EPISODE 127
Proactively Protect Your Reputation (#1 digital asset)

EP 127: Proactively Protect Your Reputation (#1 digital asset)

Our bi-weekly Inflection Point bulletin will help you keep up with the fast-paced evolution of cyber risk management.

Sign Up Now!

About this episode

March 14, 2023

How do you proactively protect your #1 digital asset, which is your reputation? Let’s find out with our guest, Sameer Somal, the CEO of Blue Ocean Global Technology. Your hosts are Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.

Mentioned during this episode:

“The effects of cyberattacks on corporate reputation and consumer confidence with Casey Boggs” — https://www.cr-map.com/48

“Normalizing Greater Accountability For Cybersecurity Fraud” — https://www.cr-map.com/96

Tags:

Episode Transcript

Speaker 1: Welcome to The Cyber Risk Management Podcast. Our mission is to help executives thrive as cyber risk managers. Your hosts are Kip Boyle, Virtual Chief Information Security Officer at Cyber Risk Opportunities, and Jake Bernstein, partner at the law firm of K&L Gates. Visit them at cr-map.com and klgates.com.

Jake Bernstein: So Kip, what are we going to talk about today on episode 127 of The Cyber Risk Management Podcast?

Kip Boyle: Hey, Jake. Today, we're going to do something a little different and what we're going to do is we're going to explore how to proactively protect your number one digital asset. And I always kind of think of this as a test. So Jake, what is everyone's number one digital asset?

Jake Bernstein: Well, without the script, I probably would've had many other guesses, but I'm going to go with reputation.

Kip Boyle: Yeah, that's right. Reputation is, I think, I don't know if it's arguable. I think most people would agree upon reflection, reputation is your number one digital asset. And so we've got a guest today, his name is Sameer Somal and he's the CEO of Blue Ocean Global Technology. And what they do is specialize in solving a wide range of online reputation management challenges and they even do proactive work. And so I just thought this would be a fascinating thing because we as information security and cybersecurity security people talk about proactively protecting all kinds of assets.

We want to prevent wire fraud, we want to prevent sensitive information from being breached. But I don't hear us talk very much about doing proactive work on reputation. And before I invite Sameer to introduce himself, I want to just unpack this a little bit more. I want to be really clear about reputation and why I think we should put more emphasis on it. Instinctively, as human beings, we all know the reputation is everything and the statistics we see about serious crime, whether it's real world crime or digital crime, most people don't report serious crime. And so I just quickly looked up some statistics.

So Pew Research, which is a reputable research organization, says that most violent and property crimes in the US are not reported to police. And in 2019, this is kind of shocking, only 41% of violent crimes and only 33% of household property crimes were reported. And a lot of people gave different reasons for why they didn't want to report crime, but I think it all really boils down to reputation.

They don't want people to think of them as weak, they don't want to think of them as diminished, they don't want to be shamed, they don't want any of those experiences. So, back in episode 48, we talked with a guest, Casey Boggs, about the effect that a public cyber attack can have on reputation. And I would recommend people go listen to that if they haven't. But that was really more of a reactive perspective. And so I wanted Sameer to come and talk to us about more about being proactive and protecting our reputation. So Sameer, thanks so much for being our guest and welcome.

Sameer Somal: Thank you, Kip. Thank you, Jake. It's a pleasure to be here and share perspective on a subject that of course is near and dear to my heart in terms of reputation. Of course, reputation is such an intangible, it's how do you measure it and at the same time you have to measure it. And I think that businesses and individuals, their opportunity set is increasingly correlated to what is being found out on the internet about them when somebody looks them up. And we kind of have a choice, do we go out and proactively curate a presence that is representative or do we let others do that for us? And that can certainly spell opportunities as well as risks for any business, individual and even professional.

Kip Boyle: Absolutely. Now, I was curious to know right off the bat, we know that you are the CEO of Blue Ocean Global Technology, but could you tell us how did you get into this work and what is your work like on a daily basis?

