© 2002 Jonathan Bernstein
JUST A THOUGHT
"The time is always right to do what is right."
Martin Luther King, Jr.
AN OUNCE OF PREVENTION
Ask the Right Questions
by Jonathan Bernstein
If your primary place of business was completely unavailable as of midnight tonight -- and you had no advance warning:
- Would everyone who works there know where to report for work tomorrow and/or how to conduct business remotely?
- Do you have alternative worksites already identified and contingency plans established that would allow you to move in rapidly?
- Do you have contact information for ALL your key audiences, internal and external, that is available to you quickly even if you were never able to occupy your primary place of business again? Was the information reviewed and updated in the past 90 days?
These are just a few of the questions we ask in a vulnerability audit. If you know your vulnerabilities in advance, you can avoid many crises and most certainly minimize the damage from others.
CRISIS MANAGER BUSINESS ANNOUNCEMENTS
Crisis Manager Honored
We're honored that "Crisis Manager" was one of six email newsletters listed on the "20 Best Online Resources for PR Professionals" just published by marketingsherpa.com, "Practical News on Internet Marketing."
Branding Crisis Manager
You can arrange to distribute "Crisis Manager" to your own email list with a "Brought to You By" credit in the masthead. There is no charge and only some reasonable restrictions to preserve the integrity of the publication. Several organizations are already doing this and finding that it is appreciated by their contacts. Write to firstname.lastname@example.org for more info.
Crisis Manager Presentations & Workshops
Want to REALLY get some of this information into the hearts and minds of your organization? Your ineffable ezine editor and crisis communications consultant and his talented associate, Phil Cogan, are available to make presentations and lead workshops. Their presentations can often be certified for the continuing education credits required by a number of professions. Write to email@example.com or call (626) 825-3838.
ISP Thwarts Cyber-Terrorists
linkLINE Communications Turns Crisis Into PR Success
by Jonathan Bernstein
Editor's Note: this is another of those rare occasions when a crisis has been very public and the client is justifiably proud of its response and willing to share the results with others. As I've told linkLINE's management, their willingness to take some direction on this challenging situation reflects great credit on them; I assured them that I've known other organizations not nearly so willing to "do the right thing."
"We think that someone calling himself 'Mr. Zilterio' may have accessed our customer records, to include credit card numbers. He's threatening to reveal that information to our customers and the press if we don't pay him a large amount of money."
That was the initial call I received from Marc Benzakein, one of the founders of linkLINE Communications (www.linkline.com), an expanding, relatively small (15,000 subscriber) but profitable Internet service provider based in Mira Loma, California (note: in their business, "profitable" is rare).
In that phone call, and a subsequent meeting with linkLINE's management/crisis response team, I learned that:
- According to federal authorities and information available to anyone who does a search for "Zilterio" on the Internet, the same individual may have extorted as much as $4 billion from other organizations who wanted to sweep the situation under the rug for fear of losing business.
- linkLINE, with law enforcement direction, had been stringing Zilterio along for a little while identifying how he got past their security. In the process, they traced the bank account to which Zilterio wanted money wired through Russia (where he said he was from) to Yemen, a known hotbed of terrorism.
- The ISP felt strongly that it was ethically and morally wrong to give in to what could clearly be construed as "cyber-terrorism."
- linkLINE had taken the steps necessary to ensure that the security hole which Zilterio may have exploited was plugged.
- A significant loss of customers could be devastating to linkLINE because of its still-small size.
Crisis Response Team Meets
As a crisis response team, we agreed that:
- linkLINE's customers needed to be notified of the threat before Zilterio communicated with them. This meant that the entire "response package" needed to be in place between our Thursday afternoon meeting and the following Monday evening. We all wanted to move even more quickly, but double-checking some security preparations precluded any more haste. The team member in touch with Zilterio felt he could stall him as long as necessary.
- The best approach, very much in keeping with linkLINE's operating philosophy, was to express compassion for the concern this might cause customers, provide them with information they would need as a consequence of the situation, while also calling for them to unite with linkLINE in combating cyber-terrorism.
- Close coordination would need to be made with the security offices for the four major credit card companies so that (a) linkLINE customers would have the least-possible work to do regarding the possible exposure of their credit card numbers and (b) that linkLINE's relationships with the credit card companies remained sound.
