From tapping our contactless cards, to life saving machines, the rise of the selfie and every painfully slow computer update we sit through on a Monday morning, it is increasingly clear that technology is a fundamental component of our daily lives. Some of us love it, some of us not so much- but one thing is for sure, in some way, we all use it. As technological advances continue to amaze us (I’m looking at you, Sophia), and break boundaries that years ago, were pipe dreams, one thing is for sure- technology isn’t going anywhere (except maybe up- after all, the only way is up, right?).

Of course, this begs the question- if we do all use technology, then why are we not all represented in the work force? Gender diversity in the technology industry has long been a talking point. Research shows that, despite industry growth, over the last 10 years’ female representation in the industry has stagnated- only 17% of those working in the industry are female and when looking higher up the ladder, things aren’t that much better – only 1 in 10 are IT leaders. With only 7% of students taking Computer Science at A-Level being female, there is a clear need for action to encourage young women to pursue a career in the field of technology.

I caught up with Vicki Gavin- Compliance Director, Head of Business Continuity, Cyber Security and Data Privacy at the Economist Group to get a little bit more insight on this issue:

What issues do women currently working tech face?

I think that the biggest issue women in technology face is nature of the work environment.  In general, the environment in the core technology areas; support, infrastructure and development is very competitive.  The nature of the work is such that practitioners are being challenged in some way to work harder, smarter or faster.  Thus, practitioners are constantly having to prove both to themselves and to others they are capable.  Many people may find this sort of environment uncomfortable and choose not to do these sorts of roles.

Are there any signs of success/ progression towards a more diverse workforce in the tech industry?

The number of women choosing a career in technology is increasing overall.  As with all change the pace is slow but the numbers are increasing.  In fact they are increasing quite rapidly in the technology governance, and risk management functions.  Women are less well represented in the support, infrastructure and development teams, but I think this may be down to the work environment.  I think that those of us in the industry need to stop undervaluing the technical governance and risk management functions and start treating them as the technology roles they are.

How can the Industry encourage young women to pursue a career in technology or cybersecurity? Whose responsibility is it to do this?

Hiring managers need to ensure they do not introduce bias into an already limited candidate pool by identifying the minimum requirements for the role and when reviewing CVs look for reasons why each candidate might be able to do the job rather than looking for reasons not to hire.  Candidates can help themselves by writing a cover letter which summarises for the hiring manager how their skills match the job posting.

How would you sell your current career path to the younger version of yourself- what advice would you give yourself? What challenges would you tell yourself to expect?

My advice to everyone regardless of the career path they want to follow is to do what you love.  When you do what you love, you’ll love what you do and be pretty good at it.  Which will naturally lead to career progression.  A couple of cautions, don’t be a shrinking violet, volunteer to take on new responsibilities and don’t be afraid to tell people when you’re good at something.  Finally, while having a career plan is a good starting point, don’t be a slave to your plan.  Be bold, be prepared to take opportunities when they come your way.

By Michelle Marriott, Account Executive at Eskenzi PR

Stats from http://www.womenintech.co.uk/

Advertisements

We are now at the tail end of Security Serious Week 2017, which has been a fantastic period for building cybersecurity awareness. Kicking off today’s edition in our week-long cybersecurity series is Threat-Hunting Thursday and we have selected the great mind of Josh Mayfield, platform specialist, Immediate Insight at FireMon for an in-depth Q&A analysis looking at today’s threats, the evolving landscape within cyber and what defence systems are available to those who wish to stay on step ahead of attackers.

How would you define Threat and what are the differences between Threat, Risk and Vulnerability?

[JM] Threats are unique from vulnerabilities and risks because they express ‘intent’.  Threats come in many forms and sources, but the key marker for any threat is the intent to cause harm or damage.  Look at ransomware, malware, DDoS, data exfiltration…all of them begin with an intent to do harm.