Sameer Somal: Well, I think work on a daily basis is chief dishwasher as being an entrepreneur. So, I feel like it's like that Lincoln line, too many horses, not enough oats. I think we're in a fortunate place where there's so many needs that people have related to reputation, be it agency partners that we work with on an ongoing basis to deliver for their clients.

We do a lot of work with law firms where we're working on pre-trial publicity, controlling the narrative for specific clients cases and their firms, and then also working as expert witnesses and consultants. And people reach out to us and find us for a wide range of reputation situations that could relate to cyber investigation. It could relate to internet defamation. It could relate to being an outsourced chief marketing officer for their company to say, "Hey, what all these things that we're trying to accomplish have to do with reputation. How do we make sure that the resource allocations we're getting a return and we're being effective?"

In terms of the other question, how I got involved, I would say a little bit of an accident. I have a background in finance as a private investment banker and I've worked at Morgan Stanley, Merrill Lynch, Scotia Bank and held leadership positions there. And I launched a wealth management firm and didn't want to be held back by technology resources. And so I did a global search finding entrepreneurs and people of character and made some great friendships and relationships and referred clients, became a client. And then I said, wait a minute, it's kind of what every business is trying to do, represent themselves online.

This is about 10 years ago. And rather than focusing on this notion of digital marketing and SEO, which are tools within building a digital presence, we chose to focus on reputation because we realized this is what most people are seeking to accomplish with their proactive or reactive activities on online.

Jake Bernstein: Interesting-

Kip Boyle: You've worked on the kinds of cases that Sameer mentioned, haven't you?

Jake Bernstein: I have, yeah. In fact, I've brought lawsuits to try to uncover people who are basically in defamation lawsuits, the whole Doe lawsuit game to try to figure out who's posting what. Definitely advise clients on this. But much like Kip, what we do with cybersecurity reputation management, it's really most of that is proactive, or I'm sorry, is reactive. Something happened, what can I do about it now?

And I've definitely come across what I would consider to be reputation management firms. And a lot of the times those are also more on the reactive side. Like someone said this or this happened, what do we do? And I think building a positive reputation is probably one of the most valuable things that any company can do. And so I'm quite interested in this discussion and I think we should start by saying we all have the sense that reputation is everything.

Certainly I have not forgotten almost 20 years ago, the dean of the law school, we're sitting there as brand new law students and he told us that your reputation is all that you have and it starts right now. And that was the day or two before law school even began. It was like orientation. And that definitely sticks with you. And for professionals, for lawyers in particular, it's more obvious. Everything you do, it reflects on you. And so your reputation truly is everything.

But Sameer, I'm wondering what you have seen and how much reputation really matters in the business world and if you notice differences between types of different industries where reputation, it matters, but it doesn't matter as much as in this other zone. I think that's an interesting place to start.

Sameer Somal: Thanks Jake. And it's clear we've probably serendipitously crossed paths on a lot of different similar situations with respect to John Doe and Jane Doe and IP addresses and being able to subpoena some of that information. So that certainly a topic of interest. And I've got two, I think three cases I'm working on right now where it's pretty obvious someone has been identified as the perpetrator and they're still saying that they're not. And so that's always interesting.

I think with respect to reputations are everything, reputation is something that, as I mentioned earlier, isn't intangible. It's like how do you measure the love you have for a brother, sister, a child, a parent? How do you measure trust? How do you measure the fact that there are attorneys, for instance, that I work closely with and anytime there's a reputation issue or something related to cyber, I'm on speed dial and anytime I need guidance on a particular situation, vice versa.

Those things are hard to measure. Yet relationships, opportunities are driven by some of these intangibles and what we are trying to accomplish online with respect to what I always say is choice overload, creating content, be it websites, blogs, videos, podcasts, articles, images has to do with creating a presence that reflects the true relationship capital character and opportunities and the value we bring, what we're doing maybe offline while we're not on the internet, how do you make sure that that's curated?

And businesses and professionals agnostic of industry are forever tied, at least in our lifetime, to their reputation. And we can all probably look at our own situation when we're thinking about a restaurant that we want to visit. We've probably all gone to Google, we've probably all seen Yelp reviews, we've seen Google reviews. I'd be the first to tell you that when I see a restaurant that has a two rating, a 2.5 rating, a three rating, even a 3.5 rating, you're kind of wondering, "Okay, well, what were my other options? How do I go and pick another one?" So, that's important.