During three intense days of preparation:
- linkLINE management contacted the four credit card companies, who were very appreciative of linkLINE's proactive response, agreed to put a special watch on linkLINE customer credit card numbers to see if they were fraudulently abused, and assured linkLINE that customers would not be held liable for any such fraud.
- A Customer Alert letter was drafted for release late in the evening of Monday, March 18. That letter has been posted for "Crisis Manager" readers at:: http://www.piersystem.com/clients/bernstein/linkline1.txt
- A press release was drafted for distribution in the early morning of March 19. That release, as an MS-Word doc, is temporarily archived at: http://www.piersystem.com/clients/bernstein/Linkline2.doc
- A Customer Q&A was drafted in preparation for posting on linkLINE's website. That Q&A can still be found at: http://www.linkline.com/corp/securityfaq.asp
- A special Customer Service Response Guide was created and customer service reps trained on its use.
- linkLINE's crisis response team identified other key stakeholders, besides customers, who might need to be called or contacted when the news was released, and prepared to make those communications.
- Marc Benzakein was trained to be the primary spokesperson on the situation, with another member of the team as backup spokesperson.
The Announcement and Results
Zilterio did not act during the preparation period, and linkLINE was able to launch its crisis communications campaign.
- In the late evening of March 18 and early morning of March 19, respectively, the Customer Alert went out by email and the press release by PR Newswire (California circuit only, as 95% of their customers were in-state, and knowing that even the California circuit also goes to Internet news sites and certain other key media).
- While customer call volume did go up, it was not overwhelming; linkLINE had contingency plans for what to do if it backed up, but the Customer Alert, combined with the Customer Q&A, apparently satisfied the vast majority of customers.
- Most of the calls and emails that DID come in were highly complimentary of linkLINE's response. Some examples:
- "In today's world of competition and LOVE of money very few companies are up front when they have a problem that could affect their business. YOU GUYS ARE THE EXCEPTION. Thanks for letting us all know the truth. Because of people like you I feel much safer on the NET. THANKS AGAIN."
- "I would like to commend you on your handling of the Zilterio blackmail incident. Prompt and full disclosure through email and your website is the exact way to go. This kind of professionalism makes me happy to continue with linkLINE as my ISP. Nothing is 100% secure; what separates the pros from the rest is the response to a security breach. Your response measured up in every respect."
- There were some people who were initially very disgruntled, but linkLINE execs did a great job of communicating in a caring and informative manner that made customers more comfortable.
- A few credit cards were voluntarily (by customers) or involuntarily (by banks, when they were also ATM cards) suspended, but even those customers were understanding. And as part of their preparation, linkLINE had made it easy to switch to another credit card (securely) or use another method of payment.
Today, two weeks later, linkLINE had no net loss in customers and has continued to enjoy its usual level of growth.
Editor's Note: Unfortunately, Zilterio hasn't stopped doing his thing -- there's a Dow Jones story out today about his attack on another company. Any organization which maintains confidential information on its Internet-accessible servers is vulnerable and would do well to (a) assess its level of vulnerability and (b) be prepared to respond if and when a security breach occurs. Not merely operationally, but in terms of legally appropriate public relations.
CRISIS MANAGER ON THE SPOT
Q: Our in-house counsel doesn't think there's any place for PR in legal matters. How do I convince him otherwise?
CM: Nothing seems to work as well as one attorney talking to another. We maintain a list of attorneys, in-house counsel and external, who are willing to talk to our prospective clients and share their experience working closely with public relations/crisis communications professionals.
I can tell you -- and perhaps this will impact your in-house counsel -- that September 11 and Enron have triggered a high demand for speaking engagements to law firms and legal associations of various kinds (see the list here). That may be an indication that the legal profession's awareness about the role of public relations in legal matters is increasing.
PLAIN ENGLISH DISCLOSURE
Bernstein Crisis Management has formal or informal co-promotional and mutually beneficial business associations with PIER Systems, Inc., PR Newswire's ProfNet service and CustomScoop. No, we can't go into details because that's confidential, proprietary, etc. But our relationship is NOT "arm's distance" and you should know that, since we regularly write about how we're using these services for crisis and issues management. That said, you should also know that Bernstein Crisis Management sought the relationships because its staff is convinced that these services are the best of their kind for Bernstein Crisis Management's needs and those of their clients. If you have any questions about these relationships, please contact Jonathan Bernstein, (626) 825-3838.