 

Risk is simply a quantified metric of potential loss or damage.  Risk metrics are based on circumstance (internal or external) that can leave the organization or individual in a precarious position.

Financial services (banks) and healthcare, for example, are at greater risk because the circumstances of their business brings them into a cohort of organizations that are regular targets of cyberattack.  Organizations use risk to better understand the future, potential outcome of damaging events.  Factored into this equation are their current vulnerabilities.

 

Vulnerability is all about the susceptibility of harm.  If threats are exogenous factors of potential loss or damage, vulnerability is the endogenous side of that ledger.  Vulnerability assessment begins with a look at oneself and quantifying the likelihood of loss or damage based on attributes within.

Cybersecurity vulnerability begins with an honest assessment (a diagnosis) of the endogenous systems – finding the weak spots.

 

In short:

Threat, the intentional conduct of someone (internal or external) to cause harm

Risk, a quantifiable metric of potential harm, given the circumstances and environment

Vulnerability, the attributes native to the organization or individual that increases probability of harm

 

WannaCry, Power Grids hacked, Deloitte – What has surprised you most about the types of attacks that have occurred in 2017? And do you think today’s enterprises are taking security seriously?

[JM] I wish I could say that the cyberattacks and data breaches of 2017 surprised me.  But given the milieu of cybersecurity practices, it was the only outcome one could predict.  We didn’t know where or how these attacks would happen, but it should we widely agreed by now that our present disciplines are not equipped to manage the threats organizations face.

 

Principally, organizations have a dearth of imagination when assessing their threats, risks, and vulnerabilities.

To fully predict and prevent cyberattacks requires complete knowledge of the current state of the world with its ever-changing variables and probabilities, something close to omniscience.  And omniscience tends to be out of reach for human beings.

Right-thinking organizations are going on offense – threat hunting.  This marks a turning point in cybersecurity; moving to methods and tactics that value ignorance and evidence-based pursuits, rather than heuristics and confirmation biases.  We are seeing a slow but noticeable shift, let us hope it continues.

Attackers have become increasingly more innovative with their attacks, so what can individuals and enterprises do to stay one step ahead? What defence mechanisms would you advise?

[JM] Attackers are human.  Humans are goal-directed, not stimulus-driven.  Years ago, the attacker community traded in the currency of respect; making a name for oneself within the community was the ultimate goal.  Now, the financial motive has become the principal driver of attacker behaviour.  To service this financial goal, attackers will use the most effective tools at their disposal.

Cybercriminals are responding to incentives as any economic actor would in an economic world.  With these financial incentives in place, it is no wonder that attackers would opt for ransom instead of depreciating inventories of stolen data.

 

To stay ahead of this innovation curve, organizations need to do three things:

  1. Automate policy management (prevention)
  2. Automate data analysis (detection)
  3. Automate actions (response)

 

Each of these measures will serve an organization experiencing two forces: 1) Personnel/skills shortage, 2) Increased complexity and sophistication of cyberattacks.

 

Automating policy management provides you with the prevention needed without having an army of device technicians constantly updating access control lists (ACLs) in an ever-changing world.  Automating data analysis provides organizations with the needed capability of threat hunting without having to employ Minority Report precogs to detect threats.  Automating actions provides the speed of patching what’s been affected, the closest we can currently get to self-healing computers and networks.

 

 

With the cyber landscape in its current state and with IoT and cloud adoption expanding, looking ahead, what do you see being the biggest threats in 2018?

[JM] After this diatribe about the history of prediction, one may think I am being hypocritical by making statements of what will happen in 2018.  But isn’t in the goal of any method to take in data from the past and confidently make predictions about the future?  Of course!

