Archives for February 2015

PR News Honors Judy Whittlesey for PR Excellence

Judy awardSusan Davis International Executive Vice President Judy Whittlesey accepted PR News’ Top Women in PR 2014 award today. Women considered to be the best of the best in public relations were recognized at an awards luncheon at New York City’s Grand Hyatt. This comes as no surprise to those who know her and her history of more than two decades of stellar work in PR initiatives, from strategic planning and media relations to crisis communications and management strategies.

We asked Judy to share a few tips that distinguish successful professionals in PR:

  • Know the value of, build and nurture relationships – for clients and themselves
  • Be a great collaborator, build great teams both internal and external
  • Always be curious and well-informed
  • Everyone wins when you help others grow

Judy is her own best example of these characteristics. Her professionalism and expertise are a model young women (and men) in PR can aspire to. We’re extremely proud she has been recognized as an outstanding role model.


By Sam Burns, SDI, February 27, 2015

Can Prevention Tip The Scales in Cyber Risks?

cyber Tuesday option 3“An ounce of prevention is worth a pound of cure.”

The immortal words of Ben Franklin have become axiomatic for companies dealing with today’s ever expanding array of cyber threats. Franklin used the phrase in a letter that was published in the Pennsylvania Gazette urging better fire fighting practices. It’s likely he’d be content to see the wisdom he was passing along applied to best practices in cybersecurity.

Obviously, prevention has to be at the forefront of actions taken to lessen the risks posed by cyber threats. But it behooves us to be clear-eyed about precisely what our expectations should be with regard to prevention. There is growing recognition that preventing data breaches is a bit of a Sisyphean task. The reality is breaches will occur.

In late 2014 The Ponemon Institute released a survey of 567 executives in the United States who were asked how prepared they think their companies are to respond to a data breach. Despite the increasing level of efforts being made in threat prevention, 60 percent of those surveyed said their company had been victimized by more than one data breach in the past two years.

In virtually every instance, when a data breach occurs the single biggest loss potential lies in the damage that can be done to the corporate reputation. According to a recent report from Deloitte, “almost 90 percent of executives surveyed by Forbes Insights in 2014 on behalf of Deloitte say that reputation risk is their key business challenge.”

One need look no further than the recent Sony debacle to understand the enormity of the risk to corporate reputation posed by breaches that expose truly sensitive information. Such key considerations as shareholder confidence, employee loyalty and customer retention are all imperiled by damage to corporate reputation.

Arguably, the greatest yield in prevention actions lies in effectively managing response to those data breaches that have the potential to become a crisis for the company.  Investing in the planning and preparation needed to ensure a corporation is capable of effectively responding to a cyber breach that poses the threat of becoming a crisis is a critical need.

Taking steps to prevent a situation from escalating into a crisis that threatens the corporate reputation is worth several pounds of cure.


By Tom Davis, SDI Cyber Risk Practice

SDI #CyberTuesday offers insights and commentary on cyber risk management by SDI’s trusted cybersecurity, privacy and data security expertsskilled practitioners whose decades of experience working for governments and corporations around the world distinguish them as strategists and crisis managers.

You can view previous blog posts on cyber risk management here.

February 24, 2015

Do, Don’t and Be Deliberate: Advice for Young PR Pros

Your Career SignWith the bright, energetic, savvy young professionals on our staff, tips author Julia Sahin offers in “10 Things PR Pros Must Stop Doing” may resonate or already be in the rear-view mirror. Yeah, we have that kind of staff. And, our exceptional, seasoned professionals nurture best practices by guidance and example.

Still, good advice we think from Sahin, a monthly contributor to Muck Rack. In this article she looks at what young pr pros should do by telling them what they shouldn’t — be afraid to  make mistakes, keep quiet and not speak up,  transact media relations, ignore the numbers, monitor for stories instead of trends, and be a generalist are some examples.

To complement Sahin’s advice, we offer a few more tips to help you succeed in your public relations career:

  • Play to your type in choosing your workplace. We operate in the fast lane. Young pros here like the dynamics of managing multiple clients with diverse needs as a daily regimen. It’s not for everyone. Choose an environment that nurtures your best professional self.  
  • Put in the effort to know your client as well as possible. Just like friendships, client relationships are built on familiarity. Understand your client, its culture, individuals, strengths and vulnerabilities. Do your homework. It pays off.
  • Develop the art and skill of listening, not just hearing. Public relations is all about communicating, and that begins with listening. Listen actively to your clients, your sources, your company experts, your advisors, your sympathizers and contrarians. Your success in all manners of communicating from face-to-face to tweet-to-tweet is linked directly to how well you listen.

