Category: Organization Development

Unprecedented attack demonstrates the dangers that lie ahead

Around the world, ‘net users are experiencing slowed connections as a result of what may be the largest cyber battle to date. Spam fighting group Spamhaus has been facing an extended and incredibly powerful DDoS attack from Cyberbunker, a Dutch web host recently blacklisted for hosting a large number of users with malicious intentions, that far exceeds any attacks seen before.

The BBC’s Dave Lee interviewed Spamhaus CEO Steve Linford, who explained more about the situation:

The attackers have used a tactic known as Distributed Denial of Service (DDoS), which floods the intended target with large amounts of traffic in an attempt to render it unreachable.

In this case, Spamhaus’s Domain Name System (DNS) servers were targeted – the infrastructure that joins domain names, such as bbc.co.uk, the website’s numerical internet protocol address.

Mr Linford said the attack’s power would be strong enough to take down government internet infrastructure.

“If you aimed this at Downing Street they would be down instantly,” he said. “They would be completely off the internet.”

He added: “These attacks are peaking at 300 Gbps (gigabits per second).

“Normally when there are attacks against major banks, we’re talking about 50 Gbps”

Put simply, this attack has enough force behind it to instantly knock just about any organization offline for as long as the attackers wished to sustain it. The only way Spamhaus is staying online is through its own incredibly thorough preparation and the support of several major players, including Google, sharing resources to help bear the brunt of the attacks. If you’re trying to convince a reluctant CEO that it’s time to beef up your web security, well, this should do the trick.

The new wave of crisis management is here, and it’s all about cyber threats. Not only must you plan and prepare for those directed against your own organization, but any that target organizations up and down the supply chain, as well as the web in general.

If this leap in power is any indication, future cyber battles could result in so much disruption that the entire internet is slowed to a crawl, a devastating situation considering just how much we reply on connectivity to keep things running.

The cyber threat is real, people, and the time to prepare is now. Get on it, or risk becoming another casualty on the battlefield.

——————————-
For more resources, see the Free Management Library topic: Crisis Management
——————————-

[Jonathan Bernstein is president of Bernstein Crisis Management, Inc., an international crisis management consultancy, author of Manager’s Guide to Crisis Management and Keeping the Wolves at Bay – Media Training. Erik Bernstein is Social Media Manager for the firm, and also editor of its newsletter, Crisis Manager]

Good crisis management means always verifying sources

Tools for generating iPhone messages have become incredibly popular for creating funny memes to be posted on social media, but until we saw a recent post on the SteamFeed blog we weren’t aware that there is now a tool that replicates, very accurately, a tweet with any text you desire.

Obviously this tool wasn’t created with malice in mind, but as with many forms of technology it’s quite the double-edged sword. Steamfeed’s Daniel Herbert summed up the dangers involved nicely in his blog post, here’s a quote:

1. Fake Reputation and Endorsements

Imagine if you’re an industry professional, trying to make it big. You want a super great endorsement on Twitter from the leading experts in your industry. Or you’re launching this scam product, maybe some ridiculous social media certification, and you want to get endorsements from big names in the industry and satisfied clients. Well, it’s now easier to fake it.

Before, when you saw a Twitter screenshot of an endorsement, reference, or testimonial, it was legit. You believed it, and it gave extra credibility to the person who’s endorsed. Now, it could easily be faked, making self-proclaimed “gurus” look like they know what they’re doing, with fake endorsements, from “real” clients. This is in the same boat as buying fake followers/likes to make yourself look more “important.”

2. Damaged & Ruined Reputations and Bullying/Harassment

There are always petty people out there, trying to ruin others’ achievements. It sucks, but it’s true. If anyone wanted to start some fake drama, accuse people of saying nasty things, or accuse someone of bullying, they could easily create a fake tweet screenshot now, blog about it, and create some real damage towards someone’s reputation. If people search for the real tweets, you could easily say they’ve been deleted, and nobody can argue who’s right or wrong. Since most people don’t know about this tool, they would be more inclined on believing the person that’s creating a ruckus, than the poor person getting attacked. Not cool.

How do you prevent yourself, or your organization, from falling victim to faked tweets, texts, or any other type of fabricated messages?

This definitely falls under Crisis Management 101 – always check your sources! You simply can not rely on images from a third party. Go straight to the source, whether that means logging on to Twitter or actually picking up the phone and calling someone to verify that what you saw was indeed legit.

