 2.  Payroll – Name, Address, Social Security & Bank Account 3.  Customer – Name, Address, Credit Card & Bank Account 4.  Vendor – Name, Address, Credit Card & Bank Account 5.  Other – Medical Records, Demographic Information, Email, File Servers etc.
PROPRIETARY & CONFIDENTIALAffect CRISIS COMMUNICATIONS ANTICIPATING THREATS Create A Chart: Potential Informational Threats to Your Business HR Sales Marketing Finance Rank Order High Risk to Low Risk
PROPRIETARY & CONFIDENTIALAffect CRISIS TOOLKIT RESPONSE RESOURCES 1. Develop materials: •  Messages/FAQ •  Prepared statements •  Press release template •  Customer letters 2.  Train employees •  Awareness •  Anticipation •  Organizational Preparation 3. Prepare channels: •  Hotline •  Dark site •  Social Media 4. Data Breach/Customer Assistance Resources •  Microsite/Landing Page FAQ •  Identity Theft Remediation Services •  Force Password/Account Information Change •  Special Customer Advocate/Team
PROPRIETARY & CONFIDENTIALAffect IMMEDIATE ACTION BEST PRACTICES Preparing a Response 1.  Don’t delay 2.  Acknowledge situation 3.  Acknowledge impact and ‘victims’ 4.  Commit to investigate 5.  Commit to sharing information and cooperation with relevant parties 6.  Share corrective action plan if available 7.  Respond in the format in which the crisis was received**
PROPRIETARY & CONFIDENTIALAffect RESPONSE OUTLINE CRITICAL INFORMATION Prepare a Template Crisis Response: 1.  What happened? 2.  What do we know about it? 3.  Who/what was impacted? 4.  How do we feel about it? (How should we feel?) 5.  What are we going to do about it? 6.  When are we going to do it? 7.  When/how will we communicate next?
PROPRIETARY & CONFIDENTIALAffect CUSTOMER COMMUNICATION Notice of Data Breach 1.  Introduction: Why are we contacting you? 2.  What happened? 3.  What information was compromised? 4.  What are we doing to remedy the situation? 5.  What can you do to prevent/mitigate further risk? 6.  Where can you find more information?
PROPRIETARY & CONFIDENTIAL BREACH NOTIFICATIONS SAMPLES
PROPRIETARY & CONFIDENTIALAffect PHASE 3: REASSURANCE DOSE OF MEDICINE Who to Reassure? How to Reassure? 1.  Develop full response plan 2.  Put plan into action: Immediate remedy 3.  Communicate results of plan and impact 4.  Reaffirm commitment to correction 5.  Demonstrate results of program
PROPRIETARY & CONFIDENTIALAffect PHASE 4: RECOVERY LONG-TERM TREATMENT PLAN Rebuilding reputation, trust and customer loyalty Implementing preventative measures for long-term crisis mitigation and/or prevention 1.  Review need for operational, regulatory, environmental and employee changes 2.  Develop long-term plan including policies and prevention tactics 3.  Reassess crisis plan 4.  Regain customer/public trust
PROPRIETARY & CONFIDENTIALAffect 1.  Implement Policies to Address Potential Vulnerabilities 2.  Establish a Regular Review Cycle for Information Security 3.  Establish Inter-Departmental Cooperation 4.  Establish a Framework for Response 5.  Build a Data Breach Crisis Toolkit 10 KEY TAKEAWAYS CRISIS COMMUNICATIONS FOR DATA BREACHES
PROPRIETARY & CONFIDENTIALAffect 6.  Know Where & How to Respond 7.  Prepare Your Employees in Advance 8.  Establish Assistance Services for those Impacted 9.  Know the Law Regarding Reporting in All Regions of Operations 10.  Be Honest, Be Transparent 10 KEY TAKEAWAYS CRISIS COMMUNICATIONS FOR DATA BREACHES
PROPRIETARY & CONFIDENTIALAffect RESOURCES White Paper: Crisis Communications in the Social Media Age Download at: Affect.com
PROPRIETARY & CONFIDENTIAL March 4, 2010Affect Strategies Thank you Slides Available: Slideshare.net/sfathi Sandra Fathi, President, Affect PR Council Board Member sfathi@affect.com @sandrafathi Simon Russell Managing Partner, BeCyberSure simonr@becybersure.com Vince L. Martinez Partner, K&L Gates LLP Vince.martinez@klgates.com

Recommended

Key Findings from the 2015 IBM Cyber Security Intelligence Index
Key Findings from the 2015 IBM Cyber Security Intelligence IndexKey Findings from the 2015 IBM Cyber Security Intelligence Index
Key Findings from the 2015 IBM Cyber Security Intelligence Index
IBM Security
 
Cyber Security Incident Response Planning
Cyber Security Incident Response PlanningCyber Security Incident Response Planning
Cyber Security Incident Response Planning
PECB
 
A Guide to Disaster Preparedness for Businesses
A Guide to Disaster Preparedness for BusinessesA Guide to Disaster Preparedness for Businesses
A Guide to Disaster Preparedness for Businesses
Advanced Imaging Solutions & Pinnacle
 
Cyber security-in-india-present-status
Cyber security-in-india-present-statusCyber security-in-india-present-status
Cyber security-in-india-present-status
Rama Reddy
 
NCSAM = Cyber Security Awareness Month: Trends and Resources
NCSAM = Cyber Security Awareness Month: Trends and ResourcesNCSAM = Cyber Security Awareness Month: Trends and Resources
NCSAM = Cyber Security Awareness Month: Trends and Resources
Stephen Cobb
 
Must Know Cyber Security Stats of 2016
Must Know Cyber Security Stats of 2016Must Know Cyber Security Stats of 2016
Must Know Cyber Security Stats of 2016
DWP Information Architects Inc.
 
Breaking down the cyber security framework closing critical it security gaps
Breaking down the cyber security framework closing critical it security gapsBreaking down the cyber security framework closing critical it security gaps
Breaking down the cyber security framework closing critical it security gaps
IBM Security
 
Top Cyber Threat Predictions for 2019
Top Cyber Threat Predictions for 2019Top Cyber Threat Predictions for 2019
Top Cyber Threat Predictions for 2019
PECB
 

Recommended

Key Findings from the 2015 IBM Cyber Security Intelligence Index
Key Findings from the 2015 IBM Cyber Security Intelligence IndexKey Findings from the 2015 IBM Cyber Security Intelligence Index
Key Findings from the 2015 IBM Cyber Security Intelligence Index
IBM Security
 
Cyber Security Incident Response Planning
Cyber Security Incident Response PlanningCyber Security Incident Response Planning
Cyber Security Incident Response Planning
PECB
 
A Guide to Disaster Preparedness for Businesses
A Guide to Disaster Preparedness for BusinessesA Guide to Disaster Preparedness for Businesses
A Guide to Disaster Preparedness for Businesses
Advanced Imaging Solutions & Pinnacle
 
Cyber security-in-india-present-status
Cyber security-in-india-present-statusCyber security-in-india-present-status
Cyber security-in-india-present-status
Rama Reddy
 
NCSAM = Cyber Security Awareness Month: Trends and Resources
NCSAM = Cyber Security Awareness Month: Trends and ResourcesNCSAM = Cyber Security Awareness Month: Trends and Resources
NCSAM = Cyber Security Awareness Month: Trends and Resources
Stephen Cobb
 
Must Know Cyber Security Stats of 2016
Must Know Cyber Security Stats of 2016Must Know Cyber Security Stats of 2016
Must Know Cyber Security Stats of 2016
DWP Information Architects Inc.
 