Time to time everyone needs a chance to reset their perspectives and lay foundation for more successful professional engagement.

The tips offered here are good refreshers.


By Jayne Davis, SDI, February 24, 2015

Networking for People Who Hate Networking

Networking Fear

Networking is a skill and an art. SDI media expert and handbag aficionado Nicole Tieman shows how you can master both. You can also read her post as published in FamousDC.

We’ve all heard it time and again — “it’s not what you know, but who you know,” particularly in DC, where who you know can make or break your career. For anyone with social anxiety and uncontrollable awkwardness, this is a cringe-worthy fact.

As an unenthusiastic happy hour participant, I’ve spent years attempting to figure out how to survive in these socially mandated events. Here are some go-to tricks to make socializing easier in a city that runs on small talk and business card exchanges.

1.     Use the buddy system

One is the loneliest number, especially in a networking situation. That’s why my favorite happy hour strategy is to use the buddy system. An extroverted plus one will ease your nerves, boost your confidence, and give you an automatic ‘in,’ especially if they are well connected around town.

2.     Do your research

Planned events and fundraisers often have a program that includes special guests and a host committee. Use your expert Googling skills to learn something about a speaker and someone hosting the event. This will give you the proper ammunition to impress and flatter someone, feel confident in the conversation, and leave a good impression.

3.     Ask questions

People love to talk about themselves, especially in DC. A “humble” brag and quick story about that one time they rode the elevator with John Boehner and he said “hello,” is par for the course. Use this to your advantage by asking lots of questions. Be interested in their lives and curious about their work. They will happily indulge and you will coast through the conversation, smiling, nodding and not humiliating yourself with shaky anecdotes and rambling shoptalk.

4.     Feature a statement piece

Recently, I was walking into an event when I was stopped by a group of women, gushing over my new bag. Later, a man complimented the bag as we hovered around the dessert table. It was a conversation starter all night, so now it’s my go-to bag for all events … at least until it becomes last season. Statement pieces can be anything from a purse to a quirky tie, and they’re an easy way for people to engage you in conversation. So if you’re like me and have a hard time sparking dialogue, let your statement piece do the hard work for you.

5.     Be approachable

Smart phones open our world; they also can close it just as quickly. We happily fall into the safe space of a glowing screen rather than face our feelings of anxiety and nervousness, but fight the urge. If you appear consumed by your phone, you become the weird guy in the corner no one wants to talk to. So do yourself a favor — leave your phone in your pocket and bravely make eye contact with the wallflower across the room with the fancy purse.


By Nicole Tieman, SDI, February 19, 2015

Fox Interviews Frank Cilluffo on Anthem, Sony

cyber Tuesday option 3Fox Business News anchor Deirdre Bolton and host of Risk & Reward recently interviewed SDI’s Cyber Risk Communications Practice Lead Frank Cilluffo on the unfolding story of the recent security breaches at Sony Pictures and Anthem. Adapted key points from the interview are captured below.

Fox: What do you make of the hack on Sony Pictures and its effect on Sony Pictures head, Amy Pascal?

Cilluffo: I think it underscores that cybersecurity is no longer just an issue for the IT division.  The responsibilities and consequences are elevated to the boardroom and to the highest levels of a firm. To ensure that you can protect your company’s information, data, intellectual property, these are issues that CEOs and executives have to worry about now.  Failing to do so can cost a CEO their job.  And even worse, rattle shareholder and consumer confidence.

Fox: Should we be reassured or concerned that no medical information or financial details appear to have been taken in the Anthem hack?

Cilluffo:  While we don’t know the full scale and scope of the incident, we do know that Personally Identifiable Information, such as birthdays and Social Security Numbers when taken together create identity theft issues.  And the reality is that the healthcare sector has been a soft target for quite some time. They are not up to par with say the financial services industry and/or the defense industry for example. We know the scale to one extent that this has affected so many people, what we don’t know is the entire scope, and it’s worth noting that not all hacks are the same, not all hackers are the same, not all intentions are the same, not all capabilities are the same. And we don’t know exactly what’s going to unfold in the days ahead.

Fox: In the cases of Home Depot and Target, hackers received inside help, a fact that has an increasing number of companies worried about disgruntled employees and former employees assisting hackers. How big a part of the problem is this?