 

I believe the current model of Passive Security will keep its strong grip.  But guess what?  While organizations cling to what they know cybercriminals are going to advance.  Maintaining this model will likely bring the following unpleasant headlines:

 

  • A major bank in the U.S. or Western Europe will lose over 100 million records
  • A major Western government will experience a breach where over 20 million full citizen profiles are abducted
  • A major healthcare provider will have their Amazon S3 breached, exposing millions of patient records
  • In the wake of a breach (perhaps from 2017), a major company will be charged with criminal neglect and broken up by a Western government

 

Our methods will evolve, we will overcome this.  A new method has been introduced and it has gained a toehold.  It will bide its time until more hapless methods, tragically, run their course.

 

By Rohit Chavda, Account Executive

As part of Security Serious Week 2017, which aims at raising awareness of cybersecurity concerns, Eskenzi PR’s blog posts will take as through various elements of the cybersecurity world. Today’s, New Tech Tuesday, will be about the exciting developments in the fields of biometrics; I will be explaining what biometrics entails, the different types of biometrics, and why they are such an exciting new development for cybersecurity professionals.

Biometrics are defined as ‘metrics relating to human characteristics’. In layman’s terms, this means that it uses elements of an individual’s physical characteristics or behaviours, to identify something about them. The most common kind of biometrics that are heard about are physical biometric solutions, such as retina scans, thumb print or facial recognition. These can all be used as forms of identification which are much more secure than the average password/username combination that we (and identity fraudsters and thieves) know and love so well. However, as has been previously discussed, these solutions are not completely fool proof…although they do have the added benefit of making whoever is using them feel remarkably like James bond!.

Hackers can still duplicate an individual’s physical traits, via photographs, but what is inherently harder to imitate, replicate or duplicate is the personal characteristics they aren’t even aware of – Let alone anyone else. This is where the cutting-edge field of passive biometrics comes into play.

Passive biometric solutions, such as those pioneered by NuData Security have made for security solutions that can identify an individual in a frictionless, user-friendly way, by analysing known passive behavioural indicators, such as the speed at which a user types on a device, the angle at which a device is held. These factors (and many more) are then cross-referenced with the user’s known behaviours (location, time of use etc) in order to build up a picture of a good user that is accurate to a degree that no other authentication method could dream of. If these solutions were deployed globally, there’s a significant chance that account takeover, fraud and other forms of identity crime would reduce significantly. So, in the future, when you’re furiously texting a WhatsApp group chat, you could be helping to keep your online accounts safe…. that’s truly taking security serious!

By Conor Heslin, Account Executive.

As part of European cyber security awareness month, we at Eskenzi PR are doing our part and will be producing a one-off series to promote cyber security. Today’s edition is Malware Monday – Ransomware.

 

Ransomware (noun): a type of malicious malware designed to block access to a computer system until a sum of money is paid. A simple definition with catastrophic ramifications.

 

For many unattached from the world of cyber or technology, ransomware is just a meaningless word lost among the catalogue of phrases used by IT professionals. That certainly changed in 2017.

 

Here’s why:

 

On 12th May 2017, a ransomware worm named WannaCry wreaked havoc around the world, infecting hundreds of thousands of systems used by some of the largest corporations including banks, hospitals, airports and utilities.  Shadow Brokers, the cyber criminals believed to be behind the attack, used NSA leaked hacking tools to spread the virus through a Microsoft system flaw. Despite its global reach, the malware had known flaws and within 72 hours, security researchers located a kill switch.  Nevertheless, WannaCry crippled systems in over 150 countries, including the UK, where the NHS was brought to a standstill with systems in majority large proportion of hospitals and facilities being corrupted.

 

No less than a month later, ransomware once again made international headlines. The variant known as NotPetya or Petya or Goldeneye spread like a swarm of locusts, causing devastation to many organisations across Europe and America including the likes of major advertiser WPP and Danish shipping giant Maersk. However, it was Ukraine that was critically hit with utilities like energy and power grids, airports and banks all being taken offline. NotPetya manifested through known flaws within networks that used Microsoft Windows and exploited systems by using a modified version of EternalBlue SMB, the same NSA tool used in the WannaCry attack.

