JPMorgan and Chase Crisis Plan - WordPress.com · 1. Initiate the Crisis Communications Plan within...
Transcript of JPMorgan and Chase Crisis Plan - WordPress.com · 1. Initiate the Crisis Communications Plan within...
Alexandria Hawkey April 17th, 2016
Alexandria Hawkey April 17th, 2016
Crisis Communications Plan in the Event Crisis Communications Plan in the Event
of an Online Database Hack for
Crisis Communications Plan for an Online Database Hack Involving
JPMorgan Chase and Co.
2
-Table of Contents- Premortem…………………………………………………………………………………………3 Statement from Management to Employees…………………………………………..6 Acknowledgment………………………………………………………………………………..7 Purpose and Objectives……………………………………………………………………….8 Key Publics……………………………………………………………………………………..…9 Crisis Team Directory………………………………………………………………………..11 Emergency Personnel…………………………………………………………………………12 Equipment, Supplies, and Information Needed…………………………………….13 Glossary of Terms……………………………………………………………………………..14 Fill in the Blanks News Release…………………………………………………………..21 Key Messages……………………………………………………………………………………22
3
-Premortem- When dealing with banks, there are many potential crises that could come up at anytime.
A few of them, ranked from least likely to most likely, are:
1. Hackers getting into our databases.
a. In this day and age, hackers are becoming more and more skilled and are
able to break through firewalls and access information from databases. In
an ideal world, our Internet security would be strong enough to prevent
this from happening. In the event that it isn’t, our bank members could
have their identities stolen, credit/debit cards could be copied, company
emails could be released, and any other sensitive information about our
bank members or company. We would need to need to be able to reassure
the bank members and stakeholders that we are working our hardest to fix
the problem and that they’re account safety is our number one priority.
2. CEO is found to be embezzling money from the company through fraudulent
loans or other means.
a. While we hope that Jamie Dimon would not embezzle money or commit
other types of fraud through the company there is a possibility that he
could. We need to be prepared to handle that situation if it arises. If it were
to happen that Dimon committed some sort of fraud, we would need to
gather all of the facts about the situation before making any statements.
We would also need talking points sent out to everyone in the corporation
as soon as possible to hopefully prevent anyone saying something that
could potentially harm our reputation further.
4
3. A false merger rumor.
a. A false merger rumor could put stakeholders on edge and possibly cause
them to take their stock out of the company. When false rumors circulate
and the stakeholders don’t think they are being included with possible
changes to the company, they can feel betrayed and no longer trust the
company. If this were to happen, it would be very important for our crisis
team to set the record straight as quickly as possible. They can keep track
of it by monitoring what members on the board are saying in interviews, or
other forms of communication such as social media.
4. A robbery at one of the banks.
a. While it may seem far-fetched today, bank robberies are still very possible.
This crisis is hard to predict but important to have a crisis team ready in
case it were to happen. In an event of a robbery, there is a potential of a
person or people coming in with guns and other weapons. This could
quickly turn into a hostage situation and would be all over the local and
national news. While it may seem unlikely, with hundreds of banks across
America alone, it is important to have a plan in case it happens.
5. An economic recession.
a. When an economic recession occurs, interest rates tend to fall because
inflation is lower and banks wish to try and stimulate the economy. Also.
Stock markets usually fall because firms make less profits. This usually
5
occurs because banks have created too much money through loans and the
debts for those loans become unpayable. If this was to occur, more than
likely our company will have had a hand in it and it is crucial to reassure
bank members and stockholders that their money is safe with us.
6
-Statement from Management to Employees- As one of the largest banks in the world, we have to take every threat seriously. In our
database, we have millions of account holder’s identities including their account information and personal information. If our system were to be hacked into, their
identities would be at stake. With new ways to hack into systems being developed
everyday, we need to be prepared in the event that our security is breached. We have employed the best people we can to insure that it doesn’t happen and they are the first
people we’ll call to fix the problem.
