SONY’S RESPONSIBILITY FOR CYBER ATTACKS

Posted in Anticipating A Crisis, Crises Communication, Crisis Communication Implementation, Crisis Communication Response, Cyber Attacks, negative publicity, Responsibility for date losses, Sony on May 22nd, 2011 by mnayor

Sony has been raked over the coals these last few weeks. Has there been just cause? And has Sony exercised good crisis management and crisis communication skills?

Between April 17 and April 19th the Sony PlayStation Network and the Company’s Qriocity service which streams video to Sony televisions and Blu-ray devices were hacked and knocked offline. Besides knocking out service, unauthorized persons obtained access to personal information including credit card numbers. An estimated 77 million PlayStation users and 12 million of their credit cards were affected, plus 24 million Sony Online Entertainment customers and over 10,000 of their cards. The services have just recently come back on line (Japan itself is an exception because the government is not yet sure they is secure) as of approximately May 14th.

There are two main issues that have gotten the public very agitated. First, did the Company handle its communications well? It took almost a week to publicly acknowledge the attacks and advise its customers that credit card information could have been compromised. This length of delay surely provided hackers with a large window of opportunity to utilize the information it had mined to the obvious detriment of millions of customers.

One of the basic tenants of crisis communication is to act quickly and have as much control of the dialogue as possible. The basic problem was evident, even if a great deal of operational research had to be done to identify the extent of the damage. The first goal should have been to minimize the vulnerability of its customers through immediate notification. By delaying, Sony allowed speculation to build up and therefore it positioned itself defensively, instead of taking vigorous proactive steps.

The other communications gaff came directly from Sony’s CEO, Howard Stringer. In a discussion with reporters on May 17th, he defended the actions of Sony when asked why it took almost a week to notify customers. He observed that the Company reported quickly, noted that many companies don’t report these breaches at all or only after a month, and then said “you’re telling me my week wasn’t fast enough”. This sounds a bit defensive and imperious for a CEO. Most customers would probably disagree with him, especially those whose credit cards could have used by the hackers, or those whose personal information may now be used for identity theft purposes.

The second main issue is operational. Sony must quickly tighten its security and provide safe and secure networks for its customers. The U.S. Congress and the New York Attorney general almost immediately jumped on the bandwagon to “investigate” this technological lapse, but hopefully these actions will not drain efforts away from identifying vulnerabilities and making data protection paramount. Customers need to be confident of Sony’s ability to protect them. Otherwise, it will lose out big time to Microsoft and Nintendo. That should be motivation enough to make Sony create one of the most secure networks available out there in cyberspace.

Tags: , , , , , , ,

CRISIS MANAGEMENT AND THE BLAME GAME

Posted in Business Crisis Management, Crisis Communication Implementation, Crisis Communication Response, Crisis Communication Strategy, The Blame Game on October 5th, 2010 by mnayor

Over time, crisis management pundits have considered many types of responses to a crisis and have sometimes recommended actions and reactions that today seem out of step with effective solutions for most crisis situations. These out-of-step solutions fall into two categories: 1) stonewall the media and the issue will eventually die without you fueling the topic; and 2) a strong defense is a good offense, namely attack the accuser, deny the issue or point the finger elsewhere.

In today’s media jungle, stories don’t die. If something doesn’t pass the smell test, someone in the media is going to pursue it. Ignoring a crisis by ignoring the media doesn’t cut it. And if the media doesn’t pick up on an issue, the public certainly will, via Facebook, U-Tube, Twitter or some other yet to be invented faster-than-light communications vehicle.

In times of crisis most corporate managements would prefer to avoid the limelight, deal with its issues, solve its problems and escape negative publicity. Understandable, but dealing with a major crisis like an ostrich is terribly risky and makes a company look like it’s not owning up when the crisis is exposed.  