I also think that industries where trust is really at a premium. For instance, the legal industry. I've worked with lawyers who have had somebody else, another lawyer who was defrauding clients, was involved in a Ponzi scheme, had a DUI, wasn't even them, but had the same name. And clients and prospective clients were not working with them or not following up because of that.

It also could be a company. I've worked with law firms where they had a rogue partner or somebody who, let's just say was no longer working at the firm and the allegations or what they were involved in are defining for the firm's first page of search results. And so when you look at different industries, whether you're working with doctors, whether you're working with executives, typically somebody because it's too easy and they have access to unfiltered information at their fingertips when they meet somebody, they're thinking about doing business with them, they're interacting with them, they're going to look them up online and they're going to look up their company and they're going to spend a few minutes.

And if they find information that's positive, that is reinforcing, the, I would say impression and what they seek to work with and interact with, they're going to move forward. They're going to pick up the phone, they're going to respond to the email, they're going to decide whether they want to work together or not. But conversely, if they find any information, true or not, that is negative, even erroneous and somewhat defamatory, it's going to compromise their ability to move forward.

Jake Bernstein: Yeah. And think this is one of those things where reputation and trust are particularly tied together. They're not synonymous. I think it's worth pointing out that someone's trustworthiness and their reputation are closely related, but it's not necessarily the exact same concept. For example, you could be completely trustworthy, but your reputation is that you just don't know what you're doing, in which case you're probably still not going to get a ton of business even though people think, you can trust the guy, he's just not good.

And one of the things that I'm curious about for businesses that are maybe less, particularly retailers or manufacturers, do you find that you get engaged by those types of companies in those industries as well? Or is the focus definitely on professionals and so-called trust industries?

Sameer Somal: I would say the answer is we definitely are engaged by industries that you think of as non-traditional. Because I can think of a particular retail outfit that we worked within when no matter they had I think five or six locations and all of their Google My Business review listings were negative and tarnished. And I think some of the client feedback was true that they've addressed. I think some of it was also from competitors and disgruntled former employees. And so the review profile that followed them around was definitively negative and cast a negative light.

I can also think about working with a manufacturing firm that had a competitor down the street and they made it their business to try to take over their reputation and to tarnish it. And it was actually an auto parts manufacturer for exotic cars. And that became the primary focus of the marketing team, of the sales team and how to address that. And so we were called in to, I would say not only make sure that we reverse engineer out some of those challenges, but we also put in place a more sustainable strategy for building their digital presence to help insulate against some of those tax and issues that inevitably can take place in business.

So, the traditional business, to answer your question in summary, Jake, that never thought it would find itself online, never thought that it would be important, all my business is generated through referrals. We work with some pretty sophisticated firms and financial services and alternative investments, and I spoke at the Portfolio Management Association of Canada annual meeting in November, and one of the CEOs of a pretty large institution in Canada said, "Well, Sameer, all the business that we receive, much of it is done through referrals. We were in conversations. So, I don't think our online presence or digital presence really matters." And I said that that's probably accurate 25 years ago.

But today, if your best client, let's just say it's a $75 million account and they're talking at a cocktail party or an engagement about you, about the relationship, and they refer you and they say, "You should talk to my investment advisor." That person 99% chance is going to Google you, is going to look you up online, is going to see if some of that positive energy and sentiment that they received in person, where does that reflect?

And if they find information that reinforces that, they might just give you a call. They might just email. But if they see things that are not true or not, that don't cast you in a positive light, they're not necessarily going to be jumping to reach out.

Jake Bernstein: And I would go further than that and just say that if they don't find much of anything at all, that's going to minimize the chance that they call. Even though there was a great in-person referral, I just feel like today, if you don't have any online presence, it's like you're not real. And so it's not just defending against potential negative things, it's also just affirming that you really exist in the world by having an online presence. And whether it's fair or not, I don't think that anyone can get away from that reality.