 

Attacks like WannaCry and NotPetya acted as a global wake up call for organisations to take cyber security seriously. As it becomes more of a recognized issue and with such severe consequences, cyber security can no longer be ignored.

 

Javvad Malik, security advocate at AlienVault has given his thoughts regarding the growing threat ransomware poses, not only now, but in the years ahead, and has given advice on how organisations can prevent their data becoming hostage.

 

“Ransomware has stolen most of the headlines thus far this year and they continue to be a popular attack avenue. What we have seen is a clearer splintering of attacks whereby there are cybercriminals in it for the money that primarily utilise ransomware, and on the other side we have more targeted attacks by highly skilled groups.

 

“We saw the success WannaCry had in spreading with the EternalBlue vulnerability despite there being a windows patch in place. Cyber criminals will continue to use techniques that provide a return on investment until such a time they no longer work, or a readily-available alternative exploit becomes available. So, we can probably see malware gradually evolving over the coming year at the same rate as had been so far and unlikely to see a massive change in direction.

 

“A lot of preventative measures come down to employing fundamental security practices. This includes good patch management, network segregation, maintaining backups, and having good threat detection controls in place.”

 

FYI: ransomware has been identified as being the top threat facing computer users by the European policing agency, Europol!

 

By Rohit Chavda, Account Executive

My names Michelle and I am a social media addict. Okay, so addict may be a bit of an over exaggeration, but like any stereotypical millennial, I love a bit of online socialising; Instagram, Twitter (work, and personal FYI), Facebook and even Linkedin- I would say I spend a reasonable portion of my day to day life online. I’m not ashamed to admit it, either. As technology continues to develop around us, our online presence has become more distinct, and in some ways pretty important. Prospective employers use it to seek us out, and we keep connected with friends and family far and wide, who we may not be able to be connect with, without it. And it’s not just our personal and work life that benefit- we can shop, and keep up to date with current affairs as they happen- just about everything is at our fingertips. In all honesty, is it such a bad thing to utilise the tools we have so easily at our disposal? Probably not (I write while searching for memes on twitter).

Of course, with so many of us online, we must remember- the bad guys are there too. Lurking in their deep dark hideouts of the wider web, there are some individuals waiting to use our social media accounts for their own sneaky gain- sometimes with criminal intentions, and sometimes just for the weird kick they seem to get out of Instagram hacks (I mean, poor Bieber right!? No one wanted to see that!)  I know you’re probably thinking, “this kind of thing only happens to famous people”, but trust me, that is just not true; the latest Instagram hack resulted in six million people’s details being stolen, and sold for $10 a pop on the dark net (personally, I’d say we’re all worth a bit more than that, but hey!) The increase in these kinds of attacks really does illustrate just how vulnerable we all are online.

Before I started at Eskenzi, I was the kind of person that fell for an Instagram phishing email, or used my forename as my password for pretty much all my accounts- I’m still surprised that I was never the victim of some kind of hack. However the last five months has made me completely rethink my attitudes towards how I look after my personal information online. I now realise that our data is worth something and isn’t just floating around safety in the cloud- we should look after it, just the same as we do when we’re out and about with our ID’s, bankcards, and large wads of cash (we can dream…)

So, just what can we do exactly? It goes without saying, never ever give out your information to someone you can’t verify- NEVER give out your password. The other tips I have learnt from experts in the industry would be:

  • Don’t reuse your passwords If you happen to visit one site, and your password happens to get stolen, the bad guys can just try all your other accounts; if it’s the same, well- you’ve done the hard work for them.
  • Avoid weak passwords. Yes, this means no more Password, Password1, or your name! The easier they appear to be, then clearly, the easier they are. Think of a unique combination that only you know.
  • Password Managers They can generate, store generate them for you- pretty handy, and very safe!
  • Two Factor Authentication is a third process which validates you- you usually have to enter your standard username and password, and then has a second authentication method. (FYI, Instagram now has this little tool available to all users)
  • PATCH AND UPDATE! The NHS was bought to a standstill because of unpatched systems; if they can wreak havoc in such a huge organisation, your social media accounts are about as safe as Moleman in The Simpsons- not very. Keeping it up to date closes those little vulnerabilities that hackers can take advantage of to gain access into your accounts.