It would not be the first time something like this has occurred. Recently, in March of
2016, Bangladesh’s central bank was hacked into through the use of malware installed on
one of their computers. It only took one installation to allow the hackers access into $80 million. At our own company in 2014, we were hacked into. 76 million households’ and 7
million small businesses’ information was not secured. Online crime is very real, and is
taken very seriously at JPMorgan Chase. We value our account holders and their
security. Therefore, in the event that this were to happen, it is crucial that our employees across the world are prepared to deal with the media and public quickly and efficiently.
If this plan is not followed in the event of a crisis not only will there be damage to our company’s reputation but to the trust of our account holders as well. This loss of trust
could result in holders pulling out their accounts and stockholders selling their stocks.
That would be detrimental to our company. It is incredibly imperative to maintain our reputation as a bank that people can trust. We trust that you will all keep up your
outstanding work at our company and will continue to in the event of a cyber attack.
7
-Acknowledgment-
By signing this statement, I verify that I have read this plan and am prepared to put it into effect. Jamie Dimon Chairman and Chief Executive Officer _______________________________ Matthew E. Zames Chief Operating Officer _____________________________________ Marianne Lake Chief Financial Officer _____________________________________ Douglas B. Petno Commercial Banking CEO _____________________________________ Daniel E. Pinto Corporate & Investment Bank CEO _____________________________________ Gordon A. Smith Consumer & Community Banking CEO _____________________________________ Mary Callahan Erdoes Asset Management CEO _____________________________________ Ashley Bacon Chief Risk Officer _____________________________________ John L. Donnelly Head of Human Resources _____________________________________ Stacey Friedman General Counsel _____________________________________
8
-Purpose- In the event of a cyber attack and our database is hacked into, we must take immediate
action to inform our publics of the situation and the measure they need to take. It is
imperative that we remain open and honest about the situation so that our publics will
continue to trust us as a company. Corporate responsibility always has been central to
how we do business, starting with operating with integrity in all we do and extending to
all the ways we help our clients and communities navigate a complex global economy.
It is vital that we openly transfer the information the Federal Reserve and Federal Bureau
of Investigation needs. If we are honest and open, the crisis can be more smoothly
resolved and actions can be taken to insure that our account holders’ identities are safe
and that it won’t happen again.
-Objectives- At JPMorgan Chase, we will make every effort to:
1. Initiate the Crisis Communications Plan within 3 hours.
2. Inform the Federal Reserve and Federal Bureau of Investigation as soon as possible.
3. Inform all of the branch owners and managers within 3 hours of the attack.
4. Inform the media and account holders within 4 hours of the outbreak. 5. Keep the media and all publics regularly informed of the measure being taken to
counterattack the hack.
6. Inform the account holders of how they can help protect their identities. 7. Maintain honestly with the media and all publics.
8. Stop the attack as soon as possible.
9. Distribute our results to the media and all publics. 10. Develop new ways to secure our network and implement changes as soon as
possible.
9
-Key Publics- Local Newspaper Personnel Newspaper Address Phone/Fax When/Frequency The Wall Street Journal
1211 Avenue of the Americas New York, NY 10036
555-555-5555 A.M., Daily
The New York Times
620 Eighth Avenue New York, NY 10018
212-556-3622 A.M., Daily
Daily News 4 New York Plaza New York, NY 10004
212-210-2100 A.M., Daily
New York Post 1211 Avenue of the Americas New York, NY 10036
212-930-8288 A.M., Daily
Newsday 235 Pinelawn Road Melville, NY 11747
631-843-2700 A.M., Daily
Local Newswire Personnel Name Address Editor Phone/Fax Times Wire 620 Eighth Avenue
New York, NY 10018
Andrew Rosenthal 800-591-9233
PR Newswire 350 Hudson Street New York, NY 10014-4504
Jenny Scruggs 800-826-3133
NYCity NewsService
219 W. 40th Street New York, NY 10018
Jere Hester 646-758-7736
10
Local TV Stations Station/Channel Address News Director Phone WABC-TV 149 Columbus
Ave, New York, NY 10023
Camille Edwards 212-456-7777
WNBC-TV 350 5th Ave. New York, NY 10118
Dan Foreman 212-736-5459
NY1-News 75 9th Ave. New York, NY 10011
Steve Paulus 212-691-6397
WNET 825 8th Ave. New York, NY 10019
Scott Davis 212-560-1313
Local News Radio Stations Station/Channel Address News Director Phone Number WINS-AM/1010 WINS
345 Hudson St New York, NY 10014
Ben Mevorach 555-555-5555
WCBS-AM/WCBS Newsradio 880
524 W. 57th St. New York, NY 10019
Rachel Ferguson 212-975-7675
WABC-AM/77 WABC Radio
One Penn Plaza, New York NY 10121
Evelyn del Cerro 212-615-3200
WOR-AM/WOR Radio 710
32 Avenue of the Americas New York, NY 10013
Tom Cuddy 212-377-7900
11
-Crisis Team Directory-
Title Employee Cell Phone
Crisis Comm. Mgr.
