Cyber security and reputation
The overall financial cost to businesses of cyber attacks has tripled in just a year.
A Department for Business, Innovation and Skills (BIS UK) report, released alongside this stark finding, is one that IT heads at companies of all sizes should be reading and acting on.
As people who help build, protect and manage clients’ reputations, PRs have a responsibility to ensure that our businesses and our clients’ social and digital properties are as secure from cyber attack as can be reasonably expected. If you are a communications consultant and your client is hacked via you, you only have yourself to blame and it will have an impact on your reputation. As Wired’s Mat Honan wrote after he was famously hacked in 2012: “Those security lapses are my fault, and I deeply, deeply regret them.”
Increasingly, consultants are seeing the importance of cyber security for clients. IBM’s Peter Jopling has said his company monitors 13 billion cyber events targeted at its clients each day for possible threats. Do you know how your consultancy’s IT network is being targeted? We have conducted detailed audits of our IT setup during pitch processes. For one client, we organised for a third party to conduct a mock cyber attack against our digital infrastructure to ensure we had sufficient resilience in place to protect both us and client concerned. For another, our consultants go through multiple layers of security in order to access the client’s systems and adhere to an agreement to open our physical and digital doors for snap inspections.
The smaller, independent consultancies and freelancers shouldn’t, as journalist Mat Honan did, stick their collective heads in the sand, and as Oxford University’s Sadie Creese said, there’s no magic bullet:
“There’s no once piece of tech that can protect us online.”
There are some simple steps that can be followed such as making employees and consultants change their computer passwords monthly, knowing how to handle a Twitter-based hack, ensuring mobile devices have keypad locks, moving towards two-step authentication and making sure firewalls and anti-virus software is installed and up-to-date.
According to Richard Thompson, former Chief Constable of the UK’s Civil Nuclear Constabulary, the cyber security threat primarily comes from:
(1) Hacktivists and the Anonymous network;
(2) Organised crime; and
(3) State-sponsored crime and particularly, espionage and critical asset disruption.
If you can imagine a scenario where any of these sources might want to target your company or client – perhaps they are a government or work in the defence sector – then there is additional incentive to act.
Speaking at a Policy Exchange/Nesta event on April 23, 2013, Thompson said that it is “… not just up to the state but up to the individual to protect themselves online”, with Peter Jopling agreeing:
“There’s no legislation to say you must lock your door so why should there be legislation to make you lock your digital door?”
As the event began, FIFA’s Sepp Blatter was being targeted by the Syrian Electronic Army. The same network that claimed a cyber attack against the BBC in March and the Associated Press in April, when it compromised @AP to Tweet, inaccurately, that there had been explosions at the White House with President Barack Obama being injured.Other news media-focused hacks have followed.
For professional communicators, there is a problem in the message too – cyber security seems rather geeky, like it must be someone else’s problem. Reputationally, it is our problem and we must make cyber security relevant within our business and to our clients. Sadie Creese concluded at the event by asking:
How can cyber security be made relevant?
She wants your views @sadiecreese.
