Category: Organization Development

Dishonesty and lack of fact checking can threaten your reputation

The skyrocketing popularity of amateur e-reporting has led to good things, as stories that would never have otherwise seen the light of day draw public attention. Unfortunately, it’s also resulted in an increase in unverified, untrue reporting as well, often to the detriment of whichever organization’s been caught in the crossfire.

Reader Adam Nowlin shared the story of a Reddit post that, according to the author, contained pictures of health code violations at a Mimi’s Cafe in Maryland. The images drew thousands of comments on the popular site, and, according to a Baltimore Sun article by Richard Gorelick, led to an inspection by the local health department:

Responding to a barrage of inquiries about sanitary conditions at Mimi’s Cafe in Columbia, the Howard County Health Department on Wednesday inspected the restaurant and gave it passing marks.

Lisa M. de Hernandez, a spokeswoman for the health department, said that the food-safety division routinely responds to complaints or tips from the public. In this instance, the department received about 15 emails regarding the restaurant in less than 24 hours, which is highly unusual, de Hernandez said.

The inspection Wednesday “found nothing critical that would endanger the public or cause us to close the restaurant,” de Hernandez said.

The Reddit poster who started it all eventually admitted the photos of bugs and grimy conditions were not recent, which leads us to our point – even if your organization is squeaky-clean, bad reporting can STILL put your reputation in jeopardy. E-reporters are hungry for eyes, and if falsifying or dramatizing stories to grab virtual points on Reddit, Facebook, blogs, and even view-hungry news sites is what it takes, then many will leap happily right off that ethical bridge.

Today’s crisis management plans need to include the very real chance that a reporter, amateur or professional, will smear your brand. The more prepared you are, the faster you can react, and the better your chances of getting the real information in front of your stakeholders in time to save your reputation.

——————————-
For more resources, see the Free Management Library topic: Crisis Management
——————————-

[Erik Bernstein is Social Media Manager for Bernstein Crisis Management, Inc., an international crisis management consultancy, and also editor of its newsletter, Crisis Manager]

Cyber criminals hit University of Maryland

Despite a recent doubling in IT security staff, personal data including names, Social Security numbers, dates of birth and university ID numbers belonging to nearly 310,000 individuals was stolen from the University of Maryland’s computer systems.

In response, University President Wallace Loh (and, you can bet, his crisis management team) put out a clear and concise letter explaining the situation:

February 19, 2014

Dear students, faculty, and staff of the University of Maryland (at College Park and Shady Grove):

Last evening, I was notified by Brian Voss, Vice President of Information Technology, that the University of Maryland was the victim of a sophisticated computer security attack that exposed records containing personal information.

I am truly sorry. Computer and data security are a very high priority of our University.

A specific database of records maintained by our IT Division was breached yesterday. That database contained 309,079 records of faculty, staff, students and affiliated personnel from the College Park and Shady Grove campuses who have been issued a University ID since 1998. The records included name, Social Security number, date of birth, and University identification number. No other information was compromised — no financial, academic, health, or contact (phone, address) information.

With the assistance of experts, we are handling this matter with an abundance of caution and diligence. Appropriate state and federal law enforcement authorities are currently investigating this criminal incident. Computer forensic investigators are examining the breached files and logs to determine how our sophisticated, multi-layered security defenses were bypassed. Further, we are initiating steps to ensure there is no repeat of this breach.

The University is offering one year of free credit monitoring to all affected persons. Additional information will be communicated within the next 24 hours on how to activate this service.

University email communications regarding this incident will not ask you to provide personal information. Please be cautious when sharing personal information.

All updates regarding this matter will be posted to this website. Additional information is provided in the FAQs below. If you have any questions or comments, please call our special hotline at 301-405-4440 or email us at datasecurity@umd.edu.

Universities are a focus in today’s global assaults on IT systems. We recently doubled the number of our IT security engineers and analysts. We also doubled our investment in top-end security tools. Obviously, we need to do more and better, and we will.

