Dave Oates is an Accredited Public Relations (APR) specialist and the Principal of PR Security Service. Dave helps organizations repair their brand’s reputation in the press and online through any PR situation, including mass layoffs, product recalls, employee misconduct, and cybersecurity breaches.
Dave has over 25 years of crisis PR experience. He’s shared his expertise with HuffPost, Washington Business Journal, NBC, and more. He also wrote the book, Manage COVID-19 Crisis PR for Nursing Homes, which is based on his experiences helping over 50 facilities during the pandemic. Additionally, Dave is the producer and instructor for two LinkedIn learning courses on Crisis Communications.
Here’s a glimpse of what you’ll learn:
- Dave Oates explains how his time in the Navy led to a career in public relations
- What do you say to customers in the case of a ransomware attack if you don’t know what’s really going on?
- The benefits of hiring a PR agency to handle crisis communications
- Why planning ahead and training for a crisis is essential
- How much communication with the media is necessary during a crisis?
- Dave shares how companies can be more transparent about consumer data usage
In this episode…
It’s an unfortunate reality that ransomware attacks are now a regular part of business. No matter how large or small your organization is, the threat of attack is imminent. So, what do you tell your customers if and when it happens?
Dave Oates, a crisis public relations specialist, says the time to prepare is now — before the crisis happens. There’s a delicate balance between waiting until you have substantial information to report and being transparent and upfront with your communications. According to Dave, if you don’t say something quickly enough, someone else will set the narrative — and with social media tyrants on the loose, this may only cause more problems for your company. So, what is Dave’s advice for navigating the minefield of media relations tactfully?
In this episode of She Said Privacy/He Said Security, Jodi and Justin Daniels sit down with Dave Oates, a crisis PR expert, to discuss how to handle public relations during a cybersecurity breach. Dave talks about why planning ahead is crucial, how to communicate with your customers during a crisis, and the benefits of hiring a PR specialist. Stay tuned.
Resources Mentioned in this episode
- Dave Oates on LinkedIn
- PR Security Service
- Jodi Daniels on LinkedIn
- Justin Daniels on LinkedIn
- Red Clover Advisors
- Red Clover Advisors on LinkedIn
- Red Clover Advisors on Facebook
- Red Clover Advisors’ email: info@redcloveradvisors.com
Sponsor for this episode…
This episode is brought to you by Red Clover Advisors.
Red Clover Advisors uses data privacy to transform the way that companies do business together and create a future where there is greater trust between companies and consumers.
Founded by Jodi Daniels, Red Clover Advisors helps their clients comply with data privacy laws and establish customer trust so that they can grow and nurture integrity. They work with companies in a variety of fields, including technology, SaaS, ecommerce, media agencies, professional services, and financial services.
You can get a copy of their free guide, “Privacy Resource Pack,” through this link.
You can also learn more about Red Clover Advisors by visiting their website or sending an email to info@redcloveradvisors.com.
Intro 0:01
Welcome to the She Said Privacy/He Said Security podcast. Like any good marriage we will debate, evaluate, and sometimes quarrel about how privacy and security impact business in the 21st century.
Jodi Daniels 0:24
HI, Jodi Daniels here. I’m the founder and CEO of Red Clover Advisors, a certified women’s privacy consultancy. I’m a privacy consultant and certified Information Privacy professional, and I provide practical privacy advice to overwhelmed companies.
Justin Daniels 0:40
Hello, Justin Daniels here I am passionate about helping companies solve complex cyber and privacy challenges during the lifecycle of their business. I am the cyber quarterback helping clients design and implement cyber plans as well. Let’s help them manage and recover from data breaches.
Jodi Daniels 0:57
And this episode is brought to you by Red Clover Advisors, which is celebrating its four years in business this week. We help companies to comply with data privacy laws and establish customer trust so that they can grow and nurture integrity. We work with companies in a variety of fields, including technology staff, ecommerce, media agencies, and professional and financial services. In short, we use data privacy to transform the way companies do business. Together, we’re creating a future where there’s greater trust between companies and consumers. To learn more, visit redcloveradvisors.com. Justin, who’s with us today?
