The Social Media Side of Incident Response…

Not impressed with LinkedIn’s social media crisis response after more than 6M user passwords got leaked on 6th June? Read on… In one of my February posts, I wrote about incident response and the importance of addressing the media in a timely manner. Whilst the draft NIST report SP 800-61 gives really good guidelines on the positive aspects of fully and effectively communicating important information to the public, I feel there is some mileage to be had by exploring the use of social media when tackling incident response. After all, we’ve all seen how quickly news can spread on twitter here or here… So, should you be breached, you would no doubt have a crisis communication process already in place, but does it include social media?…

The need for speed…

Social media crisis response brings a new dimension to crisis communications: speed. My previous post highighted how to prepare for traditional media (training, mock interviews and press conferences, prepared statement structure, do’s and don’ts, etc.). With social media crisis management, time is of the essence: the first 24 hours are crucial as this is when people will cast their digital nets out and frantically search for information.

I am assuming at this stage that you have an established and tested incident response plan (if not see my previous posts on the subject). You need to be prepared: the internet does not wait for your CEO to respond, the news will spread with or without your involvement. You have however a chance to take control.
So assuming incident response is already well establihed in your organisation, you are in good shape as you have most of the building blocks in place. One easy block to add (now!) is a web page dedicated to a potential crisis / breach. Having this prepared with an easy structure to follow will enable you to control the flow of information very quickly.

The structure of your web page should follow what I call The Three As and it should include the following sections (IMHO):

  • ACKNOWLEDGMENT: This early, you may not know much, but you could look at: Who attacked you? Why? etc.; When did it happen? How did it happen? How widespread? What/ who does it affect? How did you find out?
  • APOLOGY: all too often, organisations do not acknowledge that their customers/ partners/ stakeholders/ etc. may be worried/ could be inconvenienced/ need to be reassured. Even if you don’t know much at this stage, show you feel the pain and that you are trying to make it go away… Acknowledgement that you are listening and seeking answers buys a lot of time and more importantly can quell anger and resentment.
  • ACTION: again, at this stage, you may not know a lot, but you need to share what steps you propose to take/ have already taken to 1) determine what happened and 2) prevent it from re-occuring and 3) Maintain the trust of your customers/ stakeholders/ partners/ etc.

Design your web page with this structure so content can easily be dropped in when needed.

Head for spread…

With your web page, you now have a single, simple, point of referral. But having a web page doesn’t necessarily mean people seeking information will find it… You need to become the central hub for information on the crisis. As with everything in life, you can’t do this on your own. Again, I offer Another Three As:

  • AMPLIFICATION: use all the social media avenues available to you: twitter, facebook, YouTube, Google+, LinkedIn, blogs, etc. Use these to direct information seekers to your crisis web page. Do this often (at least two or three times a day to cater for the different time zones, and be under no illusion: the world is watching you even if you only operate in one country/ time zone). Keep your webpage updated as and when you know more and amplify it by using all the tools at your disposal (e.g. create your own hashtag first).
  • ADVOCACY: it is not new that in any kind of crisis communication, third party experts (these can be industry commentators, journalists, experts in your field, etc.) will be the most trusted group: seek them out and give them the information. Also seek out your allies and partners and keep them informed. And finally, take a deep breath, trust your employees to be your advocates. There is limitless untapped value in personal social networks… If you want your employees to be your advocates, be sure they know first (before the media and external parties) what messages are going to be delivered. They can not only alert you to opportunities but also to crisis issues via their own networks. The key word here is enablement.
  • ADHESION: facing a crisis situation does not mean you have to surrender your corporate values. Be sure your messages are constructed within the framework of your corporate image as now is not the time to surrender caution and governance. In addition, be clear about your limits: you cannot solve every problem for everyone, so you’ll have to think of way of pacifying part of your (unhappy) audience when solutions cannot be found quickly.

Check the decks…

So now that you’ve achieved speed and spread, you’ve got a couple more things to do before you become the de facto information hub for the crisis at hand. This is perhaps the scariest step because this is where you have to open up… Yet again, I have Three More As for you and these are about stacking the odds in your favour:

  • ANALYSIS: you have to monitor real time content on the various networks in order to categorise and prepare the type of content needed on your web page.
  • ANSWER: invite comments and answer them (on your web page). Yes, very scary, but bear in mind that not inviting comments will have a negative impact on your brand. It is however possible to manage comments very successfully by remembering a few things: not every comment requires a reply and you must know when to disengage; if a hostile ring leader emerges, it is sometimes best to take the discussion out of the social media sphere and engage directly; there is never any harm in specifying your rules of engagement (e.g. no foul language allowed); Keep up with the Joneses: if a negative blog entry is posted, respond with a positive entry from your CEO, etc.
  • AGGREGATION: as you’re getting the hang of it, you are now ready to become the de facto information hub by posting all stories on the crisis on your web page (positive or negative). You will rapidly realise that you cannot control the conversation. You are however in complete control of where the conversation appears on your web page: make sure your opinion and your content has prominent and favourable placement.

Here we go, to recap, a successful social media crisis response strategy can be summarised by 1) The Need For Speed 2) Head For Spread and 3) Check The Decks…
As ever, the best line of defence is being prepared…

Until next time,


About Neira Jones

With more than 20 years Financial Services experience, Neira is currently Head of Payment Security at Barclaycard where she is responsible for security compliance of circa 100,000 customers & 3rd parties. She has received the Information Security Person of the Year Award in April 2012 from SC Magazine at the same time as her team scooped up the prestigious SC Magazine Award for Information Security Team of the Year for the 2nd year in a row.

Not content with this, February 2012 saw Barclaycard winning two awards at the Merchant Payments Ecosystem conference for “Data Security” & “Merchants” for successfully steering Barclaycard and its customers through the changes in payment security, and in particular with the PCI DSS (Payment Card Industry Data Security Standard). She is a member of the Infosecurity Europe Hall of Fame and has been on the PCI Security Standards Council Board of Advisors since 2009. 

Follow Neira on Twitter:@NeiraJones