Stream | Security – the new(ish) buzzword in reputation management
Most businesses out there are slowly waking up to, and hopefully doing something about, the new GDPR legislation that kicks-in in May next year.
Stream, communications, branding, marketing, design, websites, PR, senior, consultants,
post-template-default,single,single-post,postid-23813,single-format-standard,ajax_fade,page_not_loaded,,select-theme-ver-4.6,wpb-js-composer js-comp-ver-5.5.5,vc_responsive

Security – the new(ish) buzzword in reputation management

Most businesses out there are slowly waking up to, and hopefully doing something about, the new GDPR legislation that kicks-in in May next year.


In the process of auditing our own processes and systems here at Stream to ensure that we’re compliant, it strikes us that the issue of security is much, much more than just a problem for the IT department to deal with.


In fact, we’ve been having this conversation for some time with one of our agency partners, Appsecco, an application security company that provides pragmatic security advice to companies and organisations worldwide.


And we seem to agree that security, or Cyber security, which is what we’re really referring to here, is a reputational issue. If not taken seriously, it could end up costing your business large sums of money, could cost you your reputation, and in extreme cases, could even put you out of business.


This means that anyone who is “in charge” of their business’ reputation (yes, brand, comms and marketing people, we mean YOU!) better prick up their ears…


According to the IT Governance blog, Cyber crime cost UK businesses £29 billion in 2016, while Sonatype’s 2017 State of Software Supply Chain Report states, “The need for improved cyber hygiene in the UK has reached new heights in 2017 following large scale ransomware attacks on its nation’s hospital system and an increased focus on software liability.”


Eyes watering? Read on.


A recent example of just how bad it can get is the Equifax scandal, which has seen the credit-report company writing to UK consumers to warn them that their personal details have been compromised after its parent company was the victim of a cyber-attack earlier this year.


Equifax has just released its first financial results since the cyber security scandal came to light, warning investors to “brace for a mounting bill as lawsuits pile up and a raft of regulators investigate the company”.


Free identity theft protection and credit monitoring offered to consumers will add to the bill. The company has so far incurred $5m of these expenses and recorded an additional $56m as a contingent liability. The final tally from the complimentary services could be as much as $115m.


Meanwhile, its competitor Experian has reported a 5% jump in half-year revenues, having seen a customer windfall in the wake of the crisis.


So yes, it’s time that we all took this issue just a little more seriously.


According to the new GDPR legislation, a breach can incur fines of up to €20 million or four percent of a firm’s global turnover (whichever is greater).


From a communications point of view, there’s plenty you can be doing. Raising awareness across the business about the new GDPR legislation is one thing. Depending on the size of your business, there may be more than a handful of people who process customers’ personal data as part of their day to day job, who need to understand the new Directive and how it will impact them.


There’s also a reassurance piece for employees, as GDPR isn’t just about customer data, it’s also impacts how an organisation stores and processes personal information held on its staff.


And of course, there’s the crisis comms piece. In preparing for the new GDPR rules, you’ll need to revisit and update your Privacy Policy to include, amongst other things, an explanation of the lawful basis for your data processing activity, how you seek, record and manage consent and how you will detect, report and investigate a personal data breach. This latter part of the policy then needs to integrated into your crisis preparedness plans and all key stakeholders need to be made aware of their role in the crisis procedure should the worst happen.


For more guidance on GDPR and how it will impact your business, click here, or get in contact with us here at Stream if you need some help in thinking up creative ways to engage your employees and help them understand how the new legislation affects them.


More broadly, our friends at Appsecco have got some sound advice on how to approach the frankly daunting task of protecting your business (and your brand) from Cyber crime:
  1. Understand that cyber security is a matter for the entire organisation and raise awareness internally
  2. Internalise that good cyber security protects all your stakeholders, not just the company or your customers
  3. Begin by working out the commercial impact if you were attacked
  4. Get an external audit. Only an independent review will reveal the things that attackers can find
  5. Accept that it is going to cost (and save) you money. Good security isn’t cheap but costs can easily be controlled
  6. It has to be an ongoing process. The frequency is for you to decide but it can’t just be once


For more information or to see how we can help get in touch we’d love to hear from you!
No Comments

Sorry, the comment form is closed at this time.