Again, I regret this breach of our computer and data systems. We are doing everything possible to protect any personal information that may be compromised.

Sincerely,

Wallace D. Loh
President, University of Maryland

Even better, the university included a F.A.Q. section right below the page hosting the letter, a step that’s likely to reduce the volume of calls and emails officials will be wading through over the next few days.

We’ve been hammering this point in blogs, and it’s certainly worth repeating here – the question is no longer if you’ll face a hack-related crisis, but when. Include the possibility in your crisis management planning, and make sure to practice, because you WILL putting it to use.

——————————-
For more resources, see the Free Management Library topic: Crisis Management
——————————-

[Jonathan Bernstein is president of Bernstein Crisis Management, Inc., an international crisis management consultancy, author of Manager’s Guide to Crisis Management and Keeping the Wolves at Bay – Media Training. Erik Bernstein is Social Media Manager for the firm, and also editor of its newsletter, Crisis Manager]

How hackers used a fridge to conduct a cyber crime campaign

It’s clear that an increasing number of the things we use every day can and will be connected to the ‘net. However, the same connectivity that allows us to turn down our thermostat or click off the TV while we’re away from home also leaves room for hackers to attack.

Their efforts are keeping them far more than a step ahead of your average business, and one of the newest tactics is taking advantage of the “Internet of Things” – our connected DVRs, televisions, routers, and, in a recent incident uncovered by security experts at Proofpoint, Inc., even a refrigerator, to power nefarious online activity:

The attack that Proofpoint observed and profiled occurred between December 23, 2013 and January 6, 2014, and featured waves of malicious email, typically sent in bursts of 100,000, three times per day, targeting Enterprises and individuals worldwide. More than 25 percent of the volume was sent by things that were not conventional laptops, desktop computers or mobile devices; instead, the emails were sent by everyday consumer gadgets such as compromised home-networking routers, connected multi-media centers, televisions and at least one refrigerator. No more than 10 emails were initiated from any single IP address, making the attack difficult to block based on location — and in many cases, the devices had not been subject to a sophisticated compromise; instead, misconfiguration and the use of default passwords left the devices completely exposed on public networks, available for takeover and use.

Cyber crime is a profitable business, a fact which motivates hackers to constantly explore new avenues of attack, but, as with many other aspects of crisis management, many organizations fail to see the costs associated with not preparing before they’re paying dearly to recover.

At this point it’s safe to assume you will be hacked at some point. Whether it’s through your fridge, a phishing email, or just someone with a silver tongue and some knowledge of social engineering, the difference between a troublesome situation and one that costs you big time in terms of lost trust, reputation, business and time will be how much you cared beforehand.

——————————-
For more resources, see the Free Management Library topic: Crisis Management
——————————-

[Jonathan Bernstein is president of Bernstein Crisis Management, Inc., an international crisis management consultancy, author of Manager’s Guide to Crisis Management and Keeping the Wolves at Bay – Media Training. Erik Bernstein is Social Media Manager for the firm, and also editor of its newsletter, Crisis Manager]

What are major sponsors like Coke and McDonald’s doing to prepare for trouble related to the Games?

This year’s Sochi Games are the most tense in many years for reasons related to everything from human rights violations in Russia to the frighteningly real chance of a terrorist attack. Our own Jonathan Bernstein sat down with CCTV America’s Michelle Makori to discuss the crisis management plans they have (or at least should have) in place:

——————————-
For more resources, see the Free Management Library topic: Crisis Management
——————————-

[Jonathan Bernstein is president of Bernstein Crisis Management, Inc., an international crisis management consultancy, author of Manager’s Guide to Crisis Management and Keeping the Wolves at Bay – Media Training. Erik Bernstein is Social Media Manager for the firm, and also editor of its newsletter, Crisis Manager]

VP Jay Rossiter’s message to stakeholders was missing something important…

Late last month, Yahoo joined the ranks of organizations to have been hit by hackers in 2014. Never good at any time, the fact that the company has already been under fire about an extensive downtime for its Mail service in December, as well as a Flickr outage that left users floundering, means this incident brought an extra dose of reputation damage.

