DATA BREACHES What’s Your Plan? · Your crisis communications team’s first priority is to...
Transcript of DATA BREACHES What’s Your Plan? · Your crisis communications team’s first priority is to...
![Page 1: DATA BREACHES What’s Your Plan? · Your crisis communications team’s first priority is to communicate directly with your affected stakeholders as soon as possible. • Take control](https://reader033.fdocuments.net/reader033/viewer/2022042315/5f03d0f17e708231d40ae95c/html5/thumbnails/1.jpg)
DATA BREACHESWhat’s Your Plan?
PREPARED BY
![Page 2: DATA BREACHES What’s Your Plan? · Your crisis communications team’s first priority is to communicate directly with your affected stakeholders as soon as possible. • Take control](https://reader033.fdocuments.net/reader033/viewer/2022042315/5f03d0f17e708231d40ae95c/html5/thumbnails/2.jpg)
![Page 3: DATA BREACHES What’s Your Plan? · Your crisis communications team’s first priority is to communicate directly with your affected stakeholders as soon as possible. • Take control](https://reader033.fdocuments.net/reader033/viewer/2022042315/5f03d0f17e708231d40ae95c/html5/thumbnails/3.jpg)
NO ONE IS SAFE
![Page 4: DATA BREACHES What’s Your Plan? · Your crisis communications team’s first priority is to communicate directly with your affected stakeholders as soon as possible. • Take control](https://reader033.fdocuments.net/reader033/viewer/2022042315/5f03d0f17e708231d40ae95c/html5/thumbnails/4.jpg)
IT’S NOT IF THERE IS GOING TO BE A DATA BREACH
It’saquestionof
![Page 5: DATA BREACHES What’s Your Plan? · Your crisis communications team’s first priority is to communicate directly with your affected stakeholders as soon as possible. • Take control](https://reader033.fdocuments.net/reader033/viewer/2022042315/5f03d0f17e708231d40ae95c/html5/thumbnails/5.jpg)
92%oforganizationsbreachedsuffercommercialconsequencesTargetincurredover$290millioninbreachexpenses,ofwhichinsuranceonlycovered31%
64%ofconsumerssurveyedworldwidesaytheyareunlikelytoshopordobusinessagainwithacompanythathadexperiencedabreachwherefinancialinformationwasstolen
![Page 6: DATA BREACHES What’s Your Plan? · Your crisis communications team’s first priority is to communicate directly with your affected stakeholders as soon as possible. • Take control](https://reader033.fdocuments.net/reader033/viewer/2022042315/5f03d0f17e708231d40ae95c/html5/thumbnails/6.jpg)
Communicationsiscriticaltosuccessfullymanagingadatabreach
• Thekeyismanagingtheresponse• Knowwhatyou’regoingtosay
Delaying,hiding,concealinginformationaboutcustomersisnotviewedfavourably
![Page 7: DATA BREACHES What’s Your Plan? · Your crisis communications team’s first priority is to communicate directly with your affected stakeholders as soon as possible. • Take control](https://reader033.fdocuments.net/reader033/viewer/2022042315/5f03d0f17e708231d40ae95c/html5/thumbnails/7.jpg)
Today’srealityinanonlineworldcanwreakhavoconabrand,whichiswhyspeed,honestyandhavingaplanyoucanexecute,areallcentraltoaneffectivecrisiscommunicationsresponse.Evenonestatementtakenoutofcontextormadebyanemployeecanhaveadevastatingimpactonabrand’sbottomline.
![Page 8: DATA BREACHES What’s Your Plan? · Your crisis communications team’s first priority is to communicate directly with your affected stakeholders as soon as possible. • Take control](https://reader033.fdocuments.net/reader033/viewer/2022042315/5f03d0f17e708231d40ae95c/html5/thumbnails/8.jpg)
JULY 2016:
Over1,000 USlocationsimpacted– morethan3.4timesthenumberoflocationsfirstannouncedinthefallof2015.Customerdata,includingcardholdernames,creditordebitcardnumbers,cardholderverificationvalues,andservicecodesstolen.
![Page 9: DATA BREACHES What’s Your Plan? · Your crisis communications team’s first priority is to communicate directly with your affected stakeholders as soon as possible. • Take control](https://reader033.fdocuments.net/reader033/viewer/2022042315/5f03d0f17e708231d40ae95c/html5/thumbnails/9.jpg)
LackofcommunicationfrustratesOhiocreditunion:
Wedon'tknowhowlargeorsmalltheproblemis.Wendy'sisnotprovidingthatinformationfastenough,whichistypicalinthesebreaches.