Kip Boyle: I'll never forget, before I launched Cyber Risk Opportunities, somebody asked me if I would help them on a part-time basis with a cybersecurity issue that they had. And I was like, "Oh yeah, absolutely." And so the person who wanted to work with me went to their boss and said, "Hey, let's bring Kip in as a contractor" and so forth. And the boss went online to learn about me, and I didn't have a website at the time. And that was the feedback like, "Well, why would we work with this guy Kip? He doesn't even have a website."

And so I actually had to respond to that as a sales objection. And that was the first time that it really hit me personally that, oh, I better get a website up if I want to actually convince people that I'm good to do business with. And I just thought it washed over me in a very profound way. I also found myself thinking, well, man, does that mean I can create a $2 website on one of these low-cost web hosts and make it say anything I want it to and people will believe me? And I thought probably.

Jake Bernstein: Well, and the other thing too to remember, not remember, but it's a piece of advice I give to all new attorneys is, and I always preface it by saying, "Look, I know this might seem silly, but if you're a private practitioner in law, you need to get your LinkedIn connections to 500 plus as soon as you can."

If you're brand new, it's obviously fine. But if you're five years out of law school or longer and you don't have 500 plus connections, again, whether it's fair or not, people will say, "Well, what's wrong with that person? Have they not been out there? Why do they not know anyone?" And it's one of those skin or surface level reputation management issues, but it's real. I'm convinced it's real.

I know that I personally, if I look at someone who as co-counsel or someone who wants to be hired and they're more than a few years out of law school and they haven't... It's not so much that I don't think that they're a real person, it's that they haven't taken the time to understand the importance and the value of managing their online reputation. And that's a judgment thing. They're building. Yeah, it's the networking thing.

So, there's so many aspects to this, Sameer, something I want to talk about, which Kip will attest to this, that I have a tendency to go off script is, and thinking about, and it just occurred to me as we've been talking, how would one proactively build a cybersecurity reputation? And let me just build this for a second before you or Kip respond.
These days, we're well past the point where being breached is this big shock, big surprise. Come on, many, many large companies are breached repeatedly. This is not something that is unusual. But I think that certain companies handle it better than others.

But from a proactive side, what would you recommend that a company do? What kind of messaging should a company put out there before a cyber attack happens that might serve to soften the blow and probably when as opposed to if something bad happens? Because, to me, that would be a really valuable thing to advise clients to do. What do you think about that? And yes, I know it's off script.

Sameer Somal: Did you want to go ahead Kip, or did you want-

Kip Boyle: Oh, Jake, are you asking me? I thought you were asking Sameer.

Sameer Somal: He's asking both of us, I thought.

Jake Bernstein: I was asking both of you, but maybe I think it might be, Kip, you looked like you wanted to say something.

Kip Boyle: Oh, sure. Yeah. I absolutely have some thoughts. I just didn't want to cut off Sameer if he was going to say something.

Jake Bernstein: No, I think he was waiting for you. We had a little bit of one of those moments where we're all staring at each other.

Kip Boyle: Yeah. Thanks for going off script, Jake. That was great.

Jake Bernstein: I always do it.

Kip Boyle: So, I talk to customers a lot, especially people who come to me who are encountering friction in their sales process related to cybersecurity. And I say to them, "Do you have anything on your website that talks to security at all?" And people will often say to me, "Well, no, because we don't want to become a target, so we don't want to go out there and talk about how great our security is because it just seems like we're inviting people to attack us and we don't want that."

And I said, "Well, that actually makes a lot of sense to me why you would feel that way, but you really should say something about your security, but let's do it in a non-sensational way. Let's get you like a white paper or something like that where you can talk about what you do to protect your customer's digital assets that they trust you with, and let's set you up so that you can actually put the first foot forward on the conversation of security, that you can control the narrative or at least take the first step in setting what the conversation is going to be about." And so that looks different to different customers of mine, but that's how I talk with them about it. I'd love to get your take on it, Sameer.

