Are You Prepared for a Cyber Attack?

Nov 16th, 2015 | By | Category: News, Public relations, Security

One of the advantages to self-defense training is that it makes you more aware of possible dangers – and no matter what the danger is, being aware of it increases your chances to preventing an attack…

At an Information Security Conference in Doha yesterday, November 15th, Doha Bank CEO Dr. R. Seetharaman, said “Cyber security is not just a technology issue; it is a business risk that requires an enterprise-wide response.” Learning lessons from personal defense training – being aware of the risks is essential. New research from the Ponemon Institute, an internet security research firm, indicates the value of knowing more about cyber-threats. 65% of respondents in its recent survey admitted that knowing more about the threats could have mitigated the attacks. Staying alert to the dangers of a cyber-attack has more advantages than just financial. As Dr. R Seetharaman said in his address in Doha, that cyber security is a strategic risk because “it could create damage to an organization’s brand and reputation resulting in loss of share, value and market confidence.” In 2013, Target was one company to experience this, when hackers stole 110 million customers’ payment information.  A few months after the attack was revealed, not only did sales fall but also its reputation – as one customer summed up the damages: “We love Target but we are disappointed”. The dangers of a cyber-attack cannot be ignored, with almost half of respondents from the Ponemon’s survey admitting to a security breach in the last two years. The question remains then how many organizations are not only prepared for the attack on a logistic and technological level, but how many are prepared for it on a PR level?

PR LESSONS LEARNED

Just recently the British company, TalkTalk admitted that it had been a victim of a data leak. While damage (both financial and brand) cannot be avoided, the harm it causes can be diminished. The way TalkTalk responded can teach us a few PR lessons:

1. Admit the Problem

The attack was announced the day after the company had received a ransom note from the hackers and reported it to the police. The CEO appeared on Good Morning Britain soon after the announcement saying “We moved as fast as we possibly can… I really appreciate the frustration and the worry and the concern that this causes customers – I am a customer myself – and I am very sorry for that. We are rushing to try and get information to our customers as fast as we can.”

2. Apologize

A few days later the CEO made an official statement when more details of the hack were clear and how many customers had been affected (less than original thought) and said “On behalf of everyone at TalkTalk, I would like to apologise to all of our customers. We know that we need to work hard to earn back your trust and everyone here is committed to doing that. TalkTalk has shared the bank details of affected customers with their banks to help prevent fraud and has partnered with credit check company Noddle to offer customers a free year of credit monitoring alerts.”

3. Be Personal

The company contacted all the customers affected by the hack to inform them as soon as they could as well as contacted all the company’s customers to tell them of new security initiatives in place within a matter of days.  These included online and telephone security features such as anti-virus protection, web filters and the ability to block cold callers.

4. Follow Up

In a two week period following the attack, and as a way of thanking customers for staying with the firm, the CEO announced a string of free offers to customers including a selection of free features, extra TV channels, a mobile SIM with free texts, data and calls and unlimited landline and mobile calls from December 1st. The police detective handling the case remarked how “TalkTalk have done everything right in bringing this matter to our attention as soon as possible”.

SUMMARY

Preparing for an attack is never easy. You never know where it is going to come from, when it is going to happen or how. The only thing one can expect however is that it will happen, sooner or later. One thing is clear that it is no longer good enough just to leave the preparation to the IT managers or the CIOs. When a cyber-attack occurs, the entire organization is at stake. As Richard Pharro, CEO of APMG said “Responsibility for cyber security begins and ends at the board level. It is no longer acceptable for directors to say that they don’t understand technology or cyber security”. This is as relevant to PR directors as much as any other… We can hope we will never be attacked but let’s all be prepared never the less.

Tags:

Leave Comment


show
 
close