Author: erik

Don’t put others down to promote yourself

If you’ve ever been tempted to leave a negative review on a competitor’s Yelp page, or make a habit of spreading bad news about other businesses, this week’s Crisis Management Quotable is for you:

“Never make negative comments or spread rumors about anyone. It depreciates their reputation and yours.” – Brian Koslow

In fact, not only is it no help to your reputation management efforts to depreciate others’, but it could also land you in a whole lot of trouble. Already courts have ruled to unmask anonymous reviewers in a couple of cases, and it’s not difficult for a solid web forensics expert to discover who or where those negative reviews are coming from if someone’s willing to pay to find out.

If you want your business to be more successful, if you want to see more clients or customers coming through the door, strive to BE a better business than your competitors. We’re not saying you shouldn’t promote yourself, but doing so by putting others down will only lead to trouble.

——————————-
For more resources, see the Free Management Library topic: Crisis Management
——————————-

[Erik Bernstein is Social Media Manager for Bernstein Crisis Management, Inc., an international crisis management consultancy, and also editor of its newsletter, Crisis Manager]

Are San Jose airport officials making you feel secure?

The story of the teen who managed to sneak into San Jose International airport, cross the tarmac, and climb into the wheel well of a waiting plane – and then actually survive a flight to Hawaii, is making headlines around the world. It’s sensational, and it also raises an awful lot of fears. In other words, media gold.

Of course, the microscope is on San Jose International officials now, as they attempt to explain how a teenage boy managed to bypass millions of dollars in security technology and the supposed heightened awareness of the post-9/11 airline industry to access an extremely vulnerable area of a passenger plane undetected.

Airport spokeswoman Rosemart Barnes gave the standard line that they are cooperating with law enforcement and concerned about the boy, and threw in the message (repeatedly) that the airport’s system “meets and exceeds” all federal requirements. Barne’s statements didn’t leave anyone feeling too reassured, especially after she dropped this gem:

“Despite this, no system is 100 percent, and it is possible to scale an airport perimeter fence line, especially under cover of darkness, and remain undetected, and it appears this is what this teenager did.”

Aviation Director Kim Aguirre didn’t do much to help stakeholders feel protected either, telling reporters, “if we see any gaping holes, we will work to fill them.”

Uhm, Kim, how about the gaping hole this kid just slipped through?

We’d much rather hear something to the effect of, “this incident has brought a gap in security to our attention, and we’re doing everything in our power to seal it up while locating any other potential flaws in the process.” The denials and weak excuses in the face of a clear issue conveys a lack of competence, not the image you want to be sending when you’re desperately trying to do crisis management on the international stage.

——————————-
For more resources, see the Free Management Library topic: Crisis Management
——————————-

[Erik Bernstein is Social Media Manager for Bernstein Crisis Management, Inc., an international crisis management consultancy, and also editor of its newsletter, Crisis Manager]

Forgetting this key ingredient can sink your crisis communications efforts

Heavy social media users probably noticed the recent HootSuite outage which left many, including us, unable to access the popular utility during the evening hours. Having any service you use regularly to do business go down is a big deal, and even more so considering HootSuite is used by not only individuals, but also a massive number of organizations which rely on it as a platform for marketing, reputation management, stakeholder communications and more.

Of course these days when the service has your name, credit card, and other personal information stored, when we see an outage we get a bit nervous about some nefarious net activity. To its credit, HootSuite expected this fear, and explained exactly what had gone down in an email sent to customers:

As you may have noticed this morning, HootSuite services experienced downtime, which might have impacted you or your organization. At approximately 6:45 am PST we experienced what’s known as a denial of service attack (DoS). I’m writing today to let you know that the HootSuite Engineering and Security teams are working to mitigate the DoS attack and that there are no inherent security risks to your accounts, nor has any customer data been compromised.

It’s important that we keep you up to date on the status of the tools and services we provide to you as a valuable customer. This interruption was the result of a malicious attempt by an outside party to flood our services in order to shut-down the system. This primarily affected web traffic to the dashboard and mobile APIs, and did not impact previously scheduled posts. We are working with hosting providers to identify the source and block this traffic.

We will keep the HootSuite blog updated with current information.

