April 11, 2023

Discover Create ConnectThe Social Web Loves a Good Data Breach

"It is catastrophically bad, just a hugely

damaging bug," says ICSI security researcher

Nicholas Weaver.

Bill S-4: Digital Privacy Act

3

April 8, 2014“Released today, the act was touted as an update to the Personal Information Protection and Electronic Documents Act. It requires organizations to tell individuals if they’ve lost any personal information, and if they could be targeted for risks like identity theft. They will also have to give individuals advice on next steps in protecting themselves, and they will have to inform the federal privacy commissioner about the data breach.”

Candace So Sohttp://www.itbusiness.ca/news/businesses-could-face-fines-of-100000-per-individual-digital-privacy-act/47931

April 9, 2014“The Canada Revenue Agency has shut down public access to its electronic services website over security concerns related to the "Heartbleed Bug," a newly discovered software flaw that has made information on many of the world’s major websites vulnerable to theft.”

http://www.ctvnews.ca/canada/security-concerns-prompt-tax-agency-to-shut-down-website-1.1767727#ixzz2yQ2W5k88

Top data breaches of 2013

6

www2.idexpertscorp.com

www2.idexpertscorp.com

https://www.backgroundcheck.org/state-of-it-security/

Frequent

Social Web Crises

Fast

Formidable

‘There won’t be a significant event in the future that won’t involve public participation… Social media (is) the sociological equivalent of climate change.’

Retired Admiral Thad Allen

Reputation and risk

management models have to

change

http://securityintelligence.com/137-security-questions-every-leader-should-ask/

Cyber security communications is about

Twitter

A recent retail data breach saw . . .

894,000 tweets in 10

days

Brand name + top ten words

894,000 tweets in 10

days

Heartbleed — Twitter Only

Four days to peak

Heartbleed — Twitter + Facebook + Forums

Little difference in impact

Graphic Credit . . . http://gapingvoidgallery.com/

Graphic Credit . . . http://gapingvoidgallery.com/

“[Brands suffering data leaks] should email people, post on Twitter, Facebook and address their customers where they are - you shouldn’t have to let people do a Google search or find out through word of mouth.”

• Alys Woodward, research director at market intelligence firm IDC Europe

Speed works

1. Validate . . . then acknowledge as quickly possible

2. Provide interim action advice or comment (‘Change password immediately’ . . . ‘Do nothing for now)

3. Accept the need for frequent and timely communications (1-2 hours)

4. Use the social web for your own purposes to confirm commitment to protect customers

Principles for managing a data breach crisis on social

24

And knowing social dynamics

5. Be transparent about the scope and consequences of the breach (can’t hide from the social web)

6. Use multi-platform communications (Twitter first of all, but Facebook, YouTube, etc.)

7. Use #hashtags related to incident so your info. is there in frame used to share news (Twitter/Facebook)

8. Use multiple media formats (visuals + video + text) . . . facilitates sharing and therefore amplification

Principles for managing a data breach crisis on social

Use what’s available to you

9. Support amplification through paid/promoted tweets/Facebook posts

10.Reply to social web dialogue + questions with ‘confident humility’

11.Commit to fixing the problem and/or your internal processes

12.Get ready now for the social web part of the crisis

Principles for managing a data breach crisis on social

Data breach response team

Privacy Officer

Communications

Legal

HR

Chief Information Officer

Data BreachResponse Team

Risk Management

Who Leads?

@boydneil

Boyd NeilSVP + Senior Digital Strategist

boydneil.com

416.892.6624