Ch-Ch-Ch-Changes

It’s been a bit since I’ve updated my blog here and thought I should take some time and note some changes.

Most importantly, I’ve moved from my independent consulting practice to work full time for Trend Micro as a threat communications manager. I will still write here sometimes but this is a personal blog and not necessarily reflective of the views of Trend Micro.

I am continuing my monthly column over at the Windmill Networking blog. And I am still contributing to Geekwire from time to time.

And now you can also find me on Trend Micro’s sites. I’m over at our Security Intelligence blog, our consumer-focused Fearless Web blog, and editing and contributing to our Simply Security news and opinion site.

You can keep track of my comings, goings, postings, and interviews by following my professional Facebook page as well as my Twitter handle.

And finally, if you want to see the lighter side of me and my interests you can check out my music blog Andante, and my Central Asian culture and history blog Taklamakan.

Thanks for reading!

When the worst happens in social media

Today my new article on social media and online security has posted over at Windmill Marketing. This month’s column is a step-by-step guide to what to do to recover your social media channels when they’ve been hijacked.

Check it out. Hopefully you’ll find it a useful guide to planning in advance.

Facebook and Online Dating Security

Two new postings from me today on Facebook and online dating security.

Over at Windmill Networking, this month’s column is on Facebook pages and two things that you can do to improve your security and help keep control of your Facebook page.

And over at Seattle’s KING5, see me talk about online dating security on Jesse Jones’ “Get Jesse” segment.

Getting the story right when you didn’t get it right

Today via Geekwire (and others) we’re hearing about how the radio show This American Life has issued a wholesale retraction of their story from January about factory working conditions at an Apple supplier in China. The full retraction is available on This American Life’s blog.

What’s interesting about this is how they’re handling the issue. News organizations make mistakes and issue retractions regularly: this isn’t a unique incident. But, as This American’s Life’s press release makes clear, this wasn’t just any story for them. This was a very big story for them.

To their credit, since they have to retract a big story, they’re doing so in a big way. They’ve essentially done a new story talking about how they got this wrong. They’re even doing a special broadcast just to focus on how they got this wrong. And, they’ve taken full and clear responsibility, apologized, and spoken openly about how this situation can impact the trust their audience puts in them.

A big mistake on a big story requires a big response to make it right. By handling this like they have, This American Life has not only taken steps that very effectively mitigate the harm of this incident, by being so open and upfront they’ve also taken steps to actively regain the trust that they acknowledge an incident like this can harm.

This is a model for how news organizations can effectively handle situations like this. They really should be commended.

Ten Years After Bill Gates’ Trustworthy Computing Memo

Ten years ago yesterday, Bill Gates sent out his Trustworthy Computing memo that marked a significant change in the culture at Microsoft and put security, privacy and reliability at the center of the company as ideals.

I was at Microsoft as part of the Microsoft Security Response Center when that came out. And until I left Microsoft in December 2010, I was involved in security and privacy. So I have a former insider’s long-term view of what that was all like.

As my former colleagues are marking the occasion I’m sharing my own thoughts on what it meant then and what it means for the future.

Here are my comments in Robert X. Cringly’s article “PC security: We’ve come a long way, baby“. And a longer write-up by me over at Betanews “10 years after Bill Gates’ Trustworthy Computing memo: What it meant for Microsoft and why every tech company needs one“.

It was something to be a part of, but the world is different today. Part of my take on it is how this is still relevant in this different world.

Tellme Siri it ain’t so: the do-it-yourself Pepsi Challenge

Some of the tech press are writing about Jason Cartwright of TechAU’s YouTube video here he does a side-by-side test of the voice recognition features in Windows Phone 7 (Tellme) and iPhone 4.5 (Siri).

Anthony James over at TechFlash today notes how some folks are saying how the test may not be a fair one, while the folks at geek.com write that the test is fair and fault Microsoft’s Craig Mundie for setting himself up.

Regardless of whether you think the test is fair or not, there is an important lesson here around social media and competitive claims that anyone who’s a public face or counsels them needs to be mindful of. With things like YouTube now, it’s quite easy for third parties to go ahead and conduct their own trials of your claims on video and post them for all to see. Basically, anyone can do their own “Pepsi Challenge” now.

The upshot of this is that you don’t want to make competitive claims unless you’re sure you can win. The better move is to steer clear of these sorts of claims, since someone can always rig the competition against you.

Overresponding: A Lesson

Say this about Twitter, it certainly is a treasure trove of incident mishandling for analysis.

Today’s lesson comes to us from the Topeka Kansas Home Office and is about the danger of overresponding to an issue. Overresponding means you respond to the issue with more force than is appropriate and in so doing your response creates more problems than it solves. Overresponse is actually a very common pitfall in crisis communications and is typically a panic move made by people who aren’t experienced in this arena.