Breaking down the cyber security framework closing critical it security gaps
Breaking down the cyber security framework closing critical it security gapsBreaking down the cyber security framework closing critical it security gaps
Breaking down the cyber security framework closing critical it security gaps
IBM Security
 
Top Cyber Threat Predictions for 2019
Top Cyber Threat Predictions for 2019Top Cyber Threat Predictions for 2019
Top Cyber Threat Predictions for 2019
PECB
 
Webinar - Cyber Hygiene: Stay Clean at Work and at Home
Webinar - Cyber Hygiene: Stay Clean at Work and at HomeWebinar - Cyber Hygiene: Stay Clean at Work and at Home
Webinar - Cyber Hygiene: Stay Clean at Work and at Home
WPICPE
 
Outlook Briefing 2016: Cyber Security
Outlook Briefing 2016: Cyber SecurityOutlook Briefing 2016: Cyber Security
Outlook Briefing 2016: Cyber Security
Mastel Indonesia
 
CSE 2016 Future of Cyber Security by Matthew Rosenquist
CSE 2016 Future of Cyber Security by Matthew RosenquistCSE 2016 Future of Cyber Security by Matthew Rosenquist
CSE 2016 Future of Cyber Security by Matthew Rosenquist
Matthew Rosenquist
 
The IBM X-Force 2016 Cyber Security Intelligence Index
The IBM X-Force 2016 Cyber Security Intelligence IndexThe IBM X-Force 2016 Cyber Security Intelligence Index
The IBM X-Force 2016 Cyber Security Intelligence Index
Kanishka Ramyar
 
Ethical Hacking vs Penetration Testing vs Cybersecurity: Know the Difference?
Ethical Hacking vs Penetration Testing vs Cybersecurity: Know the Difference?Ethical Hacking vs Penetration Testing vs Cybersecurity: Know the Difference?
Ethical Hacking vs Penetration Testing vs Cybersecurity: Know the Difference?
PECB
 
Top 12 Cybersecurity Predictions for 2017
Top 12 Cybersecurity Predictions for 2017Top 12 Cybersecurity Predictions for 2017
Top 12 Cybersecurity Predictions for 2017
IBM Security
 
Cyber Resilience
Cyber ResilienceCyber Resilience
Cyber Resilience
Ian-Edward Stafrace
 
What trends will 2018 bring for Business Continuity Professionals?
What trends will 2018 bring for Business Continuity Professionals?What trends will 2018 bring for Business Continuity Professionals?
What trends will 2018 bring for Business Continuity Professionals?
PECB
 
The State Of Information and Cyber Security in 2016
The State Of Information and Cyber Security in 2016The State Of Information and Cyber Security in 2016
The State Of Information and Cyber Security in 2016
Shannon G., MBA
 
Enterprise Cyber Security 2016
Enterprise Cyber Security 2016Enterprise Cyber Security 2016
Enterprise Cyber Security 2016
Supply Chain Coalition
 
ICION 2016 - Cyber Security Governance
ICION 2016 - Cyber Security GovernanceICION 2016 - Cyber Security Governance
ICION 2016 - Cyber Security GovernanceCharles Lim
 
Cybersecurity: The Danger, the Cost, the Retaliation
Cybersecurity: The Danger, the Cost, the RetaliationCybersecurity: The Danger, the Cost, the Retaliation
Cybersecurity: The Danger, the Cost, the Retaliation
PECB
 
Cyber Hygiene
Cyber HygieneCyber Hygiene
Cyber Hygiene
GAURAV. H .TANDON
 
Cyber security-report-2017
Cyber security-report-2017Cyber security-report-2017
Cyber security-report-2017
NRC
 
Cyber Risk Management in 2017: Challenges & Recommendations
Cyber Risk Management in 2017: Challenges & RecommendationsCyber Risk Management in 2017: Challenges & Recommendations
Cyber Risk Management in 2017: Challenges & Recommendations
Ulf Mattsson
 
Summer internship - Cybersecurity
Summer internship - CybersecuritySummer internship - Cybersecurity
Summer internship - Cybersecurity
AbhilashYadav14
 
Building Cyber Resilience in the Digital Economy
Building Cyber Resilience in the Digital EconomyBuilding Cyber Resilience in the Digital Economy
Building Cyber Resilience in the Digital Economy
Agus Wicaksono
 
See How You Measure Up With MaaS360 Mobile Metrics
See How You Measure Up With MaaS360 Mobile MetricsSee How You Measure Up With MaaS360 Mobile Metrics
See How You Measure Up With MaaS360 Mobile Metrics
IBM Security
 
Shift Toward Dynamic Cyber Resilience
Shift Toward Dynamic Cyber ResilienceShift Toward Dynamic Cyber Resilience
Shift Toward Dynamic Cyber ResilienceDarren Argyle
 
Insights into cyber security and risk
Insights into cyber security and riskInsights into cyber security and risk
Insights into cyber security and riskEY
 
The Unseen Enemy - Protecting the Brand, the Assets and the Customers
The Unseen Enemy - Protecting the Brand, the Assets and the Customers The Unseen Enemy - Protecting the Brand, the Assets and the Customers
The Unseen Enemy - Protecting the Brand, the Assets and the Customers
BDO_Consulting
 
Cybersecurity crisis management a prep guide
Cybersecurity crisis management a prep guideCybersecurity crisis management a prep guide
Cybersecurity crisis management a prep guide
JoAnna Cheshire
 

More Related Content

What's hot

Webinar - Cyber Hygiene: Stay Clean at Work and at Home
Webinar - Cyber Hygiene: Stay Clean at Work and at HomeWebinar - Cyber Hygiene: Stay Clean at Work and at Home
Webinar - Cyber Hygiene: Stay Clean at Work and at Home
WPICPE
 
Outlook Briefing 2016: Cyber Security
Outlook Briefing 2016: Cyber SecurityOutlook Briefing 2016: Cyber Security
Outlook Briefing 2016: Cyber Security
Mastel Indonesia
 
CSE 2016 Future of Cyber Security by Matthew Rosenquist
CSE 2016 Future of Cyber Security by Matthew RosenquistCSE 2016 Future of Cyber Security by Matthew Rosenquist
CSE 2016 Future of Cyber Security by Matthew Rosenquist
Matthew Rosenquist
 
The IBM X-Force 2016 Cyber Security Intelligence Index
The IBM X-Force 2016 Cyber Security Intelligence IndexThe IBM X-Force 2016 Cyber Security Intelligence Index
The IBM X-Force 2016 Cyber Security Intelligence Index
Kanishka Ramyar
 
Ethical Hacking vs Penetration Testing vs Cybersecurity: Know the Difference?
Ethical Hacking vs Penetration Testing vs Cybersecurity: Know the Difference?Ethical Hacking vs Penetration Testing vs Cybersecurity: Know the Difference?
Ethical Hacking vs Penetration Testing vs Cybersecurity: Know the Difference?
PECB
 
Top 12 Cybersecurity Predictions for 2017
Top 12 Cybersecurity Predictions for 2017Top 12 Cybersecurity Predictions for 2017
Top 12 Cybersecurity Predictions for 2017
IBM Security
 
Cyber Resilience
Cyber ResilienceCyber Resilience
Cyber Resilience
Ian-Edward Stafrace
 
What trends will 2018 bring for Business Continuity Professionals?
What trends will 2018 bring for Business Continuity Professionals?What trends will 2018 bring for Business Continuity Professionals?
What trends will 2018 bring for Business Continuity Professionals?
PECB
 
The State Of Information and Cyber Security in 2016
The State Of Information and Cyber Security in 2016The State Of Information and Cyber Security in 2016
The State Of Information and Cyber Security in 2016
Shannon G., MBA
 
Enterprise Cyber Security 2016
Enterprise Cyber Security 2016Enterprise Cyber Security 2016
Enterprise Cyber Security 2016
Supply Chain Coalition
 
ICION 2016 - Cyber Security Governance
ICION 2016 - Cyber Security GovernanceICION 2016 - Cyber Security Governance
ICION 2016 - Cyber Security GovernanceCharles Lim
 
Cybersecurity: The Danger, the Cost, the Retaliation
Cybersecurity: The Danger, the Cost, the RetaliationCybersecurity: The Danger, the Cost, the Retaliation
Cybersecurity: The Danger, the Cost, the Retaliation
PECB
 
Cyber Hygiene
Cyber HygieneCyber Hygiene
Cyber Hygiene
GAURAV. H .TANDON
 
Cyber security-report-2017
Cyber security-report-2017Cyber security-report-2017
Cyber security-report-2017
NRC
 
Cyber Risk Management in 2017: Challenges & Recommendations
Cyber Risk Management in 2017: Challenges & RecommendationsCyber Risk Management in 2017: Challenges & Recommendations
Cyber Risk Management in 2017: Challenges & Recommendations
Ulf Mattsson
 
Summer internship - Cybersecurity
Summer internship - CybersecuritySummer internship - Cybersecurity
Summer internship - Cybersecurity
AbhilashYadav14
 
