Now after six months working at Eskenzi, I am more than clued up on IT Security. And I never thought I would say it, but IT Security is slick, savvy, interesting and contemporary.

Being at Eskenzi I have learnt about who and what the threat is and how to protect myself. I now know the lingo. Words which before I would see pop up on my computer, and just click download I now understand what they mean and what I’m downloading and how I’m being protected. Now I know who and what the threat is I am aware of how to protect myself from these threats, before I was walking around with my head in the clouds.

IT Security is in the forefront of the news everyday and there is always something new and exciting popping up. Our news feeds at Eskenzi, which we send out in the morning and afternoon, say just that. They are constantly crammed with the most up to date news of that day; it’s hard to choose which are most relevant, because all of them are. IT Security is relevant to everyone; it has a huge impact on our everyday lives. You can’t pick up a newspaper without a headline being about Hackers, Data Breaches, Malware Attacks and Cyber Security. For me, best of all I can talk to people about what is going on in the news, talk about IT Security and sound smart and clued up, they look interested and surprised.

IT Security news is every day, diverse, bright and fascinating. Not only reading about IT Security but also writing about IT Security is interesting. I have had the chance to write an article for a client on a survey they conducted on online Christmas shopping and the risks which people are at when shopping online. It was interesting, contemporary and relevant to today’s news. Working in Fashion PR was something which I was interested in before going to University. I thought that writing about a pair of shoes would have been great, and I probably could have said a lot about it, but how much can you really write about a pair of shoes? Let’s be honest, after a while it’s going to get a bit boring, and if I sparked a conversation up with someone about a pair of shoes, I’m sure they would swiftly disappear. However talking about IT Security is much more gripping, and I know that people would rather hear about that than another pair of shoes.

Sitting in a company meeting last week, we discussed all the different breaches that had happened over the year..as the breaches were mentioned it occurred to me that someone I know has probably lost their details in every one of those breaches….but do they know their details have been lost? Have they taken any actions?

Have they stopped using that website? My guess probably not.

Have they stopped using that bank account? Again probably not.

Have they proactively gone and changed all their passwords? Maybe for some – not all!

Being in the security industry, you become more aware of what is going on and inevitably more cautious. But as data breaches become more of a common daily occurrence, are people sitting up and taking action to protect themselves?

According to a survey by Symantec, 19 people fall victim to cybercrime every minute in the UK – this goes to show that no matter how many breaches we as a nation are still failing to protect ourselves. Why is this? Is it not our job to protect our own data? Do we think the companies should be taking extra steps to look after our data and we cannot do anything? Or with the rise of social networks do we all believe that all our data is out there for all to see – so why protect it?

Maybe its because we do not see how a small piece of information such as our password or date of birth could be of such high value to a hacker who can then access our bank accounts and have a shopping spree at our own expense…

Messaging is the term used to describe exactly what company information is going to be shared with all of your stakeholders and how it should be presented.

This aspect of a PR campaign is crucial, as it is the only stage of the PR process where the company maintains complete control over its information. If you don’t get it right at this stage your whole campaign runs the risk of taking off in the wrong direction. This is such a common mistake we ensure that we get our client’s key messages formulated as early as possible in a campaign and the engagement process.

Once in the public domain, your information will be open to all sorts of scrutiny, interpretation, and analysis. However, during this internal planning stage, it is possible to agree on which aspects of the company to publicise, and how exactly to do it. It is also the chance to make sure the public front you want to show the world is agreed upon by all your senior management. It is surprising how often a messaging workshop shows that this is not the case. It is far better to hammer out your minor disagreements in a closed workshop rather than under the glare of TV lights or gleeful story in your local press highlighting the ‘confusion’ with your organisation.

Messaging sessions can sometimes bring in to the open fundamental disagreements about corporate strategy that have to be addressed before you expose them to the glare of the TV lights!

