Schadenfreude aside, PR pros should pay careful attention to the hacking of AshleyMadison.com, the online dating service marketed to people who are already in a relationship.
According to KrebsOnSecurity.com, large caches of data stolen from the site have been posted online by an individual or group that claims to have completely compromised the company's user databases and financial records.
This particular security breach holds some valuable lessons for communicators. As recently as November 2014, AshleyMadison.com's PR team was pitching Noel Biderman, the company's president-CEO, as an expert to talk about the importance of customer data security. According to Mashable, the company called itself "the last truly secure space on the Internet."
In the wake of the security breach, PR pros should enhance their relationships with their IT counterparts. The worst thing PR pros can do is assume that the company's data is impenetrable or that, in the event of a hack, IT will quickly have the situation under control. When a security breach occurs, it's going to be PR—not IT—that's under the gun, and communicators need to be prepared.
Taking preventative measures to avoid a security breach goes a long way. Here are a few actions to consider, compliments of Liz Zarins from 5W Public Relations.
- Review the organization's cyber security effort. Perform routine security assessments, update software regularly and enforce strict online regulations for all company associates.
- Increase internal training. Educate employees on phishing scams and other mistakes that can lead to a breach, increase IT's security training by offering online tutorials and other free resources and practice response methods through security breach drills.
- Place more value on internal communication. Bring in communication specialists or use internal PR professionals to heighten internal communication between all employee levels, especially between executives and the IT team. Frequent communication between the two teams minimizes the opportunity for something to go unnoticed.
- Reassess your crisis plan. Reevaluate your organization's security breach crisis plan every six months. Take time to add security capabilities, remove outdated protection systems, update communications tactics and incorporate lessons learned from other organizations' breaches.
Follow Matthew Schwartz on Twitter: @mpsjourno1