Ah, another day, another marketing misstep in the unfortunate context of a crisis communications. Actually, “misstep” for many companies in the age of social communications is far too lighthearted a term to use. Consider the news headlines devoted to the Sony data breach of 100 million user records.
This seemingly never-ending saga is yet another reminder that in today’s networked world, there is an increased demand for open, honest, rapid, and ongoing communication. Failure to do so will result in lost brand equity and customers.
A crisis can serve as a stage to either show the world that your company is either unorganized and uncaring, or responsible and human, as noted from the still considered best practice playbook of effective crisis communication, Johnson & Johnson’s handling of the Tylenol poisoning of 1982. Clearly, Sony should have taken a page from their playbook.
In this day and age, the chances are pretty good that your company will need some form of crisis communication, particularly in the areas of information security and data loss. Information is now the new currency of the 21st century. Your data in its entirety—from intellectual property, to customer databases, patient records, and even facility blue prints—are extremely valuable. In many cases (think banking, health care, aerospace, etc.) data protection is tied inextricably to your brand equity. Securing that data is obviously critical on many fronts. Today, a severe data loss could be a going-out-of-business event for many companies.
In this regard, your marketing and communications teams play two important roles.
First, know that the Marketing department often serves as the Achilles heel of information security. With the increasing advent of cloud-based marketing automation, your customer data is now sent to third-party companies who may not be as security conscious as you. Note the recent breaches suffered by major brands due to their marketing vendors’ security missteps. Also, be aware that your Marketing department often handles some of the most sensitive documents in your company—from RFPs to blueprints and, of course, your customer and prospect database. Conversely, the Marketing team is often the least likely to be trained in any form of IT security preparedness or processes.
Second, it’s important to note that in the event of a major data loss (especially if you are a larger organization), there will be powerful interests at play that could harm your company more than the breach itself. In a data breach, legal and corporate communications teams will often be at odds with each other. Legal seeks to stop all communications and reduce liability while communications teams end to get overly aggressive and spin all communications in the most positive light they can. These different points of view often cause delay, confusion, and often contrite, invaluable messaging at the worst possible time. Case in point: Sony waited a full six days before alerting PlayStation users of the data breach, which infuriated not only customers, but legislators as well.
When managing a data breach crisis, here are some general guidelines that may help:
1. Expect to have a crisis event.
2. Have a predefined crisis communication plan in place.
3. Acknowledge the problem immediately.
4. Become the news breaker.
5. Leverage social media.
6. Be accountable.
7. Make it right.
Given the fact that Sony is a multibillion dollar corporation, I’d venture a bold guess that it actually had a crisis communication plan stored away, collecting virtual dust on a server somewhere. And I’m certain that remaining silent was not part of it.
Don’t just have a plan, but make sure your team knows the plan and is able to implement it when necessary. After all, you don’t want to become another “lesson learned” in the marketing annals. Security breaches will happen, they always do, and when you fall victim, you want to become a shining example of “how it’s done.”