In the era of Russian bots, “fake news” and an open Internet, anyone can choose to say anything about your CEO or your brand, whether true or not.
Even worse, they can penetrate your networks and publicly share embarrassing information and proprietary secrets.
What’s a marketer to do? Read on for eight tactics from five experts to help you navigate your brand through these murky waters.
Any press is good press, or so the old saying goes. While I doubt that was ever true, deftly handling negative stories about your brand is ever more important in the age of Google.
Because there is only one top rank on a SERP (search engine results page) and only about two to six results above the fold (depending on what device and screen size is being used), search engine results are a zero-sum game with negative messages potentially crowding out your brand.
Beyond search, social media and email can quickly and cheaply magnify any negative messages attacking your CEO or brand.
To make matters worse, much of that bad “press” isn’t coming from career journalists with professional editors. So there is no fact checking, no sourcing, no one to demand a correction from. Anyone can say anything about your CEO or brand online.
This recently happened to MECLABS Institute, the parent research organization of MarketingSherpa. A group believed to be led by a convicted felon attacked MECLABS Institute as well as the credibility of Flint McGlaughlin, the CEO and Managing Director of MECLABS, by launching a website, social media accounts, changing a Wikipedia entry, and sending emails to employees and partners.
While the perpetrators’ website was quickly shut down by the hosting company, not all third-party websites were as cooperative. “Even though it’s completely fallacious, we must get a court injunction to get this defamatory information removed,” McGlaughlin said.
It could have been worse, because the perpetrators sent spoofed emails to MECLABS HR and Accounting departments impersonating McGlaughlin and asking for sensitive financial information.
But the big challenge to the marketer is the damage it can do to your brand.
“Trust is the fundamental underpinning of all economic transactions,” McGlaughlin said. “It is the marketer’s job to preserve that trust, and along with it, the viability of the business. If your brand is falsely maligned in the public square, be prepared to vigorously defend it.”
MECLABS isn’t alone of course. From Sony Pictures to the Democratic National Committee (DNC), many organizations have been subject to brand-damaging cyberattacks. These attacks can take many forms, including:
To help you prepare, here are eight tactics to help defend against and manage an attack on your brand.
Tactic #1: Make sure the marketing department is involved before an attack ever happens
When a person or company is attacked, it’s a natural tendency to circle the wagons and limit interactions and advice to essential personnel. So unless the marketing department already has a close relationship with the CEO, it could get left out of essential conversations.
The best way to avoid that is to take the lead and proactively set up a crisis response team that involves your marketing department.
“When developing a crisis preparedness plan for a cyber-attack it is critical that marketers have a seat at the table, or inside the Security Operations Center, before, during and after an attack,” advised Ronn Torossian, CEO and Founder, 5WPR.
Tactic #2: Have a plan before an attack happens
Once it is clear that Marketing is involved, work with key stakeholders to craft a crisis preparedness plan.
“While you can’t predict exactly what a crisis might look like for your company, you should think of hypothetical scenarios and work with a professional to help you get a plan of action in place,” said Lacy Jansson, Director of PR & Marketing Communications, Status Labs.
A few key elements include:
It may even be appropriate to set up an unpublished dark site that you can quickly launch if necessary.
“Dark sites are vital as a controlled resource that serves to communicate facts and controlled messaging to your company’s affected stakeholders — i.e., customers or employees impacted by the cyber attack or even the general public looking for answers. The content should aim to rebuild trust, provide answers and updates and act as a go-to resource for visitors,” Jansson advised.
Tactic #3: Educate employees
The best way to win a battle is not to have to fight it.
If you’re a marketer, most of your role probably revolves around externally communicating your brand and hitting specific daily metrics like leads or sales.
But the more your internal employees are aware of cyber-security practices, the more likely your company will be able to protect information that, if released to the public, could damage your brand. After all, the brand-damaging DNC leak originated from a single email spoofed to look like it came from Google sent to an employee of the Democratic Congressional Campaign Committee by Russian government hackers. A simple email and click led to a major cyber attack.
So use your communication skills and partner with your company’s IT department to enable employees to protect brand secrets.
“Even with detection systems in place, it is still possible for spoofed emails to hit your inbox. It’s also important to educate your workforce on how to spot fake email addresses. The biggest risk from a PR perspective is that documents or sensitive information could be leaked via these spoofed email correspondences. Tightening up your protocols will help you stay in control of your company’s information,” advised Jasmyn Jarnigan, Chief of Staff, 5W Public Relations.
Tactic #4: Be engaged with and responsive to your community
A crisis shouldn’t be the first time customers, employees, partners and the press hear from your brand. Be engaged in their communities. Be responsive through customer service emails. Continually monitor and respond to reviews. Listen for conversations about your brand on social media and respond.