- GretchenBartholomew,directorofoperations,Kemba FinancialCreditUnion
![Page 10: DATA BREACHES What’s Your Plan? · Your crisis communications team’s first priority is to communicate directly with your affected stakeholders as soon as possible. • Take control](https://reader033.fdocuments.net/reader033/viewer/2022042315/5f03d0f17e708231d40ae95c/html5/thumbnails/10.jpg)
Targetwasavictimofoneofthemostwidespreaddatabreachesinhistory.MalwarefromthelaptopofanHVACcontractormadeitswayontoTarget’smaincomputernetwork.Throughthethird-partyvendor,hackerswereabletoaccessTarget’sdatabase.Morethan40million Targetcustomershadtheirdebitandcreditcardrecordsstolen.70millionpeople hadtheiremailandmailingaddressestaken
![Page 11: DATA BREACHES What’s Your Plan? · Your crisis communications team’s first priority is to communicate directly with your affected stakeholders as soon as possible. • Take control](https://reader033.fdocuments.net/reader033/viewer/2022042315/5f03d0f17e708231d40ae95c/html5/thumbnails/11.jpg)
• Concernedconsumersfacedpoorcustomerservicewhencallingorsearchingformoreinformationregardingthebreachafterthenewsinitiallybroke.
• Quarterlyprofitsdroppedby46%asthehithappenedduring2013Xmasholidays
• Target’sCEOresigned• Breachcoststodate:$290millionUSD
![Page 12: DATA BREACHES What’s Your Plan? · Your crisis communications team’s first priority is to communicate directly with your affected stakeholders as soon as possible. • Take control](https://reader033.fdocuments.net/reader033/viewer/2022042315/5f03d0f17e708231d40ae95c/html5/thumbnails/12.jpg)
• IttookTarget22daysfromitsbreach’soccurrenceforittoreportitpublicly
• IttookWendy’s51daystoreportitpublicly• Targettook19daysfromitsfirstannouncementtoconfirmpublicly
ithadremovedthemalwareandstopthebreach• IttookWendy’s143daystomakethesameannouncement
![Page 13: DATA BREACHES What’s Your Plan? · Your crisis communications team’s first priority is to communicate directly with your affected stakeholders as soon as possible. • Take control](https://reader033.fdocuments.net/reader033/viewer/2022042315/5f03d0f17e708231d40ae95c/html5/thumbnails/13.jpg)
Veridian CreditUnionhasfiledaclassactionlawsuitagainstWendy'sTheclassactionclaimsWendy'sfailedtopreventthebreachbyupdatingitsPOSsystems
Despitethegrowingthreatofcomputersystemintrusion,Wendy'ssystematicallyfailedtocomplywithindustrystandardsandprotectpaymentcardandcustomerdata.
![Page 14: DATA BREACHES What’s Your Plan? · Your crisis communications team’s first priority is to communicate directly with your affected stakeholders as soon as possible. • Take control](https://reader033.fdocuments.net/reader033/viewer/2022042315/5f03d0f17e708231d40ae95c/html5/thumbnails/14.jpg)
Veridian claimssecuritysystemswereoutdated,creditcardinformationwasn'tdeletedwhenitwassupposedtobe,antivirussoftwarewasn'tregularlyupdated,firewallsweren'tmaintained,andaccesstonetworkandcreditcarddatawasn'tmonitored.
![Page 15: DATA BREACHES What’s Your Plan? · Your crisis communications team’s first priority is to communicate directly with your affected stakeholders as soon as possible. • Take control](https://reader033.fdocuments.net/reader033/viewer/2022042315/5f03d0f17e708231d40ae95c/html5/thumbnails/15.jpg)
• Franchisorsneedtolearnhowtoeffectivelycommunicatedatabreaches
• Lettingconsumersknowaboutabreachearlyoncanhelppreventdamagetoafranchise’sreputation
• Asuccessfulcrisiscommunicationsresponseforfranchisesrelaystherightkeymessagestoallstakeholdersasquicklyaspossible
![Page 16: DATA BREACHES What’s Your Plan? · Your crisis communications team’s first priority is to communicate directly with your affected stakeholders as soon as possible. • Take control](https://reader033.fdocuments.net/reader033/viewer/2022042315/5f03d0f17e708231d40ae95c/html5/thumbnails/16.jpg)
How can you apply best practices to protect your franchise from a data breach or cyber crisis?
