social media and controlling the message: first hand case studies … · social media and...

In partnership with2018 Annual Conference Caesars Palace Las Vegas, NV

Social Media and Controlling the Message: First Hand Case

StudiesApril 13, 2018

Presenter: Al Martinez, Senior Advisor, SME Fusion Risk Management


OverviewIn recent years, the use of social media has expanded at an exponential rate. Not only is it an alternate to traditional media, but often drives what makes it to the 9pm news.

In this session, we will look at the influence that social media has on a crisis, we will review some real world cases, from a first-hand perspective, and will review what you can do to prepare for this influence and even use it as a tool to your advantage.

When managing the communication, think about Perception and Communication Channels, and how to use these to your advantage.


Agenda• Business Resilience 101• Internal Incident/Crisis/Disaster Communication• Public Incident/Crisis/Disaster Communication

1. Perception is Reality2. Communication Channels Not Under Direct Control3. Using Channels to Your Advantage

• Case Studies – Initial Events1. Major Airline2. Consumer Product Manufacturer #1 - Activist Organization Activities3. Consumer Product Manufacturer #2 - Internal Use of Social Media 4. Consumer Product Manufacturer #2 - Use of Social Media in a Cyber Security Crisis5. Retailer #1 - Credit Card Breach6. Retailer #2 - Planning for Breach of Customer Personal Data Managed by Vendor7. Consumer Product Manufacturer #1 – Tornado to production facility8. Medical Device Manufacturer – Executive posts

• Questions


Business Resilience 101• A good plan executed right now is far better than a perfect plan executed next week.

-General George S Patton

• Many terms - Emergency Response, Incident Management, Crisis Management, Business Continuity, IT Disaster Recovery, Business Impact Analysis, Business Resilience, Enterprise Risk Management

• Safety - Life Safety Always First• Tactical – Operations (We make widgets, we provide service for widgets, we provide analysis of

widgets, etc.)• Strategic – Impact to the People, Performance, Reputation, Innovation

Tip – When doing a Business Impact Analysis use your organizations Mission Statement and Vision to drive your impacts. If you are public, financial statements like annual reports, SEC filings, 10-K contain risks that your executives have already identified


Internal Emergency/Incident/Crisis/Disaster Communication

• Utilizing the tools at your disposal• Traditional – Telephones, Voicemails, Email, SMS Texts, PA Systems, Alarms, Notification Systems

• The Messages• Golden Hour• Consider the Audience

• Escalation/Transition – Thresholds• Thresholds• Transitioning from Emergency to Incident to Crisis• Escalations

• Declarations of Disasters• Invoking of teams• Involving Different Levels of Management

• Transition of Communication Ownership• External Communications


Public Incident/Crisis/Disaster Communication1. Perception Is Reality

• Guilty Until Proven Innocent • Guilt By Association

2. Communication Channels that you may not control• Facebook, Twitter, Snapchat, LinkedIn, Reddit, Tumblr, YouTube, WhatsApp, etc.

3. Using the channels to your advantage• Analysis/Intelligence – If its public, you have access to it too!

Tip: If you have social media group, make them a part of your plansTip: Search for your organization in social media and any common disaster terms. If items come up, think about creating automatic feeds.Tip: Use your vendors as partners. They can be your eyes and ears in places where they may have boots on the ground.

• Planning for a Crisis and Influencing Perception• You can not plan for every crisis, but look at past event near misses, and what keeps people “up at night”• Own the issue, even if it not your own issue – the client/customer does not care• Golden Hour


Case 1: Major AirlineInitial Event – What would your perception be if you worked for this organization?• Summary of Flight 3411:

• On Sunday, April 9, 2017 after United Express Flight 3411 was fully boarded, United's gate agents were approached by crew members that were told they needed to board the flight.

• We sought volunteers and then followed our involuntary denial of boarding process (including offering up to $1,000 in compensation) and when we approached one of these passengers to explain apologetically that he was being denied boarding, he raised his voice and refused to comply with crew member instructions.

• He was approached a few more times after that in order to gain his compliance to come off the aircraft, and each time he refused and became more and more disruptive and belligerent.

• Our agents were left with no choice but to call Chicago Aviation Security Officers to assist in removing the customer from the flight. He repeatedly declined to leave.

• Chicago Aviation Security Officers were unable to gain his cooperation and physically removed him from the flight as he continued to resist — running back onto the aircraft in defiance of both our crew and security officials."


