Episode 10

The Art of IT Communication in the Digital Age: Insights from Nathaniel Morris

Welcome to another stimulating cup of Digital Coffee: Marketing Brew. We've got a special blend steaming with insights on the critical intersection of IT and business communication. Joining us is Nathaniel Morris, an aficionado of IT leadership with over 20 years of bridging the gap between technology and business strategy.

In this episode, we'll dive deep into the art of cybersecurity hygiene and tackle the pervasive issue of technical debt. Nathaniel will shed light on how nurturing relationships and fostering collaboration can enhance our understanding of IT's role in the modern business landscape. He'll share practical tips on how IT professionals can effectively communicate complex technical information to management and peers, and why developing a shared vocabulary is fundamental in this process.

We'll also unpack the importance of crisis communication within the IT sphere, as Nathaniel and I discuss the nuances of managing the fallout of cyberattacks. From the initial steps of managing confusion to the long-term strategies of establishing trust and confidence in your IT department, this episode is a masterclass in IT communication that you won't want to miss.

3 Fun Facts

1. Nathaniel Morris is a tea drinker despite the podcast's name suggesting a coffee theme.

2. Nathaniel Morris has a substantial dual expertise in both technology and business, with around 20 years of experience navigating the two fields.

3. Brett Deister shared a personal anecdote about his negative experience with LastPass where he faced security issues, including unauthorized Amazon purchases and his account being blocked.

Timestamps:

00:00 Communication between business and tech is crucial.

04:05 IT jargon can disconnect and hinder communication.

07:39 Encourage communication through newsletters and videos.

10:21 Understand people, write from their perspective effectively.

13:29 Prepare and designate a communication leader beforehand.

18:39 Company awareness of cyber attacks' impact timeline.

20:39 Fatal flaws: Suppression and guessing lead to trouble.

26:37 Internal communication tools aid in information sharing.

29:03 Improve, build relationships, collaborate, educate, become a coach.

30:51 Gratitude for listening and future communication tips.

💬 Want to get involved? Leave us a comment, give us a 'like,' and follow us for more insights. Join our Locals for lively discussions, and if you've got questions, email us at bdeister@digitalcafe.media!

👕 Check out our mech: www.digitalcafe.store


🌟 Review the Podcast if you loved this episode and share it with fellow marketers who could benefit from a treasure trove of podcasting wisdom. Tune in to "Digital Coffee: Marketing Brew" and let's brew up some success together!

Transcript
Brett Deister:

Mm, that's good.

2

:

And welcome to new episode of

Digital Coffee Marketing Brew.

3

:

I'm your host, Brett Deister.

4

:

As always, please subscribe to

the podcast through YouTube.

5

:

Through Rumble and also through your

favorite podcasting apps as well.

6

:

It really does help with this show.

7

:

But this week we're gonna be talking about

IT management and communicating between

8

:

both of those, which PR pros need to know

and other professionals need to know.

9

:

'cause we always need to know.

10

:

How to communicate better

with people with me.

11

:

I have Nathaniel with me,

and he is an expert in this.

12

:

He's an expert in ways of

communicating from it to management.

13

:

And this is specifically what we were

talking about, like I said before.

14

:

So welcome to the show, Nathaniel.

15

:

Thanks.

16

:

Nathaniel Morris: Enjoy being here and

looking forward to the conversation.

17

:

Brett Deister: Brett?

18

:

Yes, and the first question

is, all my guests is, are

19

:

you a coffee or tea drinker?

20

:

Oh,

21

:

Nathaniel Morris: I'm gonna go with tea.

22

:

I'm in that 50%.

23

:

Who's gonna be on the tea side?

24

:

I.

25

:

Brett Deister: Uh, do you

have any like specifics?

26

:

Do you have like green tea, black

tea, like any specific teas that you

27

:

Nathaniel Morris: enjoy?

28

:

Primarily black tea and I

preferred iced actually.

29

:

So classic iced tea works beautifully.

30

:

It's okay if you put a little

fruit in it here and there.

31

:

You know, peach or mangoes.

32

:

Delicious.

33

:

But classic black tea,

34

:

Brett Deister: is it just like

regular tea or is it like sweet tea?

35

:

'cause I know down like south they

love, they're like sweet, sweet tea.

36

:

Nathaniel Morris: Well, syrup with a

little tea is a little much for me.

37

:

I don't mind a little sweetener in

it, but we're not gonna go probably

38

:

have the South Georgia sweet Tea.

39

:

That's a little much for the taste.

40

:

Brett Deister: That's fair.

41

:

And I gave a brief introduction

to you, but can you sum, summarize

42

:

your expertise with our listeners?

