FPRA Capital Chapter: Managing a Hack

PROPRIETARY & CONFIDENTIAL March 4, 2010Aﬀect Strategies

MANAGING A HACK:
A Communicator’s Guide to Responding to a Data Breach
Sandra Fathi
President, Affect
Email: sfathi@affect.com
tweet: @sandrafathi
web: affect.com
blog: techaffect.com
FPRA Capital Chapter
May 25, 2017

PROPRIETARY & CONFIDENTIAL
SANDRA FATHI
Founder and president of Affect, a public relations and social media firm
specializing in technology, healthcare and professional services
o  Board Member, PR Council
o  Past Tri-State District Chair, PRSA
o  Past President, PRSA-NY Chapter
o  Past President, PRSA Technology Section

@sandrafathi
sfathi@affect.com
@sandrafathi Affect

SAMPLE CRISIS WORK
o  Data Breaches, Identity Theft, Website Hacks, Malware
(Multiple Companies)
o  Product Recall for Potential Lead Poisoning (Baby Product)
o  Hurricane Sandy, Hurricane Irene (ConEd)
o  Worker Strike, Manhole Cover Explosion, Building Explosion (ConEd)
o  Hit & Run (By Company Employee)
o  Sexual Harassment and Executive Misconduct (By CEO)
o  Executive Arrest for DUI
o  Terrorist Activity Interrupts Operations (Tech Company)
o  Foreign Maﬁa Threats on Executives
o  Employee Kidnapping/Release by Militia (EDS)

@sandrafathi@sandrafathi Aﬀect

PROPRIETARY & CONFIDENTIALAﬀect
SCALE OF THE ISSUE

Cyber
Threats
Insiders
Hacktivist
Organized
Crime
Script
Kiddies
Cyber
Terrorist
State-
Sponsored
WHO IS BEHIND IT

PROPRIETARY & CONFIDENTIAL@sandrafathi Aﬀect

SAMPLE CYBER THREATS

SAMPLE CYBER THREATS II

THE THREAT IS REAL

DOMINO-EFFECT

THE THREAT IS
REAL
•  The Element of Surprise: breaches are often leaked to the media before full
investigations are complete
•  Under Pressure: Customers, media, employees etc. demand information
•  The Gift that Keeps on Giving: Data breach incidents tend to have more than
one news cycle
•  Social Media Wildﬁre: False information spreads quickly on sites like Twitter,
Facebook and LinkedIn
If you are prepared for data breach response, you have a better chance of
controlling your message and preserving your reputation.

•  Gmail
•  DropBox
•  Yahoo
•  Oracle
•  Snapchat
•  Cisco
•  Verifone
•  Yahoo
•  Xbox
•  Intercontinental
Hotels
•  Arby’s
•  Wendy’s
•  Chipotle
•  Dun &
Bradstreet
•  UNC Healthcare
•  Saks Fifth
Avenue
•  Brooks
Brothers
DATA BREACHES LAST 18 MONTHS

WHAT’S THE
SCENARIO
•  Scenario #1: A reporter tweets that they’ve broken a story about your
data breach – you were unaware that the press was aware.
•  Scenario #2: IT department detects a breach and informs the PR
department that it has been mitigated.
•  Scenario #3: The FBI calls to tell you that they are investigating your
data breach.
•  Scenario #4: The IT department reports a breach to PR, but has no
idea how large it is or what the total impact will be.
You need a plan and you needed it yesterday.

CORE CONCEPTS
CRISIS COMMUNICATIONS
4 Phases of Crisis Communications
1.  Readiness
2.  Response
3.  Reassurance
4.  Recovery

PHASE 1: READINESS
PREVENTATIVE MEDICINE
Anticipating a Crisis
1.  Crisis Mapping (SWOT Analysis)
2.  Policies and Procedures (Prevention)
3.  Crisis Monitoring
4.  Crisis Communications Plan
5.  Crisis Action Plan
6.  Crisis Standard Communications Template

THREAT MAPPING
RISK ASSESSMENT
Internal
•  Employees
•  Facilities
•  Vendors/Suppliers
•  Distributors/Resellers
•  Product
External
•  Acts of Nature
•  Market
•  Legal Restrictions/Law
•  Customers
•  Advocacy Groups
Anticipating & Understanding Threats to a Business
People, Products, Facilities, Environment, Information

INFORMATION THREATS
What’s in your ﬁles?
1.  HR – Name, Address, Social Security
2.  Payroll – Name, Address, Social Security & Bank Account
3.  Customer – Name, Address, Credit Card & Bank Account
4.  Vendor – Name, Address, Credit Card & Bank Account
5.  Other – Medical Records, Demographic Information, Email, File Servers
etc.