Case 1: Major AirlinePerception – What would your perception be if you saw these pictures?


Case 1: Major AirlineCommunication Channels (Not under direct control)

• We put the hospital in hospitality• Not Enough Seating? Time For A Beating• Where the customer is never right...just beaten• We Make Offers You'd Better Not Refuse • We have Red Eye and Black Eye flights available!• Where fists fly free• Beating expectations one punch at a time• Late night monologues and skits


Case 1: Major AirlineUsing Communication Channels to your Advantage• Initial: Munoz attracted criticism after calling the passenger “disruptive and

belligerent” and saying that the airline’s employees had “followed established procedures”.

• After Media Firestorm: “No one should ever be mistreated this way,”• "Mr. Munoz said he was going to do the right thing, and he has," he said. "In

addition, United has taken full responsibility for what happened...without attempting to blame others, including the City of Chicago.“

• United Airlines reached a settlement with Dr. David Dao.


Case 1: Major AirlineUpdate:• July 2017 - Web Search for Chicago Aviation Security

Officers produced this picture • October 2017 - An investigation by the city's Office of Inspector General found that

officers “mishandled” the situation. Two officers were fired. • April 11th, 2018 – Chicago aviation security officer who was fired for dragging man

off United flight sues city and airline• A spokesman for the City of Chicago said he could not comment because the city

had not been served with the suit. A United spokeswoman also declined to comment because the airline had not received a copy of the suit.


Consumer Product Manufacturer #1 /Activist Organization – First Contact

Initial Event – What Would Your Perception Be?• Over 35 Trespassers Reported By Security Guards• A black helicopter is spotted in the area and is confirmed not to be a news helicopter• Site Security Firm Manager Contacted Immediately• Security Firm Manager Assesses Situation and Threat• Security Firm Manager Engages Global Director of Security to Advise• Global Director of Security inform Site Security Firm to observe, but not engage,

unless situation changed• Security Firm Manager is in process of following protocol and contacting Local Law

enforcement, but Global Director of Security ask for an exception to protocol and not to be contacted and instead contacts Global Communications



Perception• Not a direct threat• Looking for publicity• RAN (Rain Forest Action Network) want to establish that General Mills uses a lot of Palm Oil (it does not)

Communication Channels• RAN used Facebook to organize events• They told their member to be prepared to be arrested

Using Communication Channels to your Advantage• Assured Safety of Protestors• Notified Employees of the situation• Prepared Media Response• Investigated Rain Forest Action Network (RAN) and their commitment to reduce use of Palm Oil that

caused deforestation and impacts Orangutans Natural Habit


Consumer Product Manufacturer #1 /Activist Organization – Kids at HQ

Initial Event – What Would Your Perception Be?• RAN put together a campaign with Kids and the company found out about it ahead

of time• Planning a visit to HQ with Kids and their hand made signs


Consumer Product Manufacturer #1 /Activist Organization – Kids at HQ

Perception• Not a direct threat• Looking for publicity

Communication Channels• RAN used Facebook to organize events

Using Communication Channels to your Advantage• Assured Safety of Protestors• Notified Employees• Prepared Media Response• Met Protestors with Milk and Cookies• Controlled Message. Did not place blame. Stated our support of sustainable Rain Forests. Joined


Consumer Product Manufacturer #1 /Activist Organization – Billboards

Event• RAN put together campaign for best kids hand made signs of

our cereal boxes, but showing General Mills as a an enemy to Rain Forests and Animals.

• The Plan was to then put these on billboards throughout the Twin Cities

Perception• Looking for publicity• A direct threat to General Mills’ image in the community

Communication Channels• RAN used Facebook to organize events• General Mill monitored activity

Using Communication Channels to your Advantage• Prepared Media Response• Engaged RAN Before Billboards Placed


Consumer Product Manufacturer #1 /Activist Organization – Stores

Event• RAN sent protestors with fake boxes of General Mills products

and protested at storesPerception

• Looking for publicity• A direct threat to General Mills’ image

Communication Channels• RAN used Facebook to organize events, but did not divulge

stores to be targeted. • General Mill monitored activity

Using Communication Channels to your Advantage• Prepared Media Response• Engaged RAN after event• Joined Rainforest Commitment Organization


Consumer Product Manufacturer #1 /Activist Organization – Annual Shareholder Meeting

Event• RAN to sent hundreds of protestors to our annual shareholder meeting

Perception• Positive message of commitment to a good cause

Communication Channels• RAN used Facebook to organize events. • General Mills portrayed us as partners and there was a “celebration”

instead of a protest.Using Communication Channels to your Advantage

• Prepared Media Response• Engaged RAN before the event• RAN given time at the shareholder meeting to make a Statement• RAN put out press release thanking Genera Mills and ended campaign 8 months after initial contact• General Mills made 10 year commitment to reduce usage of palm oil from non-sustainable sources.


Consumer Product Manufacturer #1 /Activist Organization – Upstream activities with key suppliers

Event• Other related events with our suppliers of Palm Oil

Perception• RAN Looking for attention to the topic• Supplier are not public, so not easy message to customers

Communication Channels• RAN wanted to influences suppliers clients• We communicated with our suppliers and let them know of

planned eventsUsing Communication Channels to your Advantage

• Cargill has made several commitments • RAN has rebutted and said that there are gaps and that it is not

enough• RAN’s Campaign against Cargill entered its 11th year


Consumer Product Manufacturer #2 - Internal Use of Traditional Social Media Channels

Events – November 2016• Green field plant was build in Mexico, but cell phone coverage was not built up in time by local telecom• Company switched from regular phones and offices to Lync/Skype virtual phones (with exception of

emergency lines). • Company communication was a problem, but employee to employee communication was not as everyone

has a smart phone and already majority already used social media app• Most of the workforce is under 35.

Perception• Company provided communication channels are the best for company business


Consumer Product Manufacturer #2 - Internal Use of Traditional Social Media Channels

Communication Channels• Cellular service was not and Lync/Skype not the best option as many employees do not carry laptops• Employees took it upon themselves to use WhatsApp application• Employees set up groups for all types off messages, easily and quickly

Using Communication Channels to your Advantage• IT investigated and confirmed security of WhatsApp application• HR established initial rules on use of WhatsApp including removal of terminated employees• Formal policy being established• IT investigating expanding the use of Lync/Skype to smart phones• Corporation rolled out use of WhatsApp to a pilot U.S. plant


Consumer Product Manufacturer #2 - Use of Traditional Social Media Channels in a Cyber Security Crisis

Event – June 27th 2017• A strain of malicious code, dubbed Petya (and often referred to as Petrwrap, and

Notpetya) was first spotted encrypting computers in Ukraine.• Early in the morning, employees at the manufacturing and distribution sites on

the East Coast see a screen message telling them to pay a $300 in Bit Coins and their laptops not being useable (see screenshot in appendix for full message text).

• Within minutes all centralized corporate systems fail, including:• Email• Company communication systems, Lynch/Skype, including company

telephones, instant messaging system, and web meeting systems• ERP systems• Finance Systems• HR Systems• Payroll Tracking Systems• Timecard Systems



Event – June 27th 2017 (continued)• Within minutes all decentralized networked local site systems fail or are take off-line, including:

• Local File Servers• Local Print Servers• Wide Area Networks• Connection to corporate networks

• Within minutes, the Mexico sites and the US pilot site begin to utilize WhatsApp for communications and implement their Business Continuity Plans

• They contact the help desk (via mobile phones) for instructions to address and recover the situation. The help desk assists the plants with instructions via WhatsApp to:• Validate and conform isolation of manufacturing process control systems• Isolate non-infected devices• Connect non-infected laptops and desktops to printers via physical and hard coded addresses• Utilization of non-infected laptops to create tracking spreadsheets• Instructions to non-WhatsApp using site to download and utilize the tool



Event – June 27th 2017 (continued)• The manufacturing and distribution sites are able to utilize the work-around procedures in the BC plan and

create other to keep manufacture of product and deliveries to clients going. Even though, the work-around procedures are not as effective as normal operations supported by systems, the sites are able to operate by replacing systems with people, spreadsheets, printed labels, and manual steps. Production of product is unimpacted, the storage and delivery of product is delayed, but continued to operate.

Perception• Initial perception was that the company would not be able to make and deliver product with out systems.• The final perception was that with proper BC planning and work-arounds, the business can survive even from

the most catastrophic and widespread of events.Communication Channels

• WhatsApp and Mobile DevicesUsing Communication Channels to your Advantage

• Used WhatsApp to substitute for the communication capabilities of email• Using mobile devices to push out processes to non-WhatsApp users


Retailer #1 - Credit Card Data Breach

Event• Major Breach of Credit Card Data Taken from end user credit card devices

Perception• My credit is going to be impacted around busiest shopping period of the year (Announcements came out

a week before Christmas)Communication Channels

• Press Releases• Social Media• Traditional Media• Direct Customer hotlines• Direct Communication to 40 million impacted customers

Using Communication Channels to your Advantage• Created Task forces to track social media and take customer inquiries – Pulled hundreds of employees

from other tasks


Retailer #2 - Planning for Breach of Customer Personal Data Managed by Vendor

Event• Creation of Crisis Management and Business Continuity Plans

Perception• Initial Management – No risk to breach of data as we do not own the credit card network, terminals, or

data• Reality – Your customer do not care. They are shopping in your stores.

