Train for a Social Media Attack

Posted on Jul 13, 2011 | Tags:

Global corporate giants have been forced to change their business methods or practices when targeted by angry groups of customers or activists using social media as a weapon. Here are some tips on how to prepare for and survive hits on the social media battlefield.

  
 
  Prepare Your Troops

You've just received word that your company's Facebook page, Twitter account and LinkedIn group are under attack by disgruntled customers. What do you do?

 A Powerful Song

 

The luggage incident wasn't the first time United Airlines was hit with a social media attack.
   Canadian singer/songwriter Dave Carroll uploaded a video on YouTube of a song he wrote and recorded. The tune, United Breaks Guitars, recounts his experience with United after his $3,500 Taylor guitar was severely damaged after being thrown across the tarmac in Chicago by United baggage handlers. The video had 150,000 views in one day and the incident was picked up by the media. United's managing director of customer solutions, reportedly telephoned Carroll to apologize and to ask if the carrier could use the video internally for training. United mentioned it hoped to learn from the incident, and to change its customer service policy as a result of the incident. Carroll refused belatedly offered compensation and instead suggested that the company donate the money to a charity as a gesture of goodwill.
The carrier donated money to the Thelonious Monk Institute of Jazz but that did little to undo the damage to its image.
The video garnered over half a million hits within three days of its upload to YouTube, five million within about six weeks and 10 million within seven months.

As more and more companies establish a social media presence, the risks of being on the receiving end of a social network attack increases. Protesters are no longer forced to picket in the wet or the cold. From the comfort of a couch, coffee shop or cabana on the beach, an individual with a grudge against your company can launch an all-out, damaging attack on your brand.

Once that happens, others may willingly jump on board, adding to the chorus of criticism or demands. Consider these recent examples of global corporations forced into action on the cyber battlefield:

The Mattel Saga

Toy-making conglomerate Mattel said it would develop a policy to make its packaging suppliers "commit to sustainable forestry management practices."

That change in business practice was the corporation's response to a social media campaign started by Greenpeace when it uploaded a satirical video on its Web sites around the world and on YouTube. In the video, the company's popular Ken doll broke up with Barbie over deforestation in Indonesia. The environmental activist group was accusing the company of destroying rain forests because it used material from them as packaging for the dolls and other toys.

The Greenpeace Web sites enabled visitors to send letters to Mattel's CEO and share their critical comments on Twitter and Facebook with a few clicks of a mouse. When critical messages began appearing on Barbie's Facebook fan page, which has 2.2 million followers, Mattel blocked comments and deleted any mention of rain forests.

Soon after the attack on Mattel, Kraft, Unilever, Carrefour and Adidas are among the large corporation that have introduced policies to eliminate from their supply chains companies linked to deforestation.

Nestlé Under Siege

Global food giant Nestlé was also attacked with a Greenpeace-produced YouTube video spoofing the company's use of palm oil from an Indonesian supplier that the environmental group was already attacking for destruction of Indonesian rain forests. The video quickly went viral and people started attacking the company on its Facebook page. Ironically, at the time Nestlé already had a No Deforestation policy, but it appeared unaware of what its suppliers were doing.

Two months after the campaign broke, Nestlé came up with a plan to make its supply chain more transparent. The company reevaluated its supply chain and now has maps showing the route of its palm oil supplies. It also developed sourcing guidelines to help ensure that the company's palm oil purchases are protecting endangered forest and peatlands, supporting indigenous populations and coming from plantations and farms that use sustainable practices. Nestlé also dropped its ties with the Indonesian supplier, as did Kraft and Unilever.

Taking on the Airlines

Delta Air Lines, along with United, Continental and American Airlines recently changed their free-baggage policies for servicemen and women traveling on military orders. This change was initiated after a unit of U.S. Army soldiers uploaded a video on YouTube complaining that Delta charged them more than $2,800 in extra luggage fees as they were returning from deployment in Afghanistan.

Thousands of people responded on Delta's Web sites and other social media sites supporting the soldiers. One day after the video was uploaded and went viral, the carrier changed its baggage policy and started allowing five free checked bags for servicemen and women traveling on military orders. United and Continental quickly followed suit, allowing four free bags and American Airlines has started allowing five free bags for military personnel traveling on orders.

Clearly your business need a plan so that it is prepared if it ever becomes the target of such powerful and potentially devastating social networking attacks. Consider taking the following steps if your enterprise is attacked: 

Determine the facts. Before your company can respond appropriately it must know what triggered the attack. A word of warning - don't take too long to figure it out. The longer your company remains quiet, the more likely it will be presumed guilty until proven innocent.

Take a proactive stance. No matter how inconsequential the initial attack may be, if left unchecked, it can often take on a life of its own and go viral. The anonymity that the Internet provides means that attackers do not fear having their identity being disclosed. Even if their identity is uncovered, there is no guarantee that it is not an alias. The attacks will continue unabated, and may increase if your business fails to respond.
  
Monitor cyberspace for shadow sites. Activists may create a new corporate page on Facebook, a Twitter account, or establish a Web site address that is similar to your company's address. It will likely be exceptionally difficult to force the closure of these pages and accounts.
Consult your attorney immediately to see what legal recourse may be available. At a bare minimum, your organization should routinely monitor the information shared via these shadow sites and act accordingly. But before taking action, plans should be discussed and approved by top executives. An effort to be forthcoming and address an issue directly can backfire and provide a tremendous boost to the antagonists.
  
Create a Quick-Response Team. In order to prepare for what the future may hold, create a cross-divisional team that can quickly respond to a social media attack. The team should create a list of the types of attacks your firm could experience. This significant incident team should meet quarterly and role play two or three of the sorts of attacks they expect could be launched. The exercises may highlight weaknesses in your plans that need strengthening.

Conduct a post-mortem. If an attack is launched against your business, when the dust settles take the time to understand why the attack took place and whether there were any leading indicators that should have been a warning. Consider the odds of a similar attack in the future and rate how well your company performed during the attack. Determine what if it could have done anything better, if any mistakes could have been avoided and if the tone and content of public communications helped or hurt. Review the mix of skills on the response team to see if it is adequate or needs to be beefed up.

Develop scripts and guidelines. Your business must respond professionally and in a manner that reflects best practices in managing social media attacks. Scripts and guidelines governing external communication regarding attacks need to be composed ahead of time and the scripts should be reviewed and approved by senior managers, attorneys and those who will deliver the messages.
 
Depending on the size of your company, the nature of its business and the extent of its social media presence, a cyber attack on its policies may be more a question of when than if. Being well-prepared will enhance your enterprise's ability to respond in a timely, organized manner that will likely prevent a small problem from exploding into an uncontrollable "headline grabbing" issue.