43

:

Nathaniel Morris: Absolutely.

44

:

So my expertise is in working between

technology and business and leadership.

45

:

I've spent about 20 years in the

technical trenches and working with

46

:

executives leading IT organizations,

and I specialize in helping all parts

47

:

of the business work better with it,

and it work better with the business.

48

:

All

49

:

Brett Deister: right.

50

:

And so what are some of the problems with

communicating between it and management?

51

:

I mean, we all, we all kinda have this

like idea that it are like the nerds,

52

:

they don't know how to do much, and then

the management is kind of like the, like

53

:

the, I guess the cool people in a way.

54

:

But you, you know, like the common

stereotype is like they just don't know

55

:

how to communicate, but how, what are

the real common problems with that?

56

:

Nathaniel Morris: Yeah, I, I think one

of the biggest problems that I see over

57

:

and over again is the disconnect between

looking at them as two different silos,

58

:

and it's okay to have boundaries between

IT and business, so that's appropriate.

59

:

But if they're full silos and they're

operating independently, then what

60

:

you get is it feels like you're.

61

:

Local drive-through where some business

owner drives up and says, I need this

62

:

and I expect it at the next window.

63

:

And that can work, but it's not nearly as

beneficial to the business owner as being

64

:

able to say, okay, here's the problem that

I'm currently experiencing in my business.

65

:

Here's what I'm trying to accomplish

and what's my best way of getting there.

66

:

And so that's really about.

67

:

The communication between creating

a shared understanding where the

68

:

business and tech are able to sit down

together and let's look at the problem

69

:

and come to a collaborative solution.

70

:

If either side, and I've seen it from

both, it says business doesn't know

71

:

what they need, I'm gonna do it my way.

72

:

Or if business says, I just want

exactly this checkbox, well that may

73

:

not be the most efficient option.

74

:

So we work collaboratively, we're gonna

get a lot more results for the business.

75

:

Gotcha.

76

:

Brett Deister: And is it because.

77

:

There's a lot of like foreign, or

people think it's like foreign for it.

78

:

Like it's this like mysterious thing

that just happens in the background and

79

:

that's why management doesn't really

understand it very well is because

80

:

that it may use a lot of jargon.

81

:

Is that kind of the mis, the like the.

82

:

Miscommunication that comes about it.

83

:

Yeah, that can

84

:

Nathaniel Morris: happen a a whole lot

when, when you get an IT individual

85

:

in the room and they start using

their language and talking about

86

:

their specifics of acronyms, and

every industry has their acronyms.

87

:

Technology and finance seem to have

a monopoly on acronym acronyms.

88

:

But when you start getting the

lingo thrown around, then the

89

:

business feels disconnected.

90

:

They may feel talked down to, and it's.

91

:

Really begins to become a challenge and

the business just says, I'm done dealing

92

:

with them because it, it's too technical.

93

:

I don't understand it.

94

:

I don't wanna look ignorant.

95

:

And so by changing the conversation

and putting the business owner or the

96

:

manager in a position of strength to

say, tell me about the business problem.

97

:

And even if a business owner is

saying, Hey, I've gotta talk to it.

98

:

They don't really, you know, these

aren't productive conversations.

99

:

I really challenge a business

owner to walk in and say.

100

:

I'm not gonna ask for a specific solution.

101

:

I'm gonna tell you my business problem.

102

:

And I'm gonna ask you how you would

best help me because if you can start

103

:

the conversation in the business

context, everyone begins to get into

104

:

a better frame of mind towards the

end goal, which is, it's not about an

105

:

upgrade, it's not about new laptops.

106

:

It's not like it is about

what's my business problem?

107

:

'cause I can hand you a new

software, a new solution, I can

108

:

implement it and I did my job.

109

:

But if I build a bridge to nowhere.

110

:

Then it doesn't help anybody.

111

:

Right?

112

:

So if I'm a bridge builder, I, I've

gotta make sure I know where you want

113

:

to go from and where you wanna go to.

114

:

Same

115

:

Brett Deister: thing with tech.

116

:

Gotcha.

117

:

And then, I mean, should, let's

say the IT person's working within

118

:

a company, should they ask for

PR pros to help them with that?

119

:

Because a lot of times PR pros understand

like the communication aspect of it.

120

:

It's like, Hey, look it.

121

:

I don't feel like my

message is getting crossed.

122

:

Can you help me?

123

:

Would that help with 'em quite a bit?

124

:

Because I feel like if you

collaborate with other teams, they'll

125

:

understand and then that will help

with the management understanding.

126

:

Is that a good way of going about it?

127

:

Nathaniel Morris: Yeah, absolutely.