Communication Channels (documented in plans)• Press Releases• Social Media• Traditional Media• Direct Customer hotlines

Using Communication Channels to your Advantage• Hired External Relation Expert to created proactive plan to communicate situation to customers and own

the situation• Reached out to credit card processor to get their action plans and incorporate both plans


Consumer Product Manufacturer #1 –Tornado to production facility

Event• Major Tornado hit Joplin, Missouri plant. Sunday May 22, 2011• Only damage to plant was a roof lost on a shed

Perception• Initial Corporate Management – No impact to operations• Reality – Majority of workforce had some family impacted. 60-70% of work force not available.• Reality – All land line and cell phone coverage was out for almost 48 hours. SMS texts unimpacted.

Communication Channels (documented in plans)• Press Releases• Social Media• Traditional Media• Direct Employee Communication• Home visits


Consumer Product Manufacturer #1 –Tornado to production facility

Using Communication Channels to your Advantage• Used Google Crisis to help provide update and keep those impacted in contact• Had all managers confirm status of direct reports, including need of their families, done via home visits if

needed• Fundraisers and collection of essential goods organized throughout rest of company• All Joplin employees status confirmed by Monday morning• Company volunteers on site by Tuesday Morning with temporary satellite phones• Company helped open local school by Wednesday morning


Q & A

Recap1.Perception is Reality2.Communication Channels Not Under Direct Control3.Using Channels to Your Advantage


Appendix

• Business Resilience Terms• Malware Screenshot• My Contact Information:

Alfonso (Al) MartínezSenior Advisor – SME |Fusion Risk Management, Inc.3601 Algonquin Rd., Suite 510 | Rolling Meadows, IL 60008C: (630) 399-4743 (primary phone)[email protected]


Business Resilience 101Term Definition Typical Critical Components

Business Resilience Business resilience is the ability an organization has to quickly adapt to disruptions while maintaining continuous business operations and safeguarding people, assets and overall brand equity

• Emergency Response• Crisis/Incident Management• Business Continuity• IT Disaster Recovery

Emergency Response (ER)

Documented procedures, guideline and plans used for addressing immediate reaction and response to an emergency situation. Life Safety is the focus.

• Evacuation plans• Shelter-In-Place plans• Threat specific plans• Warning and notification plans

Incident Management (IM)

Documented processes, plans and strategies by which an organization responds to and controls an incident using emergency response procedures or plans. Controlling the Incident is the Focus.

• Internal coordination plans• Incident specific plans• Procedures for incident owners• Damage Assessment

Crisis Management (CM)

Documented processes, plans and strategies giving overall direction of an organization’s response to a disruptive event, in an effective, timely manner, with the goal of avoiding or minimizing damage to the organization’s profitability, reputation, and ability to operate. Minimizing impact to the Business is the focus.

• Internal and External Communication plans• Crisis specific plans• Procedures for functional and business leader activities

Business Continuity (BC)

Documented processes, plans and strategies to ensure continued operation (or resumption) of critical business processes during a significant business disruption at primary workplace. Continuing/Recovering critical business operations is the focus.

Business process resumption depends on: • People• Facilities (Workplace)• Tools • Vendors and Suppliers

IT Disaster Recovery(IT DR)

Documented processes, plans and strategies to ensure the recovery of critical business applications during significant business disruptions at primary data center. Continuing/Recovering critical business application operation is the focus.

Business application recovery depends on :• Data Consistency • Application Recovery Procedures • Application Recovery Tests

Business Impact Analysis (BIA)

Process to determine impacts on the organization due to interruptions with business operations or processes. Identifying the most critical business processes and their requirements to operate is the focus.

• Interviews with business leaders and process owners to determine the minimum required resources (people, facilities, and tools) to operate the business

• The impact over time if operations are disrupted• Feasible workarounds


Petya Screenshot

social media and controlling the message: first hand case studies … · social media and...

Documents