Those who monitor hacking estimate that the Chinese alone have hacked every single one of the 1.5 billion credit cards on the planet at least four times. Hacking personal records is the pastime of hundreds, perhaps even thousands of individual hackers, gangs of hackers, and governments. The pattern of these attacks is clear, and the pattern of reputational damage and failure is also clear. Time to get ready, time to move breach management, prevention and detection to a much higher level of management consciousness.

Anonymous Hacker by Brian Klug, Creative Commons License, Flickr

Getting ready for breach situations involves seven key levels of work to prevent, detect, deter or manage these crucial, embarrassing and the potentially game-changing nature of hacking can create:

1. Detection (monitoring and analysis), deterrence, preemption, and communication response strategies
2. Victim management guidance, contention reduction
3. Readiness, including exercises and drills
4. Preparing leadership to understand, anticipate, and to promptly and constructively respond
5. Destiny management: manage your own destiny through this, if the victim fails to do it, someone else will
6. Trap avoidance: those behaviors and decisions that tarnish reputation, empower victims and create career defining moments for leaders. These operational and reputational traps include:

• Trap 1. Silence, nondisclosure, disclosure delay: the most toxic strategies of all.
• Trap 2. Acting like a victim . . . it’s your customers, employees, innocent bystanders who are the victims
• Trap 3. Searching for perfect responses, takes too long, reputation in tatters by the time you find it, if it ever is found.
• Trap 4. Ignoring the high level of media and victim knowledge of the event patterns. Response expectations, especially of important companies, are getting higher.
• Trap 5. Failure to promptly, thoroughly and sincerely apologize for inconvenience, fear, uncertainly and worries
• Trap 6. Do less than expected, delay key, or any sensible action decisions.
• Trap 7. Demean, diminish, discredit or minimize the damage, the critics, bloviators, or the self-appointed
• Trap 8. Fail to act promptly and decisively fearing litigation consequences. You’ll be sued. Hire more lawyers.
• Trap 9. Failure to take responsibility. The longer it takes for you to get out there and admit what’s going on, the deeper the damage you inflict upon yourself. Suck it up and get ready to be profoundly candid.
• Trap 10. Disparaging or blaming the hackers. They are your customers, employees, partners and associates, blaming or attacking someone assures much wider, broader, deeper and embarrassing coverage.
• Trap 11. Failure to recognize that breaches create victims by the hundreds, thousands, millions, even tens of millions. (These are the real victims, rather than your company or organization.)

7. Web based strategies to respond, inform, correct and clarify, expose and comment on the unartful, the mistaken, the half-truth and the fantasies.

Constructive, preemptive and sensible victim managing responses reduce the damage to your reputation, is what the public, your employees, the government and the business community as a whole expects. The business community should expect our understanding the realities and following behaviors that produce more rather than stop the production of victims. We advise clients to remember that:

1. Bad news ripens badly; get ahead of it because we know the pattern of events about to occur
2. Speed of response and action beats smart but delaying thinking every time
3. Stopping the production of victims is job one in crisis
4. Managing the victim dimension is job two in crisis
5. Notify, disclose, explain, and be candid, now, is the most powerful strategy.
6. Work constructively and preemptively against the pattern of events
7. Voice extreme empathy, even apology for those affected.
8. Communicate constructively, openly, incrementally, daily or more frequently.
9. Correct, clarify, and comment promptly . . . it is your destiny.
10. Criticisms of your performance are predictable, inevitable and correctable.

Types of breaches and cyber-attack situations The Lukaszewski Group has been involved in over the years:*

• Consumer Breaches-Travel and Tourism
• Consumer Breaches-Retail
• Social media attacks on individuals, consumer products and brands, Public and private institutions, industries
• Organized opposition: increasing use of cyber tools to recruit, align and coordinate forces that enjoy anonymously harassing, irritating, agitating, and humiliating.

Private, brief management orientation sessions are now available. The interest in breaches is high all across the spectrum of businesses and organizations. The Lukaszewski Group is open to 90-minute webinar-based approach to briefing organizations and their leaders about managing the potential for breaches. These sessions are designed to help organizations develop sensible, achievable, useful, preemptive and instructive advance plans and decision making for that circumstance when a breach occurs. Call us for details. You can reach Jim directly at 651-286-6788.

For information by email, simply email TLG at jel@e911.com, subject line: Breach Briefing.

Watch for Breach Survival Lessons Part II, “Seven Crucial Breach Survival Lessons.” Coming Monday, November 2^nd, 2014.

* All Lukaszewski Group clients are confidential.

James E. Lukaszewski, ABC, Fellow IABC; APR, Fellow PRSA, BEPS Emeritus

If you have questions, or would like to dive more deeply into the subject of this blog, you can reach me 24/7 at jel@e911.com; 203-948-7029 (voicemail; email, text). I look forward, as a friend and colleague, to helping you achieve the objectives you’ve set for yourself for having a happier, more influential, successful and meaningful career.

Signup for my newsletter

Follow me on Twitter

Connect with me on LinkedIn

Find me on Amazon