managing data breach communication on the social web
DESCRIPTION
This is an update on a presentation I made a year ago on data breaches. It includes a couple of slides on social web comment on the Heartbleed bug, in particular the role of Twitter as the key platform for comment.TRANSCRIPT
April 11, 2023
Discover Create ConnectThe Social Web Loves a Good Data Breach
"It is catastrophically bad, just a hugely
damaging bug," says ICSI security researcher
Nicholas Weaver.
Bill S-4: Digital Privacy Act
3
April 8, 2014“Released today, the act was touted as an update to the Personal Information Protection and Electronic Documents Act. It requires organizations to tell individuals if they’ve lost any personal information, and if they could be targeted for risks like identity theft. They will also have to give individuals advice on next steps in protecting themselves, and they will have to inform the federal privacy commissioner about the data breach.”
Candace So Sohttp://www.itbusiness.ca/news/businesses-could-face-fines-of-100000-per-individual-digital-privacy-act/47931
April 9, 2014“The Canada Revenue Agency has shut down public access to its electronic services website over security concerns related to the "Heartbleed Bug," a newly discovered software flaw that has made information on many of the world’s major websites vulnerable to theft.”
http://www.ctvnews.ca/canada/security-concerns-prompt-tax-agency-to-shut-down-website-1.1767727#ixzz2yQ2W5k88
Top data breaches of 2013
6
https://www.backgroundcheck.org/state-of-it-security/
Frequent
Social Web Crises
Fast
Formidable
‘There won’t be a significant event in the future that won’t involve public participation… Social media (is) the sociological equivalent of climate change.’
Retired Admiral Thad Allen
Reputation and risk
management models have to
change
http://securityintelligence.com/137-security-questions-every-leader-should-ask/
Cyber security communications is about
A recent retail data breach saw . . .
894,000 tweets in 10
days
Brand name + top ten words
894,000 tweets in 10
days
Heartbleed — Twitter Only
Four days to peak
Heartbleed — Twitter + Facebook + Forums
Little difference in impact
Graphic Credit . . . http://gapingvoidgallery.com/
Graphic Credit . . . http://gapingvoidgallery.com/
“[Brands suffering data leaks] should email people, post on Twitter, Facebook and address their customers where they are - you shouldn’t have to let people do a Google search or find out through word of mouth.”
• Alys Woodward, research director at market intelligence firm IDC Europe
Speed works
1. Validate . . . then acknowledge as quickly possible
2. Provide interim action advice or comment (‘Change password immediately’ . . . ‘Do nothing for now)
3. Accept the need for frequent and timely communications (1-2 hours)
4. Use the social web for your own purposes to confirm commitment to protect customers
Principles for managing a data breach crisis on social
24
And knowing social dynamics
5. Be transparent about the scope and consequences of the breach (can’t hide from the social web)
6. Use multi-platform communications (Twitter first of all, but Facebook, YouTube, etc.)
7. Use #hashtags related to incident so your info. is there in frame used to share news (Twitter/Facebook)
8. Use multiple media formats (visuals + video + text) . . . facilitates sharing and therefore amplification
Principles for managing a data breach crisis on social
Use what’s available to you
9. Support amplification through paid/promoted tweets/Facebook posts
10.Reply to social web dialogue + questions with ‘confident humility’
11.Commit to fixing the problem and/or your internal processes
12.Get ready now for the social web part of the crisis
Principles for managing a data breach crisis on social
Data breach response team
Privacy Officer
Communications
Legal
HR
Chief Information Officer
Data BreachResponse Team
Risk Management
Who Leads?
@boydneil
Boyd NeilSVP + Senior Digital Strategist
boydneil.com
416.892.6624