• ‘Post Truth’ and the Need for Reputation Resilience

    151597-154855

    Remember the stir during the US election campaign when it was reported that Donald Trump had said that if he ever ran for the presidency he would run as a Republican because “their supporters are so dumb?”

    Problem is, he never ever said such a thing.  It was fake news, but taken seriously.

    When I started out as a journalist more than 25 years ago, facts were sacred. Every story had to have at least two sources, and quotes were not to be tampered with.  Boris Johnson, then a trainee at The Times, was sacked because when asked where he had got a quote from, replied: “I made it up. I thought everybody did that.

    No, they didn’t.

    Newspaper offices had sub-editors and editors, some even had fact checkers, and everything that was printed had been seen by at least three different pairs of eyes. Then the Internet came along, and everyone became a journalist. And somewhere along the way, the truth became a casualty.

    Speed, opinion, and polemic were the new mantra, becoming more important than the truth. Alistair Campbell, Tony Blair’s press officer, was able to spread stories of Weapons of Mass Destruction, and as a result, a country was invaded and chaos ensued in the Middle East.

    It is no surprise that ‘post-truth’ has become the word of this year.  I prefer to call it as it is – innuendo, lies or outright nonsense.  Post truth is a rather generous euphemism.

    On the basis that any publicity is good publicity, the impact on a candidate of such ‘post-truth’ stories is probably limited. But the impact of negative publicity on the corporate world can be much more damaging.  One recalls Winston Churchill’s words “a lie is halfway around the world before the truth has got its trousers on.

    Just days after Donald Trump became president-elect, a spokesman for New Balance, a manufacturer of running shoes, said that things might be heading in “the right direction.”  Almost immediately social media was full of photos of New Balance shoes burning, sales crashed, and a white supremacist website called them “the official shoes of white people.”

    PepsiCo was also hit by fake news websites. Indra Nooyi, chief executive of PepsiCo, was reported as saying that Donald Trump’s supporters could “take their business elsewhere”. Problem is, she had said nothing of the sort.  Even so the damage was done.

    How does the corporate world guard against this sort of attack, something that is as damaging as a cyber attack?  Here are our five suggestions:

    1. Active digital monitoring. Across surface internet, social media, dark web, deep web, and public records. Keep a 24-hour watch on what is being said about your company, people, or brands.
    2. Establish active networks with friends and enemies in advance – engaging in person and on social media.
    3. Be ready to respond with vigour, even it means paying for Twitter and Facebook feeds.
    4. Have a clear and simple message. Think how effective ‘Make America Great Again’ was, even if it was copied directly from President Reagan
    5. Repeat the message as often as required.
    6. Stick to your area of competence, and avoid politics. Indra Nooyi was targeted because after the election result she said: “I had to answer a lot of questions from my daughters, from our employees. They were all in mourning. Our employees were all crying. The question that they are asking, especially those who are not white: ‘Are we safe?’ Women are asking ‘Are we safe?’ LGBT people are asking ‘Are we safe?'”

    On the Internet, nobody is safe.

    Everybody needs a reputation strategy to protect themselves, and to deal with the risk of attack.

    rw@hemingtonconsulting.co.uk

  • Reputational consequences of a cyber breach – poachers and gamekeepers.

    November 5th is a significant date for Parliamentarians, Papists, children up and down the country, and for the neo-Guy-Fawkesian hacking collective Anonymous.

    The latest offshoot of Anonymous (allegedly), Ghost Security Group – or ‘Ghost Sec’ – is taking direct action against ISIS online.

    At a seminar last week we were exploring reputational consequences of cyber breaches.  Reputation risk and cyber risk top the list of issues keeping CEOs awake at night, and working with our friends at XQ Digital Resilience  we’ve been exploring these interrelated issues.

    Of particular interest was ‘posture.’  Is the company known to be weak and ill-prepared or is it famously robust?  And what about so-called ‘active defence’?

    A banking exec recalled the difficulties JP Morgan got into recently.  Frustrated by government inaction against hacker networks, somebody hacked back.  Hard.  Servers were taken down.  Was it the banks?

    The FBI thought so, and opened an investigation (the 30-year-old US Computer Fraud and Abuse Act prohibits ‘unauthorized access to computers or overloading them with digital demands, even to stop an ongoing attack’).

    It’s unlikely anybody is going to co-opt Ghost Sec types for any sort of commercial work (not least because they’re the bane of the corporate world and not particularly constrained by legal or regulatory rules.)

    But as this rather compelling new TV series Mr Robot dramatises, your cyber security expert by day may be an arch hacker by night.

    What do you make of ‘Ghost Sec’?

    Can you turn poachers into gamekeepers?

    How do you know that your cyber experts aren’t moonlighting for Anonymous by night?

    Let me know what you think!

    Happy bonfire night.

  • Thomas Cook Tragedy

    Two small children died in 2006, from carbon monoxide poisoning, in a Thomas Cook villa in Corfu.  A human tragedy.  And a sign of serious management malaise.

    Justin King, former Chief Executive of J Sainsbury Plc has issued an independent report into the company’s ‘customer health, safety, welfare, relations and crisis management’.  So not the events themselves, but the policies and actions of the company, and their responses after the event.

    Old Thomas Cook

    Old Thomas Cook

    King singles out a number of issues, including how the “legal backdrop to the case weighed heavily on the decision making of the company” and resulted in poor, slow, and at times non-existent communication with the family.  But also a decision at one point to refuse to pay the family’s legal fees in connection with the 2015 inquest.

    He also singles out Thomas Cook’s ‘risk dashboard’ process in which he observes an “over-emphasis on financial and reputational risk and less emphasis on customer consequences and outcomes…”

    Without seeing the actual ‘risk dashboard’ this is hard to judge.  BUT there’s an important point here. Customer experience is inextricably connected to a company’s reputation and its financial health.

    They are not separate issues to be itemised separately on a list.

    The start point for any assessment of the health of an organisation must be an appreciation of this issue.  If the leadership and senior management do not realise that ‘customer safety’ is everybody’s responsibility, ‘good financial management’ is everybody’s responsibility and ‘reputational stewardship’ is too, things are going to go badly awry.  And that they absolutely impact one another.

    These things are everybody’s business.  From the chief to the bottle washer.  And the supply chain too.

    Modern management practice is to try to structure and reorganise in ways that cut across organisational silos.  Allowing any employee to ‘pass the buck’ on a safety issue, customer service issue, or reputational issue cannot be good business sense.  Nor is it right to do so.

    Because all of this, in essence, is about doing the right thing.  Not by the lawyers.  Not by the shareholders. Not by the PR people.  But by the customers, past, present and future.

    Thomas Cook have done the right thing by commissioning this report.

    They will now be judged by their response to it.  Not a PR response (embarrassingly parts of the report were leaked to Sky News suggesting a spin operation).

    But a root and branch business response that ensures this sort of thing is never ever allowed to happen again.

  • Talk Talk – or Jaw Jaw?

    talktalk-cyberattack-linked-islamic-hackers

    I was rather impressed when I heard that (Baroness) Dido Harding was hitting the TV stations and papers to brief on the cyber troubles Talk Talk were facing.

    Best practice in a crisis, as we know, is to acknowledge and respond, and to engage all stakeholders openly, accurately, and honestly.

    Only last week we had heard Lord John Browne of Maddingley argue that in times of reputational crisis leaders had to ‘lean in’, ‘over-react’ and be ‘radical in their communication’.

    Well poor old Dido Harding has had a tough time of it over the past 72 hours.

    There is no doubt she has been a decent CEO. Talk Talk is a difficult business, sitting at the cut-price end of the broadband market.  But it has grown under Harding’s leadership and now has over 4M customers.

    So when the company faced its third cyber security breach this year she hit the airwaves.

    She was frank enough to admit what she did and did not know.  Talking to John Humphreys she revealed she had no idea whether Talk Talk had encrypted its customers’ data.

    And honest enough to accept failings, for example telling the Daily Telegraph: “Do I wish I had done more? Of course I do. But would that have made a difference? If I’m honest I don’t know.”

    And she has apologised.

    Lady Harding clearly has a personal interest in online security.  When she accepted her peerage she said “whether it’s child internet safety, cyber security, internet freedoms, there are some really difficult issues.”

    And this weekend, “This is happening to a huge number of organisations all the time. The awful truth is that every company, every organisation in the UK needs to spend more money and put more focus on cyber security – it’s the crime of our era.”

    But a personal – genuine and authentic – crusade on internet security is not enough.

    Actions speak louder than words.  Two earlier break-ins in the past year have already tarnished Talk Talk’s reputation for keeping data safe.  This should have been the catalyst for serious activity addressing IT issues.  And if anybody in the company had any doubt as to the importance of this the reputational consequences ought to have been spelled out.  At all levels of the company.

    And there has obviously been a terrible breakdown in communication between the IT people and the corporate leadership.  A senior churn involving the loss of the Chief Information Officer over the summer can be no excuse.

    The message has been confused.   At one point it was 4 million customers.  Then a back-pedalling 400,000 over the weekend.  And then news broke that this might have affected millions of former customers.

    And the analysis of the nature of the attack has sounded amateurish.  Cyber security experts I have spoken to are sceptical of some of Talk Talk’s claims, and some of the language has displayed unfamiliarity with the subject.

    Talk Talk have suffered terribly in the past few days, and the damage to the company’s reputation enormous.  Yet again it’s a case of lack of preparedness and poor attention paid to reputation resilience.

    It is high time organisations like this took reputation resilience more seriously, and realise that reputation stewardship is the responsibility of everybody in the organisations. Not just the CEO.  Not just the communications people.  Everybody.  Even – especially – the IT Department.

     

  • Why Smart Managers Are Embedding The Holy Grail of Reputation Resilience Into Their Organisation

    Have you ever wondered why the world’s 435 nuclear reactors experience a failure less than once in a generation?

    4117707013

    Or why aircraft seldom fall out of the sky, despite 38 million flights per year?

    And why air travel is 22 times safer than travelling by car?

    The energy and aerospace industries have spent a generation developing management systems to reduce risk by introducing business-wide processes that identify risks and use all means available to reduce or eliminate them.

    These processes become so embedded in the operations and culture of an organisation that entire industries become almost immune to the kind of failure which can seriously damage their reputations.

    So why do so many Chief Executives live in mortal fear of the reputation crisis that will sweep them away, along with shareholder value, customer loyalty, and personal repute?

    Most often when a reputation crisis occurs, enormous energy is expended as management works out what to do ‘on the hoof’, and carries out a ‘mopping up exercise’.  Reputation rebuild is challenging and time consuming.  And the damage, once inflicted, can be incredibly difficult to move on from.

    A recent survey conducted by Hemington Consulting and Gablesmead revealed that only 1 in 5 CEOs are comfortable with the reputation resilience of their organisation.  Most have ‘crisis communication plans’ that serve an important but limited purpose.  Communication will usually be part of the response to a real crisis, but mopping up the blood on the carpet is by far the least desirable option.

    At Hemington we believe a much smarter approach is for organisations to apply a systematic approach to preventing reputational damage.  The tools for preventing quality failures have been used successfully in industries where product failure could wipe out a company.   We advocate establishing robust processes for identifying and managing risk, within a ‘management system’ tailored for that organisation.

    For more on Reputation Resilience management systems contact Justin Doherty at Hemington Consulting.

  • Job Vacancy – Political and Corporate Communications Analyst

    Hemington is a growing consultancy, specialising in issues and reputation management for international governments and corporations.   We have operations in London, Washington and Dubai.

    We have a vacancy for an analyst to support our work for two significant clients – an African country, and a FTSE 100 company.

    The role will involve:

    • background research on key issues
    • media monitoring and analysis
    • summarising reports
    • stakeholder identification and mapping
    • drafting briefing notes
    • issue identification and alerting colleagues/clients in real time

    Our clients use us for sound advice, on complex issues, at the highest level.  For this role we will be looking for:

    • experience of African affairs as well as UK corporate/board level issues
    • research/analyst experience
    • excellent written skills
    • ability to synthesise complex information, spot emergent issues and trends, and present clearly and persuasively
    • willingness to operate outside normal office hours, and to travel

    In this role you will get closely involved in some the pressing issues of the day and have the opportunity to work with a senior, dynamic and cross-border team.

  • Payday Lending

    The Archbishop of Canterbury has ‘declared war’ on payday lenders, and in doing has been tripped up over his church’s own investment in a private equity group which invests in Wonga.

    The Archbishop doesn’t need a lecture from me on hypocrisy, the dangers of inconsistency, or indeed the impact upon personal or organisational reputation.

    He has been embarrassed, and he has said so publicly.

    Loan depot

    Loan depot

    But I can’t help feeling there’s a considered strategy in play here.

    The idea of church-supported credit unions competing with pay-day lenders is a smart one.

    Short term lending is important for many people, and can provide emergency cash to tie people over, without which a job might be lost or a child go hungry.

    So the Archbishop recognizes the problem, and intends to follow in the footsteps of others such as the Catholic Church in Ireland, by making use of church premises, manpower, skills, and infrastructure to help those in need.

    But the Archbishop needs this matter to be in the headlines.

    If church based credit unions are to succeed they need to raise their profile and make a case for why they should be the first choice. And they will need to compete with slick websites and marketing from companies such as Wonga. (Look at ‘Wonga’s Ten Commitments’ on p. 15 of today’s Times).

    They will need supporters and advocates.

    The internal consistency issue can be rectified. Lambeth Palace is already on the hunt for new staff to support the Archbishop, and after this episode there will certainly be an internal review which takes in reputation risk and internal consistency.