128

:

Anywhere that you can get the

context of the business and you

129

:

know, one of the things that.

130

:

Is also an opportunity is in, in the event

that your business has a retail storefront

131

:

or has a place where you engage with

customers or you have some kind of, even

132

:

if it's a digital storefront and it's a

website, spending time to deliberately

133

:

build that relationship and say, Hey, let

me show you what we're trying to do here.

134

:

Let show what we're trying to

accomplish is very helpful.

135

:

And you know, I've seen marketing leaders

who succeed by even sitting down and

136

:

saying, Hey look, I'm spending a million

dollars on this advertising campaign.

137

:

Here's what I'm after, right?

138

:

So this is why this matters

to our business, and this is

139

:

what I'm trying to accomplish.

140

:

That adds a lot of context

because it shows trust.

141

:

And when you exhibit that vulnerability

of saying, here's what I'm trying to

142

:

do, here's what my goals are, and I'm

asking for your help, then you begin

143

:

to establish those relationships where

it may actually say, Hey, we can do

144

:

X, Y, and Z to make it better for you.

145

:

But we didn't even know

what you were trying to do.

146

:

Brett Deister: Gotcha.

147

:

And then.

148

:

What are some ways to be,

uh, to be effective at this?

149

:

Would it be like doing like a, a

newsletter for management saying

150

:

like, this is what we've done.

151

:

Would it be like, like doing like a

simple email with just bullet points?

152

:

Because everybody's busy and

everybody doesn't wanna read

153

:

like paragraphs upon paragraphs.

154

:

So it should be like, we've changed this.

155

:

This is how to do something.

156

:

Maybe relying on somebody to

do a video for a new feature.

157

:

Would doing like extra content

help with that side of it?

158

:

Because I feel like.

159

:

You can come out with great features, but

if nobody knows how to use it or even know

160

:

about it, then there's not really a point.

161

:

Nathaniel Morris: Well, there's,

there's a couple different

162

:

tactics that I like to see used.

163

:

One is absolutely communication

and an an email can be helpful,

164

:

but to your point, it can get lost.

165

:

I, I really encourage if an IT team can

work with a PR team or marketing team

166

:

to say, Hey, we'd love to do a technical

newsletter, or if there's a company

167

:

newsletter, we'd love to have a couple

of pages in it to show what we're doing.

168

:

And.

169

:

Maybe it's some tips, maybe it's

some tricks about things and how

170

:

to better use and really build

that rapport and that liaison.

171

:

It's not about saying, Hey, we have

this many servers, or Our uptime is X.

172

:

It's about.

173

:

Being clear from a business

perspective about business impact.

174

:

So that's one newsletter.

175

:

I've also worked with teams and

encouraged, and we've done a quarterly

176

:

or annual video where the technical

leadership team, the head of support,

177

:

works with marketing and says, Hey, I

wanna talk about the most common issues we

178

:

see coming into our support organization,

and I wanna talk about how to fix 'em.

179

:

And maybe there's, you know, here's

the resources where you can go

180

:

fix it yourself without having to.

181

:

Waste time, you know, getting on

the phone with it and let me, let me

182

:

help you learn where your tools are.

183

:

So that's been very beneficial at times.

184

:

I've also seen, and I think this could

be extremely powerful as well, is when

185

:

you start getting into an organization

where you wanna communicate and

186

:

share some of this information out.

187

:

It getting out in front of developing

relationships with the field and getting

188

:

to the point where you get sort of

evangelists that you can work with

189

:

and power users and you bring them in.

190

:

So for example, we're, you might

say, Hey, I, I'm a part of a retail

191

:

organization, we have 500 storefronts.

192

:

Maybe you need to find somebody in each

region and bring them to headquarters.

193

:

Show them the beta, show

them where you're going.

194

:

People who will be excited, who

are early adopters, who are always

195

:

kind of pushing the envelope.

196

:

Maybe they're the people you're

constantly dealing with, they're

197

:

breaking the system because they're

always trying to get an edge.

198

:

Embrace that, right?

199

:

Get those early adopters in there and

say, Hey, this is what we're doing.

200

:

And then let them go back into their roles

and be an evangelist for what's happening.

201

:

And I think that's

really, really powerful.

202

:

More so even than just

broadcast communication.

203

:

Brett Deister: And then, I mean, when

talking about management should is the

204

:

basic thing, just understanding who you're

talking to, because I feel like if you

205

:

do the right message to the right person,

so it's basically solving a problem with

206

:

your communication, you're like, okay,

what do they need to know the most?

207

:

So you could write that

email and will actually be.

208

:

A targeted email to them.

