WikiLeaks:The Shape of Things to Come in Crisis PR?

Posted by on Dec 6, 2010 in Blog, Social Public Relations | 0 comments

crisis pr chatterJulian Assange — Do you see him as an activist, brilliant investigative reporter, hacker, nutcase or as Sen. Mitch McConnell calls him, an “information terrorist”? Whatever their personal opinion of WikiLeak’s founder, PR pros might want to consider Mr. Assange as a harbinger.

When WikiLeaks released confidential U.S. documents on the Iraq and Afghanistan wars, followed by the unveiling of the State Department’s “Cablegate,” public reaction ranged from outrage to astonishment, and in some quarters, I suspect, grim amusement. Those that deal in crisis management for businesses might have been guilty of indulging in a moment of schadenfreude, since WikiLeaks’ targets to date have been confined to governments. However, any feeling of being safe and untouchable could prove to be short-lived. Who can say that WikiLeaks, or other entities like it that spring up, won’t target the secrets of large corporate clients next? If it’s so easy for Assange & Friends to expose closely held government information, how hard can it be to crack corporate data troves and post the findings for the world to see?

Despite advances in firewalls and other network and data center security measures, it’s a well-known fact that the system has not been invented that is 100 percent invulnerable to hackers. But as WikiLeaks has demonstrated, the real weak link in data security is people, not systems. The problem is magnified in the corporate arena by the fact that sensitive financial and proprietary information is often available to a surprisingly broad array of individuals within the enterprise itself. All it takes is one lone “crusader,” or increasingly in today’s economy, a laid-off employee, to blow the lid off.

In sum, the nightmare-in-waiting for corporations may not be the public gadfly who flits from country-to-country changing his identity with each new scoop, but rather, the employee with a Twitter or Facebook account and the urge to “set the record straight.”

Readying for this challenge is a matter of focus. Companies need to consider the potential internal threats to reputation, not just the external ones. Traditionally, corporate crisis thinking has targeted the harms posed by “Act of God” events: network outages, natural disasters, systems failures and the like. Insider leaks about potential business deals, product problems or poor ROI on a major acquisition can be just as disastrous, and do occur with some frequency. The problem today, obviously, is that social media can be used to broadcast a company’s most embarrassing moments to the world — in a heartbeat.

To better manage the risk of leaks and defuse them when they occur, companies should implement a crisis PR program that covers both internal and external disasters.  Start with the “five Ps”:

  1. Preemption: Many enterprises still lack firm guidelines on how an employee should or should not use social media on any topic that relates to the company. Every company needs a written policy that lays down the law on disclosure of confidential or proprietary business information via any means including social media.
  2. Planning: Analyze in advance all potential “points of attack” on corporate reputation – the vulnerable salients where a company faces potential exposure and damage. Develop core messaging for all such negative events, and designate “war room” responsibilities for members of the PR team when and if crisis strikes.
  3. Practice: Train and role-play the internal crisis management PR team to ensure readiness. No one ever prepared for the worst just by reading a plan.
  4. Proactivity – In your preparation, include training for going on the offensive when a crisis hits –to counteract any damage done and to ensure you avoid worsening the crisis by switching messaging throughout the event, or worse, stonewalling.
  5. Proponents — Build advocacy by casting your crisis planning as a positive undertaking. Nobody’s asking employees to sign a pledge of allegiance in blood to the company, only for their buy-in to the principle that company information is private property and that any disclosure constitutes a theft harming all who work there.

Note: We’re not advocating a witch hunt or some corporate version of McCarthyism. What we are suggesting: Companies should pay attention to every aspect of reputation management, including the potential damage done by unwarranted internal disclosures. Personally I love surprises — just not when they happen to me.

Related posts:

  1. Crisis PR Online: WikiLeaks 10, Bank of America 0 Frantic internal review of secrecy procedures? Check. Legal advice on...
  2. Online PR: What 2010 Means for 2011 Prognosticators tend to base forecasts on "surface volatility" -- hot...
  3. Crisis PR in the Social World: Where Everything Is Public As yesterday's Black Blox Blog post pointed out, several high...
  4. Crisis PR: Smooth Landing for Southwest Airlines In the world of manned flight they have a saying:...
  5. Online PR: From the Horse’s Mouth Close friends (and now you, too) know that my passion...