Bernstein Crisis Management. Crisis response, prevention, planning, and training.

Crisis Manager Internet Newsletter about Crisis Management

© 2008 Jonathan Bernstein
Circulation: 4,000+
Estimated Readership: 15,000+


Treat your password like your toothbrush. Don't let anybody else use it, and get a new one every six months.

Clifford Stoll


Editor's Note: This issue is devoted to providing you with useful articles and tools about information security, about which the average crisis manager knows little. We rely on our "techies" a lot to keep our systems out of trouble, but in fact we should all upgrade our knowledge in this field on a regular basis.

I had the pleasure of working with author Tom Sterner on behalf of a mutual client, and the investigative work of his team was instrumental in reducing the impact of our client's crisis situation. Crisis management is a multi-disciplinary effort, and when I saw this article Tom wrote in one of his company's publications, I knew that you would like an insight into another aspect of crisis prevention and response.

Don't Wipe Away the Digital Fingerprints
By Tom Sterner

In recent years, Kroll has been hired to look into theft of intellectual property, trade secrets, and confidential corporate information. The records that a company maintains on computer usage by its employees frequently determine the success of these investigations. This information certainly includes email, but just as important are network logs, which record a wide variety of computer activity.

Companies might not retain these logs because they may serve little functional purpose and can take up a great deal of computer storage space, creating expense. With the theft of intellectual property on the rise, however, businesses should assess and inventory the computer logs they maintain as a first line of defense in preparing for - and mitigating against - theft of company secrets.

Even with the theft of physical items, digital evidence can be relevant. In a recent case, a factory worker walked off the production floor with paper copies of a company's secret formulas.

Specific computer logs allowed investigators to identify the likely suspect and build a civil case, which led a court to issue a civil search warrant. The suspect's house was raided, the stolen documents were recovered, and arrest warrants issued.

The computer logs that investigators of an internal IP theft frequently seek include:

  • Webmail logs - Thieves instinctively but erroneously think it is safer to operate from home than from the office. They often use webmail to download company secrets to their home computers.
  • VPN logs - A Virtual Private Network, or VPN, provides employees with remote access to a company's internal computers, often including repositories of key data. In one case, the big break came when investigators matched an employee's late-night VPN sessions with dates on which stolen information was delivered to a third-party recipient.
  • Sendmail logs - These capture basic information on incoming and outgoing email. Where a suspect's original messages cannot be recovered, they can become critical, showing, for example, that an employee sent very large emails - suggesting that files were attached - to a home address shortly before quitting.
  • Instant Messaging logs - Software that captures instant messaging traffic over a network is a recent addition to the toolbox of computer security. It can be particularly powerful, as employees often believe IM allows them to avoid the digital trail left by email. In one case, recovered IM traffic revealed specific confidential information that an employee had provided to an outside company-basher.
  • Web logs - The information web logs capture can be used to identify specific computers that have accessed a company's website, which thieves periodically check for clues that the company may have discovered an IP theft. On one occasion, the Internet IP address left behind by the visits allowed investigators to identify the Internet cafˇ that the perpetrator was using to post stolen trade secrets on the web.
  • Print logs - A careful thief, to avoid leaving a digital trail, may resort to printing copies of proprietary information. In one case involving suspected theft of a company's customer list, investigators, after finding no evidence that an electronic copy had been taken, discovered that these logs showed an employee had made printed copies on the weekend before she resigned.

One final digital archive worth considering is that when someone with access to a company's most sensitive data leaves employment, particularly under a cloud, the business is advised to retain a forensic image of the former employee's personal computer and copies of his or her historical email.

Companies should check that the collection and retention of records and the use of IT security and monitoring software does not infringe applicable data protection/privacy laws.

Ideally these archives will never need to be used. However, if a theft does occur, archives can mean the difference between recovering the stolen data - as well as diminishing the financial impact on the business - and watching the thief walk away.