Justin Daniels 1:42
I think we’re going to talk about public relations today. God, how much do you enjoy being your own publicist? It’s lots of fun. I get to do all kinds of really interesting thing. Who is our special guest? Today? We have Dave Oates, who is a crisis PR specialist focused in a wide variety of events for any type of organization. These include math layoffs, product recalls, employee misconduct and of course, cyber security breaches. Hello, Dave.
Dave Oates 2:15
It’s good to see you. Happy, Happy summer. I hope you’re staying cool.
Jodi Daniels 2:20
I guess it is still summer see our kids are in school. So it doesn’t feel like summer feels like back to school and I associate back to school is fall. But I suppose it is 90 degrees outside and technically summertime.
Dave Oates 2:32
I was gonna say especially where you guys are based. The heat and humidity should tell you that what what season you’re in? Yes, definitely summer. Yeah. So
Jodi Daniels 2:41
for those listening, you can’t actually see my hair. But can’t you tell like total human here here? Well, Dave, it’s great to have you and you know, you do a variety of PR response. We’re really gonna focus in on our data breach response here. But before we do that, it’s always helpful to know how you got started. Tell us a little bit about Dave, and in your career and how you got to talking to us about data breach response today,
Dave Oates 3:08
it’s it’s the most backwards way, I think you would expect the publicist, the PR person to get into the business, I was a Navy officer, specifically a Surface Warfare specialist. And about, oh, I guess was about a year and a half into my first ship tour as the anti submarine warfare officer, junior officers get these collateral side duties. Mine was public affairs. So my job originally was to promote the ship when we’d be in ports of call setting up tours, writing articles for the local Navy publications, but also engaging press and other entities telling us telling them what we were doing. And you know, you have one of those aha moments as a young person. For me, it happened in my mid 20s, where you realize this is the kind of thing that I’d like to do. And and, and I wanted to figure out how to do it as a career. Turns out that the Navy had 200 officers at the time that did public relations, public affairs, as their primary duty. And so through some mentorship, and some inquiries, and a lot of perseverance. I was accepted into the community through the bureaucratic lateral transfer package, went to a two month immersion school at Fort Meade, Maryland, and became for the latter half of my nine year career of full time Navy public affairs ops. And as you can imagine, being in the Navy, and for deploy crisis is just part of the job. I dealt with everything when I was onboard an aircraft carrier for a couple of years from unfortunately, accidents involving sailors. Some fatal I had pack activities that would occur in ports of call we were in hot war environments, and all points in between. And then when I went into the private sector about 20 years ago, and specifically on my own shingle, but 15 years ago, I was known as the guy who had seen a lot of different crises, events, and then evolved into basically Focusing on that full time about four years ago. And I honestly had wish I had done it. Probably 10 years before that, it’s been a really great ride. I love being in a position where I can help provide organizations and individuals and executives the ability to get through a situation and develop a communication plan that allows them to get back to normal operations is truly a privilege
Jodi Daniels 5:24
was a really interesting journey. I did not know that you were in the Navy. So I would. And so there’s all and you as a history buff, you too, can have all kinds of fun sidebar conversations.
Justin Daniels 5:36
Yes, hunting submarines is serious business.
Dave Oates 5:40
That the old adage they told us first thing an anti submarine warfare school because you’re on a surface ship right is you have to fight it with multiple assets, because the math doesn’t work. Otherwise, one ship plus one submarine equals one submarine. And so you have to rely on aircraft and other ships and your, hopefully your submarines to triangulate and get to them.
Justin Daniels 6:01
I’m thinking if you were in your former role now, particularly with what’s happened in the news with the pull out from Afghanistan, that is something that would be PR crisis might be an understatement.
Dave Oates 6:14
There will be a blog posted this week as we make this recording, where I talk about the 48 hour gap and Communications by the oval office that has led to the crisis of competence that we’re seeing, not necessarily talking about the military operations. But there was a 48 hour of essentially, for all intents and purposes, silence. And that led to now a questioning of all the things leading up to the pull out of it. Right, not just the pull up.
