September 17, 2018

Reputation Management: How to prepare for and respond to a cyber attack


In the era of Russian bots, “fake news” and an open Internet, anyone can choose to say anything about your CEO or your brand, whether true or not.

Even worse, they can penetrate your networks and publicly share embarrassing information and proprietary secrets.

What’s a marketer to do? Read on for eight tactics from five experts to help you navigate your brand through these murky waters.

by Daniel Burstein, Senior Director, Content & Marketing, MarketingSherpa and MECLABS Institute

Any press is good press, or so the old saying goes. While I doubt that was ever true, deftly handling negative stories about your brand is ever more important in the age of Google.

Because there is only one top rank on a SERP (search engine results page) and only about two to six results above the fold (depending on what device and screen size is being used), search engine results are a zero-sum game with negative messages potentially crowding out your brand.

Beyond search, social media and email can quickly and cheaply magnify any negative messages attacking your CEO or brand.

To make matters worse, much of that bad “press” isn’t coming from career journalists with professional editors. So there is no fact checking, no sourcing, no one to demand a correction from. Anyone can say anything about your CEO or brand online.

This recently happened to MECLABS Institute, the parent research organization of MarketingSherpa. A group believed to be led by a convicted felon attacked MECLABS Institute as well as the credibility of Flint McGlaughlin, the CEO and Managing Director of MECLABS, by launching a website, social media accounts, changing a Wikipedia entry, and sending emails to employees and partners.

While the perpetrators’ website was quickly shut down by the hosting company, not all third-party websites were as cooperative. “Even though it’s completely fallacious, we must get a court injunction to get this defamatory information removed,” McGlaughlin said.

It could have been worse, because the perpetrators sent spoofed emails to MECLABS HR and Accounting departments impersonating McGlaughlin and asking for sensitive financial information.

But the big challenge to the marketer is the damage it can do to your brand.

“Trust is the fundamental underpinning of all economic transactions,” McGlaughlin said. “It is the marketer’s job to preserve that trust, and along with it, the viability of the business. If your brand is falsely maligned in the public square, be prepared to vigorously defend it.”

MECLABS isn’t alone of course. From Sony Pictures to the Democratic National Committee (DNC), many organizations have been subject to brand-damaging cyberattacks. These attacks can take many forms, including:

  • The posting and/or organized communication of false and defamatory information about the CEO and business by a disgruntled employee or former employee, partner, customer or other individual or group. This could include emailing this information to key clients or partners, posting false reviews, sharing on social media or creating a website with false and misleading information
  • Stealing company information such as internal email communication or financial records with the goal of blackmailing, publicly embarrassing or sharing proprietary information
  • Stealing consumer information from a company to breach customer accounts to steal money or collect information that is later sold to other criminals

To help you prepare, here are eight tactics to help defend against and manage an attack on your brand.

Tactic #1: Make sure the marketing department is involved before an attack ever happens

When a person or company is attacked, it’s a natural tendency to circle the wagons and limit interactions and advice to essential personnel. So unless the marketing department already has a close relationship with the CEO, it could get left out of essential conversations.

The best way to avoid that is to take the lead and proactively set up a crisis response team that involves your marketing department.

“When developing a crisis preparedness plan for a cyber-attack it is critical that marketers have a seat at the table, or inside the Security Operations Center, before, during and after an attack,” advised Ronn Torossian, CEO and Founder, 5WPR.

Tactic #2: Have a plan before an attack happens

Once it is clear that Marketing is involved, work with key stakeholders to craft a crisis preparedness plan.

“While you can’t predict exactly what a crisis might look like for your company, you should think of hypothetical scenarios and work with a professional to help you get a plan of action in place,” said Lacy Jansson, Director of PR & Marketing Communications, Status Labs.