Tom Sterner is Managing Director, Kroll, Chicago IL. He specializes in conducting internal corporate investigations related to thefts and leaks of intellectual property, trade secrets, and confidential company information. He can be reached at or 312-681-1500.

Targeted Trojans: New Online Threat to Businesses

Thank you to reader and research-par-excellence Andy Russell of NuForms Media for sending me a note which read, in part:

"C-level" execs may be unaware they might be targeted by a custom-designed Trojan or virus looking to steal business information, R&D data or trade secrets. This new kind of threat is discussed in a just-released Message Labs white paper. Apparently, there's a new trend of a few convincingly written emails with innocuous looking office attachments -- such as word files or spreadsheets -- containing viruses designed to steal important business information and send it to criminals around the world."

You can download the white paper here.

Are You Giving Away Confidential Information Via Public Wi-fi?

Did you know that when you access public wi-fi, such as the services available at many airports, a barely skilled snoop could access and steal your data? This is another preventable crisis if you use a program like Hotspot Shield, which creates a Virtual Private Network (VPN) between your laptop and the router at any Wi-Fi hotspot. You don't even have to understand how a VPN works to easily put an extra layer of protection on your computer when not behind your corporate firewall. Oh, and did I mention that HotSpot Shield is free? Get it at:

How Good Is Your Firewall?

"Oh, I have a firewall, I'm safe from hackers," you say. "Hah!" say a lot of hackers. No security system -- physical or virtual -- can be considered safe unless it's tested. There's another free program, PC Flank, which emulates malware attacks on your firewall to see if it blocks them. Crisis prevention is every crisis manager's job. Go to


Internet Counter-Intelligence CD-ROM

In a one-hour teleseminar recorded in December 2007, search engine optimization expert Diana Huff interviewed Jonathan Bernstein, a pathfinder and innovator in the field of Internet-centered crisis management, who described how a wide range of companies have been damaged by the Internet's virtual terrorists, and how some companies have been responding effectively.

In this one-hour session, you'll learn how to conduct your own Internet vulnerability audit; develop strategies for identifying your foes -- activists, disgruntled employees, or unhappy customers -- and tracking Internet chatter; build the case within your organization for ensuring someone is monitoring the blogosphere, news, and Internet forums every day; plan for an Internet crisis and, when one hits, assess the situation to determine an appropriate response; develop the action steps you can take to neutralize attacks, including starting your own blog and developing collateral such as brochures, video, podcasts, and Web links to other reputable and informative sites; and effectively use search engine optimization tactics -- not just because you want customers to find your products -- but so you can beat these guys at their own game!

Available at

Keeping the Wolves at Bay 3.0 Reviewed

"Keeping the Wolves at Bay" is much more than another media training guide - it is perhaps one of the most concise, insightful, useful and savvy guides to strategic thinking about reputation issues available.

Gerald Baron
Founder & CEO of PIER System and host of

"It's like a Swiss Army knife -- lots of cool tools in a compact package. In case of emergency, grab this."

Steven R. Van Hook, PhD
Publisher, About Public Relations

The spiral-bound print manual is available for $25, the PDF version for $10. Both can be ordered at

Jonathan Bernstein also offers on-site media training worldwide, using this manual as the basis for training. Write to

Disaster Prep 101

Bernstein Crisis Management is pleased to present one of the most comprehensive and user-friendly family preparedness texts available today. "Disaster Prep 101." by Paul Purcell, goes above and beyond the simplistic "72-hour kit" concept and provides simple, yet detailed educational material that will drastically improve the ability of any family to respond to all manner of disasters or emergencies. This preparedness package contains over 400 pages of well-organized, original preparedness material written in an easy-to-understand, non-panic format; 80 pages of family data forms and worksheets (many of which are also useful to the employer); and a 2-CD set containing two interactive and searchable links collections for additional educational sources; all the family data forms and worksheets in softcopy format; and a complete emergency reference library of over 450 additional books and training manuals! US$59.95. Available here.