Building Cyber Resilience in the Digital Economy
Building Cyber Resilience in the Digital EconomyBuilding Cyber Resilience in the Digital Economy
Building Cyber Resilience in the Digital Economy
Agus Wicaksono
 
See How You Measure Up With MaaS360 Mobile Metrics
See How You Measure Up With MaaS360 Mobile MetricsSee How You Measure Up With MaaS360 Mobile Metrics
See How You Measure Up With MaaS360 Mobile Metrics
IBM Security
 
Shift Toward Dynamic Cyber Resilience
Shift Toward Dynamic Cyber ResilienceShift Toward Dynamic Cyber Resilience
Shift Toward Dynamic Cyber ResilienceDarren Argyle
 
Insights into cyber security and risk
Insights into cyber security and riskInsights into cyber security and risk
Insights into cyber security and riskEY
 

What's hot (20)

Webinar - Cyber Hygiene: Stay Clean at Work and at Home
Webinar - Cyber Hygiene: Stay Clean at Work and at HomeWebinar - Cyber Hygiene: Stay Clean at Work and at Home
Webinar - Cyber Hygiene: Stay Clean at Work and at Home
 
Outlook Briefing 2016: Cyber Security
Outlook Briefing 2016: Cyber SecurityOutlook Briefing 2016: Cyber Security
Outlook Briefing 2016: Cyber Security
 
CSE 2016 Future of Cyber Security by Matthew Rosenquist
CSE 2016 Future of Cyber Security by Matthew RosenquistCSE 2016 Future of Cyber Security by Matthew Rosenquist
CSE 2016 Future of Cyber Security by Matthew Rosenquist
 
The IBM X-Force 2016 Cyber Security Intelligence Index
The IBM X-Force 2016 Cyber Security Intelligence IndexThe IBM X-Force 2016 Cyber Security Intelligence Index
The IBM X-Force 2016 Cyber Security Intelligence Index
 
Ethical Hacking vs Penetration Testing vs Cybersecurity: Know the Difference?
Ethical Hacking vs Penetration Testing vs Cybersecurity: Know the Difference?Ethical Hacking vs Penetration Testing vs Cybersecurity: Know the Difference?
Ethical Hacking vs Penetration Testing vs Cybersecurity: Know the Difference?
 
Top 12 Cybersecurity Predictions for 2017
Top 12 Cybersecurity Predictions for 2017Top 12 Cybersecurity Predictions for 2017
Top 12 Cybersecurity Predictions for 2017
 
Cyber Resilience
Cyber ResilienceCyber Resilience
Cyber Resilience
 
What trends will 2018 bring for Business Continuity Professionals?
What trends will 2018 bring for Business Continuity Professionals?What trends will 2018 bring for Business Continuity Professionals?
What trends will 2018 bring for Business Continuity Professionals?
 
The State Of Information and Cyber Security in 2016
The State Of Information and Cyber Security in 2016The State Of Information and Cyber Security in 2016
The State Of Information and Cyber Security in 2016
 
Enterprise Cyber Security 2016
Enterprise Cyber Security 2016Enterprise Cyber Security 2016
Enterprise Cyber Security 2016
 
ICION 2016 - Cyber Security Governance
ICION 2016 - Cyber Security GovernanceICION 2016 - Cyber Security Governance
ICION 2016 - Cyber Security Governance
 
Cybersecurity: The Danger, the Cost, the Retaliation
Cybersecurity: The Danger, the Cost, the RetaliationCybersecurity: The Danger, the Cost, the Retaliation
Cybersecurity: The Danger, the Cost, the Retaliation
 
Cyber Hygiene
Cyber HygieneCyber Hygiene
Cyber Hygiene
 
Cyber security-report-2017
Cyber security-report-2017Cyber security-report-2017
Cyber security-report-2017
 
Cyber Risk Management in 2017: Challenges & Recommendations
Cyber Risk Management in 2017: Challenges & RecommendationsCyber Risk Management in 2017: Challenges & Recommendations
Cyber Risk Management in 2017: Challenges & Recommendations
 
Summer internship - Cybersecurity
Summer internship - CybersecuritySummer internship - Cybersecurity
Summer internship - Cybersecurity
 
Building Cyber Resilience in the Digital Economy
Building Cyber Resilience in the Digital EconomyBuilding Cyber Resilience in the Digital Economy
Building Cyber Resilience in the Digital Economy
 
See How You Measure Up With MaaS360 Mobile Metrics
See How You Measure Up With MaaS360 Mobile MetricsSee How You Measure Up With MaaS360 Mobile Metrics
See How You Measure Up With MaaS360 Mobile Metrics
 
Shift Toward Dynamic Cyber Resilience
Shift Toward Dynamic Cyber ResilienceShift Toward Dynamic Cyber Resilience
Shift Toward Dynamic Cyber Resilience
 
Insights into cyber security and risk
Insights into cyber security and riskInsights into cyber security and risk
Insights into cyber security and risk
 

Similar to Cyber Security 101: What Your Agency Needs to Know

The Unseen Enemy - Protecting the Brand, the Assets and the Customers
The Unseen Enemy - Protecting the Brand, the Assets and the Customers The Unseen Enemy - Protecting the Brand, the Assets and the Customers
The Unseen Enemy - Protecting the Brand, the Assets and the Customers
BDO_Consulting
 
Cybersecurity crisis management a prep guide
Cybersecurity crisis management a prep guideCybersecurity crisis management a prep guide
Cybersecurity crisis management a prep guide
JoAnna Cheshire
 
David doughty presentation 181119
David doughty presentation 181119David doughty presentation 181119
David doughty presentation 181119
David Doughty
 
Law Firm Hacked by Cyber Criminals
Law Firm Hacked by Cyber Criminals Law Firm Hacked by Cyber Criminals
Law Firm Hacked by Cyber Criminals
Richard Brzakala
 
Best practices to mitigate data breach risk
Best practices to mitigate data breach riskBest practices to mitigate data breach risk
Best practices to mitigate data breach risk
Livingstone Advisory
 
Cybersecurity in the Boardroom
Cybersecurity in the BoardroomCybersecurity in the Boardroom
Cybersecurity in the Boardroom
Marko Suswanto
 
[Webinar Slides] Data Privacy for the IM Practitioner - Practical Advice for ...
[Webinar Slides] Data Privacy for the IM Practitioner - Practical Advice for ...[Webinar Slides] Data Privacy for the IM Practitioner - Practical Advice for ...
[Webinar Slides] Data Privacy for the IM Practitioner - Practical Advice for ...
AIIM International
 
Privacy Do's and Don'ts for Customer Service Representatives
Privacy Do's and Don'ts for Customer Service RepresentativesPrivacy Do's and Don'ts for Customer Service Representatives
Privacy Do's and Don'ts for Customer Service Representatives
Art Hall
 
4th Digital Finance Forum, Simon Brady
4th Digital Finance Forum, Simon Brady4th Digital Finance Forum, Simon Brady
4th Digital Finance Forum, Simon Brady
Starttech Ventures
 
Deconstructing Data Breach Cost
Deconstructing Data Breach CostDeconstructing Data Breach Cost
Deconstructing Data Breach Cost
Resilient Systems
 
Co3 rsc r5
Co3 rsc r5Co3 rsc r5
Co3 rsc r5
Patrick Florer
 
Corporate & Regulatory Compliance Boot Camp - Data Privacy Compliance
Corporate & Regulatory Compliance Boot Camp - Data Privacy ComplianceCorporate & Regulatory Compliance Boot Camp - Data Privacy Compliance
Corporate & Regulatory Compliance Boot Camp - Data Privacy Compliance
Financial Poise
 
A CIRO's-eye view of Digital Risk Management
A CIRO's-eye view of Digital Risk ManagementA CIRO's-eye view of Digital Risk Management
A CIRO's-eye view of Digital Risk ManagementDaren Dunkel
 
Cyber Risks Looming in the Transportation Industry
Cyber Risks Looming in the Transportation IndustryCyber Risks Looming in the Transportation Industry
Cyber Risks Looming in the Transportation Industry
HNI Risk Services
 
A Brave New World of Cyber Security and Data Breach
A Brave New World of Cyber Security and Data BreachA Brave New World of Cyber Security and Data Breach
A Brave New World of Cyber Security and Data Breach
Jim Brashear
 
Cybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesCybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for Executives
Krist Davood - Principal - CIO
 
Data Privacy Compliance
Data Privacy ComplianceData Privacy Compliance
Data Privacy Compliance
Financial Poise
 
Data breach presentation
Data breach presentationData breach presentation
Data breach presentation
Bradford Bach
 
Aceds 2015 Cyberseucity and the Legal Profession - NYC - April 7, 2015
Aceds 2015 Cyberseucity and the Legal Profession - NYC - April 7, 2015Aceds 2015 Cyberseucity and the Legal Profession - NYC - April 7, 2015
Aceds 2015 Cyberseucity and the Legal Profession - NYC - April 7, 2015
Joe Bartolo
 

Similar to Cyber Security 101: What Your Agency Needs to Know (20)

The Unseen Enemy - Protecting the Brand, the Assets and the Customers
The Unseen Enemy - Protecting the Brand, the Assets and the Customers The Unseen Enemy - Protecting the Brand, the Assets and the Customers
The Unseen Enemy - Protecting the Brand, the Assets and the Customers
 
Cybersecurity crisis management a prep guide
Cybersecurity crisis management a prep guideCybersecurity crisis management a prep guide
Cybersecurity crisis management a prep guide
 
David doughty presentation 181119
David doughty presentation 181119David doughty presentation 181119
David doughty presentation 181119
 
Law Firm Hacked by Cyber Criminals
Law Firm Hacked by Cyber Criminals Law Firm Hacked by Cyber Criminals
Law Firm Hacked by Cyber Criminals
 
Best practices to mitigate data breach risk
Best practices to mitigate data breach riskBest practices to mitigate data breach risk
Best practices to mitigate data breach risk
 
BEA Presentation
BEA PresentationBEA Presentation
BEA Presentation
 
Cybersecurity in the Boardroom
Cybersecurity in the BoardroomCybersecurity in the Boardroom
Cybersecurity in the Boardroom
 
[Webinar Slides] Data Privacy for the IM Practitioner - Practical Advice for ...
[Webinar Slides] Data Privacy for the IM Practitioner - Practical Advice for ...[Webinar Slides] Data Privacy for the IM Practitioner - Practical Advice for ...
[Webinar Slides] Data Privacy for the IM Practitioner - Practical Advice for ...
 
Privacy Do's and Don'ts for Customer Service Representatives
Privacy Do's and Don'ts for Customer Service RepresentativesPrivacy Do's and Don'ts for Customer Service Representatives
Privacy Do's and Don'ts for Customer Service Representatives
 
4th Digital Finance Forum, Simon Brady
4th Digital Finance Forum, Simon Brady4th Digital Finance Forum, Simon Brady
4th Digital Finance Forum, Simon Brady
 
Deconstructing Data Breach Cost
Deconstructing Data Breach CostDeconstructing Data Breach Cost
Deconstructing Data Breach Cost
 
Co3 rsc r5
Co3 rsc r5Co3 rsc r5
Co3 rsc r5
 
Corporate & Regulatory Compliance Boot Camp - Data Privacy Compliance
Corporate & Regulatory Compliance Boot Camp - Data Privacy ComplianceCorporate & Regulatory Compliance Boot Camp - Data Privacy Compliance
Corporate & Regulatory Compliance Boot Camp - Data Privacy Compliance
 
A CIRO's-eye view of Digital Risk Management
A CIRO's-eye view of Digital Risk ManagementA CIRO's-eye view of Digital Risk Management
A CIRO's-eye view of Digital Risk Management
 
Cyber Risks Looming in the Transportation Industry
Cyber Risks Looming in the Transportation IndustryCyber Risks Looming in the Transportation Industry
Cyber Risks Looming in the Transportation Industry
 
A Brave New World of Cyber Security and Data Breach
A Brave New World of Cyber Security and Data BreachA Brave New World of Cyber Security and Data Breach
A Brave New World of Cyber Security and Data Breach
 
Cybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesCybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for Executives
 
Data Privacy Compliance
Data Privacy ComplianceData Privacy Compliance
Data Privacy Compliance
 
Data breach presentation
Data breach presentationData breach presentation
Data breach presentation
 
Aceds 2015 Cyberseucity and the Legal Profession - NYC - April 7, 2015
Aceds 2015 Cyberseucity and the Legal Profession - NYC - April 7, 2015Aceds 2015 Cyberseucity and the Legal Profession - NYC - April 7, 2015
Aceds 2015 Cyberseucity and the Legal Profession - NYC - April 7, 2015
 

More from Sandra Fathi

News Making Machine - How Story Hijacking & Trend Intervention Can Transform ...
News Making Machine - How Story Hijacking & Trend Intervention Can Transform ...News Making Machine - How Story Hijacking & Trend Intervention Can Transform ...
News Making Machine - How Story Hijacking & Trend Intervention Can Transform ...
Sandra Fathi
 
Cyber Crime: Preparing Your Organization for the New Normal
Cyber Crime: Preparing Your Organization for the New NormalCyber Crime: Preparing Your Organization for the New Normal
Cyber Crime: Preparing Your Organization for the New Normal
Sandra Fathi
 
Women's Leadership Conference: Changing Perceptions to Change Reality
Women's Leadership Conference: Changing Perceptions to Change RealityWomen's Leadership Conference: Changing Perceptions to Change Reality
Women's Leadership Conference: Changing Perceptions to Change Reality
Sandra Fathi
 
Managing a Hack: Orchestrating Incident Response to Preserve Brand Reputation
Managing a Hack: Orchestrating Incident Response to Preserve Brand ReputationManaging a Hack: Orchestrating Incident Response to Preserve Brand Reputation
Managing a Hack: Orchestrating Incident Response to Preserve Brand Reputation
Sandra Fathi
 
PR in the Era of Fake News
PR in the Era of Fake NewsPR in the Era of Fake News
PR in the Era of Fake News
Sandra Fathi
 
FPRA Capital Chapter: Managing a Hack
FPRA Capital Chapter: Managing a HackFPRA Capital Chapter: Managing a Hack
FPRA Capital Chapter: Managing a Hack
Sandra Fathi
 
Social Shakeup Atlanta: When the Sh*t Hits the Fan - Managing Crises on Socia...
Social Shakeup Atlanta: When the Sh*t Hits the Fan - Managing Crises on Socia...Social Shakeup Atlanta: When the Sh*t Hits the Fan - Managing Crises on Socia...
Social Shakeup Atlanta: When the Sh*t Hits the Fan - Managing Crises on Socia...
Sandra Fathi
 
Show Me the Money: PR Metrics that Impress the C-Suite
Show Me the Money: PR Metrics that Impress the C-SuiteShow Me the Money: PR Metrics that Impress the C-Suite
Show Me the Money: PR Metrics that Impress the C-Suite
Sandra Fathi
 
Managing a Hack: A Communicator's Guide to a Data Breach
Managing a Hack: A Communicator's Guide to a Data BreachManaging a Hack: A Communicator's Guide to a Data Breach
Managing a Hack: A Communicator's Guide to a Data Breach
Sandra Fathi
 
Flash Fires: Crisis Communications in the Age of NOW
Flash Fires: Crisis Communications in the Age of NOWFlash Fires: Crisis Communications in the Age of NOW
Flash Fires: Crisis Communications in the Age of NOW
Sandra Fathi
 
Break From the Pack with Data Visualization & Infographics
Break From the Pack with Data Visualization & InfographicsBreak From the Pack with Data Visualization & Infographics
Break From the Pack with Data Visualization & Infographics
Sandra Fathi
 
Fear Factor Metrics: PR Metrics Communicators Fear Most
Fear Factor Metrics: PR Metrics Communicators Fear MostFear Factor Metrics: PR Metrics Communicators Fear Most
Fear Factor Metrics: PR Metrics Communicators Fear Most
Sandra Fathi
 
Trade Secrets Your Agency Isn't Sharing
Trade Secrets Your Agency Isn't SharingTrade Secrets Your Agency Isn't Sharing
Trade Secrets Your Agency Isn't Sharing
Sandra Fathi
 
Bloggers Speak Out: New paid and pitching techniques to score more placement
Bloggers Speak Out: New paid and pitching techniques to score more placement Bloggers Speak Out: New paid and pitching techniques to score more placement
Bloggers Speak Out: New paid and pitching techniques to score more placement
Sandra Fathi
 