209

:

So how can they go about

actually doing that?

210

:

Should they like talk to their bosses?

211

:

Should they figure that out?

212

:

How do they go about figuring that out?

213

:

Because it takes time

to understand people.

214

:

Nathaniel Morris: It does take

time to understand people.

215

:

But I will say there's two shortcuts that

I've seen that are very, very helpful.

216

:

One is right to content.

217

:

Content that needs to be communicated

from your lens first, right?

218

:

Because that's where you're gonna

get all of the facts on the table.

219

:

But then.

220

:

Sit down and, and look at it from the end.

221

:

Consumer's conte or context.

222

:

So if you're sending a note to finance

as a management, or if you're sending

223

:

a note to the sales management, or

vice versa, they're sending it to it.

224

:

Look at it from their context and

put what you're trying to communicate

225

:

in their context and at their depth.

226

:

If you're sending it to an accountant

who is in the weeds of the, you know,

227

:

details and you're saying, here's what's

happening with the new finance system,

228

:

or Here's what we're doing with ERP, you

need to be very detailed because that

229

:

individual's in a very detailed role.

230

:

But if I'm sending it to the director of

accounting, or if I'm sending it to a CFO.

231

:

The depth needs to be reduced because

that individual is not in the weeds.

232

:

And so context and depth are your

two shortcuts where you can put

233

:

your communication through that

filter and then you can really

234

:

resonate because that person is

able to digest it in their context.

235

:

And at the appropriate

236

:

Brett Deister: depth and showing it

to somebody else might actually help

237

:

too within the company if you're

working for a company, because

238

:

sometimes they'll see something else.

239

:

Because when you're in the weeds and you

write it, you're gonna be in the weeds

240

:

and you're gonna way too technical.

241

:

So you may need that extra person to get

outside of it and be like, okay, this

242

:

is what I really need to know because

I don't know all this technical stuff

243

:

and this is getting too muddled for me.

244

:

Nathaniel Morris: Yeah, and it's

very helpful when you can do that.

245

:

Someone else looking at it is

across different areas, right?

246

:

So you're reaching into a different

area to say, Hey, I want your opinion

247

:

before I send it to the next tier

up, or I, before I send it down

248

:

into the lower tier it, it may be.

249

:

So back getting that shared

context and, and sharing it out.

250

:

I used to send the emails a

lot of times in communications.

251

:

I'd just preface it.

252

:

I'd say, here's the subject

line I'm intending to do.

253

:

I'd put the word draft in

front of that subject line.

254

:

Have the full email, have the full

document, send it to somebody and

255

:

say, Hey, I need some feedback.

256

:

That creates buy-in and it'll help you

avoid mistakes as well as the fact of

257

:

they're gonna be an evangelist for it.

258

:

Because what's gonna happen, you're gonna

send it to your targeted recipient and

259

:

they're gonna go talk to their team,

or they're gonna talk to their boss.

260

:

If you've already gotten their feedback,

they're familiar with the communication.

261

:

Brett Deister: Gotcha.

262

:

And then moving to cyber attacks.

263

:

'cause unfortunately it's not, if it will

happen, it's now when it will happen.

264

:

So how can it pros like.

265

:

Communicate the beginnings of it.

266

:

I know cyber attacks are long processes.

267

:

You gotta figure out how they got into it.

268

:

So how can they do the

preliminary like message to their

269

:

bosses about what's going on?

270

:

Because it feels like a lot of times

when it does happen, the management

271

:

kind of knows what's going on, but

then doesn't really know, and then it

272

:

really just confuses users, especially

if you're a B2B or B2C type company.

273

:

It's like, wait, so it's worse

than what I thought it was.

274

:

Nathaniel Morris: The, when it comes to

cyber, one of the most important things

275

:

is doing a table talk, the exercise, and a

lot of times technical teams will do this

276

:

from a technical perspective, but I work

with a lot of teams and say, all right,

277

:

who's your communication individual?

278

:

Who's the individual who is doing nothing

but managing the communication out?

279

:

Because the team itself is

gonna be so involved in a

280

:

response and how do we stop it?

281

:

How do we fix it?

282

:

Those type of things.

283

:

And there's a leader over that project.

284

:

Well.

285

:

You want someone designated as a role.

286

:

It doesn't have to be an named

individual, but you need to say in

287

:

the role, this individual is the

communicator, and so we're going to work

288

:

with them and here's the expectations.

289

:

They're gonna communicate with leadership.

290

:

They're gonna communicate

with customer, key, customer

291

:

accounts, whatever it may be, and.