Justin Daniels 6:41
And you know, that is a perfect segue into my first question, which is, and you and I are working on an E book together. But what you just discussed, helped me frame this for the audience. So we’re in the middle of a ransomware event in forensics, we’re still figuring out Sure. And legally, it’s like, well, we need to, you know, have the horses together. And we’re concerned about legal liability. And of course, in the meantime, if we’re telling customers silence. Now what, though? I want to turn with that question over to you to exactly in a ransomware context, what happens when we go radio silent with our customers? Because we’d rather say nothing than because we don’t know.
Dave Oates 7:28
Yeah, it’s always the balance that organizations try to achieve is wanting to wait until they have something sort of substantial that they can say to audiences. But the problem is, is that if you don’t do it, somebody else sets the narrative. In the case of a ransomware attack, your customers, your employees, or business partners are going to start chirping largely in a social media format, right Facebook, Twitter, Instagram, whatever, I can’t get access to such and such organizations, I can’t get to my customer portal, I can’t get to my, you know, my, my, I can’t get to their website, I can’t get to their their products and services. Anybody know what’s going on. And in absence of having a statement at the ready, soon after the ransomware is detected, and you’re starting to engage, you will allow the speculation to run rampant and that will increase the anxiety, which always turns to anger, anxiety that gets unchecked. By you know, an audience group will turn into anger because they feel voiceless they feel disenfranchised. Now, to your point, what do you say if you don’t know, you don’t know what’s really going on? And you are always concerned and rightfully so the legal liability. I’m I’m of the opinion that you go to and this is going to date me for some reason, you know, for some is the the dragnet episode just talked about the facts. We’ve had a breach. here’s a here’s what we’re here’s what we’re working on right now, more information to follow. And I’ve got a couple examples that we can talk on that one, you don’t have to go into the speculation mode, but you have to let people know that you’re on it, you’re taking it seriously. And there’s actions that are going on to at least give you some Yep, and some some wiggle room to be able to actually go and engage the threat actor and continue with the present. Because if you don’t your customers are going to take you away from that. And it’s going to be a bigger distraction, bigger messenger bots.
Justin Daniels 9:18
I guess a follow up question I have to that is. I know a lot about PR from having conferences, but also because a lot of times when companies don’t want to pay to engage you, by default PR falls to me, right? And I’ve had to prep people to go and talk to publications and tell them let’s not use the word ransomware. And of course, because they’re not prepped, they don’t have experience with it. The first thing they say is ransom, where and so talk to our audience a little bit about the specific value proposition of having someone like you come in as opposed to having Justin wear multiple hats
Dave Oates 9:57
First up, you were Way too busy doing other things that are mission critical to restoring the network, engaged in the threat actor figuring out all of the, all of the entities from that to be also be the PR and marketing spokesperson. So get a team, first and foremost, that’s robust, that is trained and the specific areas that you will need to engage the threat, PR, certainly one of them, legal, your it, your insurance specialists, all the risk managers, they are all going to come into play and don’t try to have one person wear multiple hats, because you don’t have the time and you don’t have the you don’t have the wherewithal to be able to do all that with one or two people, it just ain’t gonna happen. You and I probably differ, disagree a little bit, I would say, Justin in the term ransomware. And this is probably going to come out in the book and I’m looking forward to it. If if the public knows it’s ransomware, if the public already has it, in has it in the domain through social media posts that picked up by news media, and you don’t say it, you’re the organization is going to look silly, and the organization going to look like they’re not competent. And it will create greater anxiety and animosity. I certainly respect the fact that if it’s not defined in the public domain already, then you certainly don’t want to use it for all the reasons and she stayed, you’re still working on the forensics, you there’s legal liability risk, there’s impact in negotiations. But the example I was going to talk about is a big healthcare company here in Southern California called scripts, where it was reported in multiple outlets. And in social media, it was widely known that they were the victim of a pretty sophisticated ransomware attack, it took down their reservation systems for their patients for nearly a month. And it wasn’t until three and a half weeks into it that they use the term ransomware. All they said is that we’ve had a it network of events. And every time they were pressed by the news media, they stuck to that narrative. And it’s still something that year we are months later, they’re still reeling from because patients will say Well, you know what, I think I’m going to move over to your competitors and all that. So I hope that gives you at least a little bit of flavor as to where my thinking is,
Jodi Daniels 12:13
I’d love to bring us up feet a little bit and talk about planning. And you even mentioned having a prepared statement, which could certainly be something that you’re going to be preparing and planning during this situation. Justin and I always are speaking to incident response preparation and having the right firm in place and thinking through who are going to be the spokespeople, and what you might say and while the facts and the specifics will change. Having some type of remote glue is going to make the process much easier and a bit less emotional. Can you share how you work with clients? Through that type of process and, and how that all plays out?