All in all it is up to us to realise- it is our responsibility to protect and manage our online social life. The tips above will certainly get you part way there, but be savvy! There is an I in security guys, so lets get it together and sort it out; before our Facebook profile starts randomly inviting our parents to some NSFW websites (facepalm).

By Michelle Marriott – Account Executive at Eskenzi 

 

 

Back in November 2016, National Lottery accounts were feared to have been hacked. In our office, when a data breach breaks, it means moving fast and getting the story straight over to our clients to see if they have any comments or insight on the story to share with the press.

In this instance, one of our clients happened to be in the UK on a press trip. So we started contacting press straight away, letting them know that they were in town and ready to answer any questions they might have on this story.

In response to this, one of our friends at ITV came back to us saying that, whilst he wasn’t covering the National Lottery hack itself, he was in fact working on a series of cyber security features. So, we met up with the producer and kept in touch over a series of months to discuss the angles he was working on. They decided to explore the following topics:

  • Techniques hackers are using today
  • How social media scams work
  • ATM hacking
  • IoT hacking
  • GDPR

As a result of these discussions, we pitched a range of our clients as expert spokespeople for the programme, discussing these topics. Nearly six months later, ITV News joined us all at Infosecurity 2017 to film the segments for the show. Clients featured included Lastline, DomainTools and AlienVault. The segments aired over the course of a week across the country and some are available online here.

Sometimes, rapid response can seem like a short-term solution for PR. However, it is actually a great way to keep in touch with press and make new contacts for longer term stories.

Security Serious Banner 2017Security Serious Week tackles Cyber Skills Gap through Creativity and Diversity

together professors, scholars, entrepreneurs, researchers, incubators, journalists, practitioners and visionaries to discuss the issues surrounding the cyber skills gap in the UK during a free week-long Security Serious Week Virtual Summit.  With daily news stories of high profile data breaches, it’s clear that security technology alone cannot solve the problem. It takes all manner of people to make the UK a safer place to do business.

 

The totally free, not for profit event will bring participants from UK business five top-quality panel style webinars throughout the week commencing 2nd October to tackle the theme of Security Serious Week 2017, Bridging the Cyber Skills Gap through Diversity and Creativity. The week is supported by industry experts who are offering their time, wisdom and free advice to help UK companies protect as well as educate themselves about how companies can take advantage of UK schemes and programmes to make it a thriving cyber security hub, artificial intelligence and how to think outside the traditional route to a cyber career to get all of the right people in place to avoid becoming the next subject of a major attack.

 

In addition, back by popular demand, Security Serious Week will host the second annual Security Serious Unsung Heroes Awards in London on the evening of the 3rd October. The event honours the unsung heroes who work tirelessly to avert disasters from attacks against our critical national infrastructure, defend their networks from the daily onslaught of breaches and highlight the cyber pitfalls to educate everyone. The Security Serious Unsung Heroes Awards are made possible with the support of Mimecast, Gigamon, GSK, SE Labs, Canon, Eskenzi PR, Lastline, (ISC)², CREST, Barracuda, Smile on Fridays, 1E, Firemon, It Security Guru, Corero and the Charities Security Forum.

 

We feel very strongly here at Eskenzi that the industry needs to be pro-active and do what we all can to educate other businesses to make the UK a safer place to trade online. Security Serious Week, has been set up as our contribution to European Cyber Security Awareness Month and we’ve made the skills shortage the main focus of the week.  Threats are coming at UK businesses from all angles and there are simply not enough people to defend against them.  What we want to do is shout about how amazing our industry is and bring in new blood by explaining you don’t have to be a techie genius there are many skills that are needed in cyber security, including, communication skills, management, marketing, coding, sales – and you certainly don’t need a degree or conventional qualifications to succeed in our profession.  Hopefully, after Security Serious Week people will think differently about a career in cyber security or even reconsider the way they’ve gone about hiring personnel to help broaden their search.”

