Just back from my hols and it’s heartening to see that whilst I’ve been away so many great movers and shakers in the IT security world have signed up to get involved in Security Serious Week in October. So many of the CISO community have already committed their time for free to offer seminars and webinars on a host of great subjects including Unilever, BT, Canon, Lloyds Bank, HSBC, GSK, Publicis Groupe, Markit, Willis and The Economist to name but a few! Our loyal analysts including Ovum, Quocirca and IDC are on board and yesterday I was delighted that the Department for Culture, Media and Sports have agreed to get stuck in with events during the week and rally other Government departments to do so too – way to go! The week should be incredibly insightful to any organisation wishing to become more security savvy! So if you’re an IT security specialist or IT security organisation that wishes to impart your pearls of wisdom to other businesses to make them more Security Serious then why not organise a webinar or seminar. We’ll promote it for you on www.itsecurityguru.org and www.securityserious.com. We’ve also got loads of companies participating in the press photocall at 12 noon on 26th October outside the Tower of London (find out more at www.securityserious.com) – where everyone will have a banner with their logo on it to show the world they’re “Taking Security Seriously”. By participating in the day not only will you be counted as a company that’s Security Serious but it’ll be a great networking event as we’re all going to meet in the pub after the photocall – CISOs, analysts, press, vendors and other IT security professionals. Hopefully, by getting together new contacts will be made and we can work together to make UK Plc a safer place to do trade Online! If you want to brainstorm how you can get involved then email me Yvonne@eskenzipr.com!
The Ashley Madison breach went from being a pain to an utter disaster. If it wasn’t bad enough that credentials of over 36 million users was stolen, last week all of that data was leaked online.
As soon as the news broke, the Eskenzi team jumped into action and reached out to clients to get commentary that we could issue to the press. Rather fortuitously, Stephen Coty, chief security evangelist at one of Eskenzi’s clients, Alert Logic, had managed to do some digging on the underground forums and had obtained the leaked information. He stayed up all night mining the data to see if he could find any juicy details about the people whose information was exposed.
He discovered that over 14,000 people were government officials! Meaty stats for a PR pitch, that’s for sure. I got to work as soon as he had sent the information over, pitching these facts and figures to the IT, tech, business and national media. The time it took from receiving the initial email from the client, to issuing a media alert was only around 10 minutes! You need these sorts of quick reflexes and speeds to ensure optimum coverage – along with relevant and interesting comments, of course.
Within minutes, coverage started appearing, and the phone started ringing requesting interviews. As a result of issuing this media alert, Alert Logic received over 20 pieces of coverage including several national hits including The Observer (print), The Guardian (online) and International Business Times.
Actually, that isn’t the question, it’s the challenge
While some bay for the death knell to sound, I still firmly advocate that the press release has its place in the communications portfolio –but only if it’s done well.
To be valuable the press release has to be carefully constructed. To do that takes a perfect blend of elements. Get it wrong and your prose is unlikely to see the light of day but, get it right, and you’ll generate interest and ultimately coverage.
With that in mind, here’s my tips for effective press release writing:
Grab the attention: The headline, and subject line if sending via email – which we all do, are the most important things to get right when writing a press release. You should use no more than 10 words that scream how interesting your release is to the recipient.
Journalists have hundreds of press releases flooding their mailboxes every day – or hour in some cases! Your release has to shine out against all the other dross. But that doesn’t mean you should be flippant, nor gimmicky – the journalist has to understand that a) it is a press release, b) what the release is about, and c) deem it relevant, if they’re going to open your message and read on.
Assuming you’ve passed this first hurdle, your opening sentence too has to keep the reader’s attention if the remainder of the release is going to be read. The golden rule here is that the opening sentence summarises what’s in the rest of the release, in less than 20 words, and reads like the opening line of a news report. Simple really – actually, that’s quite a skill.
It has to be newsworthy : There is absolutely no point writing a press release if you don’t have any news. Regardless of the demands a client, or even account manager, may make – if the subject isn’t genuinely new, interesting, innovative or surprising then a press release is not the best tactic. Instead, either combine this announcement with something that is newsworthy, or use a different PR tool.
