One pitfall for any professional is humor, which, stripped from its context and environment, can take on new meanings and be used against CISOs in litigation. Even using memes of dumpster fires, for example, or typing LOL in a message can be used as admissions of guilt or to portray cavalier attitudes toward security, exposing cyber teams to even more liability.
“When we say LOL, 90% of the time you were not actually laughing out loud, but we use these very informal ways of communicating with one another,” WilmerHale’s Jones said. “And that stuff shows up with regularity in cases when you have a significant cyber incident. LOL or dumpster fire is not the best way to talk about it internally because that’s what’s going to show up” in litigation.
Pay attention to the medium
CISOs also need to pay attention to what they say based on the medium in which they are communicating. Pay attention to “how we communicate, who we’re communicating with, what platforms we’re communicating on, and whether it’s oral or written,” Angela Mauceri, corporate director and assistant general counsel for cyber and privacy at Northrop Grumman, said at RSA. “There’s a lasting effect to written communications.”