 

To sign up for the webinars go to:

https://www.securityserious.com/conference/

 

European Cyber Security Awareness Month (or October for the laypersons) is nearly upon us again!  And that means Security Serious Week in the UK to kick it all off.  This week, we’ve been busy judging the second annual Security Serious Unsung Heroes Awards with Adrian Davis from ISC² and Dominic Trott from IDC.  We met in St Bart’s Brewery where the awards event will take place on the 3rd October.

The full list of finalists can be found on the website: www.securityserious.com/unsung-heroes-awards/

As you might imagine, picking through all these amazing folks dedicated to their professions and making the UK a safer place to do business was no easy feat!  We can’t wait for the Awards ceremony and to recognise all of these superb individuals and teams.

Bringing back the Security Serious Unsung Heroes Awards isn’t all we’ve been up to. This year, we’ve taken the Security Serious Summit virtual – and the best part is: it’s all completely free!

The Security Serious Summit is about the security industry giving back to enterprise and passing some wisdom on along the way.  In that vein, we will be hosting five fantastic webinars with some of the industry’s best and brightest minds from Computer Weekly’s Warwick Ashford and CREST’s Ian Glover to Emma Jones from the National Autistic Society and Pete Warren from Future Intelligence and many, many more. They will tackle the overarching theme for the week: “Building Awareness and Bridging the Cyber-Skills Gap through Creativity and Diversity”.

The full line up from setting the scene for the skills gap, incentives that make the UK an ideal cyber security hub, artificial intelligence, creative employment and neuro diversity, can be found here:

https://www.securityserious.com/conference/.

While you’re there, make sure you register for a webinar (or two or three or four or five…)

Together, let’s all make this Security Serious Week the best one yet!

As August begins, it seems only right to reflect on the pretty amazing (and record breaking, FYI) June and July that Eskenzi and ESET have achieved. From pushing out ground breaking research to working around the clock during the Petya/ NotPetya attack that crippled the world, it is fair to say we’re pretty pleased with not only the quantity, but quality of the coverage we have accomplished over the last 2 months. Some say summer is about sun and sangria but for us on the ESET account it was all about research and ransomware (a Tech PR’s dream, right!?).  But anyway, I digress. Take a look below for some of our highlights.

Industroyer

Before Petya, ESET were already doing pretty well. They had released their ground-breaking Industroyer research and Account Manager Katie worked ridiculously hard to achieve 41 pieces of coverage in 1 week- this included pieces in some of the UKs biggest news outlets like The Guardian, The BBC, IB Times and The Sun. However, not even this could prepare us for what was coming next.

Petya

On the 27th June, the Petya/ NotPetya ransomware infected computer systems worldwide, little more than a month after WannaCry. ESET were quick from the offset, putting all their efforts into researching the constantly developing situation, and thus, we had a constant stream of materials and updates to send out to the journalists who were hungry for details. Katie (fresh back from Glastonbury) and I worked around the clock, sending out media alerts and setting up interviews with the ESET team (from the tube in the morning, might I add) and our efforts did not go without reward.

ESETs Petya research resulted in 60 pieces of coverage across national newspapers and in top tier industry press. In one week, ESET were featured in the Financial Times 4 times! Not to mention the BBC, Reuters and the IB Times!

As the month drew to a close, Petya was far from over and the fallout was still hot news. As we went in to July, we already had a total of 189 pieces of coverage under our belt, and had broken all our own records; could we live up the challenge and do it all again in July? I think so.

With the fallout from Petya still crashing down around the World, it seemed unlikely that ESETs magical June was going to end abruptly. ESET ensured that they stayed ahead of the game- this gave us a helping hand, as the content we had to send out was in demand. It was new, and more often than not, it was breaking news; we had journalists contacting us around the clock for new statistics and updates on the ransomware.