For real time updates or support, please follow or tweet us on our dedicated Twitter support channel @hootsuite_help and see additional resources below. Lastly, I want to thank you for your patience and for your continued trust in HootSuite. Your success is our highest goal.

Best regards,

Ryan Holmes,
HootSuite CEO

Additional Resources

Today’s blog post on the outage
The HootSuite system status page for latest updates
HootSuite’s Managed Services for Security & Compliance
HootSuite’s dedicated Twitter support channel @HootSuite_Help

Pretty solid, with an explanation of the situation, plenty of links to further information, assurances that all data was secured, and even more reassurance that the issue is being resolved. However, HootSuite’s CEO forgot one invaluable ingredient when it comes to delivering crisis communications your stakeholders will take to heart – compassion. One more sentence acknowledging the fact that the folks at HootSuite understand how nervous or frustrated the attack may have left customers feeling would have made the mass email that much more effective, and better supported the good reputation of the social media platform in the process.

Compassion, competence, and credibility. Include all three in your crisis communications, or you risk having your messaging fall on deaf ears.

——————————-
For more resources, see the Free Management Library topic: Crisis Management
——————————-

[Erik Bernstein is Social Media Manager for Bernstein Crisis Management, Inc., an international crisis management consultancy, and also editor of its newsletter, Crisis Manager]

 

The way you handle stakeholders can make fans for life…or create crisis

We focus a lot on preventing crisis stemming from those outside our organizations via social media, and for good reason, but it’s important to remember that issues involving employee interactions are one of the most common causes leading to a need for more serious crisis management.

In an eHotelier.com article, Daniel Edward Craig shared this wisdom on preventing social media crisis from within:

Businesses are well aware of the perils of external attacks, but often the real threat comes from within. We have never been more vulnerable to errors and misjudgment on the part of employees.

As an example, in 2012 a major international hotel brand was assailed on social networks after a front desk employee allegedly mocked a disabled U.S. army veteran who requested assistance during a power outage. He got down from his room by throwing his wheelchair and suitcases down three flights of stairs and sliding down on his behind. Then he went straight to the media.

Staff must understand that social media has raised the stakes. The costs of mistreating customers are significantly higher. Employees and managers must be trained and empowered to identify and resolve issues onsite before they escalate to online channels.

Not that it was a good idea to mistreat customers before, but frankly it was possible for members of your organization to have the occasional ugly run-in and get away with it. Now, between social media and the ever-present smartphone, any such incidents are likely to be recorded, documented, and immediately shared with a massive network full of potential stakeholders.

It’s not that the customer must always be right, but the consequences for slips in behavior have been magnified to a point where a single mistake holds the very real potential to permanently damage your business.

How do you prevent such mistakes? The best way is to create crisis management plans that include clear instructions on how disgruntled stakeholders are to be handled, and then train employees on tactics they can employ when it comes to both agreeing and disagreeing with the opinions or demands of said stakeholders.

Nobody’s going to force you to do it, but unless you’d like to provide some nice fodder for this blog we’d suggest you get on the ball.

——————————-
For more resources, see the Free Management Library topic: Crisis Management
——————————-

[Erik Bernstein is Social Media Manager for Bernstein Crisis Management, Inc., an international crisis management consultancy, and also editor of its newsletter, Crisis Manager]

Dishonesty and lack of fact checking can threaten your reputation

The skyrocketing popularity of amateur e-reporting has led to good things, as stories that would never have otherwise seen the light of day draw public attention. Unfortunately, it’s also resulted in an increase in unverified, untrue reporting as well, often to the detriment of whichever organization’s been caught in the crossfire.

Reader Adam Nowlin shared the story of a Reddit post that, according to the author, contained pictures of health code violations at a Mimi’s Cafe in Maryland. The images drew thousands of comments on the popular site, and, according to a Baltimore Sun article by Richard Gorelick, led to an inspection by the local health department:

Responding to a barrage of inquiries about sanitary conditions at Mimi’s Cafe in Columbia, the Howard County Health Department on Wednesday inspected the restaurant and gave it passing marks.