Data-Driven PR Measurement (eMetrics Chicago)
Data-Driven PR Measurement (eMetrics Chicago)Data-Driven PR Measurement (eMetrics Chicago)
Data-Driven PR Measurement (eMetrics Chicago)
Sandra Fathi
 
Data-Driven PR Metrics: Share of Voice, Competitive Benchmarking, Correlations
Data-Driven PR Metrics: Share of Voice, Competitive Benchmarking, CorrelationsData-Driven PR Metrics: Share of Voice, Competitive Benchmarking, Correlations
Data-Driven PR Metrics: Share of Voice, Competitive Benchmarking, Correlations
Sandra Fathi
 
How to Develop a Content Strategy
How to Develop a Content StrategyHow to Develop a Content Strategy
How to Develop a Content Strategy
Sandra Fathi
 
Payback: The ROI of SM & PR Measurement
Payback: The ROI of SM & PR MeasurementPayback: The ROI of SM & PR Measurement
Payback: The ROI of SM & PR Measurement
Sandra Fathi
 
Before Disaster Strikes: Creating an Effective Crisis Communications Plan
Before Disaster Strikes: Creating an Effective Crisis Communications PlanBefore Disaster Strikes: Creating an Effective Crisis Communications Plan
Before Disaster Strikes: Creating an Effective Crisis Communications Plan
Sandra Fathi
 
Before Disaster Strikes: Creating an Effective Crisis Communications Plan
Before Disaster Strikes: Creating an Effective Crisis Communications PlanBefore Disaster Strikes: Creating an Effective Crisis Communications Plan
Before Disaster Strikes: Creating an Effective Crisis Communications Plan
Sandra Fathi
 

More from Sandra Fathi (20)

News Making Machine - How Story Hijacking & Trend Intervention Can Transform ...
News Making Machine - How Story Hijacking & Trend Intervention Can Transform ...News Making Machine - How Story Hijacking & Trend Intervention Can Transform ...
News Making Machine - How Story Hijacking & Trend Intervention Can Transform ...
 
Cyber Crime: Preparing Your Organization for the New Normal
Cyber Crime: Preparing Your Organization for the New NormalCyber Crime: Preparing Your Organization for the New Normal
Cyber Crime: Preparing Your Organization for the New Normal
 
Women's Leadership Conference: Changing Perceptions to Change Reality
Women's Leadership Conference: Changing Perceptions to Change RealityWomen's Leadership Conference: Changing Perceptions to Change Reality
Women's Leadership Conference: Changing Perceptions to Change Reality
 
Managing a Hack: Orchestrating Incident Response to Preserve Brand Reputation
Managing a Hack: Orchestrating Incident Response to Preserve Brand ReputationManaging a Hack: Orchestrating Incident Response to Preserve Brand Reputation
Managing a Hack: Orchestrating Incident Response to Preserve Brand Reputation
 
PR in the Era of Fake News
PR in the Era of Fake NewsPR in the Era of Fake News
PR in the Era of Fake News
 
FPRA Capital Chapter: Managing a Hack
FPRA Capital Chapter: Managing a HackFPRA Capital Chapter: Managing a Hack
FPRA Capital Chapter: Managing a Hack
 
Social Shakeup Atlanta: When the Sh*t Hits the Fan - Managing Crises on Socia...
Social Shakeup Atlanta: When the Sh*t Hits the Fan - Managing Crises on Socia...Social Shakeup Atlanta: When the Sh*t Hits the Fan - Managing Crises on Socia...
Social Shakeup Atlanta: When the Sh*t Hits the Fan - Managing Crises on Socia...
 
Show Me the Money: PR Metrics that Impress the C-Suite
Show Me the Money: PR Metrics that Impress the C-SuiteShow Me the Money: PR Metrics that Impress the C-Suite
Show Me the Money: PR Metrics that Impress the C-Suite
 
Managing a Hack: A Communicator's Guide to a Data Breach
Managing a Hack: A Communicator's Guide to a Data BreachManaging a Hack: A Communicator's Guide to a Data Breach
Managing a Hack: A Communicator's Guide to a Data Breach
 
Flash Fires: Crisis Communications in the Age of NOW
Flash Fires: Crisis Communications in the Age of NOWFlash Fires: Crisis Communications in the Age of NOW
Flash Fires: Crisis Communications in the Age of NOW
 
Break From the Pack with Data Visualization & Infographics
Break From the Pack with Data Visualization & InfographicsBreak From the Pack with Data Visualization & Infographics
Break From the Pack with Data Visualization & Infographics
 
Fear Factor Metrics: PR Metrics Communicators Fear Most
Fear Factor Metrics: PR Metrics Communicators Fear MostFear Factor Metrics: PR Metrics Communicators Fear Most
Fear Factor Metrics: PR Metrics Communicators Fear Most
 
Trade Secrets Your Agency Isn't Sharing
Trade Secrets Your Agency Isn't SharingTrade Secrets Your Agency Isn't Sharing
Trade Secrets Your Agency Isn't Sharing
 
Bloggers Speak Out: New paid and pitching techniques to score more placement
Bloggers Speak Out: New paid and pitching techniques to score more placement Bloggers Speak Out: New paid and pitching techniques to score more placement
Bloggers Speak Out: New paid and pitching techniques to score more placement
 
Data-Driven PR Measurement (eMetrics Chicago)
Data-Driven PR Measurement (eMetrics Chicago)Data-Driven PR Measurement (eMetrics Chicago)
Data-Driven PR Measurement (eMetrics Chicago)
 
Data-Driven PR Metrics: Share of Voice, Competitive Benchmarking, Correlations
Data-Driven PR Metrics: Share of Voice, Competitive Benchmarking, CorrelationsData-Driven PR Metrics: Share of Voice, Competitive Benchmarking, Correlations
Data-Driven PR Metrics: Share of Voice, Competitive Benchmarking, Correlations
 
How to Develop a Content Strategy
How to Develop a Content StrategyHow to Develop a Content Strategy
How to Develop a Content Strategy
 
Payback: The ROI of SM & PR Measurement
Payback: The ROI of SM & PR MeasurementPayback: The ROI of SM & PR Measurement
Payback: The ROI of SM & PR Measurement
 
Before Disaster Strikes: Creating an Effective Crisis Communications Plan
Before Disaster Strikes: Creating an Effective Crisis Communications PlanBefore Disaster Strikes: Creating an Effective Crisis Communications Plan
Before Disaster Strikes: Creating an Effective Crisis Communications Plan
 
Before Disaster Strikes: Creating an Effective Crisis Communications Plan
Before Disaster Strikes: Creating an Effective Crisis Communications PlanBefore Disaster Strikes: Creating an Effective Crisis Communications Plan
Before Disaster Strikes: Creating an Effective Crisis Communications Plan
 

Recently uploaded

Sustainability: Balancing the Environment, Equity & Economy
Sustainability: Balancing the Environment, Equity & EconomySustainability: Balancing the Environment, Equity & Economy
Sustainability: Balancing the Environment, Equity & Economy
Operational Excellence Consulting
 
What are the main advantages of using HR recruiter services.pdf
What are the main advantages of using HR recruiter services.pdfWhat are the main advantages of using HR recruiter services.pdf
What are the main advantages of using HR recruiter services.pdf
HumanResourceDimensi1
 
Exploring Patterns of Connection with Social Dreaming
Exploring Patterns of Connection with Social DreamingExploring Patterns of Connection with Social Dreaming
Exploring Patterns of Connection with Social Dreaming
Nicola Wreford-Howard
 
Digital Transformation and IT Strategy Toolkit and Templates
Digital Transformation and IT Strategy Toolkit and TemplatesDigital Transformation and IT Strategy Toolkit and Templates
Digital Transformation and IT Strategy Toolkit and Templates
Aurelien Domont, MBA
 
Introduction to Amazon company 111111111111
Introduction to Amazon company 111111111111Introduction to Amazon company 111111111111
Introduction to Amazon company 111111111111
zoyaansari11365
 
Buy Verified PayPal Account | Buy Google 5 Star Reviews
Buy Verified PayPal Account | Buy Google 5 Star ReviewsBuy Verified PayPal Account | Buy Google 5 Star Reviews
Buy Verified PayPal Account | Buy Google 5 Star Reviews
usawebmarket
 