292

:

Pre-Building that workflow and going

through some of those exercises is really

293

:

important because what I've seen teams

do, and I think it's really important, is

294

:

pre-built distribution lists so that you

know everybody is appropriately on it.

295

:

Pre-built some existing templates, you

know, that says, okay, we know we have

296

:

to notify these people contractually.

297

:

We know that we've got

to do these things, so.

298

:

Have some of that work pre-done to where

you're not trying to invent it on the fly

299

:

because it's really hard under stress.

300

:

Right.

301

:

When you know, there's a continuum that

I use and it talks about the fact that

302

:

the more chaotic an environment, the more

structured your response needs to be.

303

:

Military conflict is the

easiest example, right?

304

:

Military is trained to be extremely

structured in their operations

305

:

and what they do because they're

operating in a chaotic environment.

306

:

So a cyber attack is a ca chaotic

environment and you need to be

307

:

very structured and have as much

as you can pre-planned so that

308

:

that communication goes out.

309

:

And you know, one of the easiest things

there is to develop a shared vocabulary.

310

:

And there's very simple frameworks for

some of this out there, but you know, what

311

:

does it mean to say we're under attack?

312

:

Does that mean our data's been stolen?

313

:

Does that mean that somebody's in our

system, but we have 'em contained?

314

:

Does that mean that we have a

ransomware and data's encrypted

315

:

and now we're talking about a ran?

316

:

Like we need to have clear lines because

we can't have five different people say.

317

:

Attack and mean five different things.

318

:

So it needs to be a really simple,

and sometimes the easiest way

319

:

to do this is with a, a scale.

320

:

You know, the military uses a DEFCON

system, for example, develop a, a

321

:

scale that says, Hey, we're at a

level 1, 2, 3, 4 response and this

322

:

is what it means and here's who

needs to be involved at this level.

323

:

And I think those are your, by

pre-planning, those, you'll get a lot

324

:

better from a communication perspective

as it goes internally to employees.

325

:

Brett Deister: Gotcha.

326

:

So I mean, as a PR pro we have

something called a crisis plan.

327

:

So we basically write everything that may

happen to a business, and it's usually

328

:

the top three crises that may happen.

329

:

So.

330

:

In that case, it's almost like

you should pull aside the PR pro

331

:

even, uh, if it's already written,

just have a pre-described thing.

332

:

But you pull aside the PR pro and be like,

Hey, look at this is what's going on.

333

:

And kind of clue them in so they can

write to whoever their point person

334

:

is to actually talk to the media.

335

:

Is that kind like what I'm

336

:

Nathaniel Morris: hearing?

337

:

Exactly.

338

:

Uh, talk to media, talk

to key individuals.

339

:

In this case you may have government

contacts you need to make.

340

:

There may be, you know, contractual

contracts you need to make.

341

:

So absolutely.

342

:

Brett Deister: You said sliding scale.

343

:

So for PR pros, it's like

an issue to a crisis level.

344

:

One would be like an issue.

345

:

It, it may be annoyance, but

it will eventually go away.

346

:

And the crisis is like, this will

stay in the news for like several

347

:

months or to a year or whatever.

348

:

So I.

349

:

In that way, I think for IT pros, they

probably should just pull them in and

350

:

like come together, figure out a crisis

plan for cyber tech, that that helps

351

:

with the IT people, but also helps with

the management because those are the two

352

:

you're gonna have to worry about the most

and then has a little bit of a message

353

:

for regular employees to say like, please

don't say too much about what's going on.

354

:

This is your Canon response.

355

:

And then, and basically show them

to the point person for that.

356

:

Nathaniel Morris: Absolutely.

357

:

You wanna make sure that you

have the message understood.

358

:

You wanna have it pre-built as much as you

can to your point, you know, if something

359

:

leaks out from a PR perspective, you wanna

know what level are we talking about?

360

:

And even how you

communicate that out, right?

361

:

I mean, you are gonna see,

did we lose some passwords?

362

:

Did we lose a hundred customer records?

363

:

Did we lose 10 million

customer records, like.

364

:

Do we lose employee records?

365

:

You wanna be able to put context on

it pretty fast because cyber is a

366

:

trigger word and it's a headline word,

if you wanna think of it that way.

367

:

And so you wanna put context around it

pretty fast to understand the scope.

368

:

And realistically, how

369

:

Brett Deister: long does it

figure out what, how much damage

370

:

the attack actually took place?

371

:

Does it take months?

372

:

Does it take years to figure that out?

373

:

Because I know all of 'em are

sophisticated and they can,

374

:

and it's all different things.

375

:

But how realistically,

how long should this.

376

:

Crisis communication.

377

:

Go on from an IT perspective.