“Ensuring accuracy of listings on pages like Google My Business, Yelp and Facebook is critical to eliminating the risk of those channels — the ones that frequently top the results pages of search engines — being claimed or overrun by individuals outside your organization posting false or undesirable content,” said Collin Holmes, CEO, Chatmeter.
“Most crises explode when local reputations aren’t being managed holistically from the top down, which is why I was surprised to see social media missing from a recent Deloitte study exploring how organizations prepare for a brand crisis,” added Monica Ho, CMO, SOCi.
Ho continued, “Crises happening online today can escalate into major brand issues — think about what happened to Taco Bell in 2013 when an employee posted a photo on Facebook of him licking a stack of taco shells in store — so it’s critical marketers identify and take control of their brand’s social properties across platforms. And I don’t mean just social sites like Facebook and Twitter, but also Google My Business and Yelp and TripAdvisor.”
Besides helping in a cyber attack, this increased level of engagement with your brand’s communities is simply a good marketing and business practice.
Tactic #5: Be transparent and proactive when an attack happens
A cyber attack can be embarrassing. Who wants to admit they are vulnerable?
In addition, the information being released in a cyber attack — whether defamatory statements or actual stolen information — can be embarrassing as well.
But now is not the time to hide or avoid the topic. Get ahead of the news and control the conversation, being clear about what happened, how it happened and how your company is responding. Understand what your previously identified key audiences need to know and who they should hear it from.
“A cyber security communications strategy relies on transparency and taking ownership of the situation,” recommended Torossian. “All statements should be concise and focus on the facts.”
Here is Jansson’s advice for handling three key constituencies:
Tactic #6: Minimize the impact to the brand
Work with the technical leads on your task force to determine where the attack is coming from.
If false and defamatory statements are being made about your CEO or brand, work with your legal team to send cease-and-desist letters to the people behind the attack. If they are publishing these statements on a website, you can also work with your legal team to contact the hosting company and get the website taken down.
If there is a data breach, blackmail, fraud or other illegal activity has occurred, your legal team can also get law enforcement involved.
And don’t forget the importance of search. “Utilize SEO (search engine optimization) and ORM (online reputation management) techniques to ensure the messaging from the company in crisis is easily found and accessible online. You need to tell your story of the crisis, not someone else,” Jansson said.
“Because online listing content such as Google Q&A’s is formulated through keywords found within online reviews, marketers run the risk of having a negative or fraudulent review become the source of an auto-generated question that appears at the top of search engines. To avoid this, marketers must take the time to verify that all of their business’ locations have up-to-date listings on all channels, so that they keep the control over the content that appears in search results,” Holmes said.
Tactic #7: Minimize the impact to outsiders
An attack may negatively affect more than just the CEO or brand. “Once the full extent of the damage is known, provide those affected with either financial or technical support to minimize the impact,” Torossian advised.
In that way, an attack also provides an opportunity to show your customers why they should continue to trust your brand.
Tactic #8: Differentiate between a true attack and simple negative information
Not all negative information you can’t control is an attack on your company. A perfect example is reviews.
“Don’t disable your review pages or delete accounts — 80% of people trust online reviews as much as a personal recommendation, making them a revenue-generating piece of your business,” Ho said. “If your page has been spammed with fake negative reviews, there are several steps you can take. Yes, this may seem like a daunting process, but experts continue to recommend taking the high-road.”
Ho recommends that you:
Proactively managing a fake review storm is important because those fake reviews can have a significant impact on business. “40% of consumers form an opinion on a business after reading just one, two or three reviews, and 86% of consumers hesitate to purchase from a business that has negative reviews,” Ho said.
Setting the record straight
Ultimately, brand perception is up to the customer. It is something you can shape and steward but can never fully control.
When negative true information gets out about your company, that is an opportunity to work internally to fix whatever problems this information uncovers.
But when negative false information is communicated or when internal company information is stolen and used against the company, the CEO, employees or customers, it’s important to set the record straight.
“It is imperative that all audiences see that the company has the cyber attack under control and is actively responding to all concerned parties. The messaging should provide a transparent, up-to-date account of how the company is handling the issue today and what the plans are going forward,” Jansson said.
Crisis Communications: Preparing for a cyber attack (via Ronn Torossian)
Increase Mobile Conversion Rates
These five free micro classes (each under 12 minutes) apply 25 years of research to help you maximize the impact of your messages in a mobile environment.Get the Course >
Test Discovery Tool
Show business leaders all the results of your testing efforts with this free tool.Get the Tool >
A Model of Your Customer's Mind
These 21 tools and concepts have helped capture more than $500 million in test wins.Download the File >
Research-based Lead Generation Swipe File
22 valid marketing experiments to give you ideas for your next A/B test.Download the File >
Free A/B Test Planning Scenario Tool
This simple tool helps you visualize factors that affect the ROI implications of test sequencing.Get the Tool >
Receive the latest case studies and data on email, lead gen, and social media along with MarketingSherpa updates and promotions.