crisis communications for cybersecurity

Message Control to Protect a Brand

during

Cybersecurity Crisis

for Napa Valley Vintners, 2016

by Jayme Soulati, Soulati Media, Inc.

The Common ThreadMalware

Poor Password Security

Lack of Encryption

V-Tech, Office of Personnel Management, UCLA Health, Ashley Madison, on and on

©2016 Jayme Soulati. Reserved.

Today’s Agenda A look back at 2015

Preparation for a crisis

Managing a crisis

{What’s NOT covered: social media}

Questions


A Look BackLearn from the Past

A Look Back to July 2015Elements of Napa Valley Register Story

The facts

Who’s affected: Winery, Winery Customers

Who’s involved: Task Force, Spokespeople

Who’s available to comment

What’s being done to remedy

Next steps with banks, customers, damage control


A Look Back

The ‘Who’ Elements of Napa Register

Sources, Experts, Victims, Customers

eCellar Systems/Missing Link Networks CEO Paul Thienes

70 wineries & 250K customers

Dorsey Law Firm, Minneapolis (R. Cattanach)

Silicon Valley Bank wine division (R. McMillan)

Secret Service Electronic Crimes Task Force (C. Marino)

State Department of Justice


A Look Back

About The Media They love a crisis

They dig deep to find the negative

They will assess blame (in a balanced way)

The disgruntled are always featured

They can spin the facts

Your ‘no comment’ will be in the story: Reps from a number of wineries contacted

about the cyber theft either declined to comment or did not return phone calls about the breach. Thienes could not be immediately reached for comment.

Will dictate pace and face of the story.


A Look Back

CRIME

Cybercrime hits Napa County wineries

JULY 12, 2015 6:00 AM • BY JENNIFER HUFFMAN

As many as 250,000 customers who used theircredit cards at dozens of Napa Valley wineriesthis April had their financial information andpersonal data stolen by a cyberthief. However,according to one attorney, no evidence ofsignificant fraudulent use of the data has beenfound yet.

The intruder gained access to customer names,credit/debit card numbers, related billingaddresses and any dates of birth from winery

clients using eCellar Systems created by Missing Link Networks of Calistoga.

“Responding to this criminal act is our top priority,” said Paul Thienes, founder and CEO ofMissing Link Networks, Inc.

Approximately 70 wineries throughout the Northern California wine region use eCellar tomanage their inventory and purchases, in tasting rooms, with wine clubs and online. Acomplete list of those clients was not provided.

The thief did not have access to any driver’s license numbers, Social Security numbers,CVV verification numbers, or PIN numbers, Thienes wrote.

“We have identified and secured the method that was used to breach our platform,” he said.From now on, no payment card information will be stored by Missing Link.

The credit cards potentially impacted by this event appear to be those swiped or enteredmanually at the winery, entered online for purchases from winery websites and thoseretained for wine club shipments.

Credit and debit cards from all four major brands – Visa, MasterCard, American Express,and Discover – were affected. Each of these card companies has been notified of thebreach and provided with information for the cards affected.

In addition to offering fraud and identity theft counseling to affected clients, Missing LinkNetworks also notified the U.S. Secret Service about the theft.

“The Secret Service Electronic Crimes Task Force is currently investigating a networkintrusion involving Missing Link Networks,” said Charles Marino, acting special agent incharge of the Secret Service San Francisco field office.

That task force is charged with protecting financial payments systems and investigating

A Lack of Response No comment, unavailable for

comment, declined to comment = presumptive guilt

Missing Link issued prepared statement; was not accessible to media

No apologies in the story = missed opportunity

Wineries not featured in story –why?

Wineries + customers are victims. Was there something to hide?


A Look Back

The Elephant 2015 breach: Not your fault

Be accessible; winery was a victim

Use opportunity to deliver apology

If your fault:

Media is over the shoulder, demanding

Your message more critical, strategic

More $$, more time, more management

Preparation now, is recovery later


A Look Back

How About That Bird…make an incident plan and create an incident response team in advance. Include public relations and other law enforcement contacts.

Be educated. Know that data could be taken, so when that happens you’re not having to start from scratch.