378

:

Nathaniel Morris: So from point

of awareness, because a lot of

379

:

times attacks are happening and

companies aren't aware, right?

380

:

So from point of awareness, you're

gonna talk about the fact that.

381

:

It depends on how big the scope of it

is, but it could go on from a matter of,

382

:

let's say a week or two to the fact that

this could, as far as communication going

383

:

out to, it could l linger on for months.

384

:

It, it really, you know,

there's the initial.

385

:

Sort of wave of something happened.

386

:

And usually that's met with a round of,

we're involving forensic teams, you know,

387

:

and you're trying to exude confidence

because most companies are gonna say,

388

:

we brought, we're bringing in forensics.

389

:

Here's what's gonna happen.

390

:

For customers who've had

data compromised and.

391

:

Here's their opportunity for credit

monitoring and all those type of things.

392

:

So you're gonna have that initial

wave, and then the forensics are

393

:

gonna come around and say, here's

the results of what we found.

394

:

And that really could

come in a few weeks later.

395

:

It could come in months later.

396

:

And if it's.

397

:

Not as bad as we thought it was

upfront, then it's less of a story.

398

:

But if it turns around and says it

was 5,000 records and now it's 5

399

:

million, well then the second wave

is worse than the first, right?

400

:

So there is some amount of, once you get

that notification cycle going, and from

401

:

a PR perspective, then you're also gonna

wanna know, what's my regular update?

402

:

How am I getting communication

back and forth on this incident?

403

:

Because if it's not closed.

404

:

Then you're gonna have some amount

of, where's the forensic team at?

405

:

What are we gonna get an update?

406

:

That type of thing that's

gonna continue to be out

407

:

Brett Deister: there.

408

:

Gotcha.

409

:

And is there something just not to do

during a cyber attack when it happens?

410

:

Because we talked a little bit about

it, about keywords, but is there any

411

:

other thing that's like, do not do this.

412

:

This will hurt you so bad.

413

:

Let's not be an Experian that had a

cyber attack and kind of like, or even

414

:

LastPass is, I think the most recent one.

415

:

Like learn from their mistakes.

416

:

What should not happen?

417

:

Nathaniel Morris: The, there's two fatal

flaws that I see that happen oftentimes.

418

:

One is trying to suppress it, right?

419

:

Because it will get out and it will

look worse if you're trying to say

420

:

nothing happened and it really did.

421

:

And then the other thing

is guessing, right?

422

:

So the, these are.

423

:

Two dynamic of environments for us

to say, oh, we know it's contained.

424

:

Right?

425

:

I wouldn't, I wouldn't be absolute

on those type of things until

426

:

you can truly have forensics look

through it and get some answers.

427

:

But especially in that initial.

428

:

Kind of conversation going,

oh, it's not a big deal.

429

:

It's not a, an issue.

430

:

You're, you're guessing, right,

or you're suppressing, those

431

:

two will ultimately burn you.

432

:

And the, you're, you've

mentioned a couple of headlines.

433

:

There are others I can name as well that.

434

:

That's exactly what happened.

435

:

It tried to be suppressed or

people tried to guess and say, you

436

:

know, it's, it's only this, and

then that's where it backfires.

437

:

Brett Deister: Yeah.

438

:

Specifically because if, like for example,

for me, I was a LastPass user and I've

439

:

had a terrible time the last few months

just trying to secure my own passwords and

440

:

that gave me a headache because someone

ordered something through Amazon, someone

441

:

blocked or banned me from an account

and I was just like, what is going on?

442

:

So.

443

:

Specifically for B2C, 'cause

the last pass was mostly B2C.

444

:

Their problem was, well,

what wasn't that bad?

445

:

So I, I feel like the messaging

for the beginning should be our

446

:

preliminary results show this,

but we don't know how much is yet.

447

:

Nathaniel Morris: Yeah, absolutely.

448

:

I think it's definitely about saying,

here's what we do know, but that

449

:

doesn't mean that's everything.

450

:

So preliminary results,

here's our findings so far.

451

:

Phrasing like that, communicating

like that, and then.

452

:

Some amount of confidence

around we have the right people.

453

:

So whether it's you've engaged the

external firms that are authorities,

454

:

whether it is a situation where it's large

enough, you're bringing in government

455

:

investigators, that type of thing.

456

:

I, I do believe it's important that you

share some of that information upfront

457

:

so that there is a confidence that we've,

we've got the right individuals on it.

458

:

I mean, if you have, for example, a

public transit issue or if there's a

459

:

plane crash, everybody says, okay, the

government investigators are coming in.

460

:

Great.

461

:

Now we understand.

462

:

Same thing in these, right?