A few key elements include:

  • Who is on the internal task force and what their roles are (e.g., communications, tech, legal, etc.)
  • Factual statements highlighting the best practice security protocols the company has employed
  • An organized contact list (press, key partners, key customers, pre-vetted crisis experts you will call in for help, etc.)
  • Who is allowed to comment on behalf of the brand publicly

It may even be appropriate to set up an unpublished dark site that you can quickly launch if necessary.

“Dark sites are vital as a controlled resource that serves to communicate facts and controlled messaging to your company’s affected stakeholders — i.e., customers or employees impacted by the cyber attack or even the general public looking for answers. The content should aim to rebuild trust, provide answers and updates and act as a go-to resource for visitors,” Jansson advised.

Tactic #3: Educate employees

The best way to win a battle is not to have to fight it.

If you’re a marketer, most of your role probably revolves around externally communicating your brand and hitting specific daily metrics like leads or sales.

But the more your internal employees are aware of cyber-security practices, the more likely your company will be able to protect information that, if released to the public, could damage your brand. After all, the brand-damaging DNC leak originated from a single email spoofed to look like it came from Google sent to an employee of the Democratic Congressional Campaign Committee by Russian government hackers. A simple email and click led to a major cyber attack.

So use your communication skills and partner with your company’s IT department to enable employees to protect brand secrets.

“Even with detection systems in place, it is still possible for spoofed emails to hit your inbox. It’s also important to educate your workforce on how to spot fake email addresses. The biggest risk from a PR perspective is that documents or sensitive information could be leaked via these spoofed email correspondences. Tightening up your protocols will help you stay in control of your company’s information,” advised Jasmyn Jarnigan, Chief of Staff, 5W Public Relations. 

Tactic #4: Be engaged with and responsive to your community

A crisis shouldn’t be the first time customers, employees, partners and the press hear from your brand. Be engaged in their communities. Be responsive through customer service emails. Continually monitor and respond to reviews. Listen for conversations about your brand on social media and respond.

“Ensuring accuracy of listings on pages like Google My Business, Yelp and Facebook is critical to eliminating the risk of those channels — the ones that frequently top the results pages of search engines — being claimed or overrun by individuals outside your organization posting false or undesirable content,” said Collin Holmes, CEO, Chatmeter.

“Most crises explode when local reputations aren’t being managed holistically from the top down, which is why I was surprised to see social media missing from a recent Deloitte study exploring how organizations prepare for a brand crisis,” added Monica Ho, CMO, SOCi.

Ho continued, “Crises happening online today can escalate into major brand issues — think about what happened to Taco Bell in 2013 when an employee posted a photo on Facebook of him licking a stack of taco shells in store — so it’s critical marketers identify and take control of their brand’s social properties across platforms. And I don’t mean just social sites like Facebook and Twitter, but also Google My Business and Yelp and TripAdvisor.”

Besides helping in a cyber attack, this increased level of engagement with your brand’s communities is simply a good marketing and business practice.

Tactic #5: Be transparent and proactive when an attack happens

A cyber attack can be embarrassing. Who wants to admit they are vulnerable?

In addition, the information being released in a cyber attack — whether defamatory statements or actual stolen information — can be embarrassing as well.

But now is not the time to hide or avoid the topic. Get ahead of the news and control the conversation, being clear about what happened, how it happened and how your company is responding. Understand what your previously identified key audiences need to know and who they should hear it from.

“A cyber security communications strategy relies on transparency and taking ownership of the situation,” recommended Torossian. “All statements should be concise and focus on the facts.”

Here is Jansson’s advice for handling three key constituencies:

  • Current customers and prospects — Help to rebuild trust! Where did the company fail? What are they doing to make sure this doesn’t happen again? Speak directly to consumers and potential customers and ease their worries so they understand what the next steps are to ensure their information is safe. Explain how and why this won’t happen again.
  • Employees, partners, vendors and the like — Be transparent, and open up about the actions the company is taking to ensure the same mistakes are not made. Revisit your company’s values and reiterate those as necessary. Don’t be afraid to announce additional values if you need to make a vow to your employees.
  • The press and the general public — If you don’t have all the answers yet, let the public know you are actively working to get answers. Being overly communicative with updates is respected in crisis scenarios.