Find your hook: Every editor needs a hook to pin your story around. The best press releases will include this – ideally in the opening paragraph. For example, is a journalist interested in Company A’s new whitepaper? I’d wager not. But, if Company A has uncovered a previously unknown vulnerability in Software X and has published a paper on its research – then the hook is the vulnerability with the whitepaper referenced.
The Five W’s: In the opening paragraph it’s imperative that you cover the five W’s – the who, what, where, when and why that this release details. If you can get this into the opening sentence then perhaps you should consider a career as a news editor :-)
Don’t waffle: While it might be tempting to put everything you know on the subject into a press release, don’t! The ideal length is one A4 side – approximately 400 words, or four paragraphs. Any more and you’re not writing a press release, you’re writing an article. Pick up any newspaper and look at the news section – short and snappy is the typical style and that’s what your release should emulate. If the journalist is interested, and needs more information, then they’ll ask for it.
Include a quote: And don’t say ‘we’re delighted/excited/pleased or thrilled ….’ of course you are but that’s not insightful. I also recommend that you read a quote out loud – if it sounds like you’re reading then it’s not a quote – you’re aiming for something that sounds natural and flows easily.
Complete the package with an image: Publications are screaming out for images to brighten up their pages so include one. Make sure, if you’re approaching a print publication, that the resolution is high enough, and try to make it interesting – a head shot of a spokesperson is not going to cut the mustard.
However, don’t attach the file to your message as this will annoy journalists struggling to keep their mailboxes a manageable size. Instead, a simple ‘Notes to Editor’ at the end of the release stating its availability will suffice. While on the subject of notes, you could include additional background material for the release in this section.
Include your details: There is nothing more frustrating to an editor, who’s fast approaching a print deadline and needs to verify a fact in a story, if they can’t immediately reach you. Include all the ways you can be reached, and that includes out of hours numbers.
One Size won’t fit all: So, you’ve got the lot – the interesting news hook, eye catching headline, and perfect quote. While that’s 95% of the secret formula, the bit that’s missing is the tailoring for each publication on your list. Take the time to write to each contact individually, detailing why the release is relevant to the publication’s audience, and highlighting the salient points. Again, keep it succinct and use bullets if it helps.
Get it proof read: There is nothing more frustrating then something littered with typos – it’s unprofessional and some journalists claim that they will delete releases with spelling errors and grammatical mistakes without reading them.
Here’s an event that you’re going to want to be involved in because it’s for every company who takes Security Seriously!
The campaign is called SECURITY SERIOUS and we’ve dedicated an entire week to it from 26-30 October. The campaign will push the message to the business community that – we’re taking Security Seriously and so should you!
We’re hoping to get 50+ best of breed companies who are good at IT security to help other companies become more security savvy through a range of exciting events! We’ll kick off the week with a photocall outside the Tower of London at 12 noon on 26th October. Everyone will be there with their company logo and huge banner that states that we’re all pulling together to show that “UK PLC is serious about IT security. We’ve arranged for the press to take pictures at the photocall and then we intend to create a social-media frenzy around the whole week!
During the week we have lots of free lectures and events that companies are offering on a first-come first-served basis. These will be on a range of cyber-security topics – it could be “getting the board’s attention”, “how to stop breaches” – “Finding the right tools to securing an SME” etc.
We’ve already got some amazing large companies behind the week doing some really exciting events, BUT we want to get a huge momentum behind and need your help with the following:
- Let us know if you want to be involved in the photocall opportunity – if so we’ll get a huge placard with your logo on it.
- Can you support this event by offering something positive to other businesses during the week – it could be a webinar, free software, seminar in London, internal seminar to your staff, something inspiration and creative! We’ll promote it through Eventbrite and Brightalk and on the website with your logo as a supporter of Security Serious.
- Who could you invite to get involved apart from your own company?
- Add the event and logo to your email signature
- Blog about it.
YOUR INVOLVEMENT AROUND THIS EVENT WILL NOT COST YOU A PENNY – it’s all about the community collaborating as an industry to get best of breed security professionals from great organisations working to help others become more security savvy – that way we can improve the security posture of UK PLC!
So please let us know how you’d like to get involved asap so we can build your event and idea into the website and campaign.
