Archives Cynthia

More than half of SMB data breaches are caused by employee negligence

Risk Based Security says there have been over 2,227 publicly disclosed data compromises in just the first half of 2017. These data breaches tapped in to over 6 billion records exposing names, addresses, credit card information, birthdates, shopping habits and – in the case of the recent Equifax hack – valuable social security numbers.

While larger companies are the target for brute force hacking, smaller companies are more likely to shoot themselves in the foot, when it comes to data breaches and their reputation.

According to a new study from Keeper Security, 61% of small businesses said they’d experienced a data breach sometime in the past year. That’s up from 55% in 2016. Doesn’t seem like too bad of a jump until you see that the number of records impacted almost doubled year over year.

Here’s the really maddening part; 54% of breaches were caused by employee or contractor negligence. 7% were caused by a malicious insider. Add that up and it means we need to get our own houses in order before we start worrying about anonymous hackers.

The biggest pain point for small business owners are mobile devices. On average, 49% said that their employees were using mobile devices to access “business critical” applications. Still, the majority of SMB owners said they don’t require employees to password lock their devices because “resetting passwords reduces employee productivity” and they don’t have the manpower to monitor for compliant behavior.

In fact, a lack of man power, followed closely by a lack of funds, was the main reason most small businesses aren’t as secure as they could be. As a result, nearly 70% of those surveyed said they were concerned about their ability to properly secure internet connected devices in the workplace.

The good news is that even a small upgrade in security protocols could prevent an employee triggered data breach. If employees are using a mobile phone, tablet or laptop to access company records, insist that they password protect their devices and that they change the passwords regularly.

Remember, even if an employee doesn’t deal directly with customer data, a good hacker can still use an unprotected company login to access other files on the same server.

If you deal with highly sensitive information, use software that logs the username and path of everyone who accesses that information.

And though it should go without saying, say it anyway: regularly remind your employees to play it safe, keep it private and report any suspicious activity right away.

Finally, don’t fall victim to human nature. Change passwords after an employee leaves the company, even if it’s on good terms. Yes, it’s a pain in the neck, but it’s nothing compared to the pain of telling your customers that their private information is in the hands of a hacker.

MoviePass faces a ReputationFail with bungled unlimited movie offer

MoviePass generated an enormous amount of good buzz last month when they lowered the price on their “Unlimited” movie pass to only $9.95. For only $10 a month, the pass allows a person to see one movie every 24 hours, at almost any theater in the country. Crazy, right?

But this isn’t the plan of some overly ambitious, newbie start-up team. This comes from Mitch Lowe – the man who helped launch Netflix and Redbox. This is a man who has experience with entertainment disruption and low price subscription plans that result in large profits.

So what went wrong this time around?

In 2 days, the company saw more growth than they’d seen in their entire six years of business adding an estimated 150,000 new subscribers to the 20,000 they already had.

What happens when more than 100,000 people try to hit a website in the same 48 hour period? It crashes, over and over.

Reputation Strike 1: not anticipating and preparing for the heavier than normal usage. (We see this a lot on Black Friday)

Damage done: not too much. People were upset but most were willing to wait it out as the value was just too good to pass up.

Once people got into the site, they encountered a different problem. They couldn’t find out if their local theater accepted MoviePass before signing up. (This wasn’t actually true, but that’s how it appeared). This made people anxious and started a large flow of customer service emails that couldn’t be answered.

Reputation Strike 2: not making the process crystal clear on the site, including obvious lists of participating theaters on the web (not just on the app).

Reputation Plus Points 1: MoviePass posted a statement on their blog, explaining the situation and offering direct links to the FAQ.

Damage done: this one started to hurt. People began to feel like they were being scammed when MoviePass kept replying “don’t worry, 99% of theaters are covered”. Meanwhile the AMC movie chain was publicly promising to block anyone using the program.

Stage three was card delivery. I signed up on day one and expected my card in the projected 3-5 business days. I was excited and anxious to try this new toy but after waiting two weeks, I got an email saying that “due to the large volume” I wouldn’t get my pass until well into September.

Reputation Strike 3: not anticipating the load again, forcing people to wait nearly a month for delivery.

Reputation Plus Points 2: sending a letter to explain the delay and giving anticipated shipping dates.