Dave Oates 12:58
Yeah, I’m a big believer in planning for what you hope never happens. And, and ransomware cyber security breaches are now just a regular part of business. I know you guys know this, I’m preaching to the choir here, no matter the size and scale of the organization, everyone is going to be attacked, or at least certainly have the threat of attack. And so preparing for that needs to occur because the time to figure out who’s going to say what what you will say and to whom and in what time frame isn’t while the attack is occurring. That’s just way too late. And you’ll mess it up. And it won’t go pretty. And you’ll only create greater, greater angst in the process. You need to prepare for PowerPoint. So what we do is we’ll prepare scenario planning to understand, at least in general terms, what is it you’re going to say how you’re going to express empathy for those that are impacted in action to let them know that you’re on it, who will be your designated spokespersons to which audiences how you will then set up internally, a process by which you can field in queries, whether that’s through your social media, from the general public, specific to news media, or to your key partners, who help you deliver your goods or services to your investors, or if you’re nonprofit, to your key donors, to shareholders, other people like that. So people at least know what their role is. So if God forbid, in this case, let’s say a cyber breach or ransomware attack does occur. How do you get everybody together? Everybody at least understands the role. You massage the general messaging to conform with whatever it is you need to do now check with legal and execute because you don’t have all day to do this. You’ve got an out. And another example I’ll give you a wiska SEO big widely known IT services organization when the ransomware occurred within a few hours. They had the website up the first statement out social media engine underway and they also had one on one communications with their MSP partners and kept updating as it was occurring and so You can tell that they’ve prepped for that one. So the end of the Yang right to healthcare organization versus say a to say it did a pretty good job, all things considered, and, and the healthcare company here in Southern California couldn’t have done it worse. Well, thank
Jodi Daniels 15:13
you, I know what we’ve done before. And I’ve participated in my corporate life. And now as an entrepreneur, you know, in our businesses, we’ve even done simulations, because there’s one thing to kind of write the scenario and have it on paper, but there’s another really discuss it and have kind of that tabletop discussion, because then you realize that will, when you read it aloud, maybe we want to say it a little bit differently, or we want to bring other people involved, do you also do an encourage, or maybe even just the feedback that you’ve had lessons learned on any type of kind of tabletop simulation?
Dave Oates 15:47
I think you have to train to the plan, right? Writing a plan is only as good as the people who understand what it is and how they’re trained to it. And I am a big proponent of that more to the point, I suggest to business leaders that you walk in in the middle of the day, and drop the scenario on your team members calling it a drill. And this goes back to my Navy days, and see how everybody responds to it. I know it’s a little disruptive to operations. But the reality is, that’s how the actual scenario is going to play out. It’s not going to come at a good time. Everybody is going to be off doing their own thing. How do you get everybody back? The more you practice that the less angsty and anxiety you will feel, and certainly then all your key audiences when God forbid the real thing occurs. So I think that’s exactly what organizations to do. The problem is that, you know, I understand, at least in general terms, how, you know, business leaders, executives, directors will say, Well, look, I got these five fires today that are actually underway that I’ve got to address. And this one may occur. And I’m not exactly sure when it let alone if so I’ll put it on a back burner. But But when that does occur, and it’s a question of when not if it’s going to be ugly, you better understand what you’re doing before it actually happens.