The Parable of the Pipeline a book every new businessman or business student ...
The Parable of the Pipeline a book every new businessman or business student ...The Parable of the Pipeline a book every new businessman or business student ...
The Parable of the Pipeline a book every new businessman or business student ...
awaisafdar
 
falcon-invoice-discounting-a-premier-platform-for-investors-in-india
falcon-invoice-discounting-a-premier-platform-for-investors-in-indiafalcon-invoice-discounting-a-premier-platform-for-investors-in-india
falcon-invoice-discounting-a-premier-platform-for-investors-in-india
Falcon Invoice Discounting
 
Cracking the Workplace Discipline Code Main.pptx
Cracking the Workplace Discipline Code Main.pptxCracking the Workplace Discipline Code Main.pptx
Cracking the Workplace Discipline Code Main.pptx
Workforce Group
 
一比一原版加拿大渥太华大学毕业证(uottawa毕业证书)如何办理
一比一原版加拿大渥太华大学毕业证(uottawa毕业证书)如何办理一比一原版加拿大渥太华大学毕业证(uottawa毕业证书)如何办理
一比一原版加拿大渥太华大学毕业证(uottawa毕业证书)如何办理
taqyed
 
Putting the SPARK into Virtual Training.pptx
Putting the SPARK into Virtual Training.pptxPutting the SPARK into Virtual Training.pptx
Putting the SPARK into Virtual Training.pptx
Cynthia Clay
 
RMD24 | Retail media: hoe zet je dit in als je geen AH of Unilever bent? Heid...
RMD24 | Retail media: hoe zet je dit in als je geen AH of Unilever bent? Heid...RMD24 | Retail media: hoe zet je dit in als je geen AH of Unilever bent? Heid...
RMD24 | Retail media: hoe zet je dit in als je geen AH of Unilever bent? Heid...
BBPMedia1
 
20240425_ TJ Communications Credentials_compressed.pdf
20240425_ TJ Communications Credentials_compressed.pdf20240425_ TJ Communications Credentials_compressed.pdf
20240425_ TJ Communications Credentials_compressed.pdf
tjcomstrang
 
Attending a job Interview for B1 and B2 Englsih learners
Attending a job Interview for B1 and B2 Englsih learnersAttending a job Interview for B1 and B2 Englsih learners
Attending a job Interview for B1 and B2 Englsih learners
Erika906060
 
5 Things You Need To Know Before Hiring a Videographer
5 Things You Need To Know Before Hiring a Videographer5 Things You Need To Know Before Hiring a Videographer
5 Things You Need To Know Before Hiring a Videographer
ofm712785
 
Maksym Vyshnivetskyi: PMO Quality Management (UA)
Maksym Vyshnivetskyi: PMO Quality Management (UA)Maksym Vyshnivetskyi: PMO Quality Management (UA)
Maksym Vyshnivetskyi: PMO Quality Management (UA)
Lviv Startup Club
 
ikea_woodgreen_petscharity_dog-alogue_digital.pdf
ikea_woodgreen_petscharity_dog-alogue_digital.pdfikea_woodgreen_petscharity_dog-alogue_digital.pdf
ikea_woodgreen_petscharity_dog-alogue_digital.pdf
agatadrynko
 
Search Disrupted Google’s Leaked Documents Rock the SEO World.pdf
Search Disrupted Google’s Leaked Documents Rock the SEO World.pdfSearch Disrupted Google’s Leaked Documents Rock the SEO World.pdf
Search Disrupted Google’s Leaked Documents Rock the SEO World.pdf
Arihant Webtech Pvt. Ltd
 
Discover the innovative and creative projects that highlight my journey throu...
Discover the innovative and creative projects that highlight my journey throu...Discover the innovative and creative projects that highlight my journey throu...
Discover the innovative and creative projects that highlight my journey throu...
dylandmeas
 
CADAVER AS OUR FIRST TEACHER anatomt in your.pptx
CADAVER AS OUR FIRST TEACHER anatomt in your.pptxCADAVER AS OUR FIRST TEACHER anatomt in your.pptx
CADAVER AS OUR FIRST TEACHER anatomt in your.pptx
fakeloginn69
 

Recently uploaded (20)

Sustainability: Balancing the Environment, Equity & Economy
Sustainability: Balancing the Environment, Equity & EconomySustainability: Balancing the Environment, Equity & Economy
Sustainability: Balancing the Environment, Equity & Economy
 
What are the main advantages of using HR recruiter services.pdf
What are the main advantages of using HR recruiter services.pdfWhat are the main advantages of using HR recruiter services.pdf
What are the main advantages of using HR recruiter services.pdf
 
Exploring Patterns of Connection with Social Dreaming
Exploring Patterns of Connection with Social DreamingExploring Patterns of Connection with Social Dreaming
Exploring Patterns of Connection with Social Dreaming
 
Digital Transformation and IT Strategy Toolkit and Templates
Digital Transformation and IT Strategy Toolkit and TemplatesDigital Transformation and IT Strategy Toolkit and Templates
Digital Transformation and IT Strategy Toolkit and Templates
 
Introduction to Amazon company 111111111111
Introduction to Amazon company 111111111111Introduction to Amazon company 111111111111
Introduction to Amazon company 111111111111
 
Buy Verified PayPal Account | Buy Google 5 Star Reviews
Buy Verified PayPal Account | Buy Google 5 Star ReviewsBuy Verified PayPal Account | Buy Google 5 Star Reviews
Buy Verified PayPal Account | Buy Google 5 Star Reviews
 
The Parable of the Pipeline a book every new businessman or business student ...
The Parable of the Pipeline a book every new businessman or business student ...The Parable of the Pipeline a book every new businessman or business student ...
The Parable of the Pipeline a book every new businessman or business student ...
 
falcon-invoice-discounting-a-premier-platform-for-investors-in-india
falcon-invoice-discounting-a-premier-platform-for-investors-in-indiafalcon-invoice-discounting-a-premier-platform-for-investors-in-india
falcon-invoice-discounting-a-premier-platform-for-investors-in-india
 
Cracking the Workplace Discipline Code Main.pptx
Cracking the Workplace Discipline Code Main.pptxCracking the Workplace Discipline Code Main.pptx
Cracking the Workplace Discipline Code Main.pptx
 
一比一原版加拿大渥太华大学毕业证(uottawa毕业证书)如何办理
一比一原版加拿大渥太华大学毕业证(uottawa毕业证书)如何办理一比一原版加拿大渥太华大学毕业证(uottawa毕业证书)如何办理
一比一原版加拿大渥太华大学毕业证(uottawa毕业证书)如何办理
 
Putting the SPARK into Virtual Training.pptx
Putting the SPARK into Virtual Training.pptxPutting the SPARK into Virtual Training.pptx
Putting the SPARK into Virtual Training.pptx
 
RMD24 | Retail media: hoe zet je dit in als je geen AH of Unilever bent? Heid...
RMD24 | Retail media: hoe zet je dit in als je geen AH of Unilever bent? Heid...RMD24 | Retail media: hoe zet je dit in als je geen AH of Unilever bent? Heid...
RMD24 | Retail media: hoe zet je dit in als je geen AH of Unilever bent? Heid...
 
20240425_ TJ Communications Credentials_compressed.pdf
20240425_ TJ Communications Credentials_compressed.pdf20240425_ TJ Communications Credentials_compressed.pdf
20240425_ TJ Communications Credentials_compressed.pdf
 
Attending a job Interview for B1 and B2 Englsih learners
Attending a job Interview for B1 and B2 Englsih learnersAttending a job Interview for B1 and B2 Englsih learners
Attending a job Interview for B1 and B2 Englsih learners
 
5 Things You Need To Know Before Hiring a Videographer
5 Things You Need To Know Before Hiring a Videographer5 Things You Need To Know Before Hiring a Videographer
5 Things You Need To Know Before Hiring a Videographer
 
Maksym Vyshnivetskyi: PMO Quality Management (UA)
Maksym Vyshnivetskyi: PMO Quality Management (UA)Maksym Vyshnivetskyi: PMO Quality Management (UA)
Maksym Vyshnivetskyi: PMO Quality Management (UA)
 
ikea_woodgreen_petscharity_dog-alogue_digital.pdf
ikea_woodgreen_petscharity_dog-alogue_digital.pdfikea_woodgreen_petscharity_dog-alogue_digital.pdf
ikea_woodgreen_petscharity_dog-alogue_digital.pdf
 
Search Disrupted Google’s Leaked Documents Rock the SEO World.pdf
Search Disrupted Google’s Leaked Documents Rock the SEO World.pdfSearch Disrupted Google’s Leaked Documents Rock the SEO World.pdf
Search Disrupted Google’s Leaked Documents Rock the SEO World.pdf
 
Discover the innovative and creative projects that highlight my journey throu...
Discover the innovative and creative projects that highlight my journey throu...Discover the innovative and creative projects that highlight my journey throu...
Discover the innovative and creative projects that highlight my journey throu...
 