Damage Done: even though the letter helped, it didn’t stop the constant barrage of people complaining about late delivery on Facebook, Twitter, the FAQ pages and all forms of MoviePass customer service. Complaints – but few actually threatening to cancel.

Now it’s mid-September and MoviePass – despite having 3 strikes against it – is starting to turn the tide. Cards have been delivered, people are going to the movies and the positive reviews are trickling in. “Trickling” being the important word here, because many people (including me) are still stuck in MoviePass madness.

In my case, my first attempt to use the card resulted in a decline by my theater because the system didn’t load enough money on the card to pay for the ticket ($3.50 credit toward a $12.00 ticket). I contacted customer service through the app chat while I was at the theater. I got a response an hour later in the form of another question, not a solution. I also tried Twitter customer service but no response at all. It was there that I encountered the 100s and 100s of people like me who were asking about declined cards, glitches in the app, how to get reimbursed for tickets (the robo answer tells you to pay full price and then send proof to Moviepass for a refund).

Reputation Strike 4: a system that can’t handle the load plus an overwhelmed customer service center equals. . .

Major Reputation Damage: at this point, people are planning to cancel – if they can figure out how. Journalists are writing full articles about MoviePass fail and some are speculating that this whole thing was a scam to bolster the company before sale or bankruptcy. They knew they couldn’t make a profit with this many customers, so they’re purposely driving people to cancel to get the right balance. I suppose it’s possible, but I doubt that’s the case.

The final blow comes in the form of a sarcastic tweet response that probably came from an overwrought, overworked customer service agent. There’s no excuse for this, but it’s understandable.

Final Tally:  For only $9.95 a month, Moviepass bought itself one heck of a lot of publicity both good and bad. At the moment, the bad side appears to be winning but if they can become better communicators while they fix the problems, that will go a long way toward shifting public opinion.

UPDATE: Looks like they heard us! MoviePass just posted another update saying they’ve increased manpower to take care of the backlog. That’s how you mend a broken rep!

During a crisis it’s always better to give than to receive

A natural disaster like Hurricane Harvey always brings out the very best and the very worst in people. The same goes for companies of all sizes. While many companies are pitching in with large donations of cash, manpower or badly needed supplies, other companies are making the news for all the wrong reasons.

1st prize for the biggest blunder goes to Best Buy who was caught price gouging in the flood zone. Reporter Ken Klippenstein went viral with an image showing a $42 price tag on cases of Dasani Water. Can’t handle that? A case of Smart Water is only $29 – but hurry (says the sign) because supplies are limited!

We all understand the law of supply and demand, but during a crisis it’s always better to give than to receive.

More than 3,000 people retweeted the post in just 48 hours leaving Best Buy’s corporate office with quite a mess on their hands. In their rebuttal statement to the press, Best Buy said it was a mistake that happened when an employee multiplied the individual bottle price by the number of bottles in the case. Since they don’t unusually sell water by the case, this was an easy mistake.

The easiest way to correct the error? Don’t put a price on the water at all! Donate it to people who need it. Or give it away to everyone who comes into the store because it’s hot out there! It’s not a flat screen TV, Best Buy; it’s water.

Even if we take Best Buy at its word, that this was a simple mistake by an untrained worker, and not an act of price gouging, it doesn’t make things better. As we’ve said many times before, it’s not the reality of what you do, it’s how people perceive your actions. If it seems like you’re being mean, that’s the impression people are going to walk away with.

Think about it this way; how many people have seen (or will see) that price gouging photo vs the number of people who have read Best Buy’s apology?

Takeaway Tip: when a national tragedy consumes our county, reach out to all of your employees with a plan of action. Solicit ideas for how to help and assign a point person to handle donations. From Maine to Hawaii – what’s happening in Texas is on everyone’s mind, so its no time for business as usual.

Talking about perceptions, let’s discuss perceived indifference. This is when it appears that a company or celebrity is blatantly ignoring a disaster that has captivated the world. Here you are, scanning your Twitter feed; scrolling through dozens of flood images and pleas for help. Then you hit a post from Miss Celebrity Star who can’t wait to show off her new $3,000 designer shoes! Ouch.

It could be that her post was scheduled by an assistant long before the rains came. Miss Star might have secretly donated $10,000 for flood relief, but all her former fans are going to remember is her celebration of consumption while so many have lost everything they own.