![Page 17: DATA BREACHES What’s Your Plan? · Your crisis communications team’s first priority is to communicate directly with your affected stakeholders as soon as possible. • Take control](https://reader033.fdocuments.net/reader033/viewer/2022042315/5f03d0f17e708231d40ae95c/html5/thumbnails/17.jpg)
STEP 1: COMMUNICATE THE PROBLEM
Yourcrisiscommunicationsteam’sfirstpriorityistocommunicatedirectlywithyouraffectedstakeholdersassoonaspossible.• Takecontrolofthestory• Behonestandtothepoint• Letyouractionsandwordsshowhowdeeplyyoucareandare
takingthesituationseriously• Makesureyourcommunicationsanswersthemainquestions
![Page 18: DATA BREACHES What’s Your Plan? · Your crisis communications team’s first priority is to communicate directly with your affected stakeholders as soon as possible. • Take control](https://reader033.fdocuments.net/reader033/viewer/2022042315/5f03d0f17e708231d40ae95c/html5/thumbnails/18.jpg)
• Sayhowthebreach:
§ affectsthoseimpacted§ whattheyshoulddotoimmediatelyprotectthemselvesand…§ whereandwhenyouwillprovideanotherupdate
COMMUNICATE
![Page 19: DATA BREACHES What’s Your Plan? · Your crisis communications team’s first priority is to communicate directly with your affected stakeholders as soon as possible. • Take control](https://reader033.fdocuments.net/reader033/viewer/2022042315/5f03d0f17e708231d40ae95c/html5/thumbnails/19.jpg)
STEP 2: RELEASE YOUR OFFICIAL STATEMENT
• Draftanofficialstatementandpublishittoyourcrisiscommunicationshomebase
• Createalinktothisstatementfromyourwebsite’shomepage• Tellyourstory.Ifthemediawillbereportingonthis,thengive
themthe(true)storytouse.Thisisagoodwaytomakesureyoubecomethenarrativeofyourowncrisis
![Page 20: DATA BREACHES What’s Your Plan? · Your crisis communications team’s first priority is to communicate directly with your affected stakeholders as soon as possible. • Take control](https://reader033.fdocuments.net/reader033/viewer/2022042315/5f03d0f17e708231d40ae95c/html5/thumbnails/20.jpg)
• Beashonest,transparentandcompassionateasyouwereinyourdirectcommunicationswithyouraffectedstakeholders.Focusonbuildingandstrengtheningyourrelationships
• Clearlystatewhattherepercussionsare,whatyouhavedoneandwhatyouwillbedoingtomanagethiscrisisandprotectthosewhoseconfidentialinformationhasbeenbreached
![Page 21: DATA BREACHES What’s Your Plan? · Your crisis communications team’s first priority is to communicate directly with your affected stakeholders as soon as possible. • Take control](https://reader033.fdocuments.net/reader033/viewer/2022042315/5f03d0f17e708231d40ae95c/html5/thumbnails/21.jpg)
• Answerallforeseeablequestions– andcomebackandupdatethisstatementasmorequestionsgetanswered
• Titlethisstatementwithatitlethatwillrankwellforthekeywordspeoplewillusetosearchformoreinformation
• Provideacontactformediainquiries
![Page 22: DATA BREACHES What’s Your Plan? · Your crisis communications team’s first priority is to communicate directly with your affected stakeholders as soon as possible. • Take control](https://reader033.fdocuments.net/reader033/viewer/2022042315/5f03d0f17e708231d40ae95c/html5/thumbnails/22.jpg)
STEP 3: MAKE SURE YOUR SOCIAL MEDIA TEAM IS READY
• Linktoyourofficialstatementfromyoursocialmediaaccounts• Monitorsocialmedia.peoplewillbegoingtoyourplatformsto:
§ Lookforinformation§ Askquestions§ Expresstheirupsetanddisappointment
![Page 23: DATA BREACHES What’s Your Plan? · Your crisis communications team’s first priority is to communicate directly with your affected stakeholders as soon as possible. • Take control](https://reader033.fdocuments.net/reader033/viewer/2022042315/5f03d0f17e708231d40ae95c/html5/thumbnails/23.jpg)
Yoursocialmediateamneedstobearmedwith:
• Clearmessagingforproperresponse• Informationonwheretosendspecificinquiriesthatneedtobe
redirected• Aresponseflowcharttohelpthemanswerthetoughquestions,
suchaswhentorespond,andwhentoescalateaspecificcasetothecrisisteam
![Page 24: DATA BREACHES What’s Your Plan? · Your crisis communications team’s first priority is to communicate directly with your affected stakeholders as soon as possible. • Take control](https://reader033.fdocuments.net/reader033/viewer/2022042315/5f03d0f17e708231d40ae95c/html5/thumbnails/24.jpg)