Sameer Somal: Yeah, I would say first and foremost that, with respect to proactively creating a digital reputation, many people quickly group that into, well, I don't want to be active on social media and post every day. And I think that how and what you represent yourself, be it if you're a professional in cybersecurity, be it if you're an attorney or an entrepreneur in manufacturing, you have to first define what is it that you want people to know about you? What is the value that you can provide to others, and how do you reverse engineer that so that there is a narrative and breadcrumbs about what you want people to know?

And of course, that isn't necessarily easy because there's choice overload with respect to how you go about that. I know you mentioned earlier, Kip, about just having a website. A website is a pretty big undertaking these days. It's not just a simple storefront that you put up in a few minutes that it was a quarter-century ago. It is something that takes effort and many people make judgment about who you are and your capability based on finding that website.

Then of course, there's also the content. So, when you look at what your online presence is, it's of course what people find out about you when they look up your name, when they look up your company name. And then you've got to decide, hey, how do I make sure that I have information out there? So, for instance, I can think about one of our executive clients who, he is a private investor, he's been a Fortune 500 CEO, and he said to me, "Sameer, I've got this blog and I keep publishing content and none of it is ranking." And I explained to him that Google is only going to rank a website bearing your name so many times when someone is searching your name, you're going to need to work on getting published elsewhere and allowing both the marketplace and from a search perspective to validate your expertise by having credibility on different domain authorities. So, that's something that's important.

I also think the notion of video is incredibly important. It doesn't have to be necessarily a talking head, but explainer videos. I know some clients that we work with, they're loath to be on video, on camera, even though they have so much knowledge, but we found other ways to put them out there by using inaudible footage, using voiceovers. And so I think that in order to curate that presence, you have to first decide upfront what is it that I want to be known as?

And you have to recognize that if you don't go out there and ensure that you're known for what you're good at and where you are able to help people, someone else is going to define that. Or, as Jake astutely put it earlier, if you don't have anything out there, it's almost like you're not relevant. You don't really care what people find out about you. And so we divide that building your digital presence into two components from a search perspective.

One, it's when people know about you and they're looking up Kip, they're looking up Jake, they're looking up K&L Gates. What are they finding out when they have information about you or your company? And then secondly, it's how do you insert yourself into the searches, into the conversations where somebody should know about you but they don't? And that would be an ideal situation where you can help someone or be a resource and work together on the same. So, I hope that provides some context on building your presence.

Kip Boyle: Yeah, definitely. It sounds like what you're saying is... The word I think of as brand. So, Casey taught me, when I was speaking with him one time, we were having breakfast and we were talking about reputation. And then he made the distinction to me because he's a public relations professional. He said, "Well, brand is what you say about yourself. Reputation is what people say about you." And so I thought that was a really helpful distinction. But Sameer, is that a distinction that you think of? Is that helpful in your work?

Sameer Somal: Yeah, absolutely. I think that two are forever interrelated, brand and reputation. And many times people are looking to fix their reputation, they're looking up branding. Many times people are looking to fix their brand, they're looking up reputation. So, I think the two go hand in hand.

There have been many studies that show that even for publicly traded companies, more than a third of their value is tied up in this notion of reputation. And so how do you go about building a brand, curating a brand, curating a reputation? That's important. I think that if you're not proactively doing it, then you put yourself in a situation when there is a crisis, when there is something that sometimes is unavoidable, be it with an employee, be it with somebody with a similar name as you, a company.

We've had a number of situations where a company has similar keywords. There's maybe two or three words from one company's name that are synonymous with another. And so when somebody's looking up that company, they're finding information about another company, but no one takes the time to go and actually look and decide whether that is them.

So, I think you need to proactively work on making sure that, hey, we have information out there. One of the challenges we talked about earlier is being reactive. If you have strong digital assets and you have a digital footprint that is truly representative of who you are and you've invested in that, that can be a huge asset in mitigating negativity during a reputation crisis or when there are issues surrounding your brand.

Kip Boyle: Yeah. Yeah, definitely. And I want to take a moment to just say to the audience, people who are listening right now. You listen to our podcast, I think because we talk about cyber risk management topics and cybersecurity. And I think a lot of this proactive reputation work that we're talking about would really fall in a corporate environment, more in a marketing department or something like that.

