The Data Breach: Why News Media Need to Prepare

It’s really a matter of if a company will experience a data breach, it’s more a matter of when and how bad it will be. A recent McAffee study (a cyber security firm) showed that 1 in 4 companies experience some form of data theft from cloud services. Then there’s the whole Cambridge Analytica fiasco with Facebook; not a breach, but an abuse of process where Facebook is also to blame.
It’s a scary thought for any size business and one marketing management often burdens the CIO or CTO with. But chances are, the data that a thief is after is your customer data, sometimes it’s financials or corporate intellectual property, but mostly it’s customer data. For newsrooms, the risk is hackers stealing content to repurpose it or gain insight into stories that are being researched. That falls under marketing and editorial. Being prepared takes a little bit of work, but if planned ahead of time, can save a lot of up front brief, potential shareholder and consumer lawsuits and significant legal costs and reputation damage.
If you’re a public news media company, magazine or large independent, even a small publisher, it’s important to be aware that regulators and the courts are evolving in their expectations of a company’s preparedness. Lack fo preparation can hurt if you end up in litigation like Target (it will cost them $18.5M), Home Depot and others have.

Here’s a quick guideline for how to prepare and initial steps. Naturally, we’re here to help if you need it as well. It’s something we do well and have experience in, unfortunately.

Preparing for a Data Breach:
  • Work from the perspective that it’s going to happen at some point
  • Have a clear path of communication with editorial
  • Have an Incident Response Plan that considers the following;
  • Senior marketing management should meat with senior IT management and learn about the company’s data protection and cyber security programs.
  • Audit your cloud based services that you use and review your agreements with them for third-party liability coverage and who’s responsible for what when a breach happens.
  • Have a public relations plan ready to go; who will be spokesperson, who and how it will be announced. This varies depending on if you’re a public or private company and size of the organization.
  • Have legal counsel prepared. They’ll need to apprised immediately.
  • Have a Breach Coach on your speed dial; they can be a lawyer or management consultant familiar with such issues, but you’ll be needing a lawyer at some point.
  • Business continuity and disaster recovery plan
  • Education of key employees
  • Insurance (it’s amazing how many companies don’t have this.)
  • A plan ready to share with the board if and when necessary

These are the highlights, there are other issues. Within each there is work to be done and when it happens, it’s good to have a data breach coach who can help cooler heads prevail. Whenever it happens, the first thing to do is a damage assessment with a prepared statement if it’s a call from the media or a social media campaign that notifies you.

A senior marketing manager today deals with more data than ever before. Hackers know this and they know how to make money from your data. Even smaller companies are coming under attack today. No one is immune.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: