Archive for the ‘Online security’ Category

People in glass houses

This may come as some surprise to people who know me but for once I have been loath to enter a debate and share my opinion, but this afternoon my will broke and I could no longer hold back. Yes I am going to share my view on the issue of Blackberry and their ongoing outage.

Firstly I have to declare an interest; I am a Blackberry user and have been for over nine years and despite it taking over life, I am a fan, they do what they say and despite the hard life I give them they don’t tend to let me down. Equally I am not an Apple or Android knocker – to be honest I have more important things to argue about.

What I am passionate about though, is how issues are managed and the study of how people react to them. With Blackberry you have a perfect storm, a technology company that has courted some negative publicity recently is constantly doing battle with another fruit based technology company and prides itself on its security systems.

The last couple of days have seen a clamor for Blackberry to talk more, respond more, be more open etc.  – but who is asking? The cry would seem to lead by social media and technology commentators. Why is this? Well I believe it is down to certain groups believing they have an inalienable right to know everything, not for any reason other than they just deserve to know. The reality is RIM suffered a switch failure which resulted in a backlog of emails clogging up their system. To be honest it’s not very exciting, a bit techy and sounds like a reasonable explanation, which the majority of fair minded people will understand.

Building on this we are seeing ongoing comparisons with Apple in terms of how open they are and how they would have managed things better. Now I don’t have the best of memories at times, but I seem to remember it took an awful lot of persuasion to get Apple to admit there may be a problem with the reception on the iPhone 4. I don’t think anyone would agree that that was handled in a very efficient way.

Finally I think it is fair to say that whatever RIM said over the last couple of days would have been criticised and picked apart by the same aforementioned people  - what would that have achieved?

I say the following as someone who uses their Blackberry a lot and does rely it on for my job, in reality my Blackberry hasn’t worked reliably since Monday lunchtime. But all that has meant is that when I went to get my sandwich at lunchtime I couldn’t check my emails and likewise when I get home tonight that little red light won’t be flashing at me all evening. Do you know what? My world has kept turning; after all I can still make calls and text which are pretty useful ways of communicating, especially the first one.

Oh, one last thing… What this has proved categorically is that technology people should not make jokes, they really should leave that to the experts.

Protecting your brand on Twitter is just one part of good crisis preparation

We talk about Twitter in the context of crisis management quite a lot on here – mostly because it’s a good way of getting people to visit our blog (fact: posts with “Twitter” in the headline average around three times the readership of our next most popular group as of writing this).

However, when it comes to practical applications, much of the world seems to be still coming to grips with what companies can actually use Twitter for, at least according to the moderator of this week’s Frontline Club meeting (yes, yes, we all know it’s fabulous).

What we do know is that like any other online activity, Twitter isn’t immune to hackers. In his post Is your brand protected on Twitter?, fellow Hill & Knowlton blogger, the irrepressible Dan Leach, gives a number of tips to help you get the basics right for your corporate (and personal) Twitter accounts.

The security of your Twitter account should be as important to your company’s Twitterers as the login details for their computers.

Twelve tips of Christmas: #1 Protect your customers

In the lead up to the holiday season we’re rolling out the tried-and-tested “12 days of…” formula for our Hints & Tips posts. As today’s the first of December, it seems like a good time to start, and this story from Australia has provided the inspiration for this morning’s post.

JB Hi-Fi, one of the country’s most popular music and entertainment retailers, was the victim of a server hack. The result: users were reportedly re-directed from the company’s website to Chinese websites loaded with malware (for those non-techies who’ve never been infected, malware is malicious software – it does pretty much what it says on the tin). For this reason we’ve broken with convention and not linked to the site, as we’d hate to be responsible for exacerbating the problem.

In fact, most of the websites mentioned in the article on The Sydney Morning Herald website have experienced malware problems recently, including Whirlpool (a broadband discussion forum), Overclockers Australia (an online community for computer enthusiasts), and OzBargain.com.au (a discount online retailer). Each of these sites is frequented by tech-savvy visitors and in that respect the users are probably lucky in that they’re inherently better prepared for the trauma of a malware attack.

However here in the UK, online shopping is far more prevalent, and far less the domain of technophiles. Online commerce is easier and more pragmatic – products shipping from Birmingham to London arrive more quickly than they do in Sydney, for example, so the lesson for local retailers is clear. Protect your customers.

The holiday season increases the risk of infection many times over for three key reasons. Firstly, more trades will be conducted, so the law of averages says sooner or later someone’s going to get infected. Secondly, occasional users trade more during holidays, so you have a larger population of inexperienced users throwing themselves into the mix. Thirdly, with more trades, and easier victims, it’s a great time for hackers test their skills – it’s an opportunity for big, quick gains.

We’re not technical advisors, so in the first instance, check/flag any issues with your server manager. Send them this link (http://www.smh.com.au/technology/security/jb-hifi-website-served-malware-20091201-k2p3.html) if you need to.

From a crisis management perspective, here are five things you can do this week to help improve your chances of successfully managing a malware attack beyond the technical fix (should you be so unlucky):

Familiarise yourself with the Information Commissioner’s Office. As a regulatory authority it’s there to protect consumers, which means it’s in their best interest to help you do exactly the same. It also means that if you don’t manage a crisis well then you should expect a call, and it’s always better to know who you’ll be dealing with. In the first instance a visit to the Data Protection Act guidelines is a good idea as well. Dry reading, but important.

Increase your online monitoring. The great thing about malware attacks is they spike discussion forum traffic, and this can help you spot a potential issue well before it ever hits your system. So get your digital monitoring team or web agency to work enhancing your monitoring for the next few weeks. Suggested search terms to add (there’ll be plenty of others you can look for, including specific program names): retail, hacking, malware, data theft, data loss, server hack. Please post suggested additions in our Comments section.

Understand what your continuity plan is. In the event that you do experience a malware attack (or any other kind of online crisis really), it’s essential to know if and how this part of your business can continue to function. It’s time to buy your server manager that beer you’ve been meaning to.

Plan your communications in advance. Regardless of the nature of the problem, there aren’t really that many ways it can turn out. Among the most common are likely to be: infecting customers with malware, sharing of customer information, loss of customer information, loss of e-commerce functionality, loss of website. While it’s true that the details may be important on the day, you can save yourself a lot of time by planning in advance how your business is going to respond to each of these scenarios.

Put your crisis team on notice. This includes your agency support if you have it (and if not, now’s a really, really good time to get some). It’s holiday season – chances are half your team will be away. Know in advance who their deputies or alternates are, and make sure everyone’s briefed on management and contingency plans before you break up for the holidays. If you’re in a business that closes down between Christmas and the New Year, or runs a skeleton staff, know who’s going to be available to help fix any problems that arise.

As always, if you have any questions about the tips outlined above, or if you need a hand with preparing your organisation to handle a crisis over the holiday season, please get in touch. And happy holidays!