While Yahoo is staying mum on exactly how many were affected, here’s what senior VP Jay Rossiter had to say about the situation in a blog post:

Security attacks are unfortunately becoming a more regular occurrence. Recently, we identified a coordinated effort to gain unauthorized access to Yahoo Mail accounts. Upon discovery, we took immediate action to protect our users, prompting them to reset passwords on impacted accounts.

Based on our current findings, the list of usernames and passwords that were used to execute the attack was likely collected from a third-party database compromise. We have no evidence that they were obtained directly from Yahoo’s systems. Our ongoing investigation shows that malicious computer software used the list of usernames and passwords to access Yahoo Mail accounts. The information sought in the attack seems to be names and email addresses from the affected accounts’ most recent sent emails.

What we’re doing to protect our users

We are resetting passwords on impacted accounts and we are using second sign-in verification to allow users to re-secure their accounts. Impacted users will be prompted (if not, already) to change their password and may receive an email notification or an SMS text if they have added a mobile number to their account.

We are working with federal law enforcement to find and prosecute the perpetrators responsible for this attack.

We have implemented additional measures to block attacks against Yahoo’s systems.

What you can do to help keep your accounts secure

In addition to adopting better password practices by changing your password regularly and using different variations of symbols and characters, users should never use the same password on multiple sites or services. Using the same password on multiple sites or services makes users particularly vulnerable to these types of attacks.

We regret this has happened and want to assure our users that we take the security of their data very seriously.

For more information, please check our Customer Care help page.

By Jay Rossiter, SVP, Platforms and Personalization Products

While the explanation of steps taken and the re-securing process are easy to follow for even the average user, can you spot the missing ingredient in Yahoo’s crisis communications?

If you said compassion, you’re on the ball. Not once did Rossiter express compassion for the stress, concern and confusion that affected users undoubtedly experienced. He came close with the “regret” statement, but fell short of actually commiserating with his constituents, a mistake that undoubtedly hurt Yahoo’s overall crisis management efforts.

——————————-
For more resources, see the Free Management Library topic: Crisis Management
——————————-

[Jonathan Bernstein is president of Bernstein Crisis Management, Inc., an international crisis management consultancy, author of Manager’s Guide to Crisis Management and Keeping the Wolves at Bay – Media Training. Erik Bernstein is Social Media Manager for the firm, and also editor of its newsletter, Crisis Manager]

The social media giant may need crisis management if latest lawsuit brings on the privacy hounds

Privacy is a hot-button issue in the online world these days, making the latest lawsuit to be filed against Facebook a potential doozy. According to the plaintiffs, Facebook has been violating the Electronic Communications Privacy Act by scanning the URLs found in private messages sent via the service.

This isn’t just a tin-foil-hat theory either, at least according to Swiss information security firm High-Tech Bridge, who found that Facebook robots accessed URLs sent within a private message, even when specifically restricted by backend coding on the destination page.

The plaintiffs not only allege that Facebook invades the privacy of “private” messages, but that it uses the information it finds there for profit.

Here’s a sample from the criminal complaint, filed December 30 in a California court:

“(The scanning) is a mechanism for Facebook to surreptitiously gather data in an effort to improve its marketing algorithms and increase its ability to profit from data about Facebook users”

Considering many experts claim the exodus from Facebook, especially among the younger generation, is due to privacy concerns, this case looks particularly bad for the social media giant’s reputation, and bottom line.

While Facebook is currently dismissing the claims as “without merit”, it should be interesting to see what crisis management strategies it employs should the case attract more public interest.

——————————-
For more resources, see the Free Management Library topic: Crisis Management
——————————-

[Erik Bernstein is Social Media Manager for Bernstein Crisis Management, Inc., an international crisis management consultancy, and also editor of its newsletter, Crisis Manager]

Taking a minute to think about potential negative perceptions is a must when making any decision

In a crisis that falls decisively under the “what the #$%& were they thinking?” category, a student committee at Northern California’s Carondelet High School for Girls decided that the best way to celebrate Black History Month was with a lunchtime feast of fried chicken, cornbread and watermelon.

