March 3, 2017

MBAF cybercrime seminar's key lessons featured in the Huffington Post.

Human error took center stage this week in the world of crisis and reputation management. By now we all know that accounting and consulting firm PwC, the firm hired to tabulate and manage the results of the Academy Awards, gave the wrong envelope to actor Warren Beatty, who was responsible for reading the winner of the Best Picture Oscar. The accountant in charge was distracted during the process (allegedly tweeting) and Beatty and Faye Dunaway read the wrong winner – and then chaos ensued. The incident made worldwide headlines and PwC took a tremendous reputational hit. Human error, compounded by distraction, was the primary cause. (In case you haven’t heard, PwC partner Brian Cullinan was taken off the Academy Awards assignment, and the account is under review by the Academy.)

The other day, I attended a seminar at another accounting and consulting firm called MBAF in Miami. They hosted a great event where a number of experts discussed current trends in cyber crime. Interestingly, one of the main themes was human error. We know that cyber criminals target organizations with hacking efforts and denial of service attacks, and in some cases companies get infiltrated as the bad guys find ways around firewalls and cyber-defenses.

At the seminar, information technology professionals, cybersecurity experts and even the FBI confirmed that the biggest weakness in cybersecurity remains the human element. Everything from easily hacked passwords to elaborate “phishing” e-mail scams enables the bad guys to gain access to personal or corporate data. I even learned a new term that describes how cyber criminals specifically target a single individual in a company (say a CEO or HR director) with an elaborate e-mail scam. They call this “spear phishing.”

The experts agree that the biggest problem is that people make simple mistakes such as visiting the wrong types of websites, responding to phishing e-mails and even using public WiFi. Between this revelation and the PwC story, I’m reminded that we are largely in charge of our own destiny when it comes to issues of cybersecurity and online reputation.

With many reputation issues, people simply make mistakes. In the case of PwC, Cullinan was allegedly tweeting when he was supposed to be double checking. I have never tabulated anything in my life, but it seems to me that a simple procedure could have prevented this. “Mr. Beatty, I’m handing you the envelope for Best Picture, please look at it and confirm to me that it is, in fact, the envelope for Best Picture.” Perhaps the accountant was star-truck, tweeting or making an Ishtar joke when he should have been paying closer attention.

In most reputation management cases, people say things without thinking, tweet things without filtering or write things without double checking.

Here are a few tips for good online practices to protect you from cyber crime and keep a stellar online reputation.

Think before you click

If you get an email that looks a bit weird, don’t click on it. Take a close look at where it came from and the e-mail address, not just the name in the from line. If you don’t recognize the sender, don’t open it and if you do, don’t click on the links within it. Before you send that mean tweet, take a deep breath and think for a moment. Do you really need to blast away? Just the other day, I wrote a response to someone on Facebook and did the “deep breath test” – and ended up not sending the response at all. While zinging might have felt good in the short term, it really did little for me long term.

Increase vigilance on mobile devices

The experts at MBAF made it very clear that we are more distracted on our mobile devices. We are more likely to be multi-tasking with mobile and more likely to make a mistake on mobile. Is it scientifically proven? I don’t know but my gut agrees. I also believe the handy access of mobile makes it easier to post something and make an online reputation mistake. Easy access increases vulnerability. Some evidence also suggest that the bad guys are looking for new ways to target mobile users.

Training

Back to human error. We need to have programs in place to train our employees about cyber scams and how to identify them. And the link between cybersecurity and online reputation is only getting stronger. We need to train our people not only on how to recognize a phishing e-mail but also what they should and shouldn’t say online. We need to be careful what we write on social media sites, blogs and in our own e-mails. Anything you type on a keyboard or phone can be copied – even on apps like Snapchat and Dust – and can end up being widely distributed. When training for cybersecurity, you should be training for online reputation as well. We can help with this by the way – and some tips on this are available in my book How to Protect (Or Destroy) Your Reputation Online.

Click here to read the article on The Huffington Post.