The messaging workshop starts with The Elevator test – imagine you meet your best-ever prospect in the lift and you have ten floors (about one minute) to tell her enough about your company to get her to meet you. It’s harder than you think but an essential and powerful tool to use not only when meeting people but when used on the home page of your web site or on your marketing material.

Once the elevator test (or lift test if you prefer) is captured we move on and capture all of your other key messages. These will be used in briefings with journalists and analysts and almost any other public engagement between your organisation and the outside world.

The end result of this workshop is a messaging grid which provides you with a handy and essential document which will guide you through meetings with the media and be the basis of most of your collateral, in all the vertical sectors you work in and save you endless hours of research prior to your media engagements.

The PR goal in this regard is simple: once you have agreed on your company’s key messages, you will want to promote them to the biggest audience possible using the tools and methodology which makes Eskenzi such a successful agency for its clients.

Watch the Eskenzi PR Youtube channel at: http://www.youtube.com/watch?v=DNQPhZblmTM

The golden rules in winning in PR!

1. Sponsor imagination and creativity in your organisation. Encourage your staff to be creative & brainstorm regularly from the board room to the post-room – you will never know what your staff are capable of until you ask them!

2.  Content is still key – the more content you have the better, but it has to be really original to keep you in the news. That means producing regular non-product pushy articles, fast newsy responses to breaking stories, interesting relevant blogs, opinion pieces, analysts briefings, tweets and industry leader profiles.

3.  Energy and Enthusiasm does not automatically lead to Sales! – Journalists get (no exaggeration) thousands of press releases every day. You cannot just send out press releases and expect them to be published – you have to SELL STORIES IN! 

4.  Knowledge is power – you must understand the story you are selling and have an understanding of the journalist or analyst you are pitching it to. There is nothing more irritating to a journalist than when a PR person phones up, but it’s not their beat! Some ‘PR’ people even phone without ever having read the publication. Do your research and don’t waste their time or indeed yours.

5. Chemistry – I’m a firm believer that good PR is all about the right chemistry, chemistry between you and the PR agency and then of course the press.  Without the right chemistry you can’t brainstorm ideas, and without good creative ideas you’ll never succeed in PR!

  Here are the golden rules on the top things you SHOULD NOT DO in order to succeed in PR:-

 1. Long sign offs kill stories!  Don’t expect to get coverage if your agency has prepared a story for you based on a story that’s just broken and you don’t get sign off for days! You need immediate responses from the key decision makers and if you don’t someone else will pitch you to the post.

2. Never oversell to journalist or analysts – they hate it!  I believe you literally have about 30 seconds to sell in a story – if you haven’t succeeded in this time – then drop off the line and move on.

3. Boring & Samey –don’t expect to get coverage if you don’t have much of story – it’s got to have a hook with a great email header and headline to the story or release.

4. Don’t write releases no-one will understand – for heaven’s sake write in plain English, make it short, sharp and to the point. Use quotes, photos and hyperlinks wherever you can.  Don’t use jargon and make them so complicated and technical that no-one gets it.

5. Do not pitch to someone who isn’t interested in the story – this reinforces Golden Rule No. 4. on how to win in PR because I still think this is key to winning in PR. You won’t succeed if you don’t have the contacts or an insight into who will be interested in hearing about our story.

6. Do not let your client bully you. They may think every national journalist from The Sun to The Financial Times wants to write about their sponsorship of Grabmore’s Mobile Solutions for Earth Moving Trucks 2012 event but…. believe me they don’t. And they don’t want to read, no matter write, about your client’s two latest recruits to your Baltic HQ and their membership of the local Chamber of Commerce. Be sensible and let your client know spamming journalists with this type of stuff will ensure they drop off everyone’s mailing list.

And finally and most importantly if you want to win in PR be smart about how you approach everything you do.  Don’t go in the same direction as all of your competitors, think out of the box and work out how you are going to stand out from the rest of the crowd.

