Like the Wild West of the 1800’s, today’s digital frontier offers nearly limitless potential. But as the pioneers learned, with great opportunity comes substantial risk.
Target knows a thing or two about the perils of the modern world having suffered one of the largest data breaches in history in late 2013. Now, a year and half after that incident, the company suffered a different form of digital sabotage when its brand was recently hijacked on the company’s Facebook page.
In 2008, ExxonMobil learned a few things about brandjacking when it discovered an individual, "Janet," posing as an official spokesperson on Twitter, even before the company had its own presence on the social media platform.
The tweets in the Exxon situation were not entirely malicious, nor were the Facebook comments made by the Target imPOSTer, though they certainly crossed the line. But these cases are more than just a new headache for communications practitioners: They pose great risk to brands.
In order to alleviate those risk factors, here are some best practices on how to protect your organization from brandjacking, as well as how to respond when it happens.
Process, policies, and procedures. I know, I know. There’s nothing sexy about the 3 P’s. But when it comes to the digital world, they are essential. A coordinated and systematic approach to life in the new frontier will ensure things such as monitoring don’t fall through the cracks by assigning roles, responsibilities, and schedules to critical tasks.
Monitoring. We all know to monitor the platforms we use but what about the ones we don’t? Perhaps your organization is on the fence about Meerkat and Periscope: That doesn’t mean imposters aren’t filling your brand void. Perhaps it is counterintuitive, but I would argue that electing not to participate in a social media platform presents more opportunity for impersonating, not less, and poses an even great risk in terms of the level of damage that can be inflicted.
Competitor Walmart however uses this tab and includes a link to its comprehensive policy under the General Information section. GM goes even further by offering clear guidance directly on its page using the long description option in the ‘About’ section. I recommend making your policy and guidelines as easy to find as possible and even posting them as a tweet or status update periodically. Be sure to include information about what an official company post looks like and how to report concerns.
Judgment. There is no one-size-fits-all approach to responding to these breaches. Target was widely lauded for its reaction to this most recent case, which included a bland official statement followed by a clever, whimsical response on its Facebook page. Some suggested Target even "won the internet" with its post.
I choose to play the long game. While Target’s witty retort worked, my concern is that it could invite copycats; I don’t think headlines like this one in Adweek help. I would feel differently about this case were the company not still recovering from its data breach. It is my view that given the company’s recent history it must make every effort to demonstrate that it takes any effort to defraud its customers seriously. Winning the Internet for a day is great but preserving a brand for the long term is what it is all about.
I liken the decision to participate in social media platforms to that of getting a pet: There’s more to it than cute pictures, someone needs to clean up the mess. But what we learn from cases such as ExxonMobil is there can still be messes in your path even if you don’t have a pet of your own, so watch your step.
Dan Hill is president of Ervin | Hill Strategy.