Archive for ‘Online security’:


Cyber Security: Fighting Back Against Threats

Tuesday, November 29th, 2016

Computer hacker stealing data from a laptop concept for network security, identity theft and computer crime

By Sydney Rodgers*

Theresa Payton is a notable expert on leading cyber security and IT strategy. As former White House CIO from May 2006 until September 2008, she is one of the leading security specialists in the nation. Payton is the CEO of Fortalice Solutions and co-founder of Dark Cubed. Both companies provide security, risk and fraud consulting services to various organizations.

At the recent Public Relations Society of America (PRSA) International Conference, Payton compared potential security risk to connecting a talking Barbie to unknown WIFI sources. According to Interstate Technology & Regulatory Council (ITRC), in 2015 over 169 million personal records were exposed due to breaches. With the internet playing such a large role in daily life I wanted Payton’s insight on how to structure your brand. Below Payton gives us tips on how to expand your assets without putting them at risk.

 

How does someone determine their most valuable assets?
Your most valuable asset(s) is that information that you absolutely cannot afford to lose. It’s the most critical asset that you need to safeguard and protect either for yourself or your organization.  Lots of digital assets are considered valuable but the top 3 digital assets that cyber criminals target before and during a large event are:

  1. The schedules of notable people and their security detail assignments;
  2. Ability to spoof or fake credentials online or in person; and/or
  3. Stealing personally-identifiable information or the right credentials to access payment information and bank accounts

 

What trends do you see in breaches of security?
Over the course of my career, one item rings true over and over again. Today’s technology, by design, is open so it can be easily updated. That open design also means that a breach is inevitable, but how you plan to respond to one is not. If you create and store data, there will be cyber criminals waiting to pounce to copy it, take it, post it, ransom it, or destroy it. Offensive strategies with defensive mitigating controls work, but a purely defensive strategy is a losing strategy. For every defense you put in the path of a cyber criminal, just like a squirrel after an acorn, they will relentlessly try to circumvent your defenses to grab it.

As we live in today’s world, it would be completely negligent to only think in terms of physical or digital security as two separate entities. We discussed this in great detail at the White House that a security strategy must dovetail the two together, physical and digital, and that a one sided approach was doomed to fail.

 

What things should someone take into consideration when looking into cyber security?
An area often overlooked or widely misunderstood is the use of open source intelligence, also known as OSINT, as part of the overall strategy. 70% of data breach victims indicate that they were alerted they had a breach from someone outside their own organization. That stunning statistic reinforces why every company should target your own organization, as if you are the adversary. This approach helps you identify the information leaking out of your vendor’s connections to your data, through your own employees, or technology, before cyber criminals use that same intelligence to launch an attack against your organization.

Digitally, you can use OSINT tools to identify everything you can about the technology and people that work at your organization. You can also use OSINT to see if your sensitive data has leaked online. Physically, you can use an OSINT technique to digitally geo fence a specific and physical land area and monitor the digital traffic occurring that mentions the location. In the case of fighting terrorism, private sector companies and law enforcement can geo fence critical infrastructure, significant events, and venues and then monitor to identify terrorist capabilities, sympathizers, motivation, flash points and intentions through various OSINT tools.

 

What apps would you suggest someone use to monitor their protection?
Some apps that I use everyday are: Privacy Badger and Ghostery to protect my online browsing from 3rd party marketing firms and other snoops. I also use Threema to protect sensitive text messages.

 

Should there be differences in cyber security for personal and professional?
How you think about protecting your privacy and sensitive digital assets in your personal and work life are the same. Most of the principals that you apply in your personal life should go to the office with you and vice versa. Please make sure you are familiar with the tighter restrictions at work that are typically agreed to within employee agreements that you have signed so you don’t unknowingly break rules or put your company’s most sensitive assets at risk.

 

*Sydney Rodgers is a student at Southeast Missouri State University. She has always been interested in the communication process and social interaction and is currently studying public relations. In her spare time Sydney likes to keep up with current events and is AVP of Communication for her Public Relations Student Society chapter.
Twitter: https://twitter.com/SydSpksSuccess
LinkedIn: https://www.linkedin.com/in/sydney-rodgers-5a6305127

How to Personalize a Brand Experience Without Being Creepy

Thursday, March 20th, 2014

How to Personalize a Brand Experience Without Being Creepy Ellis Friedman BurrellesLuce Fresh IdeasBrand personalization has never been more vital to providing a unique brand experience and capturing and maintaining customer loyalty. But with so much data available, it’s also easier to annoy or unnerve customers with over-personalized suggestions or communications. Here’s how to use your available data to provide a personalized user experience without seeming like Big Brother.

