Author: Jonathan & Erik Bernstein

The answer is more than you might expect

The price you pay as a victim of cyber crime doesn’t end with whatever hackers managed to make out with. Recovering and repairing systems costs time and money, and your reputation is almost guaranteed to take a hit which, of course, leads to losing even more of your cash flow.

In fact, a recent study by Hamilton Place found that…

• The median cost of cybercrime has increased by nearly 200 percent in the last five years and is likely to continue growing.
• Having a plan in place for how to respond to a cyberattack could save millions.
• The reputational risk associated with cybercrime extends well beyond monetary damages.

While certain types of insurance do cover cyber crime, don’t count on them replacing the potential millions you could lose as a result of the reputation damage that follows.

There is no way to completely prevent a hack short of unplugging your entire organization, so what do you do? It’s simple. Assume it will happen, and be prepared to mitigate the damage through solid communication and a clear recovery plan.

——————————-
For more resources, see the Free Management Library topic: Crisis Management
——————————-

[Jonathan Bernstein is president of Bernstein Crisis Management, Inc., an international crisis management consultancy, author of Manager’s Guide to Crisis Management and Keeping the Wolves at Bay – Media Training. Erik Bernstein is vice president for the firm, and also editor of its newsletter, Crisis Manager]

– See more at: https://staging.management.org/blogs/crisis-management/2016/02/18/irs-data-breach-redux/#sthash.hXBVlptN.dpuf

 

Stolen info allows hackers to penetrate E-file systems

2015 saw a major IRS hack that compromised the information of over 300,000 taxpayers, and 2016 isn’t starting off much better. This time around, hackers gained access to E-file PIN numbers of over 100,000 accounts.

To its credit, the IRS did release a statement informing stakeholders what had happened:

The IRS recently identified and halted an automated attack upon its Electronic Filing PIN application on IRS.gov. Using personal data stolen elsewhere outside the IRS, identity thieves used malware in an attempt to generate E-file PINs for stolen social security numbers. An E-file pin is used in some instances to electronically file a tax return.

No personal taxpayer data was compromised or disclosed by IRS systems. The IRS also is taking immediate steps to notify affected taxpayers by mail that their personal information was used in an attempt to access the IRS application. The IRS is also protecting their accounts by marking them to protect against tax-related identity theft.

IRS cybersecurity experts are currently assessing the situation, and the IRS is working closely with other agencies and the Treasury Inspector General for Tax Administration. The IRS also is sharing information with its Security Summit state and industry partners.

Based on our review, we identified unauthorized attempts involving approximately 464,000 unique SSNs, of which 101,000 SSNs were used to successfully access an E-file PIN.

The incident, involving an automated bot, occurred last month, and the IRS continues to closely monitor the web application.

This incident is not connected or related to last week’s outage of IRS tax processing systems.

As can be expected from the IRS, there’s a glaring lack of compassion in the statement. It does get the facts out, and it’s not exactly surprising that the IRS isn’t able to communicate on a human level, so it works. Of course, if we were one of the affected individuals we’d be wondering where “elsewhere outside the IRS” my information was stolen from…

——————————-
For more resources, see the Free Management Library topic: Crisis Management
——————————-

[Jonathan Bernstein is president of Bernstein Crisis Management, Inc., an international crisis management consultancy, author of Manager’s Guide to Crisis Management and Keeping the Wolves at Bay – Media Training. Erik Bernstein is vice president for the firm, and also editor of its newsletter, Crisis Manager]

– See more at: https://staging.management.org/blogs/crisis-management/2016/02/09/crisis-risk-many-hack-victims-fail-to-notify-business-partners/

We pay close attention to reports from experts like the folks at Cisco because they provide valuable insight into the risks our clients can expect to face. As we’ve all seen over the past couple years, one of the most significant and fastest-growing risks is that of a cyber attack.

One of the major issues making cybersecurity a troublesome crisis management concern is that attackers are constantly one step ahead of defenders. And don’t assume you’ll know when someone you’re connected with is hit. According to Cisco, a disconcertingly low 21% clue business partners in to cyber attacks, with just 18% telling any type of external authority at all.

For more information on the rising risk of cyber attack, click the infographic below.

——————————-
For more resources, see the Free Management Library topic: Crisis Management
——————————-

[Jonathan Bernstein is president of Bernstein Crisis Management, Inc., an international crisis management consultancy, author of Manager’s Guide to Crisis Management and Keeping the Wolves at Bay – Media Training. Erik Bernstein is vice president for the firm, and also editor of its newsletter, Crisis Manager]

Be aware of the risks and be prepared to counter them

Knowing the major risk factors that your organization faces is a must if you wish to properly prepare for and prevent crises. The trend of cyber threats creating major risks for all of us shows no sign of slowing, and in fact is likely to pick up as more and more hackers hit targets for both financial gain and to push various agendas.

The security experts at Watchguard assembled a list of predictions for what we’ll see in 2016, and we’d like to pass it on to you:

——————————-
For more resources, see the Free Management Library topic: Crisis Management
——————————-

[Jonathan Bernstein is president of Bernstein Crisis Management, Inc., an international crisis management consultancy, author of Manager’s Guide to Crisis Management and Keeping the Wolves at Bay – Media Training. Erik Bernstein is vice president for the firm, and also editor of its newsletter, Crisis Manager]

– See more at: https://staging.management.org/blogs/crisis-management/2016/01/12/infographic-business-communications-in-2016/#sthash.0jT37INV.dpuf

Changes in communication methods means switching up crisis plans

As communication methods evolve, so much the strategies and tactics that utilize them. And, so do the emerging threats that develop out of each new service, product, or procedure. Thus, it’s important that those tasked with crisis management are aware of, planning on, and preparing for the “latest and greatest” to hit the mainstream.

Here’s a preview of business communication trends that are expected to rise in 2016, courtesy of RingCentral:

——————————-
For more resources, see the Free Management Library topic: Crisis Management
——————————-

[Jonathan Bernstein is president of Bernstein Crisis Management, Inc., an international crisis management consultancy, author of Manager’s Guide to Crisis Management and Keeping the Wolves at Bay – Media Training. Erik Bernstein is vice president for the firm, and also editor of its newsletter, Crisis Manager]

– See more at: https://staging.management.org/blogs/crisis-management/2016/01/11/when-it-comes-to-hacks-dont-count-on-disclosure/#sthash.MtbpaaVx.dpuf

You can’t depend on outside organizations to keep you in the loop

Reuters has revealed that Microsoft failed to inform over 1,000 Hotmail users that their accounts had been compromised, likely by the Chinese government. Further compounding the situation is the fact that many of the accounts belonged to leaders of China’s Tibetan and Uihhur minority groups, both of which have a relationship with the mainstream government that can be described as rocky at best.

The first public signal of the attacks came in May 2011, though no direct link was immediately made with the Chinese authorities. That’s when security firm Trend Micro Inc announced it had found an email sent to someone in Taiwan that contained a miniature computer program.

The program took advantage of a previously undetected flaw in Microsoft’s own web pages to direct Hotmail and other free Microsoft email services to secretly forward copies of all of a recipient’s incoming mail to an account controlled by the attacker.

Trend Micro found more than a thousand victims, and Microsoft patched the vulnerability before the security company announced its findings publicly.

Although the above quote, from a Reuters article by Joseph Menn, describes how the attacks were discovered, it doesn’t explain why Microsoft chose to go with an unexplained forced password reset rather than informing those affected that their accounts were compromised. Especially given the obvious political ramifications of this specific situation. If you’re familiar with computers you know any serious attacker would have already dug themselves into the systems behind as many accounts as possible, and thus could have easily maintained access after a simple password change. Meaning, essentially, that Microsoft left these users high and dry.

What’s the lesson here? Don’t count on disclosure. Microsoft isn’t the only company that’s reluctant to share information from time to time. You, and you alone, are responsible for keeping your systems safe and secure. Whether it’s your smartphone, personal PC, or the company network, being proactive in detecting and defending against cyber attacks should be a constant concern.