The lesson comes from Kansas governor Sam Brownback, or more accurately his director of communication Sherriene Jones-Sontag. This Associated Press story has all the important details, but the key points are that a high school student joking tweeted something negative about the governor on Friday. His director of communications spotted it and complained to the school, who promptly brought the student in and told her she had to write an apology.

Setting aside the ways this incident from the outset has clear incendiary qualities because of the way it looks (and frankly is) the governor and the school system bringing their coercive force to bear on an expression of speech, this is a classic example of overresponding to a negative comment.

The fact is that this critic had a mere 65 followers. If there had been no response from the governor’s office, the only people that would have even seen this criticism are maybe 100 people at most. It’s a simple bet that well over 100 people have seen that original remark now after the governor’s response. From that standpoint alone, the handling represents overresponse: their response drove more eyeballs to the negative news than would have seen it if they just left it alone.

Add to that then the nature of the response and how broadly negative the response to that response is. On the first business day after the story broke the governor and school district have had to retreat and apologize. That tells us that both the governor and the school district were coming out strongly on the losing end of public opinion. A retraction that quickly is essentially saying “uncle”.

Worse yet, this response has spiraled now beyond the original issue and is prompting broader questions that may linger and be more damaging than this incident was. This opinion piece by Dean Obeidallah on CNN (a high profile site) raises a number of questions that I’m sure the governor’s office would prefer never have been raised, particularly the question about tax payer funding of social media monitoring and the likening of the governor’s actions to Nixon’s enemies list.

What this illustrates is what can go wrong if you overrespond to an issue. What people should take away from this is the importance of understanding that not every negative comment deserves a response. Sometimes your response can make an issue bigger than it would be otherwise. And sometimes your response can take on a life of its own and become more of a negative issue than the original thing that prompted the response. Finally, this also highlights how freedom of speech issues are very hot button and organizations should always try to never look like they’re on the wrong side of that issue.

In the end, sometimes the right thing to do is the less obvious thing: leave the issue alone. And this is where people who are experienced in crisis communications can help, because we understand these risks and can help make an informed assessment on whether it makes sense to respond at all.

How we deal with death is at least as important as how we deal with life.

This is a much more personal post than most. But ultimately it relates to social media in a way that I think is appropriate for my work blog.

In the past ten months, I have learned about the deaths of three people that I know through Facebook. Two of them were “friends”, one was a “friend of a friend”, actually of several friends. One of them, a former co-worker, died after a bout with cancer. The other two were former high school classmates, both of whom died of suicide.

In all three cases, I learned about this through Facebook wall postings. Over time, the walls became a place where people exchanged information, memories, paid respects, expressed grief and loss, and in some cases supported one another.

Today, just now, I was on Facebook and the one person I wasn’t friends with was just presented to me as “Someone you may know”.

I’ve said that “social networking is truly social” meaning that it is a true extension of ourselves as social creatures: we have embraced it and extended our social behaviors, both good and bad, to that medium. And nothing drives home that point more than death on Facebook.

The suggestion that I “friend” someone who is now dead, and my other recent experiences around the deaths of people on Facebook led me today to realize that Facebook’s use and importance as part of our social interactions has outstripped some of its capabilities. Put simply, Facebook (or any other social networking site) lacks mechanisms to deal gracefully and thoughtfully with death. From the question of “how do you take control of the Facebook account of a loved one who has died” to keeping the profile alive (pun somewhat intended) but reflecting the fact that the person is deceased, there’s no graceful, easy way to deal with death on Facebook.

It’s not just a technology problem: there are questions around etiquette and customs as well that we as a society have to work out.

But at this point, it’s certainly clear to me that as social networking becomes ever more truly social, it needs to be able to handle not just the good of our social lives, but also the hard things.

Kirk asked in Star Trek II: The Wrath of Khan: “[H]ow we deal with death is at least as important as how we deal with life, wouldn’t you say?”

As regards social networking, I believe the answer is an unequivocal “Yes”.

JetBlue: A better, more personal response

To follow up my post earlier today, it appears JetBlue is taking a better, more personal track in their response. Late today they posted a video statement by the COO on their blog site that definitely hits a much better tone and hits some of the points I wrote that I thought a better response should contain (including that it be a video response). It acknowledges shortcomings, speaks with empathy and understanding, has an apologetic tone, promises improvements, and most of all, is direct and personal putting a real person with a real name and title up for all to see.

I can’t take any credit for it. I did post a link to my post on their site under their original posting, but have no idea if anyone there read it.

But the important thing is that this shows that some of the points I raised as far as a better, more personal handling are valid ones.

Hopefully they’ll keep on this more transparent, more personal track moving forward. If nothing else, they deserve credit for changing course relatively quickly.

Follow

Get every new post delivered to your Inbox.

Join 440 other followers