STEP 4: MONITOR YOUR ONLINE REPUTATION
![Page 25: DATA BREACHES What’s Your Plan? · Your crisis communications team’s first priority is to communicate directly with your affected stakeholders as soon as possible. • Take control](https://reader033.fdocuments.net/reader033/viewer/2022042315/5f03d0f17e708231d40ae95c/html5/thumbnails/25.jpg)
Ifthehackhasgarneredenoughattentionmediaandbloggerswillreportit.Thesearticleswillbeindexedinthesearchengines,whichmeansthatyouwillwantto:
• Makesureyourcommunicationsarehelpingtoshapethenarrativeofthiscrisis
• Dowhatyoucantomakesuretheserankedarticlesarenotgoingtooverpoweryourownonlinepresenceandrankings
![Page 26: DATA BREACHES What’s Your Plan? · Your crisis communications team’s first priority is to communicate directly with your affected stakeholders as soon as possible. • Take control](https://reader033.fdocuments.net/reader033/viewer/2022042315/5f03d0f17e708231d40ae95c/html5/thumbnails/26.jpg)
SUMMARY
• Communicate,communicate,communicate• Nosuchthingastoomuchinformation• Haveamediarelationsstrategy• Supportbrandtorebuildtrust• Demonstrateopenness• Commitmenttocustomers• Cybercrisiscanbecomeacrisisoftrustandloyaltyifswift
communicationsaren’tused
![Page 27: DATA BREACHES What’s Your Plan? · Your crisis communications team’s first priority is to communicate directly with your affected stakeholders as soon as possible. • Take control](https://reader033.fdocuments.net/reader033/viewer/2022042315/5f03d0f17e708231d40ae95c/html5/thumbnails/27.jpg)
THE 3Rs
![Page 28: DATA BREACHES What’s Your Plan? · Your crisis communications team’s first priority is to communicate directly with your affected stakeholders as soon as possible. • Take control](https://reader033.fdocuments.net/reader033/viewer/2022042315/5f03d0f17e708231d40ae95c/html5/thumbnails/28.jpg)
RESPONSIBILITY
• Takeresponsibilityforsolvingthedatabreach• Youractionswillreinforceyourwordsanddemonstrateyour
honestyandcommitment• Keyelementisyourdeterminationtoaddressandsolvetheissue,
notnecessarilyacceptingresponsibilityfortheunderlyingcause
![Page 29: DATA BREACHES What’s Your Plan? · Your crisis communications team’s first priority is to communicate directly with your affected stakeholders as soon as possible. • Take control](https://reader033.fdocuments.net/reader033/viewer/2022042315/5f03d0f17e708231d40ae95c/html5/thumbnails/29.jpg)
REGRET
• Evenifitisnotyourfault,expressregretthattheproblemhasdeveloped.Thiscanbeachievedwithoutsacrificinganylegalrights
![Page 30: DATA BREACHES What’s Your Plan? · Your crisis communications team’s first priority is to communicate directly with your affected stakeholders as soon as possible. • Take control](https://reader033.fdocuments.net/reader033/viewer/2022042315/5f03d0f17e708231d40ae95c/html5/thumbnails/30.jpg)
RESPONSE
• Timingisextremelyimportant• Youremployees,media,customersandthegeneralpublicmust
knowyouaretakingstepstodealwiththeissueandworkinghardtoensureitwillnotberepeated
![Page 31: DATA BREACHES What’s Your Plan? · Your crisis communications team’s first priority is to communicate directly with your affected stakeholders as soon as possible. • Take control](https://reader033.fdocuments.net/reader033/viewer/2022042315/5f03d0f17e708231d40ae95c/html5/thumbnails/31.jpg)
PREPARE FOR THE WORST – HOPE FOR THE BEST
• Alwaysplanforincidentresponse.Yourplanshouldincludedetection,responseandescalation,engaginglawenforcementasappropriate,preservationofevidence,compliancewithregulationsandcontractualagreements,customerandmedianotificationandpublicrelations.
![Page 32: DATA BREACHES What’s Your Plan? · Your crisis communications team’s first priority is to communicate directly with your affected stakeholders as soon as possible. • Take control](https://reader033.fdocuments.net/reader033/viewer/2022042315/5f03d0f17e708231d40ae95c/html5/thumbnails/32.jpg)
• Aprofessionalcrisiscommunicationsplanwillestablishabestpracticesprotocoltofollowandhelpmanagethecrucialearlydaysofacrisis
• Aplanwillprovetobeaninvaluableresourceforfranchisesthatmaybeoperatingwithoutoneinplacetoday,whichwouldbesimilartodrivingwithoutinsurance
• Holdamockcrisistoensureeveryoneisawareoftheirresponsibilitiesandtoseeareasthatneedtobeimproved