For more details email Yvonne@eskenzipr.com
It’s a funny one this subject about IT security – it always comes back to the users – without us there wouldn’t be any security issues! And without us we wouldn’t need security experts to keep us in check! We need them and they need us – right!
Every year we organise the IT Security Analyst & CISO Forum which is a wonderful opportunity to get raw and heartfelt insight into how the CISOs are feeling – what they are seeing, what’s troubling them and what they’re doing to find sensible solutions around the problems they’re facing. I felt hugely buoyant after this year’s gathering of CISOs they really seem on top of what’s going on! They were openly collaborating and helping one another – they understand they’ve got huge security issues – but there’s nothing out there that they can’t cope with. Calm is afoot.
What hit me the most was the realization that users are useless when it comes to security – we the users just don’t care – if it’s in our way we’ll get around it – so there was a consensus in the room that “we need to move away from a No to a KNOW mentality” – because it just ain’t working! So you can’t try and block users from trying to do their jobs, but find the tools to make sure you are on top of what they’re doing with the information.
Oh dear but then that’s not all that easy is it because the 2 next biggest bug-bears that the CISOs discussed was Shadow IT and privileged user management – that’s top of mind the moment.
Shadow IT was a real first for me, what I mean is the term, (sorry I’m a bit behind with the lingo these days), they were all harping on about this being a really big problem – that’s us people yet again in PR and marketing, sales and management – we keep downloading these wonderful sharing apps that make everything so simple for our wee non IT brains – you just download the app and hey presto we can all share spreadsheets and contacts etc amongst our colleagues quickly and efficiently. Quickly and efficiently was never really in the security programmers DNA which is why we always come to an impasse with the security folks. The likes of google sharing apps, DropBox, Box etc are causing a real pain in the backside for security – secure data is being shared outside the organisation willy nilly – but the good news is that these bright young CISO are onto us – they know what we’re up to and are now learning how to discover, monitor and remediate us where necessary. At least with the coolest tools out there – they can keep the auditors happy and show they’re doing their best to meet the demands of the compliance chaps!
So we can keep working away with our apps because the IT security folks realise they’re onto a road to no-where – so instead of fighting it and saying NO they’re moving to a culture of KNOW instead.
So the other problem they really started to sit up and talk passionately about was the thorny problem of managing privileged users. Hmmm, it’s the human factor yet again! The typical scenario went as follows: One person is given access to the sensitive stuff, they then share it with a colleague when they go on holiday, a consultant comes on board they then get given access, the original person is promoted into another department or leaves, they hand over access to another new person but still retains access to the original information even though they no longer need it and so on. One CISO from a major bank who shared his angst found his sentiments were mirrored by most of the other CISOs around the table – “Companies grow very quickly and you get lots of changes so we try to conduct regular privileged access account reviews, but I have to admit it’s one of the biggest problems we have not yet solved.”
It’s the thorny old problem – if you don’t drill into your staff that the data is a major asset of the company and it needs to be respected and dealt with responsibly then it won’t be respected.
Back to good old user security awareness and best practices then! You train your staff and they’ll be your biggest allies – get their trust, get them to take on a bit of the responsibility for security – and you’ll go along way to solving the problem. That’s the conclusion I came to after listening to these savvy and very switched on CISOs, the reason they were so chilled was that they’ve learnt that security is a really big problem and it’s us users who are their biggest problem – but these guys have a strong handle on what’s going on they’re getting to grips with user awareness and responsibility! They all admitted that it helps that over the last year the boards are giving them more air time at least 15 minutes every 6 months! It means more so than ever they have the ear of the board who are giving them the responsibility, time and money to focus on putting security where it needs to go. For more on what the CISOs talked about at the Eskenzi IT Security Analyst & CISO Forum read Ron Condon’s blog at http://www.itsecurityguru.org
As part of the National Autistic Society‘s Autism Awareness Week, Eskenzi PR is taking part in Onesie Wednesday! We are wearing our onesies to work (and lunch) to proudly raise awareness of Autism.
Onesie Wednesday is a day you can really show how unique you are, and that it’s ok to be different! For those with autism, having that acceptance and understanding from others that it’s ok to be different is so important. Having a younger brother with severe autism myself, I really like this message and am so grateful the whole office has joined in with the cause.