Takeaway Tip: when tragedy strikes, bump or delete all of your scheduled posts. That cookie recipe might not offend anyone but no one will pay attention to it, either. Play it safe and use your channels to share helpful information and news about how your company is responding.

Right now, a lot of retailers are responding by running “percentage of sales” campaigns. Some are donating a percent of all sales on a specific date. Others are giving away all of the profit on specific items. These programs help consumers cut through the donation confusion and “give now” fatigue. Donating through a favorite retailer, or even a celebrity crowdsourcing campaign, makes people feel like they’re part of something big. Oddly, it feels less anonymous to buy a bracelet where 10% goes to charity than to donate money directly to the Red Cross.

Another reason consumers like these campaigns is that companies often match the donation, so a small donation goes a long way.

There are two potential pitfalls with this type of public offering; breaking the consumer trust and benefiting from a natural disaster.

“Percentage of sales” campaigns must be carefully worded so it doesn’t look like it’s a ploy to bolster sales. One way to do this is to choose a charity that fits your brand. For example, if you sell children’s clothing, donate the money to The Texas Diaper Bank. Restaurants could give the money they collect to a food bank.

Whatever charity you choose, be transparent. Your customers are taking you at your word, that the money they’re donating through their purchase will actually get to the people who need it. Be upfront about when, how and to whom you’ll be donating. After the fact, post a follow up online with the numbers and a quote from the agency that received the funds.

People want to help, but they’ll hold it against you forever if they feel like they’ve been duped into giving under false pretenses.

A final reminder; the crisis in Texas is going to continue long after the rains are gone. Helping now is wonderful but helping again a month from now, or two months from now, will earn you a gold reputation star from us.

Business is business; but when disaster strikes it’s time to put people way ahead of profits.

Here are a few companies who are doing just that:

People’s report on fashion and beauty brands who are donating

Health brands who are donating

Donations from items unique to Texas

FoxNews list of companies who have pledged more than a million each

Our trust in the internet is changing, is your brand ready to stand out?

Who do you trust? Your spouse? Your best friend? Facebook? Your bank’s app or your health insurance website? Be honest – do you ever worry about typing your password on a login screen or clicking a link in your email but you do it anyway?

The very word ‘trust’ doesn’t mean what it used to. Trust was a sacred bond between you and another person or a company. Now, it’s nothing more than a niggle in the back of brains when you’re typing your password into a login screen or clicking a link in your email.

How did this happen? According to the experts in a recent Pew Research Center study, the internet is forcing us to redefine the definition of trust and that’s both a good and a bad thing.

Pew got hold of more than 1,000 experts to ask them their thoughts about the future of the internet and more specifically – our ability to trust the internet with our personal data.

48% of respondents said that in the next ten years, our trust in the internet will be strengthened. That sounds terrific, until you dig a bit deeper into their answers.

Some experts said this increase in trust will be well-deserved because online companies will be forced to invest in new technology that will make transactions more secure so they don’t lose customers.

But a “significant share” of respondents said that the future us will simply delude ourselves into believing a site is trustworthy because it’s more convenient to do so.

Quoting an anonymous chief marketing officer:

“The trust train has left the station, continues to gain speed, and shows very little chance of slowing down. As mobile payment technology proliferates, from our phones to our watches to our Internet of Things devices, and as digital natives continue to grow in their share of the world’s economic power, concerns about trust in online interactions will seem antiquated and quaint. Breaches may continue and even proliferate, but the technologies will be so embedded in our lives that they will be considered a mere inconvenient side effect of progress.”

Think about it: would a data breach stop you from shopping on Amazon? Would having your credit card hacked stop you from banking online?  Would having your identity stolen stop you from posting on Facebook?

If you’re over 40 in 2017 – any one of those might give you pause. If you’re 22 in 2030 – it’s just the chance you take. You deal with it and move on.

Now, all of this might sound like good news for online businesses. Trust is a huge part of your company’s reputation; if trust no longer matters then you’re home free.

Is that really how you want people to see your business – as a necessary evil? The cell phone company that they hate but stick with because it’s too much trouble to switch?

