This is the latest in a series of blogs based on my top 10 threats, trends and business priorities for security executives. Other blogs addressed: History's Lessons, Reform and Focus.
Cyber intrusions have dominated news and media headlines the past few years. Incidents of data and personal identifiable information theft are constant reminders of how dangerous cyberspace has become whether perpetrated by nation states, their agents, or cyber criminals. However, in the midst of cyber espionage and cyber theft, organizations may lose track of an equally important part of their business operations – protecting their brand.
Brand recognition is not just about identity; for some organizations, it is synonymous with their business reputations that have been built and established with their customer base. It comes as little surprise then that the larger the organization the more important to protect the integrity of the brand, and the more susceptible it is to damaging verbal or trademark assaults. Indeed the Internet has been a boon for promoting brands, as well as hurting them.
[ ALSO ON CSO: Social media remains an easily exploitable attack surface ]
If the Internet has been an evolution in taking business operations global, social media has been no less remarkable in providing an active platform to increase marketing and opportunities to improve interactions with customers. According to a Pew Research Center survey, as of January 2014, 74% of adults (determined to be at least 18 years of age) used social networking sites. What these figures indicate is that many potential clients and customers of organizations operate in this sphere, and the forward thinking businesses are engaged in all facets of social media to capitalize on this environment.
However, there are many risks associated with brands and social media in the digital age. Social media’s ability to amplify messages can help organizations market products and services but it can also reach millions of people with negative content about your company. The following examples demonstrate how hackers, hacktivists, dissatisfied customers, disgruntled employees, and competitors can all leverage social media to impact an organization’s corporate brand:
- Hackers and hacktivists have been known to deface or take over organizations’ social media presence to include webpages, Twitter accounts, and Facebook. They deface web sites for fun, to promote politically charged messages, or to embarrass a victim by replacing content so as not to be detected.
- After the 2013 Target hack that affected more than 70 million customers, profits were halved from the year previously. Two months after the hack, Target stock dropped, a testament to the damage inflicted on the brand by the cyber theft.
- Dissatisfied customers and disgruntled employees may seek to damage an organization’s brand out of spite, anger, fun, or boredom. Anyone expressing negative views can influence the credibility of an organization. One online experiment discovered that introducing name calling into commentary tacked onto an otherwise balanced newspaper blog post could elicit either lower or higher perceptions of risk. According to Brand Reputation CEO, customers that have poor experience with a company and write bad reviews will tell more than 20 people. When this occurs via the Internet, numbers can rapidly multiply and spell disasters for brands that don’t have strategies in place to counter negative chatter.
- In 2011, Taco Bell had to counter false advertising that its beef products only 35% beef and other additives. As a result, Taco Bell lost revenue in the amount of $8.9 million in the fallout from the unfounded accusations.
While this may seem daunting, there are several proactive security steps an organization can undertake to protect their brand on social media and the Internet. While there are services that conduct brand monitoring for clients, there are some simple steps organizations can do to improve their online brand security. Among them include:
- Implement a Social Media Policy: Developing a social media policy will provide employees clear guidance on what is acceptable/unacceptable content (e.g., avoiding controversial topics). Making these policies clear to both employees and social network followers will reduce negative reaction when action is taken to remove postings.
- Mitigate Website Defacement: Ensure that all security measures and software are enabled and up to date for both the website and its server. If you own your own domain, make sure that the registrar locks it to avoid domain hijacking via unauthorized transfer requests. Schedule regular security tests to identify potential vulnerable areas before an incident arises. Ensure web application security to greatly help reduce potential holes that may exist. Finally, frequently monitor the website for any changes in content to identify changes in potentially embarrassing content.
- Monitor Social Media: Be vigilant about what is being said about your organization on social media and be prepared to counter negative commentary. Also, monitor your organization’s own social media accounts to ensure that they haven’t been compromised and used to spread false information. An effective monitoring program follows name and trademark infringement, and content misuse.
There is little question that the growth and development of the Internet has spurned business opportunities and enabled all sized companies to promote their brand across marketplaces they might not have had access to previously. Branding is about making your organization visible. It defines who you are and what you do. It’s often the first thing that people see and will immediately associate with and respond to. Brands build businesses. Not having a plan in place to protect your brand risks losing public trust and confidence that build long lasting relationships. Trying to restore them can be an arduous undertaking. And a costly one.