The Equifax data breach, in which 143 million accounts were compromised and which might have years-long consequences for consumers, was historic in its scope and potential for damage. But it’s also notable for how extraordinarily badly the company, at least from a public-relations standpoint, handled the fallout.
“It was a model of the worst case imaginable,” says Davia Temin, president and CEO of Temin and Company, a crisis and reputation-management firm. If you’re running a business, crises are inevitable.
It’s how you handle them that will determine whether you’ll move on relatively unscathed—or whether you’ll lose customers or even be forced out of business entirely. In this article, the author spoke to a couple of experts in the field about how they would have handled the Equifax breach better. […read more]
The experts evaluate how well Equifax has handled its crisis communications.
Davia Temin, chief executive, Temin and Co.: “Just terrible. Equifax’s public response to its breach affecting 143 million Americans remains one of the worst yet, serving only to exacerbate the crisis–and the company took over a month to plan it. It made pretty much every crisis communications gaffe in the book, systematically destroying public trust with every move.
“Equifax completely and purposefully understated the problem. ‘This is clearly a disappointing event for our company…’ the CEO said. Disappointed? Really? What about devastated? What about disconsolate? What about abjectly sorry? Second, it included its marketing brand message in its announcement: ‘We pride ourselves on being a leader in managing and protecting data.’ This set up an internal comparison between what it promises in its marketing and what just happened. ‘Proud?’ It should be ashamed. This simply served to magnify its fail–and the company’s complete cluelessness as to what it was about to unleash.
“The utter stupidity of Equifax appearing to pull a fast one on the American public by tying its acceptance of an offer for a year of free credit monitoring to the waiving of one’s right to a trial and mandating the use of arbitration is stunning. Only after a huge public outcry and the involvement of New York’s and other state’s attorneys general getting involved did it amend the offer to include a ‘write-us-within-30-days-to-opt-out’ clause. No matter what its ‘clarification’ noted, it was far too little, too late. What could have been a one-day killer of an announcement…has turned into a category 5 debacle for Equifax.”
Ben DiPietro, The Wall Street Journal’s Risk & Compliance Journal, March 27, 2017
The crisis magnifying lens puts it focus on McDonald’s Corp. after a message was sent on the company’s Twitter account calling President Donald Trump “a disgusting excuse of a President” and trolling him by saying he has “tiny hands.” The White House did not comment, but some supporters of the president called for a boycott of the burger chain.
McDonald’s said it was notified by Twitter that its account was hacked. McDonald’s deleted the tweet, secured its account and said an internal investigation found the account had been hacked by “an external source.” The company put out a statement apologizing that “this tweet was sent through our corporate McDonald’s account.”
The experts evaluate how well McDonald’s handled this crisis.
“The fake tweet sent from McDonalds’ Twitter account on March 16 that disparaged President Donald Trump catapulted the company into the land of alt-tweetdom,” said Davia Temin. “Today, as companies and individuals alike struggle to delineate truth from fiction in public discourse, McDonalds had an immediate imperative to let the public know it had not officially sent the insulting tweet. It had to act quickly to set the record straight, before it even knew what really had happened. It couldn’t let a lie stand. It did an excellent job.” […read more]
Email hacks have apparently become the new normal. Just over the last several months, hackers have leaked emails belonging to several highly influential people. The hacked emails, some containing embarrassing tidbits, have been a major theme in the presidential campaign.
The recent spate of public-figure hacks also serves as a reminder to think twice about what you write in your emails, said Davia Temin, an executive coach and crisis manager who has worked with victims of hacks.
Many business and government leaders, she said, have long known that they shouldn’t expect privacy with regard to email, which can be subpoenaed in lawsuits or government investigations or land in the wrong hands through forwarding.
“Folks who are in high levels of leadership within corporations or other organizations pretty much know intellectually that they should never put in an email something they wouldn’t want” covered by the media, said Temin. She noted, though, that many still find it difficult to censor themselves. […read more]
Rober McMillan and Rachel Feintzeig, The Wall Street Journal, October 3, 2016
Businesses have spent years fighting off internet intruders bent on stealing corporate secrets. Now, leaders of those businesses must also worry whether hackers will use personal information or private emails to embarrass them or seriously damage the company.
Davia Temin, an executive coach and crisis manager who has worked with victims of hacks, says her clients fret about a Sony-style hack happening to them. Fast-rising executives are particularly worried that a leak could derail their careers, so she advises them to keep their communications bland.
