Five Tips for Building Cyber Security Awareness and Policy Toolkit

Suzanne Ross and Kathy Stershic

Kathy Stershic, an information technology and policy expert from Dialog Research & Communications, led a dialogue on Wednesday, with the Public Relations Society of America National Capital Chapter’s Public Affairs, Government, and Accredited Public Relations professionals on “The PR Professional’s Role in Managing Data Privacy Risk.”


Kathy Stershic

Knowledgeable about global business, she distills complex information, and helps clients connect the bigger picture in even highly disparate situations – such as between cultures in the Silicon Valley and DC.

Kathy generously shared five tips with PRSA NCC members to help you get ahead of the data privacy and protection issue and lead your organization’s cyber security and data breach preparedness and response efforts.

Begin to build your PR communications and messaging toolkit such as:

  • Prepare policy statements
  • Explain the context of the problem
  • What you are doing to correct the problem – to the extent possible
  • What you are doing to prevent the problem from recurrence

Self Assessment: What is Your Digital Footprint and Cyber Security Awareness?

Engage leadership, IT experts and staff in constructive dialogue:

  • What are your goals: Do you need to protect your data, your business, your reputation, your time and operations?

If possible, employ a privacy-by-design approach which is proactive and preventative.  It takes into account human values and privacy protections, throughout your data system.

  • What is a realistic threat? More than 75 percent of small business IT pros report that employees are their weakest link for cyber-attack.

A privacy impact assessment will help you identify strengths, weaknesses and risk while enabling an informed choice about opportunities your business could take to protect its reputation, business operations and stakeholders.

Stershic Tip #1:  

Know what’s promised—and not—in your company’s privacy notice

Privacy notices – those external-facing documents that give customers the Ts & Cs of sharing their data with you – have become de facto for most businesses, and are often legally required. Even though these policies can be lengthy and challenging to read, they’re a binding agreement with anyone whose data you collect. And there ARE people who read them! Know what your company notice says is being done with collected data – and make sure that actual practices align to that promise.

Stershic Tip #2

Match your product or service claims to reality

No one can truly ‘ensure’ that data security is 100% guaranteed or that your company’s approach is absolutely the best practice or your product is entirely defect-free. If you make such claims, someone just may hold you to them. Find clever ways to make value claims that still match what is truly possible. You’ll need to run it by Legal anyway, so get a head start and wow them with your savvy messaging skills!

Stershic Tip #3

Understand what you’re collecting and why you need it

It is so tempting to gather as much data as you can because “someday” it may come in handy. Data gets stale fast, limiting its useful shelf life. If you have a breach or some regulator comes poking around, you may well have to substantiate a business rationale for holding whatever data you possess. That means a real business purpose now, not a “maybe someday we’ll use it” reason. You can’t get in trouble with what you don’t have, so gather what you truly need and let go the rest.

Stershic Tip #4

Educate staff and remain vigilant

  • Phishing campaigns attack lists of contacts simulating outreach from banks, retailers or government agencies.
  • Malware malicious code can be transferred to legitimate (trusted) sources, including through file transfer protocol (FTP) servers, that store and transfer malware tools.  Any app or link can contain embedded malware.
  • Prevent vandals by understanding (generally) how malware trojans differ and what can be done to prevent them, how botnets can backdoor into your system, and how to prevent viruses and worms from infiltrating your system.
  • While malicious outsider cyber-attacks are real and increasing, the majority of data breaches are caused by human error. Accidental data exposure, lost devices, disgruntled workers doing bad things, papers laying around, unsecured computer screens…any of this ever happen in your workplace? Staying aware of what’s available to whom can go a long way in keeping data secure.

Stershic Tip #5

Overcome Inertia

It’s natural to feel overwhelmed. With years of marketing expertise and current data privacy know-how, Kathy Stershic at Dialog Research & Communications is ready to be your on-demand data privacy manager—for a little or a lot of help.

About prsancc

The National Capital Chapter of the Public Relations Society of America (PRSA-NCC) is a professional public relations organization of more than 1,400 members in the Washington, D.C. metropolitan area. The Chapter provides professional development programs, accreditation instruction, and networking events. The Chapter also promotes public relations education through five area Public Relations Society of America Student chapters, as well as a Career Academy for inner city high school students. For more information, please visit or call (703) 691-9212.

What do you think?

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s