Although the lunch was conceived by students, clearly the school’s administration gave the green light to this celebration, and apparently none of the adults involved stopped to consider that their decision might be just a *wee* bit controversial. Scary, huh?

How would the school respond to the quite-understandable outrage this provoked from students and parents? NBC Bay Area’s Cheryl Hurd reports:

The principal and dean of the school refused to talk to NBC Bay Area on Wednesday, but school officials held an assembly on campus to discuss the issue and sent an apology letter to parents.

“I’d like to apologize for the announcement and any hurt this caused students, parents or community members,” Principal Nancy Libby said in the letter. “Please know that at no time at Carondelet do we wish to perpetrate racial stereotypes.”

As you might expect, the entire menu has been scrapped, and we’d bet everyone at Carondelet will be a bit more careful about the choices they make for school events in the future. While one mistake of this type will probably blow over relatively quickly, making another won’t be so easily forgiven.

It doesn’t take a crisis management master to spot simple, easily-avoidable problems like this one. Nourish a culture where people feel free to speak up about their concerns, and for the love of everything just stop and think, “how could this create a problem?” for a minute before you make any type of decision!

——————————-
For more resources, see the Free Management Library topic: Crisis Management
——————————-

[Erik Bernstein is Social Media Manager for Bernstein Crisis Management, Inc., an international crisis management consultancy, and also editor of its newsletter, Crisis Manager]

Refusing to acknowledge the power of social media is detrimental to your crisis management ability

Every year since social media first appeared on the scene, a few pundits come out to say that we’re about to see the end of it. We’ve been riding on the social media bandwagon for a long time now, and despite those doubters we see no signs of users slowing down.

You can find just about every aspect of both business and personal life being tied into social media, but if you’re still on the fence, maybe this infographic from Social Factor can help you see the truth:

Whether you like it or no, social media WILL impact your organization in a big way. Do your homework, know what you’re dealing with, then integrate that knowledge into both day to day operations and your crisis management planning. Believe us, it’s only going to continue to impact more and more areas of both business and daily life, so hop on board before you’re left in the dust.

——————————-
For more resources, see the Free Management Library topic: Crisis Management
——————————-

[Jonathan Bernstein is president of Bernstein Crisis Management, Inc., an international crisis management consultancy, author of Manager’s Guide to Crisis Management and Keeping the Wolves at Bay – Media Training. Erik Bernstein is Social Media Manager for the firm, and also editor of its newsletter, Crisis Manager]

Are organizers prepared to face potentially game-threatening conditions?

When it comes to big events here in the States, you really can’t top the Super Bowl. There will be nearly 100,000 physically attending in addition to the 100+ million watching from home.

Oh, and did we mention that this year it’s outdoors? In New Jersey. In February. For those that don’t know, that means it’s entirely possible that we could see a massive snowfall, or even a blizzard, hit on the day of the big game.

You’d better believe organizers are aware of this fact, but what are they doing about it?

To help cope with the cold weather, all fans in attendance will be handed a seat cushion, lip balm, ear muffs, hat, mittens, cup holder, scarf, tissues, a radio to listen to the game, six hand warmers and a quarterback-style hand muff. If you think about it, this is a great way to combine crisis management, marketing and PR. Sure fans SHOULD know to bring this gear, but considering the number of out-of-towners that will be in attendance, along with the amount of pre-game boozing that goes on, we’d bet these aids will end up saving the day for a good number of fans. On top of that, everyone loves to get event swag, and will almost certainly be telling pals and displaying their mementos for years to come.

How about the field itself though? Well, ever since the weather caught the media’s attention, organizers have been busy showing off their ice melting machines, salt dispensers and snow removers. As for surrounding areas, New Jersey officials are not messing around. There will be a veritable army of workers at the ready to operate some 2,400 utility trucks and snow melting machines, not to mention the 50,000+ tons of salt they’ve stockpiled.