Cilluffo: You know the insider threat is at the very top of the list. If you have access to the systems themselves obviously that’s a step ahead of anyone trying to come in from the outside. That said, what you’re starting to see is much more in terms of insider threats being enabled by outsiders. So at the end of the day this needs to marry up the physical security, or the chief security officer, with cybersecurity, the chief information security officer, and they really do need to come together. And I would note with Anthem it is worth recognizing that they’ve clearly learned from some of the missteps and miscues from a communications perspective from some of the other high profile cases. They did come out early, they did come out competently, and clearly are trying to shape the discourse of the incident.

Fox: Anthem has acknowledged that they’ve traced this back to an outside web storage facility. It seems like everyone’s security is only as strong as their weakest link. What does this mean for companies who use outside storage in terms of security protocols?

Cilluffo: You’ve got that right, and the reality is we need to start seeing much more of what you would refer to as supply chain security, ensuring that your third party vendors are doing everything they can and should do to enhance security. There’s still a number of unknown questions, was this data, were the Social Security Numbers encrypted? I don’t know if that’s the case or if that in fact did occur; but clearly when you’re looking at third party vendors, when you’re looking at the supply chain, that is precisely what allegedly happened in the Target hack as well with an HVAC provider.


SDI #CyberTuesday offers insights and commentary on cyber risk management by SDI’s trusted cybersecurity, privacy and data security expertsskilled practitioners whose decades of experience working for governments and corporations around the world distinguish them as strategists and crisis managers.

You can view previous blog posts on cyber risk management here.

February 17, 2015


Love is a Many Splendored Press Release

Valentine's DayThat may not be your idea of love, but several hundred journalists said as much to PWR New Media. Contrary to the idea that love finds you when you least expect it, journalists do expect to find a little love in their inbox — most prefer releases delivered by email. Posting your releases to your social platforms throws a little more heat their way. It’s a favored hunting place for story ideas.

PWR heard this and many more ways to a journalist’s heart in their journalist survey.

While there’s plenty of love to go around when creating and delivering releases, we zeroed in on a few additional hot tips:

  • Depending on the strength of your social presence, sometimes a direct tweet on the release at a reporter with whom you have a relationship and know will be interested in the content or a featured quote will get you some traction.
  • Who wants more hum-drum in their lives? Not journalists. Put a red dress on that subject line and entice them into opening your email.
  • Play easy to get. Reporters want something formatted that’s easy to read —bullets, facts, figures. They want to be able to scan it for story potential rather than wade through poetic rhetoric.
  • Off With Your Head! Without a good headline, the body goes cold.

Everyone wants to feel a little love. Don’t make journalists the exception.


By Jayne Davis, SDI, February 13, 2015

A Cause We Can All Embrace

Chamber event 2Occasionally, society is presented with a cause so compelling it penetrates the busy moment and engages the consciousness of a nation.

The extraordinary individuals who care for our nation’s wounded, ill and injured veterans day in and day out without remuneration and facing almost insurmountable odds are such a cause.

SDI has the privilege and honor of supporting military caregivers through our work with The Elizabeth Dole Foundation (EDF). It’s a journey of relationship building, partnering and creating opportunities for the country to recognize and respond to the unseen sacrifices of those who care for our wounded warriors.

This week holds the promise of a turning point in how society provides for the needs of military caregivers. An unprecedented gathering of individuals representing organizations rich in diversity and experience will exchange ideas with caregivers, analyze programs and conceive strategies to help build a stronger culture of responsive and actionable support in this country.

Almost a year ago, RAND released a report the EDF commissioned, the first definitive study on the scale and scope of challenges military and veteran caregivers face daily.  The report pierced the veil that hid a national community of heroes — 5.5 million military and veteran caregivers who tend to our wounded, ill or injured service members and veterans with little notice and less support.

EDF called for a national coalition of public, private, labor, nonprofit and faith communities. Leaders emerged from the nearly 100 organizations that answered the call and are joining their peers and caregivers to help create sustainable impact in the lives of military and veterans’ families, working together across lines of support and building new lines where none exist.

The challenge is considerable. Research identified multiple critical areas of need — deteriorating psychological and physical health, income loss and financial strain, lack of caregiver support networks, and limited accessibility to expanded caregiving education and training are among them.

As the stellar group of organizations represented here this week works to empower caregivers, drive innovation, promote collaboration and raise awareness, we’ll witness the power of partnering, relationship building and strategizing in pursuit of a common goal. It’s a blueprint for building a better future for our military caregivers.


By Jayne Davis, SDI, February 10, 2015

Troubled Times, Troubled Waters; Setting Corporate Standards in Cybersecurity

cyber Tuesday option 3

Companies trying to navigate the largely uncharted waters of cybersecurity are finding the going difficult. They face a degree of uncertainty over decisions related to protecting themselves from data breaches, and even greater doubt about how best to respond to breaches that do occur.