——————————-
For more resources, see the Free Management Library topic: Crisis Management
——————————-

[Jonathan Bernstein is president of Bernstein Crisis Management, Inc., an international crisis management consultancy, author of Manager’s Guide to Crisis Management and Keeping the Wolves at Bay – Media Training. Erik Bernstein is vice president for the firm, and also editor of its newsletter, Crisis Manager]

– See more at: https://staging.management.org/blogs/crisis-management/2016/01/09/chipotles-fall-from-grace-continues/#sthash.JkjqI1if.dpuf

 

Shaken consumer confidence reflected in dampened sales and a massive drop in stock value

At this point it’s hard to describe Chipotle’s situation as anything other than one of the nastiest reputation nosedives in recent memory. What started out as a couple of “isolated” customer illness incidents (E. coli and norovirus) has become an organization-wide issue, scaring hungry customers away and leading to a precipitous fall in stock price. While tactics including promises of food safety and even a full-page newspaper ad slowed the damage when they were deployed, the continued presence of the core issue – a lack of (or lack of adherence to) proper procedures to prevent foodborne and communicable diseases – left Chipotle looking incompetent. Further compounding the issue is Wednesday’s announcement that a grand jury has subpoenaed the company in relation to one of the norovirus outbreaks that kicked off the chain of unfortunate events back in August of 2015.

Chipotle can recover, but it’s going to take time, effort, and for someone there to figure out how the heck so many fell ill, not to mention demonstrating to all of us that whatever the flaw is, it’s been fixed for good. Words buy you time, but failing to back them up with effective action will leave any brand hurting.

——————————-
For more resources, see the Free Management Library topic: Crisis Management
——————————-

[Jonathan Bernstein is president of Bernstein Crisis Management, Inc., an international crisis management consultancy, author of Manager’s Guide to Crisis Management and Keeping the Wolves at Bay – Media Training. Erik Bernstein is vice president for the firm, and also editor of its newsletter, Crisis Manager]

– See more at: https://staging.management.org/blogs/crisis-management/2015/12/30/infographic-anatomy-of-a-corporate-apology/#sthash.NDHqceLT.dpuf

Avoiding mistakes and putting best practices to work

Apologies are one of the oldest crisis management tools in the book. Although they’ve evolved to deal with a variety of situations, including those where you’re not actually at fault, the basics that make up an effective one remain largely the same. Making an interesting connection to human anatomy, this infographic from The Corpen Group (now known as Global Public Affairs) breaks down the common mistakes and best practices involved in any corporate apology:

——————————-
For more resources, see the Free Management Library topic: Crisis Management
——————————-

[Jonathan Bernstein is president of Bernstein Crisis Management, Inc., an international crisis management consultancy, author of Manager’s Guide to Crisis Management and Keeping the Wolves at Bay – Media Training. Erik Bernstein is vice president for the firm, and also editor of its newsletter, Crisis Manager]

– See more at: https://staging.management.org/blogs/crisis-management/2015/12/23/dealing-with-a-project-management-crisis/#sthash.fRck4a3t.dpuf

Tips for one niche that apply to all

Although this infographic from Wrike is specifically aimed at project management crises, the advice within applies to just about any type of crisis you may encounter. The framework of planning carefully before, reacting rapidly during, having an actual wrap-up process, and communicating throughout are items any group should strive for in crisis management.

Infographic brought to you by Wrike

——————————-
For more resources, see the Free Management Library topic: Crisis Management
——————————-

[Jonathan Bernstein is president of Bernstein Crisis Management, Inc., an international crisis management consultancy, author of Manager’s Guide to Crisis Management and Keeping the Wolves at Bay – Media Training. Erik Bernstein is vice president for the firm, and also editor of its newsletter, Crisis Manager]

– See more at: https://staging.management.org/blogs/crisis-management/2015/12/17/google-rules-online-communications/#sthash.jjCJrlBJ.dpuf

Must-know info about the search giant

Unless you’re a statistical anomaly you’re using Google on a daily basis. Whether it’s your homepage, built into your browser, or powering on-site search, Google is everywhere. Alongside (and facilitated) by Google’s rise has been the increase in the impact of online search results. It’s inarguable that positive search results present a long list of benefits, while negatives can quite literally shutter a business.

With Google dominating the search game by a long shot it pays to know all its ins and outs. For a solid start, check out this infographic from Gryffon and TollFreeForwarding:

——————————-
For more resources, see the Free Management Library topic: Crisis Management
——————————-

[Jonathan Bernstein is president of Bernstein Crisis Management, Inc., an international crisis management consultancy, author of Manager’s Guide to Crisis Management and Keeping the Wolves at Bay – Media Training. Erik Bernstein is vice president for the firm, and also editor of its newsletter, Crisis Manager]

– See more at: https://staging.management.org/blogs/crisis-management/2015/12/11/hacky-hashtag-leads-to-reputation-risk-for-ibm/#sthash.ClFdA3db.dpuf