Lisa M. de Hernandez, a spokeswoman for the health department, said that the food-safety division routinely responds to complaints or tips from the public. In this instance, the department received about 15 emails regarding the restaurant in less than 24 hours, which is highly unusual, de Hernandez said.

The inspection Wednesday “found nothing critical that would endanger the public or cause us to close the restaurant,” de Hernandez said.

The Reddit poster who started it all eventually admitted the photos of bugs and grimy conditions were not recent, which leads us to our point – even if your organization is squeaky-clean, bad reporting can STILL put your reputation in jeopardy. E-reporters are hungry for eyes, and if falsifying or dramatizing stories to grab virtual points on Reddit, Facebook, blogs, and even view-hungry news sites is what it takes, then many will leap happily right off that ethical bridge.

Today’s crisis management plans need to include the very real chance that a reporter, amateur or professional, will smear your brand. The more prepared you are, the faster you can react, and the better your chances of getting the real information in front of your stakeholders in time to save your reputation.

——————————-
For more resources, see the Free Management Library topic: Crisis Management
——————————-

[Erik Bernstein is Social Media Manager for Bernstein Crisis Management, Inc., an international crisis management consultancy, and also editor of its newsletter, Crisis Manager]

The social media giant may need crisis management if latest lawsuit brings on the privacy hounds

Privacy is a hot-button issue in the online world these days, making the latest lawsuit to be filed against Facebook a potential doozy. According to the plaintiffs, Facebook has been violating the Electronic Communications Privacy Act by scanning the URLs found in private messages sent via the service.

This isn’t just a tin-foil-hat theory either, at least according to Swiss information security firm High-Tech Bridge, who found that Facebook robots accessed URLs sent within a private message, even when specifically restricted by backend coding on the destination page.

The plaintiffs not only allege that Facebook invades the privacy of “private” messages, but that it uses the information it finds there for profit.

Here’s a sample from the criminal complaint, filed December 30 in a California court:

“(The scanning) is a mechanism for Facebook to surreptitiously gather data in an effort to improve its marketing algorithms and increase its ability to profit from data about Facebook users”

Considering many experts claim the exodus from Facebook, especially among the younger generation, is due to privacy concerns, this case looks particularly bad for the social media giant’s reputation, and bottom line.

While Facebook is currently dismissing the claims as “without merit”, it should be interesting to see what crisis management strategies it employs should the case attract more public interest.

——————————-
For more resources, see the Free Management Library topic: Crisis Management
——————————-

[Erik Bernstein is Social Media Manager for Bernstein Crisis Management, Inc., an international crisis management consultancy, and also editor of its newsletter, Crisis Manager]

Taking a minute to think about potential negative perceptions is a must when making any decision

In a crisis that falls decisively under the “what the #$%& were they thinking?” category, a student committee at Northern California’s Carondelet High School for Girls decided that the best way to celebrate Black History Month was with a lunchtime feast of fried chicken, cornbread and watermelon.

Although the lunch was conceived by students, clearly the school’s administration gave the green light to this celebration, and apparently none of the adults involved stopped to consider that their decision might be just a *wee* bit controversial. Scary, huh?

How would the school respond to the quite-understandable outrage this provoked from students and parents? NBC Bay Area’s Cheryl Hurd reports:

The principal and dean of the school refused to talk to NBC Bay Area on Wednesday, but school officials held an assembly on campus to discuss the issue and sent an apology letter to parents.

“I’d like to apologize for the announcement and any hurt this caused students, parents or community members,” Principal Nancy Libby said in the letter. “Please know that at no time at Carondelet do we wish to perpetrate racial stereotypes.”

As you might expect, the entire menu has been scrapped, and we’d bet everyone at Carondelet will be a bit more careful about the choices they make for school events in the future. While one mistake of this type will probably blow over relatively quickly, making another won’t be so easily forgiven.

It doesn’t take a crisis management master to spot simple, easily-avoidable problems like this one. Nourish a culture where people feel free to speak up about their concerns, and for the love of everything just stop and think, “how could this create a problem?” for a minute before you make any type of decision!

——————————-
For more resources, see the Free Management Library topic: Crisis Management
——————————-

[Erik Bernstein is Social Media Manager for Bernstein Crisis Management, Inc., an international crisis management consultancy, and also editor of its newsletter, Crisis Manager]

Does your crisis management planning include cyber crime?