CADAVER AS OUR FIRST TEACHER anatomt in your.pptx
CADAVER AS OUR FIRST TEACHER anatomt in your.pptxCADAVER AS OUR FIRST TEACHER anatomt in your.pptx
CADAVER AS OUR FIRST TEACHER anatomt in your.pptx
 

Cyber Security 101: What Your Agency Needs to Know

  • 1. PROPRIETARY & CONFIDENTIAL March 4, 2010Affect Strategies CYBER SECURITY 101: What Your Agency Needs to Know PR Council Genome Series May 4, 2017
  • 2. PROPRIETARY & CONFIDENTIAL PRESENTERS Sandra Fathi, President, Affect PR Council Board Member sfathi@affect.com @sandrafathi Simon Russell Managing Partner, BeCyberSure simonr@becybersure.com Vince L. Martinez Partner, K&L Gates LLP Vince.martinez@klgates.com
  • 3. PROPRIETARY & CONFIDENTIAL I.  Cyber Security 101: What you need to know about cyber security and threats in an agency environment II.  Legal Ramifications: Cyber security and the law, the agency’s responsibilities and liabilities III.  Crisis Communications: When it happens to you, a plan of action AGENDA March 4, 2010Affect
  • 4. PROPRIETARY & CONFIDENTIAL DEFENDING ENTERPRISE INTEGRITY Making InfoSec Part of the Culture Simon Russell, Managing Partner, BeCyberSure North America
  • 5. PROPRIETARY & CONFIDENTIAL Defending(Enterprise(Integrity((( What is “Cyber Security”?( •  The(process(of(applying(security( measures(to(ensure( confiden9ality,(integrity,(and( availability(of(data( •  Essen9ally,(protec9on(against( Cyber(Risk( What is “Cyber Risk”?( •  “Cyber(Risk”(means(any(risk(of( financial(loss,(disrup9on(or(damage( to(the(reputa9on(of(an(individual(or( organiza9on(from(some(sort(of( failure(of(their(informa9on( technology(systems(
  • 7. PROPRIETARY & CONFIDENTIAL Defending(Enterprise(Integrity((( Method# Problem# Solu+on# Wireless#Hotspots,# Bluetooth#+#Mobile# Subject(to(man(in(the( middle(aEacks( Public(WiHFi(/(VPN( Printers# LogHin(details(are( recorded( Default(password( Invoice#Processing#+# Payroll# Payment(redirec9on( Conveyancing( Payroll(Intercep9on( Loss(of(PII( Policy(and(procedures.( Friday(aPernoon( syndrome( Phishing#+#Ransomware# # Loss(of(data(/(access( Training( The#Cloud!# Lack(of(control( Use(2(FA(and(encryp9on( IT’S#ALL#TOO#EASY#
  • 10. PROPRIETARY & CONFIDENTIAL EXCUSES#FOR#NOT#ADDRESSING#CYBER# Defending(Enterprise(Integrity((( •  Usually easier targetI’M TOO SMALL •  All data has value or you could be a stepping stoneNOTHING WORTH STEALING •  Every organization is of interest to the criminal – they do not discriminate MY TYPE OF BUSINESS IS NOT A TARGET •  Not the point- there are other assets to stealI DON’T HANDLE MONEY •  You are still responsible - the responsibility is not outsourced I OUTSOURCE IT, PAYMENTS, ETC •  Not any more! SOMEONE ELSE WILL PAY IF SOMETHING GOES WRONG (e.g. banks, insurance)
  • 11. PROPRIETARY & CONFIDENTIAL (( 12© 2015 Optimal Risk and its partners/affiliates. All rights reserved. Source: 2014 Verizon Data Breach Investigations Report Secs# Mins# Hrs# Days# Weeks# Months# Years# Compromise( 19%( 42%( 12%( 23%( 0%( 5%( 1%( Exfiltra9on( 3%( 27%( 21%( 21%( 18%( 9%( 0%( Discovery( 0%( 3%( 11%( 17%( 16%( 41%( 11%( Containment( 0%( 2%( 5%( 42%( 22%( 29%( 0%( Timespan of events by % of Web App breaches In 50% of breaches, data is stolen in hours 41% of breaches are not discovered for months Be Very Worried 40% of companies experienced a data breach 61% of espionage is not discovered for months More than 50% of companies do NOT conduct security testing 38% of companies are not capable of resolving an attack 51% increase of companies reporting >$10M loss 34% of companies do not know if/ how
  • 14. PROPRIETARY & CONFIDENTIAL What(Steps(Should(You(Take?( •  Info(Security(audit(to(expose(holes(in(architecture,( focus(on(what(data(you(have(and(where(it(sits.(( •  Policies(and(Procedures( •  Social(engineering(tes9ng(i.e.(Phishing(( •  Ongoing(Penetra9on(tes9ng( •  Staff(training( •  System(monitoring( •  Think(about(3rd(party(risks( # #Defending(Enterprise(Integrity(((
  • 16. Regulatory and Legal Considerations
  • 17. Basic Incident Response Steps •  Recognize the occurrence of an incident. •  Notify and assemble the incident response team to begin the investigation. •  The internal team can include IT, Security, HR, Counsel, Compliance, business heads and IR. •  The external team can include outside counsel, technological consultancies and crisis management / public relations firms. •  Identify and fix (or contain) the technological issue. •  Determine any legal obligations and comply. •  Determine if any public reporting obligations exist. •  Communicate with the public as appropriate. •  Eradicate remnants of the security incident and recover business operations.
  • 18. Data Breach Notification Requirements •  The primary consideration is the exposure of personally identifiable information (PII). •  All states except AL and SD require companies to notify affected individuals when their PII has been compromised. •  There are variances in notification laws and the types of data considered PII. •  Most states require notice as soon as reasonably possible; a few require notice within 30 to 45 days of discovery. •  Certain federal laws, such as HIPAA and GLBA, require companies to notify affected individuals. •  Certain federal regulators, including the FTC and FCC, are active within their jurisdictions. •  Breach notification can also be a function of contract, which should be known before an incident occurs.
  • 19. Notifying Law Enforcement •  Relevant federal law enforcement agencies include the FBI and the Secret Service. •  The Department of Justice has issued guidance for interacting with federal law enforcement authorities in the wake of a cybersecurity event. •  https://www.justice.gov/sites/default/files/criminal-ccips/legacy/ 2015/04/30/04272015reporting-cyber-incidents-final.pdf •  State Attorneys General may also be required to be notified. •  It is a best practice to have pre-established contacts with law enforcement before an event. •  Remember that law enforcement has different goals than you when responding to a cybersecurity event, and the logistics and possible issues surrounding law enforcement involvement should be understood beforehand.
  • 20. Public Company Reporting Obligations •  The SEC’s Division of Corporation Finance offered guidance in 2011. •  https://www.sec.gov/divisions/corpfin/guidance/cfguidance-topic2.htm •  The guidance gives context to materiality in several parts of periodic reports. •  Some incidents may be described generally in quarterly and annual filings. •  Filing a Form 8-K is most appropriate for events of immediate material consequence to investors. •  The SEC has not yet brought an enforcement action for inadequate cybersecurity disclosure, but has frequently indicated its interest in doing so.
  • 21. Recent Regulatory Developments •  The New York Department of Financial Services recently implemented regulations for certain financial institutions: •  http://www.dfs.ny.gov/legal/regulations/adoptions/dfsrf500txt.pdf •  Affects both businesses registered under the New York Banking, Insurance and Financial Services Laws, as well as certain third parties that service those businesses. •  Contains specific technological measures required of covered entities. •  The Colorado Division of Securities recently proposed enhanced cybersecurity measures for broker-dealers and investment advisers: •  https://drive.google.com/file/d/0BymCt_FLs-RGUWl5c3lDUVlzeDg/view •  Specifies what measures firms should consider in order to have “written procedures reasonably designed to ensure cybersecurity.” •  Takeaway: More regulators are beginning to list specific measures required.