And so I am not suggesting that cybersecurity people should be necessarily actively involved in building a brand or that you should be a marketing person or take marketing courses. But I think that since reputation is such a valuable asset that we do pay attention to, I think it is good to know about what is going on over there in that marketing department. What are they trying to accomplish and how can we partner with them when something awful happens? And will we be able to bring anything into the room in our own heads as we collaborate on dealing with reputation issues? I think that's the real value of our conversation today. And as we-

Jake Bernstein: Kip, there is one other aspect of it that I think where the security team needs to interact with the marketing team about reputation, which is, and I didn't bring it up earlier and I thought about it, but it's that if you're going to try to build your reputation about security, that you have good security, you better really have good security. And I'm not talking, yes, the concern that we might get targeted because we're tooting our own horn is definitely real, but there's a liability associated with making representations that aren't accurate, that aren't true.

If you misrepresent the quality of your security and something for the security department to remember, as a security professional at a company, you should look at what your marketing people are saying about your company's cybersecurity. Because you might not be, like if you're not comfortable with that, you should say something because that's a risk that is very much related and tied up in reputation, trust, marketing, law, all of this stuff. And I think that is a major point of overlap where we as cybersecurity professionals need to work with the reputation managers and the marketers to ensure that there is mutual comfort there.

Kip Boyle: This reminds me of the episode that we did on the Lincoln Law. Was it Rocket Dying where they had made assertions to the government that they had a good cybersecurity program?

Jake Bernstein: Aerojet Rocket Dying is what you're thinking about.

Kip Boyle: Yes, yes, yes.

Jake Bernstein: And just the Lincoln Law to remind people is the False Claims Act is what we're talking about.

Kip Boyle: Right, right. The False Claims Act. And we did an episode on that. I'll put a link to that in the show notes. I can't remember what the number of the episode was, but yeah. So yes, Jake, thank you for mentioning that. No false claims, please. No puffery. And that's why I kind of suggest a white paper as opposed to a sizzling landing page on your website because the white paper's a bit more sober than a flashy webpage.

So, as we come to the end of our episode, and I'm having a great time with this conversation, and I'm sad to say that we do have to wrap it up. But Sameer, I think it's worth taking a moment and asking you about digital crisis and managing and repairing your reputation when something awful happens. I'm interested to know what that looks like in your work, because you've already kind of alluded to it a couple of times, and I think to myself, there's no real complaint window at Google where you can go to them and say, "Hey, there's fake news about Kip. I need you to take that down." So, you have to do it in other ways.

This is my beginner's understanding. Is that right? Or what's that like for you in the work that you do?

Sameer Somal: Yeah, well one, thanks Kip and Jake for your comments and for the opportunity to be here. One, I think with Google, there actually are places you can report, but it is going into the black box. I can think of one particular instance where there was really sensitive information out there on Instagram. We reported it many times with different IPs, different geographic locations, and actually ended up getting in touch with the chief legal officer at Meta, and that's how we had it removed and brought it directly to their attention.

With respect to crisis, I think that they're inevitable. Businesses have to recognize that there is going to be information out there that is harmful, that is not representative, that you can't control. It's kind of, what was that Abraham Lincoln line? There are a few things that are wholly good or wholly evil, but rather an inseparable combination of the two. We love technology, we need it, we need to utilize it. But at the same time, there are risks and there's a downside to it. And I think that that comes in the form of reputation crisis.

And if you have created a presence where there's information out there about you, that's an asset. I think when anytime there is something negative that comes out, of course it depends, and I know Jake would appreciate this, it depends if it's litigation involved and if it's a litigious matter or is it something that needs to be addressed? And so I think responding quickly and understanding what's taken place is of course the first order of business. And you've got to use everything that comes about you in life as an opportunity to learn and grow. And so I think sometimes the best defense is going to be an offense on your reputation and being proactive, and you have to also be accountable for it.