Justin Daniels 17:04
One thing I wanted to talk a little bit about was, so I’ve dealt with ransomware events that didn’t have media coverage versus the ones that did, and the ones that did, are an entirely different animal, because when the press is hounding you for statements and reaction, your ability to think, shrinks drastically, and now it’s coupled with ransomware variants that will now start calling your employees you know, pressuring them to, hey, why haven’t you paid Are you going to pay. And so I want you to give our audience a little bit of feel of what’s that what that’s like when you’re one of the ones where you are in the media public eye, and how that cadence of putting out press releases and responding that happens and how it makes it so much harder
Dave Oates 17:54
is because it the the workload that that requires exponentially greater, you will have to update media and subsequently to your employees, your clientele, your partners and other stakeholders at a far greater frequency. Because once the news organizations get it, and to your point, Justin, they will get it not from you, they will get it from another source, right, they’ll get it from as I mentioned earlier, the social media chatter chatter, sometimes they get it from the ransomware threat actor trying to, you know, trying to continue to push negotiations forward in their favor. And when that happens, you got to start to get a rapid fire cadence, I would say consider every hour to start, you can always dial it back. But that’s the kind of mentality you need to have in communications, all audiences, including media, because if you don’t look like you’re on it with empathetic, you know, approaches that recognize the impact that this is having to people, and you don’t give the assurances that at least you were doing all that you can, and you recognize the seriousness of it, it just cascades. And it becomes just that much harder as the hours and the days go by, like that healthcare company. And I would, I would caution everybody to not take that lightly. To your point earlier, just in some of those ransomware attacks don’t make the public eye right then and I will tell organizations consider that dodging a bullet, meaning your plans and preparation should include how you will address news organizations and the general public because of social media chatter or something else. If it doesn’t happen, fine. You don’t have to necessarily jump the gun if it’s not warranted. And we go through a scenario decision tree where we decide if we’re going to go into active mode or respond to query a passive mode. And you can change that on the fly but you still should be prepared to answer a male if it comes and answer quickly.
Justin Daniels 20:00
Guess one other thing I wanted to ask just for your opinion is, obviously the colonial pipeline CEO had to go to Congress and testify because that ransomware event impacted critical infrastructure. And what was telling to me was God, and I like to watch the Late Show with Stephen Colbert. And he ran a little ditty about the testimony where you heard the CEO, say, oh, our password was colonial pipeline, 123, they didn’t really have multi factor authentication. And as you know, from what I understand, from a lot of PR professionals, his testimony could have been handled a whole lot different from a company perspective. I’d love to get your thoughts around that. Yeah,
Dave Oates 20:45
two things. Nowhere he was he was in an excellent, he was an explanatory mode, but not an empathetic mode. He basically said, Well, this is what we did. And that’s just how it worked. Like, Oh, well, matter of fact, maybe a little are bad, but there was no, there was no real, in my opinion, or at least the message got muted as to no real understanding about what they were what they really were going to do moving forward. And you have to ask yourself to if it was that, I don’t know how else to put it colossally stupid to have that kind of poor password management controls, and if so in and, and security infrastructure, MIT grant, it was on their billing system, right? It wasn’t the actual production, but not gonna have the billing system, and they couldn’t build anybody, which meant the the pipeline stopped moving, you know, fossil fuels, to the designated clients, you know, then you got to, you got to fall on your sword a little bit, you got to you got to say, this is this was absolutely unacceptable. Here are the things that we need to work on. Yeah, these were really stupid hindsight, the 2020. And we’re gonna fix it and nowhere in there, you know, that really play out. So, you know, you’re gonna get what you get, and especially in that public spotlight in Congress, where they are, you know, politicians are looking for a scapegoat, right, they are looking to show their constituents, we’re gonna fight for you. And that just becomes such an easy target.
Jodi Daniels 22:14
One of the, you know, colonial pipeline was obviously front and center, you had mentioned scripts was like they was down for a month, some of these can go on for a long time, right? Where does, you know, the work of having someone, you know, a lot of times people might think it’s just at the beginning, it’s just at the end. But some of these cases can go on for a long time, right, but maybe share a little bit about how long I want to make sure that I have my favorite crisis, PR person with me.