CRISIS COMMUNICATIONS
ANTICIPATING THREATS
Create A Chart:
Potential Informational Threats to Your Business
HR Sales Marketing Finance
Rank Order
High Risk
to
Low Risk

CRISIS TOOLKIT
RESPONSE RESOURCES
1. Develop materials:
•  Messages/FAQ
•  Prepared statements
•  Press release template
•  Customer letters
2.  Train employees
•  Awareness
•  Anticipation
•  Organizational Preparation
3. Prepare channels:
•  Hotline
•  Dark site
•  Social Media
4. Data Breach/Customer Assistance
Resources
•  Microsite/Landing Page FAQ
•  Identity Theft Remediation
Services
•  Force Password/Account
Information Change
•  Special Customer Advocate/Team

IMMEDIATE ACTION
BEST PRACTICES
Preparing a Response
1.  Don’t delay
2.  Acknowledge situation
3.  Acknowledge impact and ‘victims’
4.  Commit to investigate
5.  Commit to sharing information and cooperation with relevant parties
6.  Share corrective action plan if available
7.  Respond in the format in which the crisis was received**

PROPRIETARY & CONFIDENTIAL March 4, 2010
SOURCE: IMATION

RESPONSE OUTLINE
CRITICAL INFORMATION
Prepare a Template Crisis Response:
1.  What happened?
2.  What do we know about it?
3.  Who/what was impacted?
4.  How do we feel about it? (How should we feel?)
5.  What are we going to do about it?
6.  When are we going to do it?
7.  When/how will we communicate next?

CUSTOMER COMMUNICATION
Notice of Data Breach
1.  Introduction: Why are we contacting you?
2.  What happened?
3.  What information was compromised?
4.  What are we doing to remedy the situation?
5.  What can you do to prevent/mitigate further risk?
6.  Where can you ﬁnd more information?

BREACH NOTIFICATIONS
SAMPLES

BREACH CONSEQUENCES

PHASE 3: REASSURANCE
DOSE OF MEDICINE
Who to Reassure? How to Reassure?
1.  Develop full response plan
2.  Put plan into action: Immediate remedy
3.  Communicate results of plan and impact
4.  Reaﬃrm commitment to correction
5.  Demonstrate results of program

PHASE 4: RECOVERY
LONG-TERM TREATMENT PLAN
Rebuilding reputation, trust and customer loyalty
Implementing preventative measures for long-term crisis mitigation
and/or prevention
1.  Review need for operational, regulatory, environmental and employee
changes
2.  Develop long-term plan including policies and prevention tactics
3.  Reassess crisis plan
4.  Regain customer/public trust

1.  Implement Policies to Address Potential Vulnerabilities
2.  Establish a Regular Review Cycle for Information Security
3.  Establish Inter-Departmental Cooperation
4.  Establish a Framework for Response
5.  Build a Data Breach Crisis Toolkit
10 KEY TAKEAWAYS
CRISIS COMMUNICATIONS FOR DATA
BREACHES

6.  Know Where & How to Respond
7.  Prepare Your Employees in Advance
8.  Establish Assistance Services for those Impacted
9.  Know the Law Regarding Reporting in All Regions of Operations
10.  Be Honest, Be Transparent
10 KEY TAKEAWAYS
CRISIS COMMUNICATIONS FOR DATA
BREACHES

SCENARIO 1: Prestigious Hospital - Tallahassee Premier Medical Center
Your IT department informs you that they’ve just discovered that a hospital
server has been breached. They don’t know exactly when it happened,
sometime in the last 12 months, but potentially all employee data (10,000
employees) and medical records for approximately 100,000 patients may
have been compromised. The data was not encrypted.
Assignments:
1.  Craft an action plan for the next 24 hours: What steps need to be taken? Who needs
to be involved?
2.  Develop a patient communications plan. Write a data breach notiﬁcation letter to
patients.
3.  Develop an employee communications plan. Write a data breach notiﬁcation letter
to employees.
4.  Develop a plan of action for reassurance and recovery for the long term.
WORKSHOP 1

WORKSHOP 2
SCENARIO 2: Financial Services Company – Sunshine Banking
You get an inﬂux of calls from customers experiencing trouble with your
online banking system. You discover that the bank is the target of a DDoS
attack. You, and your customers, cannot access the bank website. The attack
is paralyzing your business. The IT department doesn’t currently know how to
stop it or how long it will take to remediate the situation.
Assignments:
1.  Craft an action plan for the next 4 hours. What needs to happen?
2.  Members of the media are starting to call. Develop a communications plan for
media and write a statement or press release.
3.  Develop a communications plan for customers. Write a sample customer
communication.

WORKSHOP 3
SCENARIO 3: Consumer Brand – Promises Wholesome Snacks
You just received a call from a reporter from the Tallahassee Democrat asking
you to comment on the racist remarks on your Facebook page and the call for
a company boycott. You go to the FB page and realize that someone has
posted a diatribe of hate speech on your page (in the name of the company)
and there have already been over 1000 comments and a call by customers to
boycott the company’s products and stores that carry them. You also realize
that someone has changed your admin rights and you can no longer access
the page.
Assignments:
1.  Craft an action plan for the next 12 hours.
2.  Develop a customer communications plan. What are your key messages for
customers?

RESOURCES
White Paper:
Crisis Communications in the Social Media Age
Download at: Aﬀect.com

Sandra Fathi
President, Affect
Email: sfathi@affect.com
tweet: @sandrafathi
web: affect.com
blog: techaffect.com
Slides Available: Slideshare.net/sfathi

FPRA Capital Chapter: Managing a Hack

More Related Content

Similar to FPRA Capital Chapter: Managing a Hack

More from Sandra Fathi

Recently uploaded

FPRA Capital Chapter: Managing a Hack