463

:

Sharing who's, who you're bringing

in and what's happening adds some

464

:

amount of confidence because it,

it's an immediate fear, right?

465

:

I'll also say one of the important

things to work from a technical

466

:

perspective and PR perspective is

understanding what has been lost.

467

:

So.

468

:

Are we talking about, Hey, you know,

there's a possibility you need to

469

:

change passwords because maybe somebody

got access or could gain access.

470

:

Once you change password, we're,

you know, you, you solve it.

471

:

That's different than saying, Hey,

I'm sorry, your name, birthdate,

472

:

social security number, et

cetera, is all out in the wind.

473

:

So really understanding what information

is also part of some of your escalation

474

:

and some of your communication internally,

so that we're really clear on breach.

475

:

What does it mean, you know,

that that goes back to your

476

:

scale as what data's impacted.

477

:

Brett Deister: So, I mean, it

feels like from me, from LastPass,

478

:

like it took me forever to get,

like to secure my own things.

479

:

I had to move over to another program.

480

:

'cause I was like, I'm not

dealing with this anymore.

481

:

So I feel like a lot of times.

482

:

They don't, they, they say things, but

it's not like our preliminary results

483

:

should, should, should it be like our

preliminary results is this, but we don't

484

:

know the ex, the extent of the damage yet.

485

:

Nathaniel Morris: Absolutely.

486

:

One of the best practices I've seen is

from a technical leadership perspective,

487

:

establishing an annual calendar.

488

:

So for example, I would set up quarterly

meetings with some of these key teams

489

:

and say, these meetings are on the

calendar, they're already booked.

490

:

And then we would have, all

of our leadership knew they

491

:

were there and we didn't.

492

:

I mean, we would book these for

October at the beginning of the year

493

:

in January, and we would just go ahead

and put 'em on the calendar and then.

494

:

You didn't wind up with issues coming in.

495

:

We would have agendas, topics we

wanted to make sure we covered.

496

:

Let's talk about the latest

security, let's talk about this.

497

:

Let's revisit, you know, this

practice maybe we're having

498

:

sometimes at the tabletop.

499

:

And we would build that plan ahead and

that allows you now to walk through

500

:

the year and you know, you're not just

gonna look up and it's been nine months

501

:

since you've had the conversation.

502

:

Brett Deister: How?

503

:

How do it pros maintain

regardless of issues or crises?

504

:

Just in general, how do they maintain

that good communication level?

505

:

Let's say you already started it and

it's been going really great, but the

506

:

maintaining part I always feel like is

the hardest part because you could have a

507

:

great start and then all of a sudden crash

and burn because you get lazy or whatever

508

:

happens or work gets like crazy amount.

509

:

I mean, it could be anything, but

how do you maintain that good?

510

:

Communication with management and

maybe your PR team at the same time.

511

:

Nathaniel Morris: Yeah, slack is a great

communication tool, especially if you

512

:

have some dedicated channels for some

of those type of things, for example.

513

:

But I also feel like there's a good bit

of either over Zoom or face-to-face.

514

:

There's a good bit of

conversation that needs to happen.

515

:

So tactical updates through Slack,

strategic conversations of here's

516

:

what we're currently seeing,

here's our current threat profile,

517

:

here's what's new happening.

518

:

Or hey, you know, this is the follow up

from something that happened a year ago.

519

:

Those type of things ought to be a little

more structured perhaps so that there's

520

:

time for question and really digesting.

521

:

But you're right, it does.

522

:

It's not a weekly thing.

523

:

We're talking a monthly or a

quarterly cadence typically.

524

:

Brett Deister: Gotcha.

525

:

And should you use any like of the

communication platforms and maybe

526

:

like Slack or anything like that to do

like maybe monthly check-ins instead?

527

:

Because I don't feel like you need to

like meet everybody every week because

528

:

that would just be, you get no work done.

529

:

Nathaniel Morris: Yeah, absolutely.

530

:

So there's a lot of great tools out

there, and particularly when you're

531

:

talking internal communication,

whether a company's using SharePoint

532

:

or Slack or something like that

where they can communicate and have

533

:

a hub for that type of information.

534

:

There should be a set of questions on,

you know, common issues from a technical

535

:

perspective, common cyber issues.

536

:

There also should really be, and

this is important as well, there

537

:

should be a venue to report things.

538

:

So for example, there was a great article

I just came across on some of the work

539

:

that Target had done with some of their

looking for skimmers in their stores.

540

:

And so ideas can come from anywhere

and being able to say, Hey, you see

541

:

something, there's something off.

542

:

Or maybe it's a phishing link.

543

:

Continuing to create that

communication flow inbound.