It’s time to turn this ship around. The more customers become blasé about online security, the more vigilant you must become. When they accept shoddy workmanship, late deliveries and poor customer service as “just how it is”; you have to fight back with quality goods, fast deliveries and exceptional service. That’s how you go from being “worth the risk” to being a safe port in big, scary, dangerous sea.

Journalism professor Jeff Jarvis says;

“To believe that our trust in technology will be diminished is to believe that we are powerless against it – and I do not believe that. We have many tools at hand to govern our own use of technology – norms, laws, regulation, the market – and we are using them. . . . So it is important for the technologists to do a better job of acknowledging and addressing what could go wrong and of exploring and promoting what could go right. It is important for other institutions – government, media, education – to help explore the opportunities, if for no other reason than to remain competitive in the world. We’re smart. We’ll figure it out. We always have, eventually.”

Eventually, starts right now. What changes can you implement before the end of the year that will increase customer trust in your business?

Is it fair for employers to set rules for your personal social media posts?

Posting nasty comments about a client or advertiser on a company’s social media channel is a fast click to the unemployment line. But what if you posted the same nasty comment on your own personal Twitter account? Is that grounds for dismissal?

If you work for the Washington Post or dozens of other media outlets, it could be.

According to The Washingtonian, the Post’s new social media policy prohibits employees from posting any social media content that “adversely affects The Post’s customers, advertisers, subscribers, vendors, suppliers or partners.” Doing so could lead to disciplinary action “up to and including termination of employment”.

This may sound unfair, harsh and in conflict with freedom of speech but there are a few angles we must consider. In the present day (where we’re all living), the dividing line between our business life and our personal life is mighty thin. And when you’re talking about reporters, teachers and freelancers, that line is non-existent.

Have you ever read the bios people put on their social media account? Even though they’re personal accounts, a large number of people include the name of their employer in their bio.

“I’m an avid bike rider and a journalist at the Anytown Bugle.”

 “Mother, wife, dog breeder, developer @CoolVideoGameCo”

It’s nice to see people who are proud of their work, but when they include this information on a public channel, the employee and the employer become socially and often awkwardly intertwined.

Let’s set aside those horrendous, ‘what were they thinking’ posts and talk about average, everyday venting. Suppose Steve, the bike rider from the Bugle, gets sick after eating lunch at Anytown Buffet, then posts an angry rant on Instagram including video from the hospital. Think the Buffet is going to run their full-page ad in the Bugle after that?

I’d like to think that people aren’t this vindictive but when we’re wounded, we tend to fight back using the biggest club we can find. In this case, rather than challenge journalist Steve directly, the Buffet puts the pressure on Steve’s employer, hoping they’ll meddle in Steve’s business and make the offending post go away.

I know that sounds a bit Machiavellian, but imagine how you’d feel if an employee of one of your clients or customers posted unkind words about you on social media? Would you give the employer a pass?

What’s hard about implementing such a harshly worded social media policy is that it could backfire. Especially when you include a clause imploring employees to point fingers if their co-workers break the rules. (Yes, really.) Is there a better way? Yes. Ask, don’t tell.

Most employees don’t set out to destroy your company’s reputation. They lose their temper or have something important to say and they don’t even consider the ramifications. So, instead of stringently forbidding your employees from posting what they want, ask them to kindly think twice before posting any content that might embarrass the company.

You can also ask employees to post a social media disclaimer (views are mine. . . sort of thing). Though this won’t save you if they go way off the rails, it’s a good, first line of defense.

As you build out your social media policy for employees, don’t forget to mention the good along with the bad. A VP might be excited by soaring sales, but posting financial information could get you all in trouble with the SEC.

Bottom line: in the last five years, social media has been a swift and vicious reputation killer. In a few cases, the poster set out to stir up trouble and there’s nothing you could have done to stop it. But in most cases, the offending post was a careless thought, a joke or taken out of context. Those are the incidents that could have been squashed with a little social media training.

Here’s your homework for the week: dig up your social media policy (or write one if you don’t have one) and send it out to all of your employees. Then, if possible, hold a staff meeting to review the policy so you know everyone – literally – got the memo.

And while you’re on the social media wagon, change the passwords on the company accounts because I can bet that most of you have never changed them since you set them up, years ago.

I know you’re busy, but spending a few hours getting your social media house in order now, beats spending weeks digging out from under social media blunder.

Page 2 of 3112345...102030...Last »