How to Get Started in Social Media for Art League City
Data Breaches and the Social Web
1. Social Web + Data Breaches =
Reputation Risk
Boyd Neil
National Practice Leader
Social Media and Digital Communications
boyd.neil@hkstrategies.com
June 28, 2012
2.
3. 3
The Social Web Changes Crisis
Communications Permanently
6/28/2012
4. ‘There won’t be a significant event in the future that
won’t involve public participation… Social media
(is) the sociological equivalent of climate change.’
Retired Admiral Thad Allen
5. 5
New voices
Two-way channels Providing organizations
empowered through
creating opportunities with means to directly
digital challenging
for dialogue yet to be touch most important
traditional media
fully exploited audiences
primacy
Reputation & risk
Mobile technologies
management models
moving us into new
impacted: speed,
areas still not fully
transparency,
understood
inaccuracy
6. 6
A New Frontier for Risk:
Data Breaches
6/28/2012
25. 25
“[Brands suffering data leaks] should email people, post on Twitter,
Facebook and address their customers where they are - you shouldn‟t
have to let people do a Google search or find out through word of
mouth.”
• Alys Woodward, research director at market intelligence firm IDC
Europe
26. 11 principles for managing 26
data breach communication
on the social web
1. Use the social web dammit
(and ignore the
sarcasm/humour)
2. Drive internally for timely
notification (1-2 hours)
3. Provide interim security advice
(„change password
immediately‟)
4. Be transparent about the
scope and consequences of
the data breach (when known)
27. 11 principles for managing 27
data breach communication
on the social web
5. Coordinate internal protocols
for multi-platform
communications (Twitter,
Facebook, YouTube, etc.)
6. Use #hashtags related to
incident so your info. is there
in frame used to share news
(Twitter/Facebook
7. Use multiple media formats
(visuals + video + text) . . .
facilitates sharing
28. 11 principles for managing 28
data breach communication
on the social web
8. Amplify through
paid/promoted
tweets/Facebook posts
9. Reply to social web
dialogue + questions with
„confident humility‟
10. Commit to fixing your
firewall and/or internal
security processes
11. Get ready now for the
social web part of the hack
dammit
I’ll cover three things today:1 . . . A perspective on the social web (define it Boyd)2 . . . The prevalence and impact of data breaches today3 . . . 11 principles for managing communications on the social web should your organization be faced with a data breach
Definition of ‘data breach’ . . . “A data breach is the intentional or unintentional release of secure information to an untrusted environment . . . It is a security incident in which sensitive, protected or confidential data is copied, transmitted, viewed, stolen or used by an individual unauthorized to do so.”
Before discussing data breaches, their frequency and impact, and how to manage communication around data breaches in social media, I want to make a few foundational points about the relationship between the social web and crisis communications.
In general, digital security is considered a major threat by consumersWhile it appears that the percentage of digital contact as a proportion of all fraud has stayed the same, this is in spite of the fact that our awareness of online security threats has increased significantly
Yet as individuals we are remarkably incautious about what information we share when we go online, especially on platforms like Facebook which we see as a private exchange with friends . . . This is a whole new area of social interest and books are being written about it.There is also something which I like to call the ‘fallacy of the password paradigm’ . . . The believe that our single username and password will protect out account . . . Even though that data is sitting on corporate organizational databases.
Not surprisingly then, identity theft remains the biggest threat even though it has declined by 2.0 % over the past three years.But while individuals are vulnerable given their propensity to share indiscriminately, the biggest security threats are when companies are hacked.
It is difficult to put a dollar value on these breaches since they often resolve very quickly . . . But as we will get to, there are significant so-called ‘soft’ costs that may be more profound.
Nevertheless, the cost to the companies and, therefore, to consumers because we pay through rising product and service costs, is huge. In the last five years, it is estimated that the cost of security breaches over the last twenty years or so is in the neighbourhood of $22 billion.
Sony Corporation in the last year alone has been the target of hacks and inadvertent data breaches affecting in the range of 26 million customers.The highest profile one was the April 26, 2011 attack on Sony’s PlayStation Network.
How are these breaches made?Most are from hacking . . . Relatively few from social tactics such as the release of secure data over Twitter or Facebook for example92% of incidents were discovered by a third party which means:1 . . . Companies are likely not as rigorous as they should be2 . . . Because they are discovered by third parties it means that they are susceptible to being released through social networks like Twitter . . . The social web can easily find out about data breaches before you do . . . And begin the assault on your organization for its lack of diligence etc.
The impact of these data breaches is not so much the dollar cost . . . But the two-fold consequence of the central place the Internet and the social web have in our lives today:1 . . . The level of trust people have in the organization that is the target of the data breach2 . . . The reputation of the organization among governments, suppliers and customers.
These breaches are seldom hidden anymore and it is often people on social networks who 1 . . . Uncover the breach through the immediate evidence they have of their own accounts being hacked.2 . . . Amplify the news of the breach through the social networks which now connect a billion or so of us
So . . . If your organization is hacked
What do you do:
ACL . . . ACCESS CONTROL LIST … a set of data that informs a computer’s operating system about access permissions.POS … POINT OF SALE . . . But also means Parent Over Shoulder when teens are texing.
What do you do:First is to recognize that how you react on the social web will make a difference to both trustand reputation, which in my view are where the worst damage can be done.Second is to recognize that you can avoid what I call the risk of inaction; in other words, you can prepare your social web response in advance in the same way prepare and practice your crisis communication plans.
When you are faced with a data breach, you should use every social channel at your disposal – as soon as possible – to tell customers about the problem and what they should do.