What PR teams need to know about cybersecurity concerns
Communication and PR professionals face a variety of day-to-day challenges. One of the most important problems that may not always be obvious is the potential for disruptions related to cybercrime. It’s vital for staff to understand that while the PR industry may not appear to be a traditional target for criminals, there are various aspects of PR activities that are valuable to unethical actors.
It is, therefore, essential to put in place measures that protect individual team members, your organization, and agency clients from the damage that can be caused by a range of hacking tactics. This begins by understanding where the prevalent threats lie, what elements make teams vulnerable, and how to address issues.
We’re going to take a moment to dive into what PR teams need to know about cybersecurity concerns.
Addressing ransomware
Most successful PR corporate teams and agencies are well-oiled machines. In all likelihood, your teams’ efforts are supported by a range of essential resources. This may include files of your industry research, event plans, and social media management platforms, among others. Keeping these resources online or on company networks helps your team access them and organize communication activities effectively. Unfortunately, this also puts teams in a vulnerable position if they experience ransomware attacks.
Businesses of all sizes need to adopt protections against ransomware threats. Even if your PR team is relatively small in terms of staff numbers, you might still find it’s targeted by hackers. By definition, communicators have more information about the organization and its clients than other branches. This may include sensitive information about corporate clients, industry data related to projects, and even company financial records. Each of these can be an incentive for cybercriminals to commit data breaches.
The result can be significant financial setbacks due to both the ransom your organization needs to pay, as well as productivity losses. Not to mention that client confidence may be shaken if you have any of their material such plans for forthcoming corporate activities.
The primary tool in preventing ransomware threats is ensuring all staff understand how these threats occur. Hackers can use social engineering techniques to convince staff to click on links sent in emails. Some ransomware is introduced through vulnerabilities in company networks. Alongside ensuring all staff have solid fundamental cybersecurity knowledge, it’s worth investing in effective intrusion detection and anti-malware software for your networks. It’s not just in big companies or agencies – I mention in passing that my small firm receives daily emails containing malware that my security software has detected and destroyed.
Minimizing data breaches
The valuable data your PR team is likely to have may include sensitive information about clients, industry data related to projects, and even company financial records. Each of these can be an incentive for cybercriminals to commit data breaches.
The result of theft isn’t limited to the loss of information alone. There can be staggering financial consequences, with the average cost of a data breach in the U.S. hitting $9.44 million in 2022. Hackers are able to utilize these resources for further illegal activities and illegitimate gains.
Essential steps for enhancing PR cybersecurity
There are some steps your PR staff can take to communicate greater awareness and protection against illegal accessing. One of the simplest is to ensure that all passwords within the organization are complex and regularly changed. Implementing 2-factor authentication procedures for accessing any accounts on your company networks or downloading data is also a smart approach. This is especially important if you have hybrid PR teams accessing networks out of the office. With two-factor authentication, if someone does choose a weak password or a service gets hacked, there’s always another checkpoint to make sure it’s really that person who wants to log in.
It’s also vital that your PR teams always communicate around the organization that staff should treat all data as though it comprises valuable assets. This includes never leaving data unattended and being mindful of who can view documents in the vicinity. This caution must extend to disposing of old electronic devices in safe and secure ways, too.
Items such as smartphones and computers may be storing client or proprietary information even after staff think it’s been deleted. It’s wise for your teams and even clients to utilize electronic shredding methods to ensure data can’t be accessed by unethical actors.
Educate your PR team about the risks
Regardless of threat levels, your PR employees should be educated about security threats and the importance of protecting critical data. Without sufficient education or awareness, many individuals may not be thinking about the increased risk of a cyberattack these days and how their actions can contribute to systems’ vulnerability to attacks.
For example, employees should be trained to identify and monitor for malicious links, attachments or phishing in emails and on websites. They should report anything that looks suspicious and flag any emails or content that may contain viruses or threats.
Outline the risks and prepare
While every organization should create a crisis communication for cyber risk, at a minimum your organization’s leadership team, in cooperation with the communication team, should:
- Outline the top 10 risks to the organization, including IT and cybersecurity.
- Work across departments to learn about different perspectives or risks you may have not considered.
- Compile these into a document and plan a response to each.
With cyber issues especially, it’s important to consider who is at the table. The C-suite, PR, legal and your board of directors should all be connected to the processes you choose to follow and the questions they need to be prepared to ask when crisis hits.
Your communication team should also have visibility into technology vendors and partners that may need to be added to a response when issues arise.
As part of your plans, it is advisable to develop holding statements for each of your 10 major known issues so you can easily adapt and streamline approvals for these initial communications. Consider having statements ready for breaches that impact internal, external and all types of stakeholders. You will also need to prepare stakeholder communication plans to include customers, partners, employees, board members and investors – ready to fire up if the breach is far-reaching. Consult senior management in this case, and ensure your head of cyber security and other relevant cyber leader close to the issue is in step with your communication response.
There may be times when your PR team is involved in your organization’s follow-up to sensitive corporate negotiations such as takeovers and mergers with high-profile individuals or organizations. When criminals find out about your firm’s involvement in negotiations, you could find your business specifically targeted by cybercriminals who want to gain sensitive information about the other parties for nefarious purposes.
Your efforts here should begin with limiting the exposure that such data has to the outside world. This may involve ensuring your team members don’t access client or other sensitive information on their personal devices or outside of the office. Avoid electronically transferring documents unless encryption protocols are in place. In some instances, it’s worth protecting these files from internal and external theft by storing the data on separate cloud accounts and limiting use to senior team members only.
It’s also wise to make identifying files related to high-risk, high-profile or potentially highly profitable activities difficult for anybody who isn’t directly involved with the project. This could include choosing a pseudonym for the client or major company you are dealing with and naming all related file folders and documents accordingly.
PR teams need to take a responsible approach to protect themselves, their organization and their clients from cyberattacks. Your business must educate workers on threats associated with ransomware and data breaches, alongside the methods to mitigate these.
It’s also vital to put protocols in place that protect high-profile clients that may draw targeted attacks. Remember, though, it’s not enough to put protections in place now and then move on. The cybercrime landscape is always changing. Your PR teams should also make efforts to stay up-to-date on new threats and utilize relevant tools to reduce risks.
Kim J. Harrison has authored, edited, coordinated, produced and published the material in the articles and ebooks on this website. He brings his experience in professional communication and business management to provide helpful insights to readers around the world. His wide-ranging career includes roles as a corporate affairs manager, consultant, author, lecturer and business manager. Kim has received several international media relations awards and a website award. He has been quoted in The New York Times and various other news media, and has held elected positions with his State and National PR Institutes.