Reputational risk means that bad publicity can significantly harm a business’s brand and reduce its ability to generate revenue. Protecting a company’s reputation is an ongoing process, and there’s no magical weapon for protecting it.
A company’s reputation is subjective and based on perception. It has the power to drive the behavior of consumers, employees, investors, and regulators. An unfavorable reputation can cause people to avoid interacting with a company, and a positive reputation inspires customers to remain loyal to the brand and encourage others to take their business to the company. Also, a positive reputation helps small businesses attract new customers, secure financing, and attract qualified employees.
To cultivate a positive, well-earned reputation takes internal teamwork, ethics, time, and, of course, good quality products or services. Maintaining a good reputation requires vigilance, and restoring a damaged reputation requires a lot of work and time.
Many businesses have very active connections to customers, suppliers, and other stakeholders via the internet. Extensive connectedness makes their reputation vulnerable to cyberattacks. Bad actors with enough computer skills can quickly damage a good reputation with a few keystrokes on their computer or taps on their portable device (even if the bad actors are on another continent).
Steps for Preventing or Reducing Damage to a Company Reputation
This section offers guidance for securing the company reputation and reducing sudden damage to the company reputation. The topics in this section are:
- Maintaining privacy
- Protecting against security breaches and risks reputation
- Effectively addressing customer service mistakes
- Staying vigilant in the practice of ethics
- Managing external risks to company reputation
1. Maintain Privacy Online for Stronger Cyber Defense.
Remove personally identifiable information (PII) from the company website and its social media to strengthen cybersecurity and protect your company’s reputation. Safeguard against social engineering by removing PII from the Internet in general as well as from the company website.
2. Protect yourself against security breaches and risk to reputation.
Today’s skilled hackers can easily get through a poorly protected network and see confidential customer and employee information. (For a good example, read a convincing report about the Equifax Data Breach.)
How your company responds to an embarrassing breach can mitigate any risk or damage to reputation. Whether or not the breach’s cause is your company’s fault, the best, immediate reaction is to be completely upfront. Reacting quickly to inform the affected parties demonstrates accountability. Swiftly activating plans to restore the compromised data’s CIA (confidentiality, integrity, and availability) can help you stem the flow of negativity that can damage the company’s reputation. In contrast, the worst response is for a company to try to hide significant damage to parties it failed to protect. For example, if a company’s security failure leads to massive identity thefts that great suffering by its customers and that company tries to hide its culpability, the exposure of such betrayal can easily destroy the company.
To strengthen the privacy and security posture, we suggest that your company:
- Educate your first line of defense—your internal users. Read our guidance here: 10 tips.
- Issue cybersecurity policies and procedures to employees and ensure they understand them. If a company is medium-sized or greater, it probably has (or should have) a security team or security-aware IT person. Federal government security standards describe cybersecurity policies and procedures (HIPAA and FedRAMP are examples). The federal government can insist on FedRAMP adaptation and compliance on any company that wants the U.S. Government as a customer or partner!
- Keep IT security policies up-to-date and implement every security update or patch that applies to each computing environment. IT personnel must understand security and drive the updating of software at the company. (A famous ransomware attack created expensive problems at Great Britain’s National Health Service because the agency had neglected to update many computers from an obsolete, unsupported operating system to the current version.)
- Implement effective and company-appropriate tools for detecting external and internal threats. Monitoring and analysis can reveal suspicious activity so that you can react quickly—time is of the essence during a potential or actual breach.
- Set up and prepare an incident response team before disaster strikes. Disaster-recovery plans that are uniquely suitable to the company should be in place before cybercriminals breach the company’s network perimeter.
- Consider purchasing cyber insurance for your company.
3. Correct mistakes and poor policies in customer service.
Reputation risk is based on the power of technology in the hands of the public. Modern social media have empowered customers to broadcast their dissatisfaction with products, services, or treatment by customer employees. Damage to reputation can be difficult to recover from because negative reviews can remain online for years. What is said online about your company is like an electronic tattoo—difficult and painful to undo!
Identify misalignments between ethical company values and company behaviors and correct all misalignments. Subsequently, you can incorporate those values into every aspect of the company. Social media also empower companies to respond directly to their customers. An upset customer is an opportunity to address an outstanding issue unresolved problem and even bolster the company reputation through helpful and sincere outreach.
Keeping your employees happy also prevents risk to reputation. Happy employees are more likely to treat colleagues and customers well, thereby protecting a good company’s reputation.
Put the values into practice; make them operational. If the ethics and vision a company professes are directly opposed by actual behavior, the speed at which the public finds out today is much faster than in the 20th century. Values should be incorporated into every aspect of the company, whether they apply in employee selection, employee onboarding, performance assessments, management, compensation, or resource allocation. Such efforts can help send a clear message to the world that your professed values are not just propaganda (also known as window dressing).
4. Remain vigilant in ethical conduct.
Another possible risk to reputation is a lapse in ethics. Ensure this risk to company reputation does not slip without alarm into practices. Keep the real workplace practices and policies transparent. By promoting transparency in workplace practices and policies, you can ensure the force of ethics will protect the reputation and remain visible to employees. Risks to reputation that result from ethical lapses, whether they are intentional or unintentional, can turn into significant damage to the company brand and revenue.
5. Manage external risks to reputation.
As mentioned earlier, some reputation risks can come from outside an organization. In addition to risks from criminals, reputation risks can come from unethical partners, agents, suppliers, contractors, customers, and any third parties with whom you have business transactions of any sort. Although you cannot always foresee these risks, it’s essential to take proactive steps to mitigate damages to the company reputation that are enabled through these associations. Therefore, in-depth knowledge of those with whom you’re dealing is prudent, as is staying alert to their changes.
Protect your company’s reputation by acknowledging its mistakes and be prepared with solutions instead of mere words and rationalizations. As the saying goes, “Talk is cheap.”
Join the movement #Privacyfirst
By Antara Ghosh Consumer Security Evangelist @ Presence Global.
Oct 27, 2020 6:06:51 PM