crisis communications for cybersecurity
TRANSCRIPT
Message Control to Protect a Brand
during
Cybersecurity Crisis
for Napa Valley Vintners, 2016
by Jayme Soulati, Soulati Media, Inc.
The Common ThreadMalware
Poor Password Security
Lack of Encryption
V-Tech, Office of Personnel Management, UCLA Health, Ashley Madison, on and on
©2016 Jayme Soulati. Reserved.
Today’s Agenda A look back at 2015
Preparation for a crisis
Managing a crisis
{What’s NOT covered: social media}
Questions
©2016 Jayme Soulati. Reserved.
A Look BackLearn from the Past
A Look Back to July 2015Elements of Napa Valley Register Story
The facts
Who’s affected: Winery, Winery Customers
Who’s involved: Task Force, Spokespeople
Who’s available to comment
What’s being done to remedy
Next steps with banks, customers, damage control
©2016 Jayme Soulati. Reserved.
A Look Back
The ‘Who’ Elements of Napa Register
Sources, Experts, Victims, Customers
eCellar Systems/Missing Link Networks CEO Paul Thienes
70 wineries & 250K customers
Dorsey Law Firm, Minneapolis (R. Cattanach)
Silicon Valley Bank wine division (R. McMillan)
Secret Service Electronic Crimes Task Force (C. Marino)
State Department of Justice
©2016 Jayme Soulati. Reserved.
A Look Back
About The Media They love a crisis
They dig deep to find the negative
They will assess blame (in a balanced way)
The disgruntled are always featured
They can spin the facts
Your ‘no comment’ will be in the story: Reps from a number of wineries contacted
about the cyber theft either declined to comment or did not return phone calls about the breach. Thienes could not be immediately reached for comment.
Will dictate pace and face of the story.
©2016 Jayme Soulati. Reserved.
A Look Back
CRIME
Cybercrime hits Napa County wineries
JULY 12, 2015 6:00 AM • BY JENNIFER HUFFMAN
As many as 250,000 customers who used theircredit cards at dozens of Napa Valley wineriesthis April had their financial information andpersonal data stolen by a cyberthief. However,according to one attorney, no evidence ofsignificant fraudulent use of the data has beenfound yet.
The intruder gained access to customer names,credit/debit card numbers, related billingaddresses and any dates of birth from winery
clients using eCellar Systems created by Missing Link Networks of Calistoga.
“Responding to this criminal act is our top priority,” said Paul Thienes, founder and CEO ofMissing Link Networks, Inc.
Approximately 70 wineries throughout the Northern California wine region use eCellar tomanage their inventory and purchases, in tasting rooms, with wine clubs and online. Acomplete list of those clients was not provided.
The thief did not have access to any driver’s license numbers, Social Security numbers,CVV verification numbers, or PIN numbers, Thienes wrote.
“We have identified and secured the method that was used to breach our platform,” he said.From now on, no payment card information will be stored by Missing Link.
The credit cards potentially impacted by this event appear to be those swiped or enteredmanually at the winery, entered online for purchases from winery websites and thoseretained for wine club shipments.
Credit and debit cards from all four major brands – Visa, MasterCard, American Express,and Discover – were affected. Each of these card companies has been notified of thebreach and provided with information for the cards affected.
In addition to offering fraud and identity theft counseling to affected clients, Missing LinkNetworks also notified the U.S. Secret Service about the theft.
“The Secret Service Electronic Crimes Task Force is currently investigating a networkintrusion involving Missing Link Networks,” said Charles Marino, acting special agent incharge of the Secret Service San Francisco field office.
That task force is charged with protecting financial payments systems and investigating
A Lack of Response No comment, unavailable for
comment, declined to comment = presumptive guilt
Missing Link issued prepared statement; was not accessible to media
No apologies in the story = missed opportunity
Wineries not featured in story –why?
Wineries + customers are victims. Was there something to hide?
©2016 Jayme Soulati. Reserved.
A Look Back
The Elephant 2015 breach: Not your fault
Be accessible; winery was a victim
Use opportunity to deliver apology
If your fault:
Media is over the shoulder, demanding
Your message more critical, strategic
More $$, more time, more management
Preparation now, is recovery later
©2016 Jayme Soulati. Reserved.
A Look Back
How About That Bird…make an incident plan and create an incident response team in advance. Include public relations and other law enforcement contacts.
Be educated. Know that data could be taken, so when that happens you’re not having to start from scratch.
~Rob McMillan, founder, Silicon Valley Bank wine division, St. Helena
©2016 Jayme Soulati. Reserved.
A Look Back
PreparationIt’s How You Prepare that Helps the Brand
©2016 Jayme Soulati. Reserved.