The first week of July went by in a ransomware-ridden blur- by the time we got around to putting together the weekly report we were more than happy. We had achieved 82 pieces of coverage for ESET- 44 pieces of which were in top tier national publications like the FT, the BBC, SC and Wired. This put our grand total of Petya related coverage at 142-  over a two-week period!

From this, I am sure you can tell just how busy we have been on the ESET account over the last two months. Our grand total for June and July totals at 350 pieces of coverage and we are very proud to say that a lot of this is in top tier, top quality outlets. Of course, none of this would have been possible without the great team we work closely with at ESET; especially the fab (and kinda famous within the cyber community) Mark James, Security Specialist and spokesman. His quick responses and unbeatable insight into the world of cybersecurity makes our job that little bit easier.  We are excited to see what August has in store, and if its anything like the last two months, this is going to be a very good summer for the ESET-Eskenzi partnership!

By Michelle Marriott, Account Exec at Eskenzi PR 

By Elizabeth Nikolova

I joined Eskenzi PR as an Account Executive exactly a year ago, straight after I finished my (BA) Communication and Media course at Bournemouth University. As I admitted in my interview, I had done a bit of marketing through my university placements, but I hadn’t worked in PR before. I was aware I had to learn a lot (especially as Eskenzi specializes in cybersecurity PR), but I was up for the challenge.

I certainly feel like I’ve learned a lot in the past 12 months and so I wanted to share my key takeaways from the job:

  1. Good communication is key

I’m sure you’ve heard this phrase a million times, but communication is, indeed, paramount so everyone on the team is on the same page. Whether you’re liaising internally with your manager, pitching an idea to your clients or passing along a key message to journalists, you need to do so with great efficiency and confidence. This applies both for your verbal communication and written correspondence. Also, make sure that you get back to clients, colleagues or journalists within an hour and try to be as helpful and proactive as possible (even if it’s just to say “Thank you”.) And in the case where you’re not sure how to respond, the worst thing you can do is ignore it. Instead, you should make sure they know you’ve seen the message and you’re currently looking into the issue. Don’t leave them hanging. This shows not only your professionalism, but helps in the process of building strong relationships. And PR is all about building relationships. Finally, keep in mind that the way you communicate portrays an image of you and your company, so make sure you do it right.

  1. Prioritise, prioritise, prioritise (and be organised)

As an Account Executive, you juggle a lot of tasks for different clients all at the same time and if you’re not organized, you might feel a bit overwhelmed. Indeed, taking the time to prioritize your tasks upfront will pay off by increasing your overall productivity. So, what I’ve been doing to stay on top of everything (and what pretty much everyone in Eskenzi does) is making sure I’ve got a to-do list for the day or even the week. I usually write the list down in my notebook, but you can also use sticky notes on your Desktop or the good old Notepad/Word. Whatever it is you prefer, make sure you have that list and you stick to it. When you know, what needs to be done, it’s much easier to prioritize and efficiently manage your time.

  1. Learn what constitutes as a newsworthy story

In the 24/7 news cycle, stories grow old pretty fast. So, it’s important to keep track of what’s currently happening in the media and think about what editors and journalists will find interesting, or exciting, or important. Of course, this will get easier with time, but it’s certainly valuable to get into the habit of looking for relevant stories both in terms of time and relevance.

  1. Always be on the watch for a good one

Once, you know what defines as a good story (some clients or journalist might have a different set of criteria, so don’t feel disheartened if they don’t agree with you) make sure you’re on the look for it. You can create a list of publications or websites for monitoring or set Google alerts for relevant keywords. In any case, make sure you’re the first to learn the breaking news. If you find something good, then make sure you share it with your colleagues (you’re a team after all). And similarly, if you feel stuck and cannot find anything new or interesting, ask around the office – someone might be able to help.