544

:

So not just FAQs, but hey, I

saw something is also an an

545

:

important communication vehicle.

546

:

Mm-Hmm.

547

:

Brett Deister: And I mean, what's gonna.

548

:

Let's say a IT person is like new

to this or they're going into a

549

:

new company and they're trying to

establish that communication line.

550

:

Like what are some of the steps

to actually start to do that?

551

:

Because it's a process, obviously, but

there are some steps to start to do that.

552

:

Nathaniel Morris: Yeah, absolutely.

553

:

The the first step, I always, especially

if you're walking in new to an

554

:

organization as an IT professional, it

all starts with learning the business

555

:

because everything is gonna centrally

focus around that business and.

556

:

That comes down to what's

the business model?

557

:

So how do we make money?

558

:

How do we spend money?

559

:

And then the other conversation is

we're the most valuable components.

560

:

So maybe we're a healthcare company,

so we've got patient records, or maybe

561

:

we're a payment company, so we got

credit card records, whatever it may be.

562

:

I.

563

:

We wanna make sure we understand

where our sensitive things are.

564

:

Maybe we're, we're manufacturing

and our recipes or our intellectual

565

:

property is super important, whatever

that might be, we need to make sure

566

:

we understand that that's first.

567

:

So I don't recommend you go in

as a new IT person and say, I'm

568

:

gonna make a bunch of changes.

569

:

I'm gonna have all these

meetings and tell 'em what to do.

570

:

Like first you gotta learn the business.

571

:

Once you have that context, then

you can speak in that context

572

:

and start going down the path.

573

:

What I like to do is to say where we at?

574

:

So what's our current baseline?

575

:

Where are we?

576

:

Where are we sitting?

577

:

And what are the simple things

that make the biggest impact?

578

:

So it's just, it's a

cost benefit analysis.

579

:

It says, Hey, these changes are

gonna take me a lot of work and

580

:

they're gonna make us some better.

581

:

These changes are gonna

take me a little work.

582

:

They're gonna make me a lot better.

583

:

So structure those and

start tackling those first.

584

:

And as you can.

585

:

After probably three months or six months

and you've built some relationships and

586

:

understood the business, start setting

up some of those quarterly meetings

587

:

and set 'em up as just workshops and

say, Hey, here's what I'm seeing.

588

:

Maybe I don't fully understand what's

happening here, or help me work

589

:

through and build that collaboration.

590

:

Because as you can build that

collaboration and show some exercises,

591

:

show some new knowledge and.

592

:

Educate as you go along,

you really become a coach.

593

:

It's less about being a prescriptive

and it's more about being a coach to

594

:

say, Hey, I have tools that can help

the business be better because here's

595

:

how our cybersecurity hygiene is.

596

:

Here's how our technical debt is.

597

:

Let's, let's improve that.

598

:

Brett Deister: Gotcha.

599

:

And then where can people find you online?

600

:

Nathaniel Morris: Uh, so the best

place to find me is on LinkedIn.

601

:

I put out a lot of content on business

and it, so that's the best website.

602

:

EQ digital.com has some information about

what we do as well, but I would love for

603

:

you to follow me on LinkedIn and engage

604

:

Brett Deister: there.

605

:

Alright.

606

:

Any final thoughts for

607

:

Nathaniel Morris: the listeners?

608

:

Biggest thing is, I would say, is the

communication ultimately comes to trust.

609

:

So build those relationships,

establish that so that there's a clear

610

:

opportunity to have hard conversations.

611

:

And then the, the second one we've

talked about is understand the other

612

:

context, because the same words mean

different things, different people.

613

:

So sharing that context and

you need help building those

614

:

bridges between it and business.

615

:

That's what we do.

616

:

Let us know.

617

:

Brett Deister: All right, Nathaniel, thank

you for joining Digital Coffee Marketing

618

:

Brew and sharing your knowledge on it, PR

and communication between all that stuff.

619

:

Nathaniel Morris: Absolutely.

620

:

Brett, thanks for having the time.

621

:

I appreciate it.

622

:

You are

623

:

Brett Deister: welcome, and

thank you for listening as well.

624

:

Joining next month as we talk to another

Greg father in the PR and marketing space.

625

:

All right, guys.

626

:

Understand your IT people and

help them communicate better

627

:

for the better of the business.

628

:

All right guys.

629

:

See you next month later.

Next Episode All Episodes Previous Episode

About the Podcast

Show artwork for Digital Coffee: Marketing Brew
Digital Coffee: Marketing Brew
Get your does of marketing with your favorite coffee brew

Listen for free

About your host

Profile picture for Brett Deister

Brett Deister