~Rob McMillan, founder, Silicon Valley Bank wine division, St. Helena


A Look Back

PreparationIt’s How You Prepare that Helps the Brand


You Manage This Way 1. Your Response Team

2. Your Message

3. Your Preparation


Preparation

Industry, Peers, Critics

EmployeesPublic

Relations &

Marketing

Merchant Transactions

Website

Owned Shared Earned

Media

Customers’

Friends

Customers’

Social Media

Web HostE-

commerce platform

Developer Designer & Webmaster

Customers

B2B Partners

IT

Media

Email

Plug Ins, Security

Apps, Firewalls, Passwords

Data Storage

Banks Insurance

Legal

Hardware Software

ABCWinery

Cyber Forensics

Who Touches You?

Product Vendors


Preparation

Source: Business Insider online, Sept. 18, 2014


Preparation

Owned, Shared, Earned Media

Website,Blog

News Release

Facebook Twitter

Customer Communication

Instagram

Marketing Collateral: Brochures, POP, Ads

LinkedIn

Owned Media

Shared Media

Pinterest

Earned Media

Local, Regional National,

Global Print, Broadcast,

Online

Trade MediaPrint, Online,

Broadcast, Digital

Guest Blog Post

Digital MediaStreaming, Podcasts,

Newscasts, WebTV

YouTube Vimeo

FlickrGoogle+


Preparation

Action Item: Your IT HealthUnderstand IT Health & SHARE IT!

Who controls customers’ data?

Software updates, e-commerce, shopping carts

Audit vendors’ security

Plugins, firewalls, password protection?

Data storage? By whom?

Who are third-party vendors?

Credit card processing current?


Preparation

Action Item: Response TeamSelect the Best Team NOW:

• Public Relations

• Attorney who manages cyber crimes

• Insurance rep from risk assessment

• Marketing + Customer relations

• Winery executive

• IT

• Cyber forensics consultant


Preparation

Action Item: Response TeamSelect Your Response Team to:

• Manage the crisis

• Work with/manage media

• Work with authorities

• Defend your brand

• Craft and control the message

• Train the spokespeople

• Develop long term customer strategy

• Tie up loose ends


Preparation

Action Item: Practice 10 per 1/4

Role Play -- PRACTICE

Use the message map; insert facts as you can

Develop all possible Q&A

Select and train spokespeople

Be a reporter; anticipate tone of story

Create 4 cyber security scenarios & practice

Internal error? External vendor?

Employee negligence? Other challenge


Preparation

Manage Your Cybersecurity Crisis (with Message Control)


Cybersecurity Checklist1. Assemble response team + winery leadership

2. Identify the breach; assess damage

3. Work with authorities; ask them when

4. Dust off the crisis plan and message map

5. Write news release, statement for CEO

6. Plan timing to announce news

7. Be accessible to media, authorities

8. Communicate with customers; stakeholders

9. Deliver the news; distribute the news

10. Tie up loose ends, have patience, be calm


Manage

Action Item: Message ControlControl Your Message

• Get the facts: internal or external breach

• Be transparent and truthful

• Be accessible to media on your time

• Apologize to all

• Plug leaks

• Inform employees when ready

• Post to the website (other owned media)


Manage

Working with Media Nothing is ‘Off the Record’ EVER

Get a professional to manage the media

Never agree to interview on the spot

Route all media queries through PR

Company policy ‘no one speaks to media’

Timing is fine line

Control your message


Manage

Choose Your Spokesperson1. CEO

2. CMO

3. Business Owner

4. Attorney

Media will develop the story

and find a source without you.


Manage

Train Customer Service Train anyone touching customers with proper message

Do not train until all facts understood

Develop written statement for internal to use with customers

Manage outbound communications!

No leaks!


Manage

My Podcast & Contact

The Heart of Marketing Podcast Episode

http://getheartmarketing.com/message-control-is-best-crisis-response-says-pr-pro-soulati/

By Jayme Soulati & John Olson

http://getheartmarketing.com/

iTunes Podcasts or Stitcher Radio

https://itunes.apple.com/us/podcast/the-heart-of-marketing/id962910518?mt=2


http://getheartmarketing.com/message-control-is-best-crisis-response-says-pr-pro-soulati/

http://getheartmarketing.com/

https://itunes.apple.com/us/podcast/the-heart-of-marketing/id962910518?mt=2

Contact

Jayme Soulati

Soulati Media, Inc. I Soulati.com

937-312-1363

[email protected]

@Soulati