Alexandria Hawkey
847-254-6116
Backup Crisis Comm. Mgr.
Joseph M. Evangelisti
555-555-5555
Crisis Control Room Coord.
Andrew Gray
555-555-5555
Spokesperson Alexandria Hawkey
847-254-6116
Media Contact
Jennifer Kim
555-555-5555
Expert Steve O’Halloran
555-555-5555
Legal Advisor
Linda Bammann
555-555-5555
12
-Emergency Personnel- Federal Reserve Bank of New York 33 Liberty St. New York, NY 10045 (212) 720-6130 Federal Investigation Bureau 23rd, 26 Federal Plaza New York , NY 10278 (212) 384-1000 NYPD 1 Police Plaza Path New York, NY 10007 (646) 610-5000
13
-Equipment, Supplies, and Information Needed- The following should be on file in the event of a cyber attack:
1. Biographies of executives
2. Preventative information for account holders
3. Cyber attack fact sheets
4. Fill-in-the-blank news releases
5. Identity protection fact sheets
6. Backup security for the database
7. Glossary of terms
8. Internet Sources
9. Information on the FBI’s investigation
10. Information on the Federal Reserve Bank’s investigation
11. A hotline for account holders to call with their questions
12. Reports of the online security team’s findings
14
-Glossary of Hacking Terms-
Adware: Adware can mean the software that automatically generates advertisements in a
program that is otherwise free, such as an online video game. But in this context it more
commonly means a kind of spyware that tracks your browsing habits covertly to generate
those ads.
Anonymous: A non-hierarchical hacktivist collective, Anonymous uses hacking (and
arguably cracking) techniques to register political protest in campaigns known as “#ops.”
Best known for their distributed denial of services (DDoS) attacks, past activities have
included attacks against the Church of Scientology; Visa, Paypal, and others who
withdrew their services from WikiLeaks’ Julian Assange after that group began releasing
war documents; #OpTunisia and others purporting to support the Arab Spring; and a
campaign that brought down the website of the Westboro Baptist Church. #Ops are
usually marked with the release of a video of a reader in a Guy Fawkes mask using a
computer generated voice. Offshoot groups include AntiSec and LulzSec.
Back door: A back door, or trap door, is a hidden entry to a computing device or software
that bypasses security measures, such as logins and password protections. Some have
alleged that manufacturers have worked with government intelligence to build backdoors
into their products. Malware is often designed to exploit back doors.
Black hat: Black hat hackers are those who engage in hacking for illegal purposes, often
for financial gain, though also for notoriety. Their hacks (and cracks) result in
inconvenience and loss for both the owners of the system they hack and the users.
15
Bot: A program that automates a usually simple action so that it can be done repeatedly
at a much higher rate for a more sustained period than a human operator could do it. Like
most things in the world of hacking, bots are, in themselves, benign and used for a host of
legitimate purposes, like online content delivery. However, they are often used in
conjunction with cracking, and that’s where its public notoriety comes from. Bots can be
used, for instance, to make the content calls that make up denial of service attacks. Bot is
also a term used to refer to the individual hijacked computers that make up a botnet.