ABOUT THE EDITOR
Jonathan Bernstein is president & CEO of Bernstein Crisis Management, Inc., a national public relations agency specializing in crisis response, issues management and litigation consulting. It is also the only national PR agency able to create crisis- and issues-specific websites for its clients in as little as five minutes by employing proprietary PIER System technology. Information on the firm's services can be found by Clicking Here or by calling (626) 825-3838. Information on its PIER capabilities can be found at www.crisiswebsite.com.
(Have a newsletter and/or website and want to exchange links? Let's talk about it! Write to firstname.lastname@example.org.)
These sites have proven valuable to my business and may do the same for yours.
"Media Insider" is a free service for the public relations community hosted by PR Newswire and ProfNet, its online resource linking reporters with expert sources. Updated daily with contributions from members, Insider reports on the people and new technologies behind the production of news. Go to http://www.mediainsider.com.
The PR Network provides a means for exchanging ideas and business improvement tips between PR professionals. They're at http://www.theprnetwork.com and their newsletter can be subscribed to by sending email to email@example.com with the word "subscribe" in the BODY of the email.
"Powerlines" is a free bi-monthly newsletter about reputation management and communication matters written by Deon Binneman, a reputation management consultant, speaker and trainer who employs his 25 years of experience to advise clients worldwide from his base in Johannesburg, South Africa. For a free evaluation copy write to firstname.lastname@example.org.
All information contained herein is obtained by Jonathan Bernstein from sources believed by Jonathan Bernstein to be accurate and reliable.
Because of the possibility of human and mechanical error as well as other factors, neither Jonathan Bernstein nor Bernstein Crisis Management is responsible for any errors or omissions. All information is provided "as is" without warranty of any kind. Bernstein Crisis Management and Jonathan Bernstein make no representations and disclaim all express, implied, and statutory warranties of any kind to the user and/or any third party including, without limitation, warranties as to accuracy, timeliness, completeness, merchantability, or fitness for any particular purpose.
Unless due to willful tortuous misconduct or gross negligence, Jonathan Bernstein and Bernstein Crisis Management shall have no liability in tort, contract, or otherwise (and as permitted by law, product liability), to the user and/or any third party.
Under no circumstance shall Bernstein Crisis Management or Jonathan Bernstein be liable to the user and/or any third party for any lost profits or lost opportunity, indirect, special, consequential, incidental, or punitive damages whatsoever, even if Bernstein Crisis Management or Jonathan Bernstein has been advised of the possibility of such damages.
A service of this newsletter is to provide news summaries and/or snippets to readers. In such instances articles and/or snippets will be reprinted as they are received from the originating party or as they are displayed on the originating website or in the original article. As we do not write the news, we merely point readers to it, under no circumstance shall Bernstein Crisis Management or Jonathan Bernstein be liable to the user and/or any third party for any lost profits or lost opportunity, indirect, special, consequential, incidental, or punitive damages whatsoever due to the distribution of said news articles or snippets that lead readers to a full article on a news service's website, even if Bernstein Crisis Management or Jonathan Bernstein has been advised of the possibility of such damages. Authors of the original news story and their publications shall be exclusively held liable. Any corrections to news stories are not mandatory and shall be printed at the discretion of the list moderator after evaluation on a case-by-case basis.
OTHER IMPORTANT STUFF
If you have questions for "Crisis Manager on the Spot" or comments about other topics, you can contact Jonathan Bernstein at: email@example.com.
Do you know people who are Crisis Managers, whether they want to be or not? Please pass this newsletter on to them!
Subscribe to the free, twice-monthly email newsletter below. After entering your email address, you will receive a message asking you to confirm your subscription in order to prevent someone else from adding you to the list without permission. YOU MUST CONFIRM YOUR SUBSCRIPTION OR YOU WILL NOT RECEIVE THE NEWSLETTER.
Articles in "Crisis Manager" were, unless otherwise noted, written and copyrighted by Jonathan Bernstein. Permission to reprint will often be granted for no charge. Write to firstname.lastname@example.org.