What Are Your Customers and the General Public Saying?

Are you listening to the compliments, complaints, and sentiments expressed by your customers online? Do you know what information exists online—both from your own efforts and those external to the company? Have you produced podcasts and webinars and, if so, how are these being monitored and syndicated? What impact have whitepapers, articles, or company presentations had on your brand? Companies today must constantly measure their brand reputation online to determine the sentiments being expressed and assess any possible threat levels.

A simple, fast, and free basic solution begins with a Google search. To start, do a quick Google search for your company and/or any of its products or services. This internal (also known as an “ego search”) will quickly reveal any indexed websites, news mentions, or blog posts related to your brand. In many instances, these searches will return the company’s official website and any recent press or news mentions. And, at times, they will provide your first glimpse into your brand’s online reputation.

A recent search on Wal-Mart returned the company’s website (www.walmart.com) and listing of store locations. However, as illustrated in Figure 3-1, there are negative sites about Wal-Mart as well: Wake-Up Wal-Mart (wakeupwalmart.com), an anti-Wal-Mart website; and Wal-Mart Watch (walmartwatch.com), a “nationwide campaign to reveal the harmful impact of Wal-Mart on American families and demand reform of their business.” You will also find links to an anti-Wal-Mart movie and the humor website peopleofwalmart.com. This simple search shows a significant amount of negative sentiment expressed toward Wal-Mart, Inc.

Figure 3-1 Negative sentiment sites about Wal-Mart

In early April 2010, one of Wal-Mart’s official website’s (www.walmartcommunity.com for their Community Action Network, or CAN) was hacked and spam links with the title “die mommy die” were injected across the site, as shown in Figure 3-2. This social network, CAN, is a good marketing tool, but when it gets hacked, it becomes a brand management nightmare.

Upon further investigation, Wal-Mart discovered that the spam code was injected into the footer template of the website. Although these attacks may seem frivolous, and possibly humorous at first glance, they are early warning signals of potentially more serious security attacks. This combination of attacks against the web application with the attacks on the social community website can result in serious damage against a brand image.

Figure 3-2 Hacker message on Wal-Mart’s Community website

What to Monitor

To protect your company from online social media attacks, you need to employ a series of monitoring solutions. Certain monitoring solutions, which we’ll discuss shortly, observe the chatter and monitor key terms and sentiments, both from a customer perspective and an attacker perspective.

The most prevalent problems that you need to monitor include:

Copied sites

Negative posts

Misleading information

Fake profiles

Trademark/copyright infringement

Bad news coverage

Confidential documents disclosure

Complaint sites

Competitor attacks

Hate sites

Employee scandals

Corporate scandals

Industry perceptions

A number of services—both free and paid—can assist in this process. Free services, such as Google Alerts, can monitor key terms and track forums, blogs, and negative online posts, whereas commercial online reputation monitoring services, such as Radian 6 and Reputation.com, can be set up to monitor and track online sentiment and potential privacy breaches. These services can

Monitor posts and make requests to remove information that may not be appropriate (such as names, addresses, ages, phone numbers, past addresses, and other personally identifiable information)

Block trash or unwanted paper mail

Prevent online ad tracking so your activities are not monitored by the ad networks

As mentioned previously, negative online sentiments can serve as an early warning sign of possible security threats. They can help you identify sources of discourse and the impact of your online reputation control efforts. By monitoring key terms and online mentions for positive, negative, and neutral sentiment around your company’s products or services, you can determine what’s being said. In addition to this monitoring solution, you should also assign company resources (company staff) to monitor, analyze, and react quickly to online social media mentions in an effort to protect the company from potential threats.

When to Dedicate Resources to Combating Negative Mentions

Negative threats can originate from any source: blog post, video commentary, disgruntled Tweet, or online forum. Prior to deploying resources, you need to assess the nature of the threat to determine the source, influence, and potential fallout.

If the threat is singular in nature (for example, a customer complaint), then the best possible response is to reach out to the individual or individuals with an olive branch in hopes of remedying the situation personally. This dedication to customer service can many times repair the relationship and turn negative commentary into positive sentiment about your company’s responsiveness.

In the event that the negative threat is more widespread, then you need to implement a systematic policy of engagement, long-term PR efforts, and security strategies. In Chapter 6, we review more details of what your actual policy should cover. These can involve activating online influencers who may be integral to repairing your company’s image and online brand equity. These social media influencers can take the form of bloggers, Twitter personalities, or freelance industry reporters, to name a few. Combine this with any security technologies necessary to report on any corporate assets that may be threatened, and you have a complete monitoring solution. If you do not have these monitoring solutions in place, you might face attacks that lead to brand damage or even loss of operations if you experience a technology-related attack on your brand.

Establishing a relationship with advocates and tracking their online movements prior to an attack can be your first line of defense, proving invaluable to securing your company’s brand reputation and online security. In addition, these wired influencers can readily persuade those who are easily won over. This can significantly impact public opinion in the event of a negative attack and have, at times, even rallied cybersecurity experts to aid in the defense of organizations under continued online attack.

TIP

Train and empower your employees to use social media as well; they are far more credible and have authentic voices in advocating your brand.

One recent example is the lawsuit brought by an Alabama law firm against Taco Bell in early 2011. The suit claims Taco Bell’s beef is not real beef, the key ingredient in its product and company identity. This claim could do more damage to the company than any other type of cyberattack. Taco Bell came out on the offensive, launching a marketing campaign and using social media platforms to promote its side of the story. Its Facebook page now has over 5,860,000 followers! And people are saying great things about the company on the company’s Fanpage, as shown in Figure 3-3. These “brand ambassadors” are “Liking” the brand and promoting it to their friends.

Figure 3-3 Taco Bell Fanpage

Processes to Track the Conversations Leading Up to an Attack

The problem of technology and staff resources has been a recurring theme for many companies. How many people do you actually have who can do all this work, and do you have the proper budget to buy the right tools? Finding the right resource and having the right resource are two separate challenges. Knowing how to monitor potentially harmful discussions, prior to a threat occurring, is critical in defending and securing your social media strategy. As mentioned earlier, reputation management and monitoring services can provide daily digests and real-time alerts that you can use to gain insight on current online sentiment. With a simple Google Alert, as shown in Figure 3-4, you can select keywords to track, source type (blogs, news, video, discussions), how often to track, types of results you want to see, and how the results should be delivered to you.

Figure 3-4 Setting up Google Alerts

Once the source of the threat, or even just an informational post, has been identified, you’ll want to search for any additional outlets. Where else might that threat be disseminated that could impact your company? It could spread to other media channels. If there is a history of threats from a particular source, such as a blogger who does not like your company, you should put that “threat” source on your list of sites to monitor for future activity.

Another free tool you can use to see what’s being said is Yahoo! Pipes (pipes.yahoo.com). Using Pipes, you can create your own, very comprehensive search program. Figure 3-5 shows a created “Pipe” that searches different social media applications and news outlets and delivers any results written by Charles Heflin. Figure 3-6 shows a search on the company name “KRAA Security.” Look at the results in Figure 3-6; notice a LinkedIn Profile for a “Mugambi Daniel” listed as an accountant at KRAA Security? There is no such person as Daniel living in Kenya working at KRAA Security. A coauthor of this book, Gary Bahadur, is the CEO of KRAA Security, and he certainly would know who is on the payroll! Obviously, this profile is a fake. Someone is probably trying to run a scam using the KRAA Security name! If you get a result like this and have an incident response policy in place, as we discuss in Chapter 6, at this point you would take several steps:

Figure 3-5 Building a Yahoo! Pipe search

Figure 3-6 Results of the Yahoo! Pipe social media search using the keywords “KRAA Security”

1. Contact LinkedIn and get this person removed as an employee of KRAA and notify LinkedIn that it has a scammer in the network.

2. Determine if you can turn on any restrictions in LinkedIn to stop this from happening in the future.

3. Implement a routine monitoring practice to identify future activity for anything related to the company name.

Another way for the public to find you is with location-based services (such as Gowalla, Facebook Places, foursquare, and Scvngr). A simple “check in” from an employee at a customer office or visit from a potential employee can inadvertently cause a leak of sensitive information about the company to the public. Location-based services give the public a way to track your company and may lead to some form of attack based on where your employees check in. As location-based services become more integrated, this form of communication will be subverted. Persons involved in social media activities for your company have the responsibility to monitor, enforce, and adapt your social media security policy as new threats emerge and additional departments participate in new and emerging social media networks.