Botnet: A botnet is a group of computers controlled without their owners’ knowledge
and used to send spam or make denial of service attacks. Malware is used to hijack the
individual computers, also known as “zombies,” and send directions through them. They
are best known in terms of large spam networks, frequently based in the former Soviet
Union.
Brute force attack: Also known as an exhaustive key search, a brute force attack is an
automated search for every possible password to a system. It is an inefficient method of
hacking compared to others like phishing. It’s used usually when there is no alternative.
The process can be made shorter by focusing the attack on password elements likely to be
used by a specific system.
Clone phishing: Clone phishing is the modification of an existing, legitimate email with a
false link to trick the recipient into providing personal information.
Code: Code is the machine-readable, usually text-based instructions that govern a device
or program. Changing the code can change the behavior of the device or program.
16
Compiler: A compiler is a program that translates high-level language (source code in a
programming language) into executable machine language. Compilers are sometimes
rewritten to create a back door without changing a program’s source code.
Cookie: Cookies are text files sent from your Web browser to a server, usually to
customize information from a website.
Cracking: To break into a secure computer system, frequently to do damage or gain
financially, though sometimes in political protest.
Denial of service attack (DoS): DoS is used against a website or computer network to
make it temporarily unresponsive. This is often achieved by sending so many content
requests to the site that the server overloads. Content requests are the instructions sent,
for instance, from your browser to a website that enables you to see the website in
question. Some have described such attacks as the Internet equivalent of street protests
and some groups, such as Anonymous frequently use it as a protest tool.
Distributed denial of service attack (DDoS): A DoS using a number of separate
machines. This can be accomplished by seeding machines with a Trojan and creating a
botnet or, as is the case with a number of Anonymous attacks, by using the machines of
volunteers.
Doxing: Discovering and publishing the identity of an otherwise anonymous Internet
user by tracing their online publically available accounts, metadata, and documents like
email accounts, as well as by hacking, stalking, and harassing.
Firewall: A system using hardware, software, or both to prevent unauthorized access to a
system or machine.
17
Hacking: Hacking is the creative manipulation of code, distinguished, albeit
amorphously, from programming by focusing on the manipulation of already written code
in the devices or software for which that code was already written. Metaphorically it
extends to social engineering in its manipulation of social code to effect change. Many
prefer to use the term cracking to describe hacking into a machine or program without
permission. Hackers are sometimes divided into white hat, black hat, and gray hat
hackers.
Hacktivist: A hacker whose goals are social or political. Examples range from reporting
online anonymously from a country that attacks free speech to launching a DDoS
campaign against a company whose CEO has issued objectionable statements. Not to be
confused with slacktivism, which refers to push-button activism in which a supporter of a
social or political campaign’s goals does nothing but register their support online, for
instance by “liking” a Facebook page.
Hash: A hash is a number generated by an algorithm from a string of characters in a
message or other string. In a communications system using hashes, the sender of a
message or file can generate a hash, encrypt the hash, and send it with the message. On
decryption, the recipient generates another hash. If the included and the generated hash
are the same, the message or file has almost certainly not been tampered with.
IP: Internet protocol address. It’s the distinctive numeral fingerprint that each device
carries that’s connected to a network using Internet Protocol. If you have a device’s IP
you can often identify the person using it, track its activity, and discover its location.
18
IRC: Internet relay chat is a protocol used by both groups and for one-on-one
conversations. Often utilized by hackers to communicate or share files. Because they are
usually unencrypted, hackers sometimes use packet sniffers to steal personal information
from them.
Keystroke logging: Keystroke logging is the tracking of which keys are pressed on a
computer (and which touchscreen points are used). It is, simply, the map of a
computer/human interface. It is used by gray and black hat hackers to record login IDs
and passwords. Keyloggers are usually secreted onto a device using a Trojan delivered by
a phishing email.