Every year brings new threats to the forefront, and according to experts 2014 is going to see an explosion in the number, and severity of, cyber attacks. If your crisis management plans don’t already include the possibility of data theft, systems being held ransom, or even completely being locked out of the ‘net, then you’re playing with fire.

Need ammo to convince others in your organization? We’re running down McAfee’s list of 2014 Threat Predictions, and what they mean to you.

1. Mobile malware will be the driver of growth in both technical innovation and the volume of attacks in the overall malware “market” in 2014.

We’ve already seen huge growth in terms of malware targeting Android (currently the most widely used phone operating system), and as mobile devices increasingly becomes the keys to our entire lives we’re certain to see more. Mobile devices are also predicted to become Trojan horses themselves, carting malware past the security perimiter on enterprise systems.

Many experts also predict Apple’s iOS is long overdue to see a high-level malware attack, and 2014 is likely to be the year it happens.

2. Virtual currencies will fuel increasingly malicious ransomware attacks around the world.

The world saw firsthand how frighteningly well this can work with Cryptolocker, whose creators have raked in an estimated $27 million while evading authorities by forcing those affected to pay the ransom via BitCoin.

Undoubtedly other criminals saw this profit and are racing to develop and deploy similar software of their own.

3. In the spy vs. spy world of cybercrime and cyberwarfare, criminal gangs and state actors will deploy new stealth attacks that will be harder than ever to identify and stop.

At first thought this might appear to be a problem isolated to government systems and political groups, but what about the thousands of contractors who work either directly with, or are associated with those who work with, government entities? What about companies that created software, or manufacture tangible goods for said entities? What about the maid service that comes in to clean the offices of said contractors? When you really stop and think, you realize politically-motivated cybercrime could harm a LOT of bystanders in the process.

Of course, the biggest scare here is the possibility of losing control of water systems, power grids, and other major resources that would cripple organizations of all kinds simply by removing critical infrastructure that supports society as a whole.

4. “Social attacks” will be ubiquitous by the end of 2014.

The pilfering of account access info from vast numbers of social media users is already going on, for the most part without the knowledge of those affected. In 2014, hackers will increase their ability to gain access and gather information, and use their access to spread malware and attack other targets.

5. New PC and server attacks will target vulnerabilities above and below the operating system.

We rely on our computer’s operating systems to support the applications we use for security, so smart hackers are aiming to bypass the OS altogether. Whether it’s injected malicious code into websites which then directly apply malware to the user’s system or attacks that focus on the BIOS, the core software that supports basic system hardware operation and tells your computer what to load on startup, and how.

6. The evolving threat landscape will dictate adoption of big data security analytics to meet detection and performance requirements.

In other words, the threats are growing too complex to be identified by traditional antivirus and antimalware progams, which operate off of, essentially, a “Good/Bad” list to block out known malware, malicious websites, spam, and network attacks.

Security experts are in a race against hackers to develop tools that will use massive loads of data and advanced analysis to identify the sneaky tricks hackers are learning to employ.

7. Deployment of cloud-based corporate applications will create new attack surfaces that will be exploited by cybercriminals.

Ah the cloud. This is going to be huge, and it’ll likely take a couple of devastatingly large security breaches before the general public truly understands. Even when forbidden by IT, an incredible percentage of users store company info in the cloud, whether to facilitate sharing with team members, work seamlessly on multiple devices, or just because it’s easier.

Problem is, placing trust in the cloud is giving cyber criminals a whole new angle to attack, and one that, once penetrated, can yield enormous amounts of lucrative information.

To sum this up, if you think 2013 saw a lot of high-profile hacks, you ain’t seen nothin’ yet. Protect yourself as much as you can, educate employees and coworkers on how to both avoid and detect possible cyberattacks, and above all plan for the possibility that you could be the first major victim of 2014.

——————————-
For more resources, see the Free Management Library topic: Crisis Management
——————————-

[Erik Bernstein is Social Media Manager for Bernstein Crisis Management, Inc., an international crisis management consultancy, and also editor of its newsletter, Crisis Manager]