Essential IT Project No. 4: Create a crisis response team
When Sony's PlayStation Network was taken down by hackers last spring, spilling some 77 million customers' records, the electronics giant responded by doing just about everything wrong, says Christopher Budd, a former member of Microsoft's worldwide crisis response communications team.
After the network went offline last April, Sony failed to acknowledge or explain the cause of the outage. For a week the company provided virtually no information -- allowing the press and blogosphere to fill the gap with speculation and misinformation, says Budd, who now runs his own crisis communications company.
The reason? Sony lacked an effective incident response process for online security and privacy issues, something even smaller organizations need to implement. "Any organization that's a custodian of customer data needs to spend time figuring out what it's going to do if something happens to that data," he says. "Besides avoiding damage to their reputations, they also need to protect themselves against legal and regulatory risks."
Nearly every state has laws requiring organizations to notify customers in the event of a data breach. Publicly traded companies must also worry about the impact of security and privacy incidents on their share price.
Building an emergency response team means marshaling resources across the organization -- legal, communications, and technical. It also requires a mandate from top management that empowers the team to do what needs to be done, swiftly and without interference, Budd adds.
"You need to get out there as quickly as possible and be as transparent as you can be," he says. "You need to say what has happened, and also what hasn't happened. Because one way or another, the story will get out. You want to be the one to step out onto the stage, grab the microphone, and take charge of the situation."
Because it bungled its initial response, by the time Sony finally did something right -- shutting down the network for a month and rebuilding it piece by piece, taking a huge financial hit in the process -- it got almost no credit for it, says Budd.
However, Sony may have learned its lesson, he adds. After thwarting attempts by hackers to access nearly 100,000 PSN accounts earlier this month, Sony got ahead of the crisis by reporting it quickly and in detail, minimizing further damage to its reputation.
So, if this is such a great idea, why isn't everyone doing it? Most organizations are focused on generating revenues, not on the bad things that might happen to them, says Budd. Crisis response can be expensive, and many companies simply lack the expertise.
"When people get in trouble, a lot of them automatically start acting like five-year-olds," he adds. "Their first response is to cover it up. It takes a certain amount of courage to go out on stage in front of a hostile audience and say, 'Here's the bad thing that's going on now.' It's easier to adopt a bunker mentality."
Essential IT Project No. 5: Gain control over social media
Like iPads and iPhones, Facebook, Twitter, and their ilk are finding their way into the workplace whether IT officially endorses them or not. Organizations that aren't steering the social media bus are likely to end up with tire tracks on their backs -- and, worse, a real security nightmare on their hands.
"If you do not provide the means for business users to access social media, they will go around you," says Justin Kwong, senior director of IT operations and security at 24 Hour Fitness. "That's a worst-case scenario for a security professional, because instead of having some mitigated risk, you're fully exposed."
The project you want to own is bringing social media into the workplace in a way that benefits the enterprise without leaving it exposed to internal leaks, external threats, or embarrassment, says Meikle.
That means helping to create social media policies that define acceptable and unacceptable behavior on social networks, as well as the kinds of information that should never be shared. But even that won't work without first obtaining buy-in from top management.
"Effective policies for how to use social media must be governed and supported by senior management," says Meikle. "This will allow employees to engage customers at a far more personal level. And employees will understand the boundaries they are constrained by when these policies and tools are communicated and supported by senior management."
So, if this is such a great idea, why isn't everyone doing it? Corporations remain wary of social networks, says Meikle, in part because Web 2.0 security solutions are still relatively immature. Enterprises in heavily regulated industries like finance and health care face severe penalties for accidental data leaks, making them especially cautious.
"Social media has to be carefully monitored in these environments so sensitive information is not released," he says. "It also opens a door for malicious actors to gather data on key individuals in the corporation. That's why effective and well-communicated social media usage policies are critical."
Related articles at InfoWorld.com:
- IT inferno: The nine circles of IT hell
- 7 IT superheroes -- and their fatal flaws
- IT personality types: 8 profiles in geekdom
- A-Teams of IT: How to build your crack strike force
- IT turf wars: The most common feuds in tech
- IT admins gone rogue
- Dirty IT jobs: Partners in slime
- Jackass IT: Stunts, idiocy, and hero hacks
- Stupid user tricks 5: IT's weakest link
- 10 hard truths IT must learn to accept
- The 7 dirtiest jobs in IT
- True IT confessions
- Programming IQ test: Round 2
- Linux admin IQ test
This story, "5 hot tech projects to boost your IT career," was originally published at InfoWorld.com. Follow the latest developments in IT careers at InfoWorld.com. For the latest business technology news, follow InfoWorld.com on Twitter.
This story, "5 Hot Tech Projects to Boost Your IT Career" was originally published by InfoWorld.