Logic bomb: A virus secreted into a system that triggers a malicious action when certain
conditions are met. The most common version is the time bomb.
Malware: A software program designed to hijack, damage, or steal information from a
device or system. Examples include spyware, adware, rootkits, viruses, keyloggers, and
many more. The software can be delivered in a number of ways, from decoy websites and
spam to USB drives.
Master: The computer in a botnet that controls, but is not controlled by, all the other
devices in the network. It’s also the computer to which all other devices report, sending
information, such as credit card numbers, to be processed. Control by the master of the
bots is usually via IRC.
Payload: The cargo of a data transmission is called the payload. In black hat hacking, it
refers to the part of the virus that accomplishes the action, such as destroying data,
harvesting information, or hijacking the computer.
19
Rootkit: A rootkit is a set of software programs used to gain administrator-level access to
a system and set up malware, while simultaneously camouflaging the takeover.
Spam: Unwanted and unsolicited email and other electronic messages that attempt to
convince the receiver to either purchase a product or service, or use that prospect to
defraud the recipient. The largest and most profitable spamming organizations often use
botnets to increase the amount of spam they send (and therefore the amount of money
they make).
Spyware: Spyware is a type of malware that is programmed to hide on a target computer
or server and send back information to the master server, including login and password
information, bank account information, and credit card numbers.
Time bomb: A virus whose payload is deployed at or after a certain time.
Trojan horse: A Trojan is a type of malware that masquerades as a desirable piece of
software. Under this camouflage, it delivers its payload and usually installs a back door in
the infected machine.
Virus: Self-replicating malware that injects copies of itself in the infected machine. A virus
can destroy a hard drive, steal information, log keystrokes, and many other malicious
activities.
Vulnerability: A weak spot hackers can exploit to gain access to a machine.
White hat: An ethical hacker who uses his skills in the service of social good. The term
may also be applied to a hacker who helps a company or organization, or users in general,
by exposing vulnerabilities before black hat hackers do.
20
Worm: Self-replicating, standalone malware. As a standalone it does not report back to a
master, and unlike a virus it does not need to attach itself to an existing program. It often
does no more than damage or ruin the computers it is transmitted to. But it’s sometimes
equipped with a payload, usually one that installs back doors on infected machine to make
a botnet.
21
-Fill in the Blanks News Release-
For Immediate Release
Date____________
JP Morgan Chase Working to Stop Cyber Attack on Online Database
It was discovered at JPMorgan Chase that an online hacker has hacked into our database containing the identities of our account holders. No personal information has been retrieved. As of right now, our online security team is working to secure our account holders’ identities and remove the hacker. “We take these threats to security very seriously. We value our account holders and their safety as our top priority. We are working to stop the cyber attack and prevent any damages as soon as quickly and efficiently as possible.” JPMorgan Chase CEO, Jamie Dimon said. JPMorgan and Chase has contacted local authorities, the Federal Reserve, and the FBI to assist in investigations. While their security is up to date, talented hackers develop numerous new ways to hack into systems frequently. It is unclear as to who is responsible or how they attacked. We appreciate each one of our account holders and we understand that this can be a very confusing and scary situation. We are providing hotlines with experts on the line at (xxx) xxx-xxxx to answer any and all questions and concerns. We will be releasing information as it comes through.
22
-Key Messages-
In the event of a cyber attack where our database is hacked into, our account holders are
our top priority. It is their information that is at risk, that they trusted us to protect. It is
important to our account holders that they know that we consider them our top priority
and that we are doing everything we can to protect their identity.
The following key messages should be communicated in this order:
1. We value our account holders and are doing everything we can to ensure the
safety of their identities.
2. At this time, only the security has been breached and we are doing everything we
can to remove the hacker and secure our database.
3. Please do not be alarmed, cyber attacks happen frequently to large companies and
we have our best team on it.
4. At this time, we do not know who has hacked into the system or why but we will
continue to provide updates as they come in.
5. We are in contact with the FBI and Federal Reserve.