Reputational risk means that bad publicity can significantly harm an organization’s brand and reduce its ability to generate revenue or other forms of positive attention. Protecting an organization’s reputation is ongoing, and there’s no magical weapon for protecting it.
Reputation is subjective and based on perception. Perception has the power to drive the behavior of consumers, employees, investors, and regulators.
For a business, an unfavorable reputation can cause people to avoid interacting with it, and a positive reputation inspires customers to remain loyal to the brand and encourage others to take their business to the company. Also, a positive reputation helps small businesses attract new customers, secure financing, and attract qualified employees.
To cultivate a positive, well-earned reputation takes internal teamwork, ethics, time, and, of course, good quality products or services. Maintaining a good reputation requires vigilance, and restoring a damaged reputation requires a lot of work and time.
Many businesses regularly interact with customers, suppliers, and other stakeholders over the internet. This extensive connectivity makes a business’s reputation vulnerable to cyberattacks. Bad actors with enough skills can quickly damage a reputation with a few keystrokes on their computer or taps on their portable device even if they are on another continent.
Steps for Preventing or Reducing Damage to a Company Reputation
This section offers guidance for securing a company’s reputation and reducing sudden damage to it. The topics are:
- Maintaining privacy
- Protecting against security breaches and risks to reputation
- Addressing customer service mistakes quickly and effectively
- Staying vigilant in the practice of ethics
- Managing external risks to company reputation
1. Maintain privacy online for stronger cyber security.
Remove personally identifiable information (PII) from the company website and its social media accounts to strengthen cybersecurity and protect your company’s reputation. Safeguard against social engineering by removing PII from the Internet in general as well as from the company site.
2. Protect against security breaches and risk to reputation.
Skilled hackers can easily get through a poorly protected network and see the confidential customer and employee information. (For a good example, read a convincing report about the Equifax Data Breach.)
Effectively responding to an embarrassing breach can mitigate any risk or damage to a company’s reputation. Whether or not the cause of a breach is your company’s fault, the best immediate reaction is to be completely honest. Reacting quickly to inform the affected parties demonstrates accountability. Swiftly activating plans to restore the compromised data’s confidentiality, integrity, and availability (CIA is an information security theme) can help stop the flow of negativity that can damage the company’s reputation. In contrast, the worst response is for a company to try to hide significant damage to parties it failed to protect. For example, if a company’s security failure leads to massive identity thefts that bring suffering to its customers and that company tries to hide its culpability, the exposure of such betrayal can easily destroy the company.
To strengthen the privacy and security posture, we suggest that your company:
- Educate your first line of defense—your internal users. Read our guidance here: 10 tips.
- Issue security policies and procedures to employees and ensure they understand them (require them to sign off on reading and understanding the security policies for employees). If a company is medium-sized or greater, it probably has (or should have) a security team or security-aware IT, person. Federal government security standards describe cybersecurity policies and procedures (HIPAA and FedRAMP are examples). The federal government can insist on FedRAMP adaptation and compliance by any company that wants the U.S. Government to be a customer or partner!
- Keep IT security policies up-to-date and implement every security update or patch that applies to each computing environment. IT personnel must understand security and drive the updating of software. (A famous ransomware attack created expensive problems at Great Britain’s National Health Service because the agency had neglected to update many computers from an obsolete, unsupported operating system to a supported version.)
- Implement effective and company-appropriate tools for detecting external and internal threats. Monitoring and analysis can reveal suspicious activity so that IT or a security team (in larger companies) can react quickly—time is critical during a potential or actual breach.
- Set up and prepare an incident response team or at least an IT plan before disaster strikes. Disaster-recovery plans that are uniquely suitable to the company should be in place before cybercriminals breach the company’s network perimeter.
- Consider purchasing cyber insurance for the company.
3. Correct mistakes and poor policies in customer service.
Reputation risk also depends on the powerful technologies available to the public. Modern social media have empowered customers to broadcast their dissatisfaction with customer employees’ products, services, or treatment. Damage to reputation can be difficult to fix because negative reviews can remain online for years. What appears online about your company is like an electronic tattoo—a painful hassle to undo!
Identify misalignments between a company’s claimed ethical values and its behaviors and correct all such misalignments. Subsequently, you can incorporate those values into every aspect of the company. Social media also empower companies to respond directly to their customers. An upset customer is an opportunity to address an outstanding issue unresolved problem and even bolster the company’s reputation through helpful and sincere outreach.
Keeping your employees happy also prevents risk to reputation. Happy employees are more likely to treat colleagues and customers well, thereby protecting a good company’s reputation.
Put company values into practice; make them operational. If the ethics and vision that a company professes are opposed by its actual behavior, the speed at which the public finds out is much faster than in the 20th century. Values should be incorporated into every aspect of the company, whether they apply in employee hiring and onboarding, performance assessments, management, compensation, or resource allocation. Such efforts can help send a clear message to the world that your professed values are not just propaganda (a.k.a. window dressing).
4. Remain vigilant in ethical conduct.
Another possible risk to reputation is a lapse or decline in ethics. Ensure this risk to company reputation does not slip unnoticed into its actual practices. Keep the real workplace practices and policies transparent. By promoting transparency in workplace practices and policies, you can ensure that the force of ethics will protect the reputation and remain visible to employees. Risks to reputation that result from ethical lapses, whether they are intentional or unintentional, can turn into significant damage to the company brand and revenue.
5. Manage external risks to reputation.
As mentioned earlier, some reputation risks can come from outside an organization. In addition to risks from criminals, reputation risks can come from unethical partners, agents, suppliers, contractors, customers, or any third party with whom the company has business transactions of any sort. Although you cannot always foresee these risks, it’s essential to take proactive steps to mitigate damages to the reputation that are enabled through these associations. Therefore, in-depth knowledge of those with whom you’re dealing is prudent, as is staying alert to changes in their behavior.
Protect your company’s reputation by acknowledging its mistakes and be prepared with solutions instead of mere words and rationalizations. As the saying goes, “Talk is cheap.”
See PrivacyFirst.eu. (Although focused on Europe, many privacy issues at PrivacyFirst are broad in the Free World.) Join the movement #Privacyfirst.
By Antara Ghosh Consumer Security Evangelist @ Presence Global.
Oct 27, 2020 6:06:51 PM