So let’s assume you are willing and able to deal head-on with the public. Most senior executives are used to being in control. They pull the levers, call the shots and aren’t used to being told what to do. There is a tendency to be defensive. “I nurtured this baby, I grew it and I know how to defend it”.  The reaction often lacks finesse. Instead of appearing open, the reaction is authoritarian. Instead of appearing honest, the reaction is defensive and oftentimes gravitates towards the blame game or, just as bad, the rationalization or justification game. 

All of these “public” reactions can hurt your organization, because you will have missed the point. There is a problem. Acknowledge it. The problem has ramifications. Acknowledge them. No one is interested in finger-pointing or excuses, even if you are correct. There is time for that.  Don’t act like the whiney school kid or the weasel that can’t or won’t take responsibility. The public expects companies and organizations to man-up. Period. Man-up and get moving so the problem can be fixed. The public respects organizations (and their spokespersons) that emanate competence and authority.

When BP went to Capital Hill to testify back in May, 2010 they were joined by Halliburton and Transocean, Ltd., two of BP’s subcontractors. All three looked foolish because of the finger pointing and denial that ensued. What to do?  Act like a responsible citizen whether you are at fault or not.  A responsible citizen acknowledges the problem and positions itself to take whatever action it can to help fix it. It investigates and determines the best course of action based on its expertise. The public needs to know you are responsible citizen. You convey that when you take immediate, competent action.

But what if you are not to blame? If you aren’t, good for you. It will come out in the end but as an immediate step the public needs to know that you recognize yourself as a player with a role, and that you willingly undertake that role for the public good. Expensive? Perhaps. Worth it. Most often a resounding yes, in terms of public perception and goodwill. If you are to blame the same holds true. Your legal team and your insurance advisors may have made it clear that you cannot say anything that admits culpability. Even so you can act as the same responsible corporate citizen as you would if you were not to blame. You can act sensitively, you can investigate and you can devote whatever resources you have to help fix the problem and keep the public informed regularly along the way.

Preserving your reputation and directing your efforts to problem-solving are the first order of business. Assessing blame comes later and is best left to third parties. No one ever looks good saying it is someone else’s fault. An insurance investigation, a public hearing, a regulatory investigation, a private investigation that is made public are just some of the opportunities you have to provide input to show the root causes of a crisis. Let a neutral source absolve you of blame. In the end it carries far more weight, and is more persuasive and acceptable.

Tags: , , , , ,

BP’s TROUBLES

Posted in Anticipating A Crisis, Corporate Crisis Management, Crisis Communication Failures, Crisis Communication Implementation, Crisis Management, Crisis Management Planning on May 18th, 2010 by admin

When it rains, it pours. So many crises involving nature. Volcanic ash. Bubbling oil. I have very strong hopes that the earth doesn’t crack open. Disasters of this nature make one feel that protecting a corporate reputation is not all that important in the total scheme of things. But protecting a reputation is very important – as long as the entity being protected is worthy of the effort.

BP in general has manned-up. It has acknowledged its responsibility (at least in part). It has gone before the public almost daily it seems in order to give status reports. It is trying many different schemes to cap the oil gushing into the Gulf. Yet, it is the butt of jokes and is not coming off as a responsible corporate citizen. Something is lacking. Read more »

Tags: , , , ,

THE PUBLIC FACE OF CRISIS MITIGATION

Posted in Anticipating A Crisis, Corporate Crisis Management, Crisis Communication Implementation, Crisis Management, Crisis Management Planning, Crisis Management Response on March 27th, 2010 by admin

Pre-crisis mitigation doesn’t have a public face. It is comprised of all the efforts and planning necessary to either avoid a crisis or mitigate its consequences when one occurs. Everything from identifying and buying the appropriate insurance to fire drills fall under this umbrella.

Post-crisis mitigation is an entirely different matter. The crisis has hit the fan and there is much work to do. Naturally the first item of business is confronting the crisis head on, dealing with the issue and taking corrective action. Equally as important is taking on the public. This is oftentimes not as easy as one would think. Very talented people can grapple with the identification of and the solutions to a crisis, yet are completely flummoxed by the requirements for dealing with the public. Read more »

Tags: , ,
Blog WebMastered by All in One Webmaster.