As we engage more and more in the digital space, human verification increases in value. Even as you rush to react, remember that a delay is less costly than a mistake. Take a step back, make sure things are as they seem, then proceed.

——————————-
For more resources, see the Free Management Library topic: Crisis Management
——————————-

[Jonathan Bernstein is president of Bernstein Crisis Management, Inc., an international crisis management consultancy, author of Manager’s Guide to Crisis Management and Keeping the Wolves at Bay – Media Training. Erik Bernstein is Social Media Manager for the firm, and also editor of its newsletter, Crisis Manager]

A focus group is a moderated group discussion that focuses on particular topics of interest. Moderators lead focus groups and usually follow a discussion guide of open-ended questions. Here are some tips for planning for focus groups in program evaluation, gleaned from my reading of Richard A. Krueger’s and Mary Anne Casey’s excellent book, Focus Groups: A Practical Guide for Applied Research, 4^th edition and supported by my own experience.

1. Read Krueger and Casey’s book, Focus Groups: A Practical Guide for Applied Research, 4^th edition.

This is well-written, comprehensive book filled with practical tips on planning, conducting, analyzing and reporting on focus groups. This blog post cannot serve as a substitute for reading this book. I hope it peaks your interest and inspires you to read the book.

2. Ask yourself whether focus groups are the best method for your evaluation

Create a mental or a drawn out figure listing the pros and cons of focus groups versus other methods such as written surveys or observations. Consider cost-effectiveness, the type of information that you are seeking and the actual resources available. Do you have in-house staff that are qualified to conduct focus groups or that are able to be trained to do so? Or can you afford a professional moderator?

3. Draft a written evaluation plan ahead of time

This is a very important step as it forces us to put our ideas down on paper, spell out steps, think ahead, and ensure that each step is justified. It also avoids last minute decisions that can affect the robustness of your evaluation. A concrete written evaluation plan can also be shared with colleagues and stakeholders to generate valuable feedback.

4. Decide on types of participants to be included in the focus groups

Ask yourself and stakeholders these questions: Who will give you the information you are looking for? Talk to the gatekeepers of your communities and program stakeholders to best answer this question. For example, do you want a mix of patients and caregivers in the same group or are you able to differentiate the groups by patient and caregiver? Are the participants less likely to be candid if the groups are mixed? Present such questions to stakeholders and participants of your initial focus groups.

5. Get feedback on your focus group discussion guide

Start out by asking your stakeholders what questions should be asked during the focus groups. Getting feedback will also help to make sure that all your questions are clear and not likely to be misunderstood. This will help avoid other commonly made mistakes like cramming too many questions into the discussion guide. The discussion guide should make it easy for the group members to enter in and open up. Some strategies include using an ice-breaker question and going from general to detailed questions.

6. Plan to use other methods to corroborate findings

Findings from focus groups are best verified by other methods such as written surveys and observation. This helps address the concern that group participants may give answers that the moderator or others want to hear (social desirability bias). In non-profit settings, it may be hard to convene a focus group where no one knows each other. This might introduce some bias too, hence the need for other methods to verify your findings from the focus groups.

Strong policies are the only way to protect yourself from backlash over employee conduct

You’ve probably heard about the Adria Richards “public shaming” mess already, but for those haven’t here’s a recap.

At developer conference PyCon, well-known developer evangelist Adria Richards overheard a pair of male attendees from gaming company PlayHaven making what she took to be sexist jokes using terms like “dongles” and “forking.” In other words, not particularly appropriate, but certainly not out of character for a couple of male techies having what they thought to be a private conversation.

Instead of turning around and asking them to keep it clean, Ricards tweeted a photo of the pair, then proceeded to ask, on Twitter, for help dealing with the situation, as well as texting PyCon staff. Conference organizers confronted the two men, and, according to a post on PyCon’s own page, both expressed regret and apologized at that time.

Things get ugly

Richards blogged about the situation, drawing major ‘net attention, and then things got really ugly.

One of the male devs, a father of three, revealed that he had been fired as a result of the Twitter shaming, setting off a massive outcry. The social media accounts of all companies involved were absolutely swamped with incensed posters arguing both sides, and Richard’s employer, SendGrid, was even hit with a massive DDoS attack.

One picture, two jobs

Finally, SendGrid had enough, and decided to terminate Richards, effective immediately.

The right or wrong of the situation is still being hashed out in arguments across the web, and we’ll leave that for other pages. What we’re interested in is how organizations can avoid or reduce the potentially negative impact of employee actions.

