Via: Posted by Dallas Lawrence, 2/2/2012, at mashable.com

Dallas Lawrence is the chief global digital strategist forBurson-Marsteller, one of the world’s leading public relations and communications firms. He is a Mashable contributor on emerging media trends, online reputation management and digital issue advocacy. You can connect with him on Twitter@dallaslawrence.

If an individual or activist group broke into an organization’s office, raided confidential materials and then burned the building to the ground, local, state and federal officials would have swarmed the crime scene in an all out effort to bring the perpetrators to justice for an act of terrorism. Meanwhile, savvy online audiences and members of the media almost dismissively refer to the online versions of these raiders as “hacktivists,” conjuring up images of harmless school kids having fun pushing the boundaries of online security.

As we saw this morning with the Susan G. Komen Foundation website hack -– and again as “Anonymous Brazil” signaled they had successfully “taken down” the website of Brazil’s largest state bank — these groups are anything but harmless. One study from 2011 identified the average financial impact of these types of breaches to be just north of $7 million per incident.

SEE ALSO: 6 Tips for Handling Breaking Crises on Twitter

Whether you are a respected non-profit with a decades-long track record, or a state-owned financial institution in Latin America, organizations must diligently prepare for inevitable online intrusions and the challenging communications demands that result. There are four key considerations for organizations seeking to retain credibility and confidence as trusted stewards of information before and after a breach.

1. Think Ahead and Anticipate

The best offense is often the best defense — and this is certainly true in the online security game. Every organization involved in any form of data (online contributions, email petitions, online sales, social gaming, employee data, etc) is vulnerable to attack. Smart organizations are using their pre-hack peacetime wisely to invest in a forensics security assessment and to address identified weaknesses. In addition to the technical diligence, organizations must ensure their corporate communications, IT and legal teams understand who will be responsible for managing breaches and have a well planned rapid response crisis program in place.

2. Say Something

In the immediate aftermath of an attack, the lack of information can cause severe organizational paralysis. This paralysis hampers communications efforts, ultimately allowing external forces to shape the lens through which a response is viewed.

Identifying immediately what you know for certain and what you don’t know is critical. For example, organizations need to be prepared to address questions and concerns about the security of the system. Even though an activist may hijack a site to make a political point, it highlights a deeper potential for vulnerability that must be addressed.

Importantly, saying something does not mean saying everything. The rush to respond can have equally devastating consequences for the ill-informed and unprepared. Communicating what you know for certain and what you are doing to investigate — and even what you are still trying to determine — demonstrates responsiveness and transparency to stakeholders that rightly feel equally violated by the breach. Creating a direct response channel for those exposed — via an online registration system or a 24/7 call center — is another important sign of responsiveness. Total silence creates a vacuum of frustration that antagonists are only too happy to fill.

3. Know the Law

Every single state in the Union has separate reporting rules and regulations for what constitutes personally identifiable information (PII). These rules also govern when organizations that have been the victim of a breach must notify the public. Attempting to unravel this multi-state patchwork for the first time with your stakeholders, the media and law enforcement officials all demanding answers can be crippling.

Ensure that your team understands the regulations in each state — and country — you operate in, and make sure your compliance team is fully integrated with your communications team. Often, you will not be the arbiter of when to go public with news of your breach. The worst thing an organization can do from a reputational standpoint is to allow the narrative to shift from being the victim of an attack to the villain who failed to notify and protect those individuals whose data may have been compromised.

4. Remember, You’re Not Alone

In almost every case of online breaches, the “victims” number in the thousands — if not millions. It is not just the organization that has been violated, it is every employee whose social security number may have been exposed, every charitable donor who supported a cause, every business partner that shared data and every consumer who purchased a product. Keep these important groups informed and at the forefront of your communications efforts. They can be powerful advocates. Engaging quickly with local and federal law enforcement officials shows transparency and responsiveness — don’t be afraid to tell that story of cooperation.

In 2012, data will continue to emerge as the new form of global currency, and hacking will continue its evolution as the new face of popular protest. The fundamental reality for every business or organization is that everyone is now in the business of data — and its protection.

Image courtesy of iStockphoto, tomhoryn

Written by Cormac Reynolds

Monday, 24 October 2011 12:58

We’re all familiar with the PR disasters from large companies in the past. Those PR who think it’s a good idea to tweet after a natural disaster about how low their prices are, or the odd irate Facebook message from a company executive, or even an email for personal use sent to an entire company. So, what do you do if you make a mess up with your social media marketing?

Five sorts of Disaster

There are generally five sorts of such PR disasters; the inappropriate opinion, the insensitive statement, the early release, the false reward and the hack.

The best way to deal with any of these is just like with any mistake in life. Be fast with dealing with it, be honest and try not to take yourself too seriously. The speed of the web means an hour or two can be an eternity, so deal with it as rapidly as it was written. Always come clean and admit you were wrong. Pandering can lead to more irritation for people and time wasted. Listen to your social media audience, be humble and give them the resolution they want and deserve. 

If you have suffered a disaster the best way to begin to recover is slowly. When it does happen, lean back on people who will give a positive slant on your brand or about your company. This is a case of preparation and you will be grateful to have built up brand ambassadors when something such as a PR slip comes about.

Take the Edge Off

Turning a Tweet around and taking the edge off it and preventing a PR disaster is all about disarming it. One of the best ways to do this is to take a deep breath have a quick and calm think and then use humour to try and clear things.

One example of this was this Red Cross Tweet “Ryan found two more 4 bottle packs of Dogfish Head’s Midas touch beer…. when we drink we do it right #gettngslizzerd”. This could have caused panic, however the follow up disarmed it through humour, the next tweet was, ‘ the Red Cross is sober and we’ve confiscated the keys.’

The Red Cross even managed to turn this into an opportunity by after Dogfish Head jumped on the hashtag, fans were asked b the Red Cross to donate under a link on the ‘#gettngslizzerd’ hash tag.

Listen to the Audience

This is a fine example of not taking yourself too seriously, listening to your audience and using humour to get the best from a bad situation. 

Clearly, there are far more serious disasters, such as Chevrolet, Tweeting that no one in its hometown of Detroit could drive. Another hard to deal with one we’re the Sony batteries, which burst into flames on numerous laptops and caused a recall of 4.1m machines. And, who could forget Toyota’s recall due to sticking accelerator pedals last year – no amount of humour can help. However, for the errand Tweet, the above can really make a difference. 

Here is a fine humorous example of how Sprint responded to a customer @merio who was not very pleased with their services.

\