I think many times people, when there is an issue that's taken place, they want to dance around it. I think you've got to bring it up. You've got to talk about why it took place and how you've dealt with it and turn it into a definitive positive about how you addressed it. And that can make you and your company seem more real on the same. And I think being human is something that, despite the internet and despite kind of the fact that we're on Zoom meetings and we're not necessarily meeting people in person, I think it is that human connection that people yearn for and relate to most when they're going about their digital lives.

And many times you're going to need, when there is a situation, you're going to need public relations help, you're going to need reputation help, you're going to need maybe an attorney. And I think sometimes people wait a little bit too long for that, and then we're putting toothpaste back in the tube. And so-

Jake Bernstein: Yeah, definitely don't wait too long to call your lawyer.

Kip Boyle: Yeah, I want to give one pointer to people. Sameer, I love how you were saying don't dance around the issue, just address it. And it made me think about a company that I think it did a wonderful job. And a lot of people think that they did a wonderful job downstream from a ransomware attack that took the entire company offline for several days, and that's an aluminum producer named Norsk Hydro.

And they did such a masterful job of managing the public relations aspect of a ransomware attack that happened to them, that Microsoft actually did a profile of them and the way that they responded. And you can go on YouTube and search for them, Norsk Hydro ransomware, and I'll put a link to a video in the show notes, and you can watch a summary of how they masterfully handled talking to the press, talking to the media about what was going on.

They were super transparent in the way that they responded to that crisis. And it turns out that their stock, while it did go down in the immediate aftermath of the episode, it actually bounced up in the days during which they were being very transparent and communicating a lot about what happened. And I think for them, their reputation actually was strengthened by the way they handled an event that they couldn't control that happened.

Jake Bernstein: It can be done. You can definitely improve your reputation by the way you handle a negative event. That's a masterful outcome. It's hard, but it's doable.

Kip Boyle: It is. And by the way, one closing thought, and then I think we're going to have to say goodbye for now, is in the NIST Cybersecurity Framework, for those of you who are listening and they're and are saying, "Oh, I'm only interested in cybersecurity, this stuff doesn't make any difference to me." Well, the NIST Cybersecurity Framework actually has prompts in it to pay attention to damage to your reputation following a cyber attack.

So, in the response and recovery sections in those functions, it actually talks about this as a subject. And if you don't believe me, I would encourage you to get in there and find out what I'm talking about, because this is a really important part of how you recover from a bad cyber attack.

So, anyway, Sameer, I'm so glad you were on our show. Thank you so much for being here. If listeners wanted to reach out to you and continue the conversation, how should they do that? Where can they find you?

Sameer Somal: Yeah, I think you can find me if you Google Sameer Somal. But in all seriousness, you can reach me direct via email, my first initial S, my last name Somal, S-O-M-A-L, at blueoceanglobaltech.com, and I'm sure you'll find I'm co-founder of a company called Girl Power Talk. I have a personal website, sameersomal.com, and feel free to reach out and welcome opportunities to build relationships and serve as resources. I think I definitely strive to be a connector like both of you, Kip and Jake.

Kip Boyle: And that's what I've experienced as well, so I can attest to that. Okay, that wraps up this episode of The Cyber Risk Management Podcast. And today we explored how to proactively protect your number one digital asset, which we all think is your reputation. I hope we've convinced you that that's the case. We did that with our guest, Sameer Somal, the CEO of Blue Ocean Global Technology. Thanks everybody. We'll see you next time.

Jake Bernstein: See you next time.

Speaker 1: Thanks for joining us today on The Cyber Risk Management Podcast. If you need to overcome a cybersecurity hurdle that's keeping you from growing your business profitably, then please visit us at cr_map.com. Thanks for tuning in. See you next time.

Headshot of Kip BoyleYOUR HOST:

Kip Boyle
Cyber Risk Opportunities

Kip Boyle is a 20-year information security expert and is the founder and CEO of Cyber Risk Opportunities. He is a former Chief Information Security Officer for both technology and financial services companies and was a cyber-security consultant at Stanford Research Institute (SRI).

YOUR CO-HOST:

Jake Bernstein
K&L Gates LLC

Jake Bernstein, an attorney and Certified Information Systems Security Professional (CISSP) who practices extensively in cybersecurity and privacy as both a counselor and litigator.