Be transparent

Inform your users as to what info you’re capturing, how you will use it, and who can see it.  Unnerving customers with specific, personal information on recommendations or personalized experiences will likely cause them to shy away from a brand instead of embrace it. So be transparent: ask for permission to use their data, and provide an opt-out.

Use data provided directly to your brand

It’s one thing to personalize experience based on data a customer has already provided to your brand, whether it’s a previously stated preference for a room on the lowest floor of your hotel or a purchase history that shows they buy the same product at regular intervals. But it’s another thing to use information they didn’t provide to your organization.

Social media posts that mention your brand directly also generally fall into the realm of usable for personalization, but tread carefully. At Qantas Airlines airport lounges, iPads alert staff members when a lounge guest posts content tagged from that location, even if the user doesn’t mention Qantas by name. Staff can then share certain posts with their own followers.

While those posts are public information, some users found that social listening off-putting, especially since, in the case of Qantas, they weren’t directly interacting with the brand on social media and Qantas does not alert their lounge members that such monitoring is in progress. (See: Be transparent)

Tread carefully with third-party data

Using third-party data from social media sites can quickly veer into “creepy” territory. If your brand wants to access, say, Facebook like information, it’s wise to consider clearly asking for permission. General rule: Unless a client clicks the “like” or “follow” button on your brand’s page, be very clear about your third-party data processes and consider using other personalization means.

Personalize better

In a national loyalty study, Maritz Loyalty Marketing found that while 94 percent of loyalty program members want to receive communications from the programs in which they participate, only 53 percent of those members found those communications personalized and relevant. Allow customers to help with that by providing the opportunity for them to customize their interactions with you, either by creating personalized interaction defaults or how they set up and manage a loyalty account. On The New York Times online, users can view recommendations for articles based on recently-viewed articles, and the site provides data on the sections and they view most, an excellent way for members to not only track their own usage, but also feel that The New York Times is pointing the way toward tailored content.

Be selective with the data you use

Big data has huge personalization potential, but brands must use it responsibly; just because you have access to certain data points about a user doesn’t mean that data should be used. Take for example the OfficeMax mailer addressed to “Mike Seay/Daughter Killed in Car Crash/Or Current Business.” Just as it’s important to know what big data metrics are most applicable to your company, it’s also vital to know which of those data points should be used in personalization.

How do you personalize your brand experience? Where do you think the line is between highly personalized and creepy?

Gmail Changes = Time to Revisit Your Online Settings

Monday, January 13th, 2014

Gmail changes Google plus security privacy settings Ellis Friedman BurrellesLuce Fresh IdeasThink you’re anonymous online and your Gmail account is confidential? Think again. Last Thursday Google announced changes to Gmail that will allow someone to email you at your Gmail address even if they don’t know that address, as long as both of you are Google Plus and Gmail users. Even better: this capability will be enabled automatically, and requires manual opt-out (and here’s how to do that).

On its official blog, Gmail frames the change as allowing you to “reach the people you know more easily.” Of course, if you don’t actually know the person, this does away with one more layer of protection from your email and effectively integrates Google Plus and Gmail into one messaging service. The flip side is that this could make it even easier to network with other industry figures or potential clients whose email address you’ve forgotten to note, but it seems like a lot of changes and automations actually leave more room for breach of privacy than ever before.

Aside from getting emails from people you don’t know – and maybe don’t want emailing you – there may be more worries with Google Plus’s automation, as in the December case of a man arrested for violating a restraining order taken out by his ex-girlfriend because he sent her an email to join Google Plus. The catch? He says he didn’t send it – Google did, and he didn’t know about it. It’s not clear whether that’s what actually happened, but Google’s automatic invitations have caused ire for some years.

Though the aforementioned incident occurred before Gmail’s announcement last week, the takeaway for PR pros is to never assume that automation by default works in favor of your privacy. And PR pros, who tend to have prolific breadth in their social media and online accounts, must be extra cautious with their social presence.

So take this as a New Year’s reminder to take a few minutes and review the settings and privacy on all your social media accounts. And always make sure you or someone on your team closely monitors changes made to social media, search, and email platforms – you don’t want to have to jump into crisis mode over a preventable online slip-up.