  1. Listen attentively

Apart from being a confident speaker, you need to be a good listener.  You will need to be able to appreciate other people’s priorities and pressures. I’ve found the easiest way to do this is by taking notes and trying to understand other’s goals and priorities either during catch-up calls or face-to-face meetings (or through your day-to-day email conversations). For example, if a journalist doesn’t cover security/technology stories any more, it’s important to make note and don’t pitch him/her such stories (and make sure the rest of your team know that, too).

  1. Write a pitch that a journalist will actually read

Writing good pitches is hard and even if you do so, there’s no guarantee that journalists will read them. Naturally, journalists and editors are bombarded with tons and tons of article pitches, quotes or press releases daily. So, what can you do to stand out? Build good relationships with them by making sure you get back to their comment requests with strong, useful quotes and show that you value their time by only sending them relevant materials. Once you’ve established those relationships, journalists will open and read your emails (and even have you as a first point of contact when a big story breaks).

  1. Be a team player

At Eskenzi we’ve got small and big teams, internal and external ones, and I think this predisposes you to learn to be a good team player. Being a good team player means that you must work efficiently with other people who might have different responsibilities, backgrounds and levels of experience. It also means that you need to be reliable, encouraging and approachable, when someone is seeking advice. So, for example, if a team member needs help with one of the media monitoring tools, then you’d need to step in (provided you know how to help them). Furthermore, great team players step outside their comfort zones, put the team’s objectives above their own and take the initiative to get things done without waiting to be asked.

  1. Have a clear goal behind every campaign you undertake

Defining clear goals every week, month, quarter or before you begin a campaign can help you keep track of progress and give you direction on where you need to concentrate your efforts and energy. After identifying what a successful campaign looks like, create a step-by-step execution plan and start off your campaign. You can do all that while you brainstorm with your manager or your whole team and remember don’t be afraid to make recommendations or suggestions about how something can be done.

  1. Have a problem-solving attitude

In your day to day tasks, you’ll surely fall into a situation where you’d be asked to do something you don’t know how to do and here is where good communication and teamwork step in. However, if the matter is time sensitive or your manager is on PTO or your colleagues are also unsure of how to respond, then be proactive and throw out your solution. If it doesn’t work, then start over. Put your creative hat on and try to work out the best way to fix the issue (and do so without being asked). Having a problem-solving mindset is one of those things you gain with practice, so make sure you do it often. In addition, when you have this attitude, you become a valuable resource for your team.

  1. Be ready to do your best (even if a story breaks on a Friday afternoon)

In the last couple of months, we’ve witnessed system around the world being hit by two cyber-attacks (Yes, I’m talking about WannaCry and Petya/NotPetya) both of which either happened over the weekend or on Friday afternoon. When something major like this happens whether it is Monday morning or Friday afternoon, you need to think and act fast and sometimes stay after hours to secure an interview or TV opportunity.

  1. Do your own PR

When you’re working in PR, you focus so much on doing others’ PR, you sometimes forget you must do yours, too. What I mean by this is, when you’ve got an exciting project coming along or you’ve managed to get your clients in the FT or Forbes, be sure to share it with the world. Put it on your website, on your blog, share on your social media channels or mention it while you chat with journalists or clients.

  1. Be genuinely nice to people

In an industry that is primarily built on relationships, it’s important to keep a positive attitude and just be nice to people. Whether it is at a networking event, face-to-face interviews or over email – be polite and try to understand others. Properly maintaining relationships with clients and journalists is crucial. You can do that by follow-ups, thank you cards, holiday gifts or simply checking on them regularly. What’s more, marketing and PR teams as well as journalists often work under a lot of pressure and get tons of emails daily, so make sure you’re polite and ask how they are – you’d be amazed how such a small thing can change the conversation.

And finally, remember that practice makes perfect, so don’t be discouraged if you’re not quite there yet, just keep on trying your best.