Home Library Translate
A A A
Share »
Follow us on Facebook Follow us on Twitter Follow us on LinkedIn
Connect »

Blog: Crisis Management

Menu

  • This Blog's Home
  • Guest Writer Submissions
  • Policies
  • To Subscribe to a Blog
  • About
  • Feedback

When it Comes to Hacks, Don’t Count on Disclosure

By Jonathan & Erik Bernstein on January 11, 2016

You can’t depend on outside organizations to keep you in the loop

Reuters has revealed that Microsoft failed to inform over 1,000 Hotmail users that their accounts had been compromised, likely by the Chinese government. Further compounding the situation is the fact that many of the accounts belonged to leaders of China’s Tibetan and Uihhur minority groups, both of which have a relationship with the mainstream government that can be described as rocky at best.

The first public signal of the attacks came in May 2011, though no direct link was immediately made with the Chinese authorities. That’s when security firm Trend Micro Inc announced it had found an email sent to someone in Taiwan that contained a miniature computer program.

The program took advantage of a previously undetected flaw in Microsoft’s own web pages to direct Hotmail and other free Microsoft email services to secretly forward copies of all of a recipient’s incoming mail to an account controlled by the attacker.

Trend Micro found more than a thousand victims, and Microsoft patched the vulnerability before the security company announced its findings publicly.

Although the above quote, from a Reuters article by Joseph Menn, describes how the attacks were discovered, it doesn’t explain why Microsoft chose to go with an unexplained forced password reset rather than informing those affected that their accounts were compromised. Especially given the obvious political ramifications of this specific situation. If you’re familiar with computers you know any serious attacker would have already dug themselves into the systems behind as many accounts as possible, and thus could have easily maintained access after a simple password change. Meaning, essentially, that Microsoft left these users high and dry.

What’s the lesson here? Don’t count on disclosure. Microsoft isn’t the only company that’s reluctant to share information from time to time. You, and you alone, are responsible for keeping your systems safe and secure. Whether it’s your smartphone, personal PC, or the company network, being proactive in detecting and defending against cyber attacks should be a constant concern.

——————————-
For more resources, see the Free Management Library topic: Crisis Management
——————————-

[Jonathan Bernstein is president of Bernstein Crisis Management, Inc., an international crisis management consultancy, author of Manager’s Guide to Crisis Management and Keeping the Wolves at Bay – Media Training. Erik Bernstein is vice president for the firm, and also editor of its newsletter, Crisis Manager]

– See more at: http://managementhelp.org/blogs/crisis-management/2016/01/09/chipotles-fall-from-grace-continues/#sthash.JkjqI1if.dpuf

 

« Previous Next »

Search Our Site

Meet this Blog’s Co-Hosts

Jonathan L. Bernstein, founder and Chairman of Bernstein Crisis Management, Inc. has more than 25 years of experience in all aspects of crisis management – crisis response, vulnerability assessment, planning, training and simulations.[Read more ...]


Erik Bernstein is president of Bernstein Crisis Management. Erik started with BCM in 2009 as a writer and subsequently became social media manager for the consultancy itself as well as for a number of BCM clients before moving to the president position. [Read more ...]

Recent Blog Posts

  • Digital and Online Now Main Source Of News
  • Are You Prepared For 2021? New Crisis Management Survey Out Now
  • Crisis Preparedness and Response Is About To Get Tougher
  • How to Create a Crisis Management Plan to Respond to a Cyber Breach
  • Audi’s ‘Insensitive Ad’, or Why you always ask how else an image could be interpreted.
  • The Road To Crisis Recovery
  • Preparing DURING The Pandemic
  • Coronavirus: What You CAN Control
  • Southwest’s COVID-19 Crisis Communications And What You Need To Be Doing
  • Crisis Manager On The Spot…Quick Coronavirus Crisis Communications Tips

Categories of Posts

  • Avoid the Apology
  • college crises
  • communications
  • conflict resolution
  • Crisis Assessment
  • Crisis Avoidance
  • crisis communications
  • crisis management
  • Crisis Management Quotables
  • crisis planning
  • crisis preparedness
  • Crisis Prevention
  • crisis public relations
  • Crisis Response
  • crisis training
  • customer service
  • cyber attacks
  • cyber bullying
  • cybersecurity
  • data breach
  • Dealing With Media
  • Digital Media Law Project
  • disaster crisis management
  • disaster prevention
  • Disaster Response
  • disease crisis management
  • emergency management
  • Erik Bernstein
  • ethics
  • Facebook
  • food industry crisis management
  • hackers
  • hacking
  • Higher Education
  • hospitality
  • HR
  • information security
  • Internal Communications
  • internet crisis management
  • internet security
  • Jonathan Bernstein
  • Journalistic ethics
  • Law
  • Litigation PR
  • litigation-related crisis management
  • Media Relations
  • media training
  • online crisis management
  • Online Reputation Management
  • political crisis management
  • PR
  • preventable crises
  • privacy breach
  • privacy violation
  • Public Relations
  • recall crisis management
  • Reputation Management
  • Risk Management
  • SEO
  • social media
  • social media crisis management
  • social media policy
  • social media reputation management
  • sports crisis management
  • violence prevention
  • vulnerability audit
  • Weiner Awards
  • workplace violence

Blogroll

  • Bernstein Crisis Management Blog
  • Jonathan Bernstein's HuffPost Blog
  • The Crisis Show

Related Library Topics

  • Assessments
  • Business Insurance
  • Computer Security
  • Coordinating Activities
  • Crisis Management
  • Employment Laws
  • Ethical Analysis
  • Lawyers (Using)
  • Managing Change
  • Marketing
  • Media Relations
  • Organizational Communications
  • Planning
  • Public Relations
  • Risk Management
  • Safety in Workplace
  • Bernstein Crisis Management Blog

Library's Blogs

  • Boards of Directors
  • Building a Business
  • Business Communications
  • Business Ethics, Culture and Performance
  • Business Planning
  • Career Management
  • Coaching and Action Learning
  • Consulting and Organizational Development
  • Crisis Management
  • Customer Service
  • Facilitation
  • Free Management Library Blogs
  • Fundraising for Nonprofits
  • Human Resources
  • Leadership
  • Marketing and Social Media
  • Nonprofit Capacity Building
  • Project Management
  • Quality Management
  • Social Enterprise
  • Spirituality
  • Strategic Planning
  • Supervision
  • Team Building and Performance
  • Training and Development
About Feedback Legal Privacy Policy Contact Us
Free Management Library, © Copyright Authenticity Consulting, LLC ®; All rights reserved.
  • Graphics by Wylde Hare LLC
  • Website maintained by Caitlin Cahill

By continuing to use this site, you agree to our Privacy Policy.X