Especially given the fluid nature of social media, norms are changing more rapidly than ever, and of course vary wildly depending on the social makeup of a group, location, and any number of other factors.

C.Y.A.

The only way to give yourself a leg to stand on when addressing personal behavior is to establish clear, firm and legally compliant policies. That way, should an employee cross the line you can’t be accused of having a knee-jerk reaction, caving to pressure, or doing anything other than following through on the policies they knew and chose to violate.

Don’t just slap a couple of pages in the new hire handbook and consider it set, either, we all know nobody’s reading anything in there except how many vacation days they get and what time they need to show up for work. Create your policies, back them up with education and regular re-training, and don’t forget to revisit them frequently to see if changes are called for.

Situations like this are only going to become more common as the ‘net blurs borders, both cultural and geographical. Make sure your butt is covered, prepare employee conduct policies today.

——————————-
For more resources, see the Free Management Library topic: Crisis Management
——————————-

[Jonathan Bernstein is president of Bernstein Crisis Management, Inc., an international crisis management consultancy, author of Manager’s Guide to Crisis Management and Keeping the Wolves at Bay – Media Training. Erik Bernstein is Social Media Manager for the firm, and also editor of its newsletter, Crisis Manager]

[Editor’s note: In this guest submission, Jason Snyder, VP of WordWrite Communications, explains why it’s critical for hospitals to invest in crisis communications and reputation management planning, especially in this period of healthcare reform.]

Hospitals, rife with risk, need a crisis communications plan

“As long as they spell my name right.”

There are plenty of naïve people whose view on getting publicity is that unsophisticated. Ask former Congressman Anthony Weiner, whose “Weinergate” Twitter photos destroyed his political career, whether he agrees. Weiner was likely spelled correctly thousands of times in media coverage of the infamously inappropriate picture he tweeted to a 21-year-old college student.

More savvy business leaders will tell you that in some cases, the best headline they’ve ever read is the one they didn’t read. In other words, an organization’s ability to effectively manage crisis situations before they become headlines is, or should be, a highly valued skill.

And there are few places where crises can take place more often than a hospital.

Consider these headlines, none of which the hospital’s CEO was likely happy about reading:

Baby Switched At Minneapolis Hospital, Breastfed By Wrong Mom

Report Looks at Hospital in Outbreak of Hepatitis

Parkland patient tells Dallas County officials hospital left medical tube in arm

HIPPA violations, lab errors and compliance violations happen regularly at hospitals. Even the country’s best hospitals make mistakes. It’s human nature. It’s inherent in the business. Whether such breaches are inexcusable or unforgivable is up for debate.

What is inexcusable, though, is knowing that these violations can and will happen yet being unprepared to handle them. Having a crisis plan in place that considers, among other things, which administrators to contact; how legal counsel gets involved; and how, if at all, patients are informed is the first step in managing what could become a public relations crisis if not properly managed. A significant portion of the crisis plan should be a detailed strategy for communications.

Many hospitals have long-time staffers who simply “know what to do” in these situations and therefore can manage through them. But what happens when those staffers quit or retire or they’re on vacation? What happens when middle management and front-line staff are left to take on an aggressive reporter whose satellite truck is parked in front of the emergency room entrance?

Hospital communications staff do a tremendous amount of work promoting their hospital through public relations and marketing communications. Communications departments are usually understaffed and pulled in dozens of directions. It’s no surprise, then, that taking the time to develop and memorize well conceived crisis communications plans and to train the appropriate staff in how to execute them can fall by the wayside.

As healthcare reform marches on, reimbursement is more closely linked to quality. Quality affects community benefit. Community benefit affects perception and reputation, and tax-exempt status is under fire. So an investment in crisis communications planning is not only smart, it’s vital. Working with a trusted partner to develop and practice the crisis plans will give communications staffers the time and peace of mind they need for their proactive work earning the kinds of headlines CEOs do want to read, not the ones that keep them up at night.

Jason Snyder is senior vice president of WordWrite Communications. He can be reached at 412-246-0340, ext. 26 or jason.snyder@wordwritepr.com

——————————-
For more resources, see the Free Management Library topic: Crisis Management
——————————-

Seems obvious: of course prior business experience is a big advantage when starting a social enterprise.

But now there’s evidence that this might not be correct. Research suggests that LESS experienced social entrepreneurs were MORE successful (in terms of revenue and social media network) compared to their MORE experienced colleagues. And the WORST performance came from social venture managers with BOTH entrepreneurial and nonprofit startup experience. Go figure.

Continue reading “Startup Experience: Does it Help?”

Don’t wait until you’re forced to do the right thing

Volkswagon is the latest organization to be pushed into action by an investigation from China’s state-run TV broadcaster, China Central Television.

While reports indicate that Chinese investigators have been looking into issues with gearboxes from several German automakers since around this time last year, VW announced a massive recall just days after a damning report aired on CCTV.

The following quote, from a Wall Street Journal article, has more details:

The recall follows allegations against Volkswagen by China’s national state-run television broadcaster, China Central Television. In a program held late Friday in honor of World Consumer Rights Day, CCTV accused Volkswagen of selling cars with substandard direct-shift gearbox systems, causing acceleration problems and car accidents for an unspecified number of consumers.

While it’s always a good thing when an organization recalls product in order to enhance consumer safety, it doesn’t look nearly so positive, reputation-wise, when its hand is forced by anyone, be it media, government, or consumers themselves.

If you want to avoid the reputation damage that inevitably comes along with widespread recalls and exposes like the one CCTV ran on VW, then do the right thing when you spot a problem.

Er, what’s that again?

It’s simple, fix it, BEFORE someone makes you! Would you want to drive a car that might suddenly fail? Of course not. So why would you expect consumers to be just fine with it?

We say this all the time because it really does apply that well to just about every aspect of crisis management – treat others the way you would like to be treated, and watch your reputation climb.

Of course, you can always choose to treat your stakeholders like they’re wallets with legs, but don’t complain when they walk their money elsewhere.

——————————-
For more resources, see the Free Management Library topic: Crisis Management
——————————-

[Jonathan Bernstein is president of Bernstein Crisis Management, Inc., an international crisis management consultancy, author of Manager’s Guide to Crisis Management and Keeping the Wolves at Bay – Media Training. Erik Bernstein is Social Media Manager for the firm, and also editor of its newsletter, Crisis Manager]

Issues with three more ships raise serious crisis management concerns

Just as Carnival escaped its position at the top of the news cycle following the drama surrounding the lengthy Triumph tow, another of its ships, Elation, reported steering issues and was escorted back to a nearby port by tugs.

At that point, Carnival execs had to be, for lack of a better term, freaking out. Unfortunately for them, that wasn’t the end of it. The Carnival Dream was also forced to return to port as a result of generator problems, and (yes, there’s more) just yesterday the Carnival Legend experienced technical issues affecting sailing speed, forcing a change in schedule that skips the planned last leg of its journey in order to head straight home.

What the heck is going on, Carnival??

After the debacle that was Triumph, we would have done a full audit of all fleet vessels from top to bottom in order to reassure not only ourselves, but our paying customers, that every step had been taken to prevent a similar crisis from happening again.

Well, either Carnival needs to hire new mechanics, or this simply wasn’t done. We do understand that sometimes bad things happen, regardless of the prevention effort put in, but systems on three different ships failing at nearly the same time is a bit too much to chalk up under coincidence.

It does appear the company has learned one thing from Triumph, it immediately arranged to fly passengers of Dream home from St. Maarten, where it was stalled at port and flew singer Jon Secada out to perform for stranded passengers in the meantime.

If Carnival was risking becoming synonymous with risky trips before, now that potential is off the charts. Just look at this sampling of comments from an LA Times article regarding the situation:

What Carnival sorely needs is an actual crisis management strategy. Not just “pay off the passengers and play ostrich ’til the story blows over,” but a comprehensive plan to not only ensure that ALL of its ships are actually seaworthy, but also to communicate to stakeholders, travelers and the media exactly how this has been ensured, and why they should give the cruise line another chance.

At this point Carnival itself is a sinking ship, and it’s going to take a lot more than buckets to bail the company out. Until company leadership commits to making things right, the embarrassment will continue.

——————————-
For more resources, see the Free Management Library topic: Crisis Management
——————————-

[Jonathan Bernstein is president of Bernstein Crisis Management, Inc., an international crisis management consultancy, author of Manager’s Guide to Crisis Management and Keeping the Wolves at Bay – Media Training. Erik Bernstein is Social Media Manager for the firm, and also editor of its newsletter, Crisis Manager]

Shady investigative practices land Harvard in need of crisis management

Digital privacy is certainly a hot-button topic these days, as Harvard administrators quickly found out after its search through archived emails of 16 resident deans not only without permission, but without any notification, raised a ruckus, creating a need for crisis management.

