It hasn’t been the best month in terms of online reputation for a number of large organisations with a number of high-profile security and domain related issues once again reminding us of the dangers of the online world.
Two weeks ago the story of the sale of Twitter for over $30bn proved to be nothing more than a clever fake, engineered by someone with some intermediate website coding skill, a carefully thought out domain registration and a well-placed phoney PR story. However, it did once again underline both the power of now in terms of how news can spread across Social Media as well as the importance for major organisations to ensure their key digital assets are protected. Bloomberg.market, the domain name that was used in conjunction with a fake website, would have been available to Bloomberg to register (or even block under the Domains Protected Marks List programme) back in August last year, yet it was only two weeks ago that someone in Germany picked it up and resulted in a short-term stock market frenzy that sent the share price of Twitter rocketing up. The whole incident is now under the review of the Securities and Exchange Commission but could have been avoidable.
This week saw two stories break that will have a lot of people both in the US and around the world worried for very different reasons. Wired Magazine’s website carried a story of one of their journalists driving along a freeway in St. Louis at 70 mph when his Jeep Cherokee started acting strangely. Climate control changes, the radio station switching channels, windscreen wipers activing themselves. Fortunately, the story went on to say that the driver (and journalist) was expecting this as he was researching a story of how cars can be hacked. He knew the two hackers in question, and knew that they would try and carry out the attack although didn’t know what form the incident would take. This type of action is known as a ‘zero-day exploit’, a vulnerability in software that is unknown to the vendor, and potentially the biggest risk companies face in terms of IT security. Finding flaws in systems is a constant process for any systems or software developer, but to have third parties discover them and announce the vulnerabilities to the world is highly embarrassing.
This wasn’t the first time the hackers had shown what they could do using wireless access. Whilst their ‘victim’ was driving a Jeep, vulnerabilities are becoming more common on all cars as manufacturers build in more and more intelligence that relies on remote or Wi-Fi access. The story certainly gives all car manufacturers food for thought, and with some hackers potentially sharing code across the Internet, a brand protection strategy aimed at social media monitoring programme would be a very sensible addition to any digital asset policy.
It’s not just car owners who face a worrying few weeks. For a particular group of adults the news that the dating website AshleyMadison.com had been compromised could have far-reaching consequences.
According to the website itself, Ashley Madison has over 38 million anonymous members who buy into the marketing strapline of “Life’s too short, have an affair”. The attack, reported to have been the responsibility of a group called The Impact Team, will have caused some sleepless nights this week across the globe. The group claim to have complete access to all of the personal details of the website’s membership directory, including some financial information and has threatened to expose the details unless the website is taken offline permanently. Their motivation seems to be over the charging of a “deletion” fee (approximately £15) for anyone wishing to remove their details from the website. Avid Life Media, the parent company of Ashley Madison issued a strongly worded statement within a few hours of the incident coming to light, stating that “The current business world has proven to be one in which no company’s online assets are safe from cyber-vandalism” but not before a long of the reputational damage had been done on Social Media.
Finally, spare a thought for one of Britain’s favourite Friday night institutions, Domino’s Pizza who didn’t appear to think that the new gTLD “dotpizza” was relevant enough for them and passed on the opportunity to register it last year, allowing it to fall into the hands of a private individual in the USA. Despite having operations in 73 countries, 5,700 cities and nearly 11,000 stored, including close to 800 in the United Kingdom, a key part of their online digital strategy seemed to be missing.
Hopefully, the incidents involving dominos.pizza and Bloomberg.market will give some brand-holders a wake-up call that despite all of the defensive mechanisms introduced for the new gTLD programme, doing nothing is still not a strategy, with the cost of acting after the fact far more both in money and reputational terms than if they had acted when they had the exclusive right to. Monitoring of Social Media is now an essential element of any PR strategy, allowing brand holders to react quickly when news stories break, and staying one step ahead of the headline writers.