As we have seen in the past few weeks even some of the world’s most technically sophisticated companies and institutions are not immune to security failures. When these failures occur one of the first places they surface is in social media.
With the rise in ‘hacktivism’ we are now seeing security breaches either of social channels as with the recent hacking of US Central Command’s YouTube and Twitter feeds. These kinds of concerns are increasingly involving more than just the IT department as they become a communications issue as well.
There’s nothing new about crisis management, but with the advent of social media, crises now have the potential to grow faster, organically and outside the spheres of traditional influence. It is no longer a process of simply coercing a broadsheet editor into not publishing.
Vigilant citizen activists or journalists can take what is regarded internally as an arcane and uninteresting security flaw and bring it to the attention of media and consumers. A simple test might be ‘would this freak you out if it affected you, your spouse or child?’.
So this year, let’s all pledge to abide by the four R’s and make sure we don’t find ourselves on the social back foot in the instance of a security breach. Namely Ready, Radar, Respond and Recover.
To get yourself Ready, you will need to take stock of what can go wrong, what you can do about it, who is going to be responsible for doing those things and how they are going to do them. Take a look around your industry for inspiration. It’s more than likely that they are going to fall into two main areas: someone does something to you (Hacktivism) or you fail internally in some way (foolishness leading to lack of systems and process). Typical examples we have seen recently include:
-Social communications channels are compromised
-Customer data is compromised by hack or internal failure
-Sensitive (customer) data is lost / left on a train
-A company does something that compromises it’s customers’, suppliers’ and staffs’ security.
And don’t try to tell me that you couldn’t be tripped up in at least one of these areas. Be honest and think about the areas of your organisation that are most vulnerable and liable to be a cause of breach either internally or externally.
Now you’re ready to set up your Radar. Based on your worst and most likely security PR nightmares set up a series of corresponding Google alerts (you’ve already got them set up to see when your competition is mentioned anyway, haven’t you?).
Beyond Google alerts it also makes sense to do some more proactive listening to what’s being said on social media. There are plenty of adequate free tools to get you up and running before you commit to paying for a professional tool. The team from the Brandwatch, a paid-for listening platform based in the UK, have a handy list here.
With your Radar in place you now need to think through how you are going to Respond. Work your way through a scenario; a damning tweet exposing a security breach comes to your attention, how are you going to evaluate it?
– How accurate is it?
– How bad is the breach: from the point of view of those affected, the public and finally yours?
– How influential is the person making it? (Something like Klout score is a quick shorthand for establishing this) and establish how much influence they are going to have in spreading it. You MUST respond to this – but their level of influence will tell you if you need to engage with them immediately or if you have some breathing space to get remedies in place.
– Where is it being talked about: use platform specific search tools to see if it is being mentioned on other platforms (if it’s a video, please DON’T start watching it and sharing the link internally; all you are doing is increasing its SEO on YouTube! Download it and share the downloaded file and ask others NOT to go and view the video, your views will only increase its visibility.
– If you decide that you are going to respond, what assets are needed to make that response in the right channels; video, info-graphics and interviews can all form a part of your response repertoire.
– If an issue goes to mainstream media this will drive people to search for information around the issue. At this point you may well want to consider buying ads across social channels and in search to ensure that your point of view stands a chance of being heard.
– And finally you will need to measure the effect of the negative commentary and of your response to it; are there more comments online supporting your point of view or the opposition? Which of your efforts seem to be driving the most positive sentiment, how can you amplify and build on these?
The final stage thankfully is Recovery. If you are fortunate enough not to have suffered a wholesale compromise of your systems, you can now begin to scrape your dignity off the social media floor and start rebuilding. Once you have taken stock of the situation, you need to build into your ongoing content distribution plans any messages that the incident that are needed, and highlight the changes you have made that reinforce your position. Finally be sure to share learnings and reports across your organisation; what happens in one department or market can easily occur in another, so don’t let your experience go to waste; share that pain!