Harvard did issue a meandering, 800+ word statement, a mere 27 of which, by our count, had anything to do with apologizing, while the rest attempted, in a roundabout fashion, to explain the logic behind school administration’s decision.

Interviewed by Ragan.com’s Matt Wilson, BCM president Jonathan Bernstein offered up the following thoughts on the situation:

Jonathan Bernstein, of Bernstein Crisis Management, says Harvard’s apology statement only gets a score of three on a scale of 10.

“I suspect that Harvard’s PR staff were not consulted, or were ignored, before the administration engaged in the secret search,” he says.

Employers could conceivably have lots of legal, moral and ethical reasons to search employee emails, Bernstein says, but Harvard didn’t make much of an effort to communicate what it was doing.

Compounding the crisis is the fact that the affected deans were not informed of the search even after it was complete, instead having to hear the news from media outlets and peers.

When dealing with the muddy legal waters that surround all things digital, from email and text messages to Facebook and Twitter, it is absolutely critical to set a clear policy, and communicate that policy with those to whom it applies.

This entire situation was originally part of an investigation into the leak of confidential files, but by choosing to take a shady route themselves and hiding the email search, even from those whose personal files were being breached, Harvard administration is left with no moral high ground to stand on.

——————————-
For more resources, see the Free Management Library topic: Crisis Management
——————————-

[Jonathan Bernstein is president of Bernstein Crisis Management, Inc., an international crisis management consultancy, author of Manager’s Guide to Crisis Management and Keeping the Wolves at Bay – Media Training. Erik Bernstein is Social Media Manager for the firm, and also editor of its newsletter, Crisis Manager]

Reputation management is a cornerstone of business, regardless of how big you get

Google will pay a $7 million fine to settle a multistate investigation into a snoopy software program that enabled the Internet search leader to intercept emails, passwords and other sensitive information sent several years ago over unprotected wireless networks in neighborhoods across the world.

The agreement announced Tuesday covers 38 states and the District of Columbia, part of the area where households and local merchants unwittingly had some of their communications on Wi-Fi networks snatched by Google Inc. from early 2008 until the spring 0f 2010.

This quote, from an AP News article by Michael Liedtke, hosted on, ironically, Google News, is yet another in a string of rulings against Google for bold, widespread invasions of privacy.

We’ll leave the legal particulars to the judges and lawyers, what we’re interested in is the effect these findings are having on Google’s reputation. Already, the label of “serial privacy violator” is being used by critics, just take a look at this quote from the same AP article:

The penalty won’t be enough to prevent Google from continuing to be a “serial privacy violator,” according to John Simpson, privacy project director for Consumer Watchdog, a frequent critic of the company. “It’s clear the Internet giant sees fines like this as just the cost of doing business and not a very big cost at that.”

Is Google choosing the same path that many pharmaceutical companies seem to be taking, i.e. factoring fines into the cost of doing business, and reputation be damned?

If so, it’s certainly a risky strategy. It is true that when you dominate your market to the degree that Google does you gain a certain amount of wiggle room in terms of reputation, basically because no one mistake is going to create enough of a dip in users, customers, etc. to knock you off of your pedestal.

So what’s the big deal?

The danger for organizations like Google, Apple, Microsoft, and their ilk is in the slow buildup of negatives. At some point, especially in a society that is increasingly conscious of the practices and philosophies of the organizations they give their money to, unchecked negative sentiment will reach a level where it spills over and creates a crippling enough loss of reputation that a competitor is able to step in and take the lead.

The takeaway here? Even if you’re on top and the competition’s so far behind it’s not even in the rear-view mirror, your reputation counts. It almost brings to mind the image of a modern tortoise and the hare. The hare, knowing it’s a dominant leader, stops putting in the daily care and effort that’s required to stay on top. Meanwhile, the tortoise is creeping along, throwing its every effort behind building its reputation and waiting for that golden opportunity.

Google is certainly looking like the hare in this situation, and the tech world is no stranger to sudden upheavals of opinion that results in the replacement of a formerly dominant force.

Your reputation is, without a doubt, your most valuable asset. Protect it.

——————————-
For more resources, see the Free Management Library topic: Crisis Management
——————————-

[Jonathan Bernstein is president of Bernstein Crisis Management, Inc., an international crisis management consultancy, author of Manager’s Guide to Crisis Management and Keeping the Wolves at Bay – Media Training. Erik Bernstein is Social Media Manager for the firm, and also editor of its newsletter, Crisis Manager]