You Manage This Way 1. Your Response Team
2. Your Message
3. Your Preparation
©2016 Jayme Soulati. Reserved.
Preparation
Industry, Peers, Critics
EmployeesPublic
Relations &
Marketing
Merchant Transactions
Website
Owned Shared Earned
Media
Customers’
Friends
Customers’
Social Media
Web HostE-
commerce platform
Developer Designer & Webmaster
Customers
B2B Partners
IT
Media
Plug Ins, Security
Apps, Firewalls, Passwords
Data Storage
Banks Insurance
Legal
Hardware Software
ABCWinery
Cyber Forensics
Who Touches You?
Product Vendors
©2016 Jayme Soulati. Reserved.
Preparation
Source: Business Insider online, Sept. 18, 2014
©2016 Jayme Soulati. Reserved.
Preparation
Owned, Shared, Earned Media
Website,Blog
News Release
Facebook Twitter
Customer Communication
Marketing Collateral: Brochures, POP, Ads
Owned Media
Shared Media
Earned Media
Local, Regional National,
Global Print, Broadcast,
Online
Trade MediaPrint, Online,
Broadcast, Digital
Guest Blog Post
Digital MediaStreaming, Podcasts,
Newscasts, WebTV
YouTube Vimeo
FlickrGoogle+
©2016 Jayme Soulati. Reserved.
Preparation
Action Item: Your IT HealthUnderstand IT Health & SHARE IT!
Who controls customers’ data?
Software updates, e-commerce, shopping carts
Audit vendors’ security
Plugins, firewalls, password protection?
Data storage? By whom?
Who are third-party vendors?
Credit card processing current?
©2016 Jayme Soulati. Reserved.
Preparation
Action Item: Response TeamSelect the Best Team NOW:
• Public Relations
• Attorney who manages cyber crimes
• Insurance rep from risk assessment
• Marketing + Customer relations
• Winery executive
• IT
• Cyber forensics consultant
©2016 Jayme Soulati. Reserved.
Preparation
Action Item: Response TeamSelect Your Response Team to:
• Manage the crisis
• Work with/manage media
• Work with authorities
• Defend your brand
• Craft and control the message
• Train the spokespeople
• Develop long term customer strategy
• Tie up loose ends
©2016 Jayme Soulati. Reserved.
Preparation
Action Item: Practice 10 per 1/4
Role Play -- PRACTICE
Use the message map; insert facts as you can
Develop all possible Q&A
Select and train spokespeople
Be a reporter; anticipate tone of story
Create 4 cyber security scenarios & practice
Internal error? External vendor?
Employee negligence? Other challenge
©2016 Jayme Soulati. Reserved.
Preparation
Manage Your Cybersecurity Crisis (with Message Control)
©2016 Jayme Soulati. Reserved.
Cybersecurity Checklist1. Assemble response team + winery leadership
2. Identify the breach; assess damage
3. Work with authorities; ask them when
4. Dust off the crisis plan and message map
5. Write news release, statement for CEO
6. Plan timing to announce news
7. Be accessible to media, authorities
8. Communicate with customers; stakeholders
9. Deliver the news; distribute the news
10. Tie up loose ends, have patience, be calm
©2016 Jayme Soulati. Reserved.
Manage
Action Item: Message ControlControl Your Message
• Get the facts: internal or external breach
• Be transparent and truthful
• Be accessible to media on your time
• Apologize to all
• Plug leaks
• Inform employees when ready
• Post to the website (other owned media)
©2016 Jayme Soulati. Reserved.
Manage
Working with Media Nothing is ‘Off the Record’ EVER
Get a professional to manage the media
Never agree to interview on the spot
Route all media queries through PR
Company policy ‘no one speaks to media’
Timing is fine line
Control your message
©2016 Jayme Soulati. Reserved.
Manage
Choose Your Spokesperson1. CEO
2. CMO
3. Business Owner
4. Attorney
Media will develop the story
and find a source without you.
©2016 Jayme Soulati. Reserved.
Manage
Train Customer Service Train anyone touching customers with proper message
Do not train until all facts understood
Develop written statement for internal to use with customers
Manage outbound communications!
No leaks!
©2016 Jayme Soulati. Reserved.
Manage
My Podcast & Contact
The Heart of Marketing Podcast Episode
http://getheartmarketing.com/message-control-is-best-crisis-response-says-pr-pro-soulati/
By Jayme Soulati & John Olson
http://getheartmarketing.com/
iTunes Podcasts or Stitcher Radio
https://itunes.apple.com/us/podcast/the-heart-of-marketing/id962910518?mt=2
©2016 Jayme Soulati. Reserved.
Contact
Jayme Soulati
Soulati Media, Inc. I Soulati.com
937-312-1363
@Soulati
©2016 Jayme Soulati. Reserved.