A huge thank you to everyone who has sponsored us so far – we really, really appreciate it!
Happy World Autism Awareness Week!
In 2014 IT Security Guru successfully launched its webcast channel and has so far hosted industry names such as Joshua Corman, Cris Thomas, Brian Honan, Katie Moussouris and Craig Goodwin discussing areas such as Internet of Things, car hacking, major flaws and 2015 predictions.
In January we were joined by Steve Durbin from the Information Security Forum, CISO Amar Singh and Ian Pratt from sponsor Bromium to discuss how best to spend cyber security budget in these times of targeted attacks. Naturally the conversation moved towards the combination of people, process and technology as the best triage for defence, which a live poll of listeners found that 60 per cent agreed with PPT as the best solution, whilst Pratt admitted that “security was not built into code written in the 1980s”. To listen again to this discussion, click here https://www.brighttalk.com/webcast/11399/140339
We are already planning many more webcasts for 2015, and will be joined by members of the group Women in Security on 10th March for a discussion on mentoring, so keep an eye out on the website www.itsecurityguru.org
Following the huge success of our CISO Luncheon Events, we have teamed up with Wired-Gov, the UK’s leading ICT Public sector site with over 63000 subscribers and have developed a new program of public sector luncheons. Exclusive sponsorship of these CIO focused luncheons are now available for May, July, September and November. Sponsorship includes:
- Themes and invitation messaging tailored to sponsors requirements
- Invitations into sectors such as NHS, Local Government, Central Government and more
- Event held under Chatham House Rules
- Minimum 10 CIOs and ICT Senior management
- 5* venues with private dining facility
- Regional events available
- Cost for exclusive sponsorship £8500
If you would like to find out more, please email or call Linda Joynes on 02071832847 or firstname.lastname@example.org
Every morning we check the news for the hottest stories in information security for our clients to be made aware of and comment on. On 27th January, we spotted the story that Facebook and Instagram had been knocked offline for an hour across much of the world, amid claims that the social media sites had been hacked. A group called Lizard Squad, which has previously claimed responsibility for bringing down XBox and PlayStation online services, posted a message on Twitter appearing to link itself to the outage which affected Europe, the United States and Asia.
We knew the story would make the headlines so we knew it was a great story for our clients to comment on. We immediately sent the story on to all our relevant clients with a request for comment, and MWR Infosecurity came back nice and quickly with some unique commentary and insight. Their comments were picked by the Associated Press and subsequently distributed through their newswire, gaining an unbelievable 900 pieces of coverage in total! Highlights included pieces in The Daily Mail, The New York Post and an interview on BBC radio 2!
In addition to MWR Infosecurity’s success with comments on this story, both our clients ESET and OPSWAT were featured in The Times. A great day at Eskenzi PR and proof there is room for more than one client to jump on a story!
ESET joined the Eskenzi PR roster in May 2014. A few of us had known the guys at ESET for a while and the time finally felt right for both parties to join forces for their PR in the UK.
As it turned out, ESET were the perfect client – responsive, informative and proactive. In the first six months we achieved:
- An average of 100 pieces of clippings monthly
- Of those clippings, 77% were Tier 1 publications
- National coverage including Guardian, BBC, Independent, The Times and Bloomberg
- TV interviews including BBC, Sky News and ITV
- A press trip to ESET head office with five journalists.
We have obviously been delighted with the results we have managed to achieve and are even more delighted that Quinton Watts, VP Marketing and Sales at ESET agreed. “Having always believed in the power of PR and its contribution to raising the brand I decided to move over to Eskenzi from one of the largest international PR groups. The biggest worry of continuity moving from a large agency was quickly dispelled with a seamless uptake of the accounts and our existing industry contacts. I have been continuously delighted by their professionalism, fresh approach and above all results they have achieved. Eskenzi have proven beyond a doubt that they punch way above their weight and the measurable uplift in results has led to an immediate increase in PR budget with total confidence that it is money well spent.”
So many elements of great PR can only happen when there’s great teamwork and we’ve certainly got that with ESET. We’re very excited with what else we can do for them!