Published on April 19, 2016, at 11:45 a.m.
by Drew Pendleton.
Imagine this: You’re at home, asleep after a long day of work and suddenly, in the middle of the night, the phone rings. You pick it up only to learn that there’s been an incident or situation, and within minutes you’re out the door or on a computer in full-fledged crisis mode.
In reality, this type of occurrence isn’t too uncommon in the world of public relations. Crisis communication and management, as W. Timothy Coombs stated in 2007, is a “critical organizational function” that can “result in serious harm to stakeholders, losses for an organization, or end its very existence.” But what if the crisis facing you isn’t one you can see, but rather one that’s manifesting itself in cyberspace?
As recent crises involving Sony and Target have proven, the technology-driven world in which today’s PR professionals operate opens up potential vulnerabilities for companies and organizations. In the event of a data breach or a wide-scale hacking, a company’s reputation and public image can come crashing down and, in the most extreme cases, threaten to bring the company down with it. This possibility has caused a shift in how privacy and security play a part in the practice of public relations.
Derek Lyons, senior vice president of integrated services at SHIFT Communications in Boston, Mass., noted that this shift could be exemplified through the recent debate between Apple and the FBI.
“Some polls showed a majority of people wanted Apple to comply versus protect individual data privacy,” Lyons said. “Why? People felt the greater good was more important. This plays directly into how PR needs to think about how it represents brands – showing that their clients will balance privacy with the greater good as much as possible.”
Melanie Dougherty, CEO and managing director of Inform Global Integrated Communications in Washington, D.C., has observed a similar change in the field throughout her career.
“Privacy and security used to be very siloed in that companies used to not have a ton of respect over privacy, a sort of ‘We’ve got it covered’ mentality,” Dougherty said. “But they don’t. No one does. Hackers spend their days and nights looking for new ways to break in. We have to recognize that it’s ever evolving and that there’s a need to approach this as a team, as a true integrated communications experience.”
This shift in definition can be attributed to the changes in technology, within both the PR field and global society as a whole. With the rise of social media and increasing connectivity, Lyons said the PR industry has had to adjust in order to accommodate these advances.
“Technology has moved PR from a mass communication mindset to an individualized, customer-centric model,” Lyons said. “Social media first sparked that trend, where anyone could be a self-publisher. With the rise of analytics and data being readily accessible, PR is now leveraging technology to truly become the center of how companies directly interact with individual customers.”
Beyond these advances in technology and the PR profession’s adaptation to them, Dougherty noted that the security and data breach response sector of the field remains comparatively small due to its functions typically being placed under the banner of crisis communication.
Rather than a shift in function, she said that this sector has taken on a “jack-of-all-trades” role, ranging from working with lawyers to craft and manage messages to helping rehabilitate a brand after a breach.
Be ready for anything
However, Lyons cautioned that in this increasingly digital world, PR practitioners should be careful with the messages and memos they send out, internally and externally. He used the recent Sony breach and the Ashley Madison scandal as examples.
“Understand that everything could become public,” Lyons said. “That DM on Twitter or that email pitch you just sent? It has a 100 percent chance of becoming public in these days of social media. There is no such thing as off the record, and online equals global and forever.”
Threats do not lie solely outside of an organization, however. Breaches and leaks can come from within an organization as well, which has made internal communication with employees more critical than ever. Dougherty emphasized the importance of showing employees how much the company or organization values them and what exciting things are going on in the company.
“When someone becomes an insider threat, it’s often because they feel slighted,” Dougherty said. “Maybe they didn’t get a promotion, or there’s someone who’s making more money than them who they don’t think should be. But when you endear them to you and remind them of the value of what they do, then there’s less likelihood that they’ll do something. You have to tell them the good stuff that they do and endear them to the company’s success.”
Know how to respond
As Lyons discussed, one of the keys to responding to a security crisis lies in having a fully developed crisis communication plan ready to go. He emphasized the importance of three specific traits.
“Disclosure, honesty and clarity are the keys,” Lyons said. “However, being able to honestly weigh an issue and the potential impact on your customers and stakeholders is also important.”
Whether a crisis manifests itself in the physical world or in cyberspace, Dougherty noted that the key to responding to a breach or security incident is to show the client’s humanity and to remind clients that crises happen, even when they have the best of intentions.
“One of the things I try to impress upon my clients is that the natural reaction to a crisis is to try to cover up or delay a situation,” Dougherty said. “The public wants you to be transparent. These things happen every day and there’s no shame in that. The shame is in becoming opaque. Know that it’s okay that you’ve had a crisis, and be cool and calm.”