A year ago the Commerce Department’s National Institute of Standards and Technology (NIST) released a Framework for Improving Critical Infrastructure Cybersecurity. Although it received mixed reviews, the framework provides a structure that offers organizations a methodology to assess and improve their capabilities. In addition, there are industry groups seeking to impose acceptable standards, and a growing insurance market that over time will impact policy and procedures. But at the moment, the guidance that does exist is very much in flux.

On the federal government side, the Federal Trade Commission (FTC) has carved out a leadership role in regulating data security practices through its enforcement actions. Generally, the companies subject to those enforcement actions have settled, and the process has offered some insight into data security practices that are being seen by the FTC as falling short.

However, the FTC has not set forth clear guidance on what constitutes acceptable security practices, and one subject of an enforcement action—Wyndham Hotels & Resorts LLC—has challenged the FTC’s authority to regulate data security practices.  The U.S. Court of Appeals for the Third Circuit will rule on the matter, and its decision will have significant and far reaching implications. Ironically, if the court upholds Wyndham’s challenge, businesses will have even less certain guideposts to follow, although one could anticipate that both Congress and individual states might move to provide further regulatory powers relatively quickly.

The courts will provide yet another potential source of future standards. A wave of data breach litigation is sweeping across the country, and more class action suits are certain to be filed as breaches continue to happen.

Among the most watched suits at this moment are those arising out of the major data breach at Target.  The initial lawsuits were filed soon after the nature of the breach became public, and there was much speculation that the suits would be dismissed based on then existing precedents. A year later it is apparent that the suits will proceed and that the federal judge in Minnesota who is hearing the cases is taking a hard look at Target’s responsibilities to protect data. In refusing to dismiss the suits the presiding judge seems to have established that banks have a right to go after businesses that suffer breaches if they can establish negligence on the part of the affected business.

Whatever the court decides in this case will ripple across the cyber landscape. Some of the issues presented are complex, but at its core, what is being decided is whether Target acted reasonably both in protecting data and in responding to the breach.

The issue of what is reasonable to do to safeguard data and respond to incidents is at the heart of the standard setting process. We are still in the early stages of a messy undertaking that will move in fits and starts toward a time at which standards for acceptable behavior will be generally agreed upon. Until that time, companies are well served to benchmark themselves against their peers, and engage in a process of continuous assessment and improvement in their cyber defenses and response mechanisms.


By Tom Davis, SDI Cyber Risk Practice

SDI #CyberTuesday offers insights and commentary on cyber risk management by SDI’s trusted cybersecurity, privacy and data security expertsskilled practitioners whose decades of experience working for governments and corporations around the world distinguish them as strategists and crisis managers.

You can view previous blog posts on cyber risk management here.

February 10, 2015

Cybersecurity Weighs Heavily on CEOs’ Minds

cyber Tuesday option 3

PwC is out with its 18th annual CEO survey and to no one’s surprise cybersecurity is a prominent concern globally. More than ever, 2014 demonstrated the ubiquity of digital security attacks with virtually no industry emerging unscathed. According to PwC, reported incidents soared to almost 43 million in 2013, prompting 48 percent of CEOs to cite cybersecurity as a concern last year. This year that jumped to 61 percent among all potential threats cited by CEOs placing cybersecurity front and center on their furrowed brows.

To fend off the challenge, CEOs ranked cybersecurity technologies among the top three strategically important digital technologies for their industries. The report suggests a prominent view that demonstrating secure digital technologies can create value in customer trust.

Customer trust is also at the heart of a corporation’s reputation in managing responses to cyber breaches. Reputation management starts at the top and an enterprise will be judged by how secure its customers feel about the company’s ability to protect their personal data as well as its own proprietary information.

Clearly, the potential costs of managing and mitigating threats don’t stop at the ledger. Potential reputational risk, loss of market share and customer and shareholder estrangement are among casualties that may arise from cybersecurity incidents. PwC’s report is further acknowledgement that executives and their boards would do well to understand the full spectrum of ways their company is vulnerable to risks, as well as the changing policy and legal landscape around reporting, best practices and liability.

2014 offered further proof that a data breach CAN happen anywhere, to any firm.


SDI #CyberTuesday offers insights and commentary on cyber risk management by SDI’s trusted cybersecurity, privacy and data security expertsskilled practitioners whose decades of experience working for governments and corporations around the world distinguish them as strategists and crisis managers.

You can view previous blog posts on cyber risk management here.

February 3, 2015