The reputational impact and damage of a breach on a brand like Epsilon is irreversible, other companies like M&S, Lacoste and Marriott Hotels who were all customers of Epsilion are also going to be hit by this breach.  And all that Epsilion did was issue a one paragraph press statement about the main data incursion.  Doesn’t this just smack of the incompetent and unprofessional way that  RSA dealt with their hack only just a couple of weeks ago? And how many millions of pounds has that little breach cost RSA?  I know through a friend of mine that they are now maniacally recruiting contractors to go and mop up the damage!  But shouldn’t these companies be made accountable to losing their customers details?

Either companies batten down the hatches and make sure that they use as fail safe security as they possibly can or face the consequences of losing their customers.  It won’t be long before the general public walk away from companies who can’t prove they have good security measures in place.  This goes for those third party outsourcers who also have our details, we need to demand to know who these third party outsourcers are that our details are going to and an assurance that when our details are being onto them, that they also can prove they have strong security in place.

Unless of course in this mad world in which we live, companies continue to disregard security a bit like not bothering to invest in a burglar alarm until they have a burglary, and therefore companies blithely ignore security until they suffer a breach.  As a PR agency specialising in IT security you would think that I would be happy if companies ignore security, as I should make more money out of these guys when a story breaks.  Not so, because as a consumer and an M&S customer who frequents Marriott Hotels with my Lacoste luggage (actually I can’t afford Lacoste luggage quite yet),I have unknowingly become a victim of this breach.  I therefore, would far prefer it if companies respected my personal details and invested in the right sort of security to keep my details safe and sound!

If you visit their website there’s nothing there apart from an open letter from Art Coviello their Executive Chairman http://www.rsa.com/node.aspx?id=3872  stating they’ve suffered a major hack!  But what I want to know is where are the press releases with more statements and calming advice, where is the hotline general number for more information, how do you contact anyone with sane help as to what to do with your SecureID tokens – should you still use them or are they now defunct?  When I spoke to the FT last week they said that RSA did not have anyone available for comment and another journalist said they were put through to an answerphone, as there were no official RSA personnel to talk to.  So of course speculation as to the severity of the situation is now running riot with every security pundit coming up with their disaster theory.  Take NSSlabs.com http://www.nsslabs.com/research/analytical-brief-rsa-breach.html who are recommending that “RSA clients who use SecureID to protect sensitive information should consider eliminating remote access until this is resolved ; perform an impact assessment of systems using this technology and identify critical assets and potential risks. Furthermore, RSA clients should consider alternative 2-factor authentication solutions”.  

This is a huge PR disaster rolling out of control, especially now that other security professionals are advising customers to shut the systems down until the situation is resolved. Come on RSA tell us all when you’re going to resolve the situation!  The longer RSA keep their mouths shut the more speculation there will be about the magnitude of this disaster.  All companies should look and learn from this RSA’s situation, as,  in time,  this will surely be the sort of example that marketing and PR students are shown as a “text book” case in how not to “handle crisis management”.  I’d recommend that RSA apologise and explain how this situation came about – immediately issue their users and partners with advice and a temporary security solution.  It’s all about communication – come on guys there are enough channels to communicate through – just do it! Job sorted!

Whilst this outcome can often be frustrating, it is also important to recognise and appreciate the benefits of working in such a specialised field. Every so often a political event, worthy of mass media coverage, comes along and opens up a discussion on a perilously neglected subject. One such event of recent months has been the Wikileaks saga as information security quickly became big news. 

The media scrambled to gain some sort of understanding on how sensitive data, of the highest classification, could possibly be leaked onto a public forum. The story and interest then began to snowball as reports of something called ‘Hacktivism’ began to appear in all media formats. A group calling themselves ‘Anonymous’, operating behind the sinister visage of ‘V’ from Alan Moore’s dystopian work ‘V for Vendetta’, began to launch DDoS attacks on websites and organisations that either publicly denounced Wikileaks, or refused to process donations and support the whistle-blowing site.