Bernstein Crisis Management, Inc. has formal or informal co-promotional and mutually beneficial business associations with a number of the services we mention periodically in this newsletter. No, we can't go into details because that's confidential, proprietary, etc. But our relationship is NOT "arm's distance" and you should know that, since we regularly write about these services as we use them for crisis and issues management or other purposes. That said, you should also know that Bernstein Crisis Management sought the relationships because its staff is convinced that these services are the best of their kind for Bernstein Crisis Management's needs and those of its clients. If you have any questions about these relationships, please contact Jonathan Bernstein, (626) 825-3838.


Jonathan Bernstein is president of Bernstein Crisis Management, Inc.,, a national crisis management public relations agency providing 24/7 access to crisis response professionals. The agency engages in the full spectrum of crisis management services: crisis prevention, response, planning & training. He has been in the public relations field since 1982, following five-year stints in both military intelligence and investigative reporting. Write to


GUEST AUTHORS are very welcome to submit material for "Crisis Manager." There is no fee paid, but most guest authors have reported receiving business inquiries as a result of appearing in this publication. Case histories, experience-based lessons, commentary on current news events and editorial opinion are all eligible for consideration. Submission is not a guarantee of acceptance.


When I find a site that I think will be useful to my readers or site visitors, I put it on our Links page. If you have a site that would be of specific use to crisis managers and want to discuss a link exchange or other cooperative effort, please write to me,


All information contained herein is obtained by Jonathan Bernstein from sources believed by Jonathan Bernstein to be accurate and reliable.

Because of the possibility of human and mechanical error as well as other factors, neither Jonathan Bernstein nor Bernstein Crisis Management is responsible for any errors or omissions. All information is provided "as is" without warranty of any kind. Bernstein Crisis Management and Jonathan Bernstein make no representations and disclaim all express, implied, and statutory warranties of any kind to the user and/or any third party including, without limitation, warranties as to accuracy, timeliness, completeness, merchantability, or fitness for any particular purpose.

Unless due to willful tortuous misconduct or gross negligence, Jonathan Bernstein and Bernstein Crisis Management shall have no liability in tort, contract, or otherwise (and as permitted by law, product liability), to the user and/or any third party.

Under no circumstance shall Bernstein Crisis Management or Jonathan Bernstein be liable to the user and/or any third party for any lost profits or lost opportunity, indirect, special, consequential, incidental, or punitive damages whatsoever, even if Bernstein Crisis Management or Jonathan Bernstein has been advised of the possibility of such damages.

A service of this newsletter is to provide news summaries and/or snippets to readers. In such instances articles and/or snippets will be reprinted as they are received from the originating party or as they are displayed on the originating website or in the original article. As we do not write the news, we merely point readers to it, under no circumstance shall Bernstein Crisis Management or Jonathan Bernstein be liable to the user and/or any third party for any lost profits or lost opportunity, indirect, special, consequential, incidental, or punitive damages whatsoever due to the distribution of said news articles or snippets that lead readers to a full article on a news service's website, even if Bernstein Crisis Management or Jonathan Bernstein has been advised of the possibility of such damages. Authors of the original news story and their publications shall be exclusively held liable. Any corrections to news stories are not mandatory and shall be printed at the discretion of the list moderator after evaluation on a case-by-case basis.


Do you know people who are Crisis Managers, whether they want to be or not? Please pass this newsletter on to them!

Subscribe to the free, twice-monthly email newsletter below. After entering your email address, you will receive a message asking you to confirm your subscription in order to prevent someone else from adding you to the list without permission. YOU MUST CONFIRM YOUR SUBSCRIPTION OR YOU WILL NOT RECEIVE THE NEWSLETTER.

Subscribe to the BCM Crisis Manager newsletter

Articles in "Crisis Manager" were, unless otherwise noted, written and copyrighted by Jonathan Bernstein. Permission to reprint will often be granted for no charge. Write to