Tactic #6: Minimize the impact to the brand

Work with the technical leads on your task force to determine where the attack is coming from.

If false and defamatory statements are being made about your CEO or brand, work with your legal team to send cease-and-desist letters to the people behind the attack. If they are publishing these statements on a website, you can also work with your legal team to contact the hosting company and get the website taken down.

If there is a data breach, blackmail, fraud or other illegal activity has occurred, your legal team can also get law enforcement involved.

And don’t forget the importance of search. “Utilize SEO (search engine optimization) and ORM (online reputation management) techniques to ensure the messaging from the company in crisis is easily found and accessible online. You need to tell your story of the crisis, not someone else,” Jansson said.

“Because online listing content such as Google Q&A’s is formulated through keywords found within online reviews, marketers run the risk of having a negative or fraudulent review become the source of an auto-generated question that appears at the top of search engines. To avoid this, marketers must take the time to verify that all of their business’ locations have up-to-date listings on all channels, so that they keep the control over the content that appears in search results,” Holmes said.

Tactic #7: Minimize the impact to outsiders

An attack may negatively affect more than just the CEO or brand. “Once the full extent of the damage is known, provide those affected with either financial or technical support to minimize the impact,” Torossian advised.

In that way, an attack also provides an opportunity to show your customers why they should continue to trust your brand.

Tactic #8: Differentiate between a true attack and simple negative information

Not all negative information you can’t control is an attack on your company. A perfect example is reviews.

“Don’t disable your review pages or delete accounts — 80% of people trust online reviews as much as a personal recommendation, making them a revenue-generating piece of your business,” Ho said. “If your page has been spammed with fake negative reviews, there are several steps you can take. Yes, this may seem like a daunting process, but experts continue to recommend taking the high-road.”

Ho recommends that you:

  • Respond at your discretion. Every situation is different. While it’s best practice to respond to all reviews, there are instances where it’s more beneficial not to.
  • Flag or report, especially if hit with multiple reviews. While this process may take a while, it’s worth a shot. Reviews involving explicit profanity or threats are usually taken down as soon as they’re reported. But with spam, there isn’t really a timeline. It’s perfectly okay to flag a review every few days.
  • Reach out to the social network’s Support team. If you take this route, make sure to build your case against these reviews and include details (screenshots, images, links, etc.) supporting that the review violates their policies.

Proactively managing a fake review storm is important because those fake reviews can have a significant impact on business. “40% of consumers form an opinion on a business after reading just one, two or three reviews, and 86% of consumers hesitate to purchase from a business that has negative reviews,” Ho said.

Setting the record straight

Ultimately, brand perception is up to the customer. It is something you can shape and steward but can never fully control.

When negative true information gets out about your company, that is an opportunity to work internally to fix whatever problems this information uncovers.

But when negative false information is communicated or when internal company information is stolen and used against the company, the CEO, employees or customers, it’s important to set the record straight.

“It is imperative that all audiences see that the company has the cyber attack under control and is actively responding to all concerned parties. The messaging should provide a transparent, up-to-date account of how the company is handling the issue today and what the plans are going forward,” Jansson said.

Related Resources

Email Marketing: Why phishing emails (unfortunately) work … and what marketers can learn from them

Reputation Marketing: 7 tactics to manage and protect your brand

Crisis Communications: Preparing for a cyber attack (via Ronn Torossian)

Crisis Communication: The first 48 hours of 9/11 from inside American Airlines headquarters

Improve Your Marketing

Join our thousands of weekly case study readers.

Enter your email below to receive MarketingSherpa news, updates, and promotions:

Note: Already a subscriber? Want to add a subscription?
Click Here to Manage Subscriptions