Thanks to Episilon, part of ADS, for their strong committment to data and network security, my email address(es) have been comprimised as a result of subscribing and/or being a customer of Citi, Chase, TiVo, Robert Half, and McKinsey Quarterly. Luckily, I’ve yet to get much (more) spam (than I already do), and as far as I can tell, none of my accounts have been emptied/erased/other unpleasant fate. Until tonight…
Yes, until tonight, the most I’ve heard from any of these firms was a typical form email, like this one, from TiVo:
Just before midnight Eastern Time today, I got a tweet from McKinsey Quarterly:
Notice how this tweet was not demarcated as being in response to a particular tweet of mine, and included another twitter user with whom I’m not familiar. I checked McKinsey Quarterly’s stream, and it looks like they’re actually spam-style responding to people who mentioned the publication (McK Q) in response to the security breach. The way in which they’re going about doing this, though, doesn’t make much, if any sense:
- They claim they are “personally responding to concerns” yet the twitter profile/bio does not reflect this, and the responses were mixed-in with what appear to be normal tweets from the account.
- The McKinsey Quarterly website fails to make any mention of both the security breach and McKinsey’s apparent social media response, i.e. “personally responding to comments.” Either McKinsey can’t take its own advice, or the brain trust there knows little if anything about social media, or crisis management, or customer engagement…
The salient question here is how can an organization best acknowledge and react to a crisis, in this case, a crisis of trust. The answer is that the response – from the acknowledgment to apology – must be consistent across all media; your twitter feed can’t show one response while your website shows another (or in this case, none what-so-ever). In times of uncertainty, stakeholders – especially those whose email addresses and/or other data have been compromised – demand, nay, NEED certainty! They NEED to be reassured that they have nothing to worry about, that their worst fears (and their lesser ones) are unwarranted. When your presence across various media is inconsistent, though, it only serves to fuel these fears.
Social media and the web are merely new media. This underlying knowledge is nothing new. Consider the shop-keeper of 100 years ago who’d just been robbed. If he posted an ad in the local paper assuring customers that the store, and any of their information he had in his files was safe, but put an ad in his storefront with anything but the same assurance, customers would be confused, and wouldn’t know who or what to believe. Imagine also if the shop-keeper sent letters out to his customers in the mail with vague, poorly-considered language, tone, etc. Customers may very-well be concerned that they’re getting mail directly, they may wonder if everyone else who’d ever shopped at the store got letters, too, or if it were just them. Reasonable or not, this is how fear gets magnified and spread, and this is very similar to what McKinsey has done with its response to the security breach this week.
We think the appropriate response to such a faux-pas is something out of the Consultants’ handbook: A White Paper on Social Media & Crisis Management!. Enjoy!
**I have more to say about this issue, which I’ll get to tomorrow morning, when I’m not half-asleep. Stay tuned!**