‘…there’s the rub’

The rise of hacktivism reveals something quite unprecedented about the current socio and global-political zeitgeist. This is prominently defined by the current debate on whether high-level information is fit for public consumption – in the interest of national security – versus the right of citizens to have access to the dealings of their government.

So, the tide is turning for information security. Whether you regard Wikileaks as an important, epoch defining moment in history, or a debacle of the highest order, the fact remains that it has become a public and political concern. Future elections may be won on such issues, as IT is now widely recognised as being a particularly 21st century concern. One need only regard the ongoing ‘net-neutrality’ debate in the US to see just how important the field of IT has become in the political sphere.

What it meant for us

When the Wikileaks story broke it wasn’t long before our clients were being snapped up by reporters. Notable coverage included CNN and BBC Radio 4’s ‘Today Programme’, along with hundreds of articles and mentions in various top publications. This was further evidence that IT security is no longer just an occasional ‘flavour-of-the-month’, and has instead become a subject of public and political discourse. As technology advances at a rate incomparable to that of any other field, so too will the demand for experts and IT professionals to explain the process. Feelings of insecurity – as well as real insecurity – are the teething problems of the technological age, so providing experts to translate the complexities into a common language is to provide a vital social service.

So say it loud and say it proud. If you’re lucky enough to work in the field of information security, you are – without conceit – a bona fide guru of the modern age. Here at Eskenzi we believe that securing technology is the path towards safeguarding the future; a message that we are proud to spread.

At last we have a female role model in the world of technology in the shape of the feisty blonde lastminute.com founder, Martha Lane-Fox. While she was a major player in the .com boom, and followed this with a stint in the world of Karaoke, setting up Lucky Voice,  she is now back in tech mode with her role as the government’s new digital champion and adviser, providing a much needed role model for bright savvy entrepreneurial women considering a career in the technology sector.

 At a recent event I attended I was so disappointed to see that nothing has really changed since I started out in the tech world several years ago. There were only a fraction of women and the majority of those were scantily clad promo girls!

While other highly technical professions such as medicine attract a high number of female candidates a career working in technology is just not on the wish list for most women. Martha Lane Fox shows that IT doesn’t have to be all servers, networks and back-end technology, the digital revolution which we have been happily ensconced in for a number of years has opened up a wealth of new opportunities for women.

You could say that Web 2.0 is designed for multi-tasking women who like to be in constant communication – so it is logical that they should also be involved in the development and deployment of this technology and bring some much needed female blood to the industry. Yes technology companies need to do more to attract female talent but here’s hoping Martha will show that glamour and Tech are not such an unusual cocktail!

Yes we are entering unchartered territory with public sector cuts greater than ever before and the uncertainty of the impact of the 2.5% VAT hike on the business world at large.

BUT there are reasons to stay optimistic, the budget is strongly focused on boosting business in the UK, Corporation Tax is to be cut by 4% and between now and 2016 £13bn will be invested in business with a focus on small businesses.

What’s more as an industry that is constantly facing pressure to reduce costs and increase efficiency; the IT Sector is better placed than most to weather the storm.

The two pillars of cost savings and increased efficiency, Cloud Computing and Virtualisation, will be even more appealing to both public and private sectors; with the gloomy reality that we have years of belt tightening ahead the fact that these technologies lead to long term savings rather than a short term “quick fix” will be even more enticing; not just to the IT department but those responsible for the bottom line in companies of all shapes and sizes.

Tony Dyhouse, cyber security programme director for the Digital Systems Knowledge Transfer Network, quoted in Computer Weekly also suggests that is not all gloom and doom as clever companies will use their initiative to find less costly ways to fortify their defences; such as educating people about the value of data and the risks of data loss in an effort to strengthen the weakest link in the security chain – human beings.

So the sun is shining, we are in the midst of World Cup fever, maybe things aren’t so bad…..