  • 22. Consequences of a Cyber Incident •  Major damage to the company’s operations, customer loyalty, reputation and financial results. •  Litigation, settlement, repair and remediation costs in recent cases have reached into the tens of millions of dollars, including: •  Example: Target - breach related costs approaching $180 million per latest Form 10-K. •  Shareholder derivative actions, including against directors •  Customer class actions •  Litigation with (former) business partners •  Regulatory investigations, actions and remediation oversight •  Example: FTC v. Wyndham Worldwide Corp. •  Inadequate or misleading data security protections can be charged as unfair and deceptive trade practices. •  Activist investor campaigns
  • 23. Roles for Outside Counsel •  Extend attorney-client privilege to response advice. •  Extend work product protection to investigative documentation. •  Hire other third parties as agents of the legal engagement. •  Establish contact with law enforcement. •  Identify likely regulators and applicable standards and guidance. •  Identify legal and contractual obligations to notify or report. •  Ensure legal accuracy of public statements.
  • 25. PROPRIETARY & CONFIDENTIAL WHY DO AGENCIES THINK THEY ARE IMMUNE?
  • 26. PROPRIETARY & CONFIDENTIAL WHAT’S THE SCENARIO •  Scenario #1: A reporter tweets that they’ve broken a story about your data breach – you were unaware that the press was aware. •  Scenario #2: IT department detects a breach and informs the PR department that it has been mitigated. •  Scenario #3: The FBI calls to tell you that they are investigating your data breach. •  Scenario #4: The IT department reports a breach to PR, but has no idea how large it is or what the total impact will be. •  Scenario #5: A Hacker threatens to release your client’s data if you don’t pay $100,000 in Bitcoin You need a plan and you needed it yesterday.
  • 27. PROPRIETARY & CONFIDENTIAL THE THREAT IS REAL •  The Element of Surprise: breaches are often leaked to the media before full investigations are complete •  Under Pressure: Customers, media, employees etc. demand information •  The Gift that Keeps on Giving: Data breach incidents tend to have more than one news cycle •  Social Media Wildfire: False information spreads quickly on sites like Twitter, Facebook and LinkedIn If you are prepared for data breach response, you have a better chance of controlling your message and preserving your reputation.
  • 28. PROPRIETARY & CONFIDENTIALAffect CORE CONCEPTS CRISIS COMMUNICATIONS 4 Phases of Crisis Communications 1.  Readiness 2.  Response 3.  Reassurance 4.  Recovery
  • 29. PROPRIETARY & CONFIDENTIALAffect PHASE 1: READINESS PREVENTATIVE MEDICINE Anticipating a Crisis 1.  Crisis Mapping (SWOT Analysis) 2.  Policies and Procedures (Prevention) 3.  Crisis Monitoring 4.  Crisis Communications Plan 5.  Crisis Action Plan 6.  Crisis Standard Communications Template
  • 30. PROPRIETARY & CONFIDENTIALAffect THREAT MAPPING RISK ASSESSMENT Internal •  Employees •  Facilities •  Vendors/Suppliers •  Distributors/Resellers •  Product External •  Acts of Nature •  Market •  Legal Restrictions/Law •  Customers •  Advocacy Groups Anticipating & Understanding Threats to a Business People, Products, Facilities, Environment, Information
  • 31. PROPRIETARY & CONFIDENTIALAffect INFORMATION THREATS What’s in your files? 1.  HR – Name, Address, Social Security 2.  Payroll – Name, Address, Social Security & Bank Account 3.  Customer – Name, Address, Credit Card & Bank Account 4.  Vendor – Name, Address, Credit Card & Bank Account 5.  Other – Medical Records, Demographic Information, Email, File Servers etc.
  • 32. PROPRIETARY & CONFIDENTIALAffect CRISIS COMMUNICATIONS ANTICIPATING THREATS Create A Chart: Potential Informational Threats to Your Business HR Sales Marketing Finance Rank Order High Risk to Low Risk
  • 33. PROPRIETARY & CONFIDENTIALAffect CRISIS TOOLKIT RESPONSE RESOURCES 1. Develop materials: •  Messages/FAQ •  Prepared statements •  Press release template •  Customer letters 2.  Train employees •  Awareness •  Anticipation •  Organizational Preparation 3. Prepare channels: •  Hotline •  Dark site •  Social Media 4. Data Breach/Customer Assistance Resources •  Microsite/Landing Page FAQ •  Identity Theft Remediation Services •  Force Password/Account Information Change •  Special Customer Advocate/Team
  • 34. PROPRIETARY & CONFIDENTIALAffect IMMEDIATE ACTION BEST PRACTICES Preparing a Response 1.  Don’t delay 2.  Acknowledge situation 3.  Acknowledge impact and ‘victims’ 4.  Commit to investigate 5.  Commit to sharing information and cooperation with relevant parties 6.  Share corrective action plan if available 7.  Respond in the format in which the crisis was received**
  • 35. PROPRIETARY & CONFIDENTIALAffect RESPONSE OUTLINE CRITICAL INFORMATION Prepare a Template Crisis Response: 1.  What happened? 2.  What do we know about it? 3.  Who/what was impacted? 4.  How do we feel about it? (How should we feel?) 5.  What are we going to do about it? 6.  When are we going to do it? 7.  When/how will we communicate next?
  • 36. PROPRIETARY & CONFIDENTIALAffect CUSTOMER COMMUNICATION Notice of Data Breach 1.  Introduction: Why are we contacting you? 2.  What happened? 3.  What information was compromised? 4.  What are we doing to remedy the situation? 5.  What can you do to prevent/mitigate further risk? 6.  Where can you find more information?
  • 37. PROPRIETARY & CONFIDENTIAL BREACH NOTIFICATIONS SAMPLES
  • 38. PROPRIETARY & CONFIDENTIALAffect PHASE 3: REASSURANCE DOSE OF MEDICINE Who to Reassure? How to Reassure? 1.  Develop full response plan 2.  Put plan into action: Immediate remedy 3.  Communicate results of plan and impact 4.  Reaffirm commitment to correction 5.  Demonstrate results of program
  • 39. PROPRIETARY & CONFIDENTIALAffect PHASE 4: RECOVERY LONG-TERM TREATMENT PLAN Rebuilding reputation, trust and customer loyalty Implementing preventative measures for long-term crisis mitigation and/or prevention 1.  Review need for operational, regulatory, environmental and employee changes 2.  Develop long-term plan including policies and prevention tactics 3.  Reassess crisis plan 4.  Regain customer/public trust
  • 40. PROPRIETARY & CONFIDENTIALAffect 1.  Implement Policies to Address Potential Vulnerabilities 2.  Establish a Regular Review Cycle for Information Security 3.  Establish Inter-Departmental Cooperation 4.  Establish a Framework for Response 5.  Build a Data Breach Crisis Toolkit 10 KEY TAKEAWAYS CRISIS COMMUNICATIONS FOR DATA BREACHES
  • 41. PROPRIETARY & CONFIDENTIALAffect 6.  Know Where & How to Respond 7.  Prepare Your Employees in Advance 8.  Establish Assistance Services for those Impacted 9.  Know the Law Regarding Reporting in All Regions of Operations 10.  Be Honest, Be Transparent 10 KEY TAKEAWAYS CRISIS COMMUNICATIONS FOR DATA BREACHES
  • 42. PROPRIETARY & CONFIDENTIALAffect RESOURCES White Paper: Crisis Communications in the Social Media Age Download at: Affect.com
  • 43. PROPRIETARY & CONFIDENTIAL March 4, 2010Affect Strategies Thank you Slides Available: Slideshare.net/sfathi Sandra Fathi, President, Affect PR Council Board Member sfathi@affect.com @sandrafathi Simon Russell Managing Partner, BeCyberSure simonr@becybersure.com Vince L. Martinez Partner, K&L Gates LLP Vince.martinez@klgates.com