“You can’t let your entire personality necessarily come out in your email,” she said. […read more]
C-suites and boards of directors are increasing their knowledge of IT security risks and needs – before a breach happens. Larry Jaffee reports.
Cybersecurity clearly falls under board-level governance and oversight, notes Davia Temin, CEO of Temin and Company. Boards have rapidly adopted cybersecurity as an issue because they’ve seen the potential for trouble quickly.
However, not all boards have incorporated cybersecurity into their annual plans or oversight activities. The good news is that more and more are leaning in that direction after reading about high-profile breaches in the news. “It’s a very popular topic on the governance speaking circuit,” Temin adds. […read more]
The Sony Pictures hack should serve as a wakeup call for all organizations to consider the importance of business continuity (BC) and disaster recovery (DR) plans. However, an informal survey undertaken by SC Magazine of IT security professionals and crisis communications experts reveals that anyone could be caught with their pants down.
“A cyber breach can be an extinction-level event for an organization if it’s handled wrong or unfolds at breakneck speed unaddressed. That could destroy the organization,” says Davia Temin.
During a crisis, a company’s various stakeholders must be considered, she points out, posing basic questions: “If you’re a financial firm, how does trading continue? How do you communicate with your customers? How are your people using email? Do they have access to email?”
If a call center gets hit with a tornado or hurricane, a company obviously must have contingency plans to outsource to a third-party vendor and backup data off-site. “That’s the nitty-gritty, tactical operational stuff that makes businesses work,” Temin says. That kind of planning should be going on all the time. […read more]
Data breaches are getting worse and more expensive every day and it often takes far too long to clean up the mess. Recently the media was inundated with cases of big brands being hacked and millions of personal records were affected. Websites like AdultFinder and Ashley Madison are just two of these high profile cases, and apart from the immeasurable damage such breaches can have on customers, they also deal a big blow to the brand’s reputation.
In the worst of cases, the breach isn’t discovered, even if the data is being put to criminal or evil use right under an organization’s nose. Part of the problem, according to a crisis management consultant at the conference Unintended Consequences: Impacts of the Internet of Things (IoT) & Big Data is that many companies tackle these events all wrong.
“I am going to ask you to throw away every rule of crisis management you have ever known, as we explore how cybercrime is rewriting the crisis management rule book,” said Davia Temin, CEO of Temin and Company in the conference’s keynote address. […read more]
Ben DiPietro, The Wall Street Journal, June 1, 2015
The crisis this week is the one involving Adult Friend Finder, the hookup dating site that suffered a data breach that exposed its users’ sexual secrets. Among the data allegedly stolen were details about the sexual preferences of the site’s members, including whether they were married. The U.K. television station that broke the story said it found a database of 3.9 million site members on a hacker forum.
The company that runs the site, FriendFinder Networks Inc., last week issued a statement saying it was investigating the reports, taking steps to protect members’ information, had hired a data security firm and was working with law enforcement agencies. It wouldn’t confirm the full scope of the breach until its investigation was completed, but said there was no evidence of financial information or passwords being compromised.
Looking at the company’s statement and its actions to date, how well has it responded to this crisis? Where is its response falling short? What more can the company do at this point?
Davia Temin, president and CEO, Temin and Co.: “This is crisis management at the shadow fringe of commerce. While pornography, and other businesses involved in sex trade such as Adult Friend Finder, have always been the ‘early adopters’ of new Internet and social media technologies, they are woefully late to the game of crisis management. For a site that one tech expert calls ‘one of the most heavily-trafficked websites in the world,’ and that collects some of the most private and potentially embarrassing data in the world, the owners of the site have made every crisis management mistake in the book regarding cyber data breaches.” […read more]
Home Depot Inc is being tight-lipped about its possible credit card breach, the opposite approach to the one Target Corp took nearly a year ago.
Almost a week after security blogger Brian Krebs warned that Home Depot could be the victim of a breach extending to more than 2,000 U.S. stores, the home improvement chain has not confirmed or denied that one had occurred. The company said Tuesday that it was working with authorities to investigate the matter.
“When you have criminal behavior, you don’t know right away what all the ramifications are,” said Davia Temin, head of a consultancy focused on crisis and reputation management. “It’s really hard when you are trying to overcommunicate not to misstate reality.” […read more]