If all of this STILL isn’t enough to let the game go on, the NFL has plans to play the game on a variety of upcoming days, and all staff and fans have been notified of the possibility.

When it comes to crisis management it pays to be thorough, and from the sounds of it the people behind Super Bowl XLVIII have taken care to put together a great defense.

Of course, we also have to hope they haven’t done anything to piss off NJ Governor Chris Christie….

——————————-
For more resources, see the Free Management Library topic: Crisis Management
——————————-

[Jonathan Bernstein is president of Bernstein Crisis Management, Inc., an international crisis management consultancy, author of Manager’s Guide to Crisis Management and Keeping the Wolves at Bay – Media Training. Erik Bernstein is Social Media Manager for the firm, and also editor of its newsletter, Crisis Manager]

Bad behavior followed by a total lack of crisis management does not bode well for the latest politician to be caught behaving badly

New York Congressman Michael Grimm (R-Staten Island) is the latest politico to lose it on camera, and it’s not pretty. In an interview for New York’s NY1 News just after the recent State of the Union address, Rep. Grimm answers a couple of questions, then quickly gets out of the shot once reporter Michael Sotto gears up to ask him about alleged campaign finance violations from his camp.

Now here’s where it gets ugly – as soon as Sotto signs off with a, “back to you” for the studio, the Congressman stalks back in and gets in Sotto’s face, telling him, “Let me be clear to you, you ever do that to me again and I’ll throw you off this f#%@!ing balcony.” They trade a few more words, then Grimm threatens Sotto once again, shouting, “You’re not man enough, you’re not man enough. I’ll break you in half. Like a boy!”

The cameraman, a true pro, kept rolling through the whole thing, producing indisputable evidence of the incident.

What crisis management tactic would Grimm employ? Well…none apparently. Here’s his quite unapologetic statement explaining what happened:

“I was extremely annoyed because I was doing NY1 a favor by rushing to do their interview first in lieu of several other requests. The reporter knew that I was in a hurry and was only there to comment on the State of the Union, but insisted on taking a disrespectful and cheap shot at the end of the interview, because I did not have time to speak off-topic. I verbally took the reporter to task and told him off, because I expect a certain level of professionalism and respect, especially when I go out of my way to do that reporter a favor. I doubt that I am the first member of Congress to tell off a reporter, and I am sure I won’t be the last.”

This is not a gag, the above really is the statement issued by the Congressman after being caught threatening to maim or kill a member of the media on camera in the middle of the Capitol, which is why we don’t exactly need a crystal ball to see a bit of trouble in Grimm’s future.

Update 1/29: Grimm has reportedly apologized to Michael Sotto in a telephone call, along with releasing a new, far more politically correct, statement. NY1 reports:

Staten Island Rep. Michael Grimm has apologized to NY1 political reporter Michael Scotto a day after physically threatening him at the conclusion of an interview in the Capitol Rotunda following the president’s State of the Union address.

Grimm called Scotto Wednesday morning and offered the verbal apology saying he “overreacted.”

Scotto tells NY1 he accepted the apology and believes that it was sincere.

Grimm also released a written apology following the phone call.

It reads, “I was wrong. I shouldn’t have allowed my emotions to get the better of me and lose my cool. I have apologized to Michael Scotto, which he graciously accepted, and will be scheduling a lunch soon. In the weeks and months ahead I’ll be working hard for my constituents on issues like flood insurance that is so desperately needed in my district post Sandy.”

——————————-
For more resources, see the Free Management Library topic: Crisis Management
——————————-

[Jonathan Bernstein is president of Bernstein Crisis Management, Inc., an international crisis management consultancy, author of Manager’s Guide to Crisis Management and Keeping the Wolves at Bay – Media Training. Erik Bernstein is Social Media Manager for the firm, and also editor of its newsletter, Crisis Manager]