    If the Archbishop is as serious about church based credit unions as he seems to be, then we can expect to see a great deal more communication and debate around this issue.

    [Photograph: Evening Standard]

  • Ten Million Dollars, Anybody?

    If you could get away with it would you engage in a spot of insider trading?

    A new report by Wall Street law firm Labaton Sucharow, suggests that 24% of people in the financial services sector would do so (nearly twice as many as in the same poll last year).
    200397812-001

    Labaton Sucharow run a special advocacy programme for whistleblowers, and the report makes for gloomy reading.

    The report suggests:

    • financial misconduct is still widespread
    • there has been a decline in leadership, individual integrity and corporate culture on Wall Street
    • 28% feel that their organisations do not put their clients’ interests first

    The insider trading point is instructive.

    The question was whether respondents – if guaranteed anonymity and $10M – would engage in insider trading. On the basis that insider trading is a crime, this suggests that a quarter of people on Wall Street are either prepared to commit a wrongdoing, or they do not see this as a crime.

    Labaton’s strapline is “we have the power to change course, but first we must accept that Wall Street has a significant and growing ethical crisis and act now to address the problem”.

    Either way, if this report is to be believed, five years after the financial crisis –it suggests not only no change, but that things may be heading in precisely the wrong direction.

  • Murdoch

    Poor old Mr Murdoch.

    The newspaper baron is back in the spotlight, this time for secretly recorded comments in which he is heard suggesting that paying police for tips has been going on for a hundred years, and that the police investigation into corrupt payments is incompetent.

    News International Reputation

    Press Baron

    How have the reputaitons of Murdoch, News International and newspaper journalism been affected over the past two years since the allegations of hacking first emerged?

    Reputations are complex and cannot simply be assesed on a simple good/bad axis.

    It is true that the phone hacking saga has been distasteful, and distressing for many, and has pitched the media in an unflattering light. The fall out is likely to be tighter regulation and resticted freedom for the press.

    But let’s not lose sight of the fact that we are discussing the methods used to acquire the stories, not the credibility of the product itself.

    All of these activities were driven by a culture in which fearless pursuit of big news stories was the name of the game.

    But it would have been a different matter had we discovered that stories were being fabricated (which would have been easier and cheaper).

    I recently had a conversation with a newspaper editor (not in the UK) who admitted that his op ed desk had been making up letters for the letters page.

    Now that would be damaging to the reputation of newspapers.

    [Photograph: Noah Berger/AP]

  • Booz Allen Hamilton – Snowden

    Reporting of the Snowden/NSA case has focused on the wild goose chase for Snowden himself.

    But what about the reputational impact upon Booz Allen Hamilton, Snowden’s employer, and Microsoft, Yahoo, Google, Facebook, PalTalk, AOL, Skype, YouTube, and Apple – all of whom are in the spotlight for allegedly allowing access to users’ data through the US government PRISM programme.

    Edward Snowden

    Big mole

    In Booz Allen’s case they saw it coming.

    Take this from their annual SEC filing for 2012/13:

    “We depend on contracts with U.S. government agencies for substantially all of our revenue. If our relationships with such agencies are harmed, our future revenue and operating profits would decline.”

    And this:

    “Our professional reputation is critical to our business, and any harm to our reputation could decrease the amount of business the U.S. government does with us, which could have a material adverse effect on our future revenue and growth prospects.”

    And this:

    “Our employees or subcontractors may engage in misconduct or other improper activities, which could harm our ability to conduct business with the U.S. government.”

    And this:

    “Internal system or service failures, including as a result of cyber or other security threats, could disrupt our business and impair our ability to effectively provide our services to our clients, which could damage our reputation and have a material adverse effect on our business and results of operations.”

    All of which looks spookily prescient.

    The conclusion one would hope to draw from this is:

    • Booz Allen Hamilton has robust reputation risk identification processes in place
    • They have active internal controls to pre-empt these sort of occurrences
    • The Snowden case is a one-off / ‘rogue employee’ rather than an ingrained problem with the culture of the organisation

    We will see.

    But it’s also worth noting that Snowden is 30 years old (his birthday was 2 weeks ago).

    He is what demographers call a Millenial’ or Generation Y-er.

    Compared to previous generations Gen-Y-ers tend to be more idealistic, more cynical and questioning, less loyal, and less accepting of all forms of authority. And they are also the generation with the knowledge and skills most in demand in the digital age.

    Time for some real work on the implications of Generation-Y attitudes in the workplace, and the potential reputational risks posed to employers.

    [Photograph: Guardian]