Dave Oates 22:44
The the rule of thumb, I say the reason the reason why you bring a crisis PR person on board is to convey a level of competence, that you can get back to normal operations as quick as possible. And that you will rectify any of the residual effects that will not have resulted from this event. So with that in mind, once you get back to at least assemblance, close to normal operations, and have an action plan that is conveyed appropriately, and on how you will rectify any of the sort of residual effects from it. I would say that’s about the time in which you can say okay, you know, what, we’re going to keep this crisis PR specialist on call, but not necessarily engaged full time, there should be still regular check ins as to how that remediation plan is going, or at least how you’re moving forward on that. But the higher your higher crisis, the person helped communicate through something, you bring up a good point, though God that I don’t want to overlook. In the course of a crisis event, we will uncover fundamental flaws, and not not maliciously intended could be just through ignorance, or certainly just everybody’s got a blind spot on a particular portion of the operations of an organization, nonprofit or for profit. It could be your customer service, it could be a product, it could be operational in building or or delivering your products or services. It could be HR related issue or in this case, something something fundamentally wrong with their IT infrastructure and security posture. I think it’s important for organizations to take note on the on the value in bringing in other experts in those areas. To fix those fundamental problems. I tell people in somewhat jokingly but but with with some degree of sincerity, I would prefer not to have any repeat customers. I would prefer you hire me one time, to fix to help communicate through the event, fix the fundamental issues and then move on. If you hire me back within six months to a year to communicate a similar if not exactly identical problem than you had before. And that’s a big issue because you haven’t done Anything to sort of fix the fundamental problems that would prevent somebody like me coming in, because as I get rehired, it becomes far less, the opportunities to give the organization, some wiggle room to fix things, becomes that much harder, you know, it’s the Fool me once, shame on me fool me twice, shame on you kind of thing and the competent organizations, your stakeholders, your audiences are just going to go elsewhere.
Justin Daniels 25:25
So I want to ask a different question. I want to like metaphorically take my god wig and put it on and ask a PR question, really in the privacy space. And what I mean by that is, for example, Facebook, and some of the data collection practices of companies. So while we may not have a data breach, I still continue to see people whose data gets collected, they don’t realize it’s being collected, we’ve seen with Facebook and Google on the social media. And I wonder if you have some insight there as to how companies can put better PR around if we are collecting data and telling our customers how we’re building trust and how PR might be helpful in turning privacy and security into a competitive advantage instead of a cypa activity in a ransomware data breach
Dave Oates 26:12
situation, you know, in who I thought of an organization that I thought has done a pretty good job about that. And that communication level over the last month or two has been apple. And it’s been a competitive advantage. If you notice, they’ve actually been putting advertisements out in video on YouTube, as well as over the year where they show how how their iPhone users have the power to say yes, you can, you can follow me or you can access my data here or always or never, the power is in your hand. And we expressly state such so you can make a choice. Now, it hasn’t necessarily been good for their relations with their other companies who use their who put apps on their phones and things like that, but but the reality is that they’ve done a really good job to say, you need to understand what you give up, by way of your privacy. And by way of your personal information, when you use our devices or the apps within the in the devices. And I thought that was very, very good. Let’s be clear about this, right? Most people willingly give up a lot of private information for the convenience of Amazon, quote, unquote, knowing exactly what we want. I mean, how many people have Alexa, you know, Amazon Echo in, in their house that collects data all the time, whether you talk to Alexa or not, right? They do so willingly for the convenience of it and, and that that that seems to be fine by them. But I think Apple and others can do well by expressly stating this is what happens when and you have a choice, not just through the terms and conditions that everybody just scrolls right through and hits accept, but in in real engaging type of ways. So I use that as a good example.
Jodi Daniels 28:02
You really shared a lot of very fascinating and interesting information, I think it’s so important because oftentimes people forget how critical the communication pieces. And I like how you’ve highlighted a story where they might not have planned time has gone on compared to a story where obviously they had a thoughtful plan put in place and were able to execute it really, really quickly. Do you see a difference between big companies and small companies is one, you know, one might say, well, they’re smaller companies more nimble, but then they might have more fires. And so they’re not paying attention to it as much as the big companies, maybe they think someone else is doing it. But just kind of curious to see. Do you see any nuances between the size or the type of organization?
Dave Oates 28:49
I wish I could tell you there was because you know, it would seem logic would tell you that there would be great that your companies would take them more seriously have more protocols in place, have more systems, more processes, and also an infrastructure where they have a great Communications Group internally to do so. Whereas a small company just would would say, look, we’re limited in our resources. We don’t how big, maybe possibly thinking that they’re sort of under the radar of cyber attackers, ransomware attackers, bad actors, that kind of thing. The reality is that I’ve seen as many missteps from large organizations I’ve worked with as I have smaller entities, and it really doesn’t seem to be any difference in that. So I all I can tell you is, from my standpoint, I think it is still a problem of not recognizing the severity of the risk involved when it comes to cyber breaches. And that needs to change quickly. And we’ve been talking largely from a business standpoint, but you mentioned my Navy background, as we talked about, this is a national security. This is where the next one lines, and so I think government as well as for profit and nonprofit organizations, state city municipalities Everybody needs to recognize this is real. This is detrimental to if enacted upon to our existence in some cases in our, you know, from our infrastructure and our quality of life. And we need to take it more seriously as a people
Justin Daniels 30:14
completely agree. So changing to a bit of a more personal level that you could share with our audience, what do you think your best cyber tip would be?
Dave Oates 30:26
I’m a huge believer in two factor authentication, particularly when it comes to my bank accounts and to my investment accounts, right. But really, I do it from everything like that. If I’m logging in, on my laptop, or my tablet, I get a notification on another device that says, Is this really you? Here’s the code to put in there. Just to be sure. That’s That, to me is one of the one of the big ones, if you had to tell me, I had to pick one, that would be the one two factor authentication?
Jodi Daniels 30:52
Well, it’s a very popular one on our podcast, many guests pick that one. And I have to say, talking to a crisis guy, that a lot of times companies forget to factor on their social accounts. And I can’t tell you how many times I see companies have their accounts taken over because they don’t have to fa, especially in time of a crisis. That’s one to double check all of your social accounts. Because you want to control that message. You don’t want someone else doing so.
Dave Oates 31:22
Well, how many times? I’m sorry, I was gonna say at least once a week I get a friend of a friend of mine who friends me on Facebook that I’ve been friends with for years, right. But just as an account, hijack. Yep.
Justin Daniels 31:33
I was going to add in both of you can go like my post today on LinkedIn, which is no MFA. No Deal. Why don’t all companies require anyone they do business with that you either have MFA, or there’s no deal? Because the reality is, you’re not getting cyber insurance these days. If you don’t use them if they the market is not going to insure you.
Dave Oates 31:54
I will look that up because I’m 100% agreement with you, sir.
Jodi Daniels 31:58
Now, when you’re not doing privacy, security and crisis pr do you like to do for fun?
Dave Oates 32:04
Oh, man, my wife and I have a ton of activities. We love hiking. We’re both foodies, and we do what you were told not to do, right? invite people over and try new recipes. You’re supposed to test the recipes before we try them on people. No, we just we just like and we’re like, Look, worst case scenario. We’re ordering pizza from down the street. That’s just how it’s gonna work. So we love to do that. And I’m a diehard padres fan. And I got to tell you the last two weeks has caused me great agita, as I’m watching our pitching staff just completely implode and now we’ve got running the risk of not having a wildcard spot in the playoffs. I am going to the game as we record this, I’m going to the game tomorrow. Because the experience if you haven’t been to San Diego’s Petco Park, it’s great. But let’s say my expectations are starting to wane.
Jodi Daniels 32:49
Super fun. Well, Dave, how can people connect with you and learn more about you and what you do in the world of crisis here?
Dave Oates 32:57
A website’s probably the best way and publicrelationssecurity.com but I’m also on LinkedIn and Twitter and Facebook. You can catch me Dave Oates, crisis PR you’ll you’ll find me and I look forward to connecting with you. Hey, I appreciate the time guys. This has been a lot of fun. Absolutely. Thank you so much.
Outro 33:18
Thanks for listening to the She Said Privacy/He Said Security podcast. If you haven’t already, be sure to click subscribe to get future episodes and check us out on LinkedIn. See you next time.
Privacy doesn’t have to be complicated.
As privacy experts passionate about trust, we help you define your goals and achieve them. We consider every factor of privacy that impacts your business so you can focus on what you do best.