Dallas Lawrence is the chief global digital strategist for Burson-Marsteller, one of the world’s leading public relations and communications firms. He is a Mashable contributor on emerging media trends, online reputation management and digital issue advocacy. You can connect with him on Twitter @dallaslawrence.

If an individual or activist group broke into an organization’s office, raided confidential materials and then burned the building to the ground, local, state and federal officials would have swarmed the crime scene in an all out effort to bring the perpetrators to justice for an act of terrorism. Meanwhile, savvy online audiences and members of the media almost dismissively refer to the online versions of these raiders as “hacktivists,” conjuring up images of harmless school kids having fun pushing the boundaries of online security.

As we saw this morning with the Susan G. Komen Foundation website hack -– and again as “Anonymous Brazil” signaled they had successfully “taken down” the website of Brazil’s largest state bank — these groups are anything but harmless. One study from 2011 identified the average financial impact of these types of breaches to be just north of $7 million per incident.

SEE ALSO: 6 Tips for Handling Breaking Crises on Twitter

Whether you are a respected non-profit with a decades-long track record, or a state-owned financial institution in Latin America, organizations must diligently prepare for inevitable online intrusions and the challenging communications demands that result. There are four key considerations for organizations seeking to retain credibility and confidence as trusted stewards of information before and after a breach.


1. Think Ahead and Anticipate


The best offense is often the best defense — and this is certainly true in the online security game. Every organization involved in any form of data (online contributions, email petitions, online sales, social gaming, employee data, etc) is vulnerable to attack. Smart organizations are using their pre-hack peacetime wisely to invest in a forensics security assessment and to address identified weaknesses. In addition to the technical diligence, organizations must ensure their corporate communications, IT and legal teams understand who will be responsible for managing breaches and have a well planned rapid response crisis program in place.


2. Say Something


In the immediate aftermath of an attack, the lack of information can cause severe organizational paralysis. This paralysis hampers communications efforts, ultimately allowing external forces to shape the lens through which a response is viewed.

Identifying immediately what you know for certain and what you don’t know is critical. For example, organizations need to be prepared to address questions and concerns about the security of the system. Even though an activist may hijack a site to make a political point, it highlights a deeper potential for vulnerability that must be addressed.

Importantly, saying something does not mean saying everything. The rush to respond can have equally devastating consequences for the ill-informed and unprepared. Communicating what you know for certain and what you are doing to investigate — and even what you are still trying to determine — demonstrates responsiveness and transparency to stakeholders that rightly feel equally violated by the breach. Creating a direct response channel for those exposed — via an online registration system or a 24/7 call center — is another important sign of responsiveness. Total silence creates a vacuum of frustration that antagonists are only too happy to fill.


3. Know the Law


Every single state in the Union has separate reporting rules and regulations for what constitutes personally identifiable information (PII). These rules also govern when organizations that have been the victim of a breach must notify the public. Attempting to unravel this multi-state patchwork for the first time with your stakeholders, the media and law enforcement officials all demanding answers can be crippling.

Ensure that your team understands the regulations in each state — and country — you operate in, and make sure your compliance team is fully integrated with your communications team. Often, you will not be the arbiter of when to go public with news of your breach. The worst thing an organization can do from a reputational standpoint is to allow the narrative to shift from being the victim of an attack to the villain who failed to notify and protect those individuals whose data may have been compromised.


4. Remember, You’re Not Alone


In almost every case of online breaches, the “victims” number in the thousands — if not millions. It is not just the organization that has been violated, it is every employee whose social security number may have been exposed, every charitable donor who supported a cause, every business partner that shared data and every consumer who purchased a product. Keep these important groups informed and at the forefront of your communications efforts. They can be powerful advocates. Engaging quickly with local and federal law enforcement officials shows transparency and responsiveness — don’t be afraid to tell that story of cooperation.


In 2012, data will continue to emerge as the new form of global currency, and hacking will continue its evolution as the new face of popular protest. The fundamental reality for every business or organization is that everyone is now in the business of data — and its protection.

Image courtesy of iStockphoto, tomhoryn

More About: Business, contributor, features, Marketing, PUBLIC RELATIONS, Tech, Web Development

For more Dev & Design coverage:





A few consumers’ beef with Taco Bell this week offered some red meat to the blogosphere.

The conversation about the restaurant’s beef, spurred by a class-action lawsuit, seemed ready-made for viral media. The suit claims that Taco Bell misrepresents the contents of its beef; The restaurant calls it “seasoned ground beef” or “seasoned beef,” although the product contains 88% beef.

A list of the “Top Five Reasons Taco Bell Might Actually Be More Dangerous Than MTV’s Skins” got good play on Digg. A photo of a label from Taco Bell describing “Taco Meat Filling” also lit up the Twittersphere.

Faced with a social media crisis, Taco Bell is now fighting back via its Facebook Page, Twitter account and YouTube channel. So far, though, the company hasn’t gotten a lot of traction.

Yesterday, the fast food chain uploaded a video on YouTube of company president and chief concept officer Greg Creed explaining that the chain’s beef is “100% USDA inspected” and that the beef is seasoned with various spices and water “to provide Taco Bell’s signature taste and texture.”

Creed then tackles the somewhat ominous-sounding statistic that Taco Bell’s beef is actually composed of 88% beef. “So what’s the other 12%?” Creed asks puckishly. “It’s our secret. And I’m gonna give it to ya.” The rundown: 3% is water, 4% is Mexican spices and the remaining 5% is oats, caramelized sugar, yeast and other ingredients that he lists in the video.

Unfortunately for Taco Bell, only about 1,000 people have seen that video on YouTube. On Facebook, the video got more than 900 “likes,” but the reviews were a bit mixed. “Don’t B.S. us,” says one commenter. “We know that there is real beef in the taco, but you use some filler.” Says another: “Like y’all would come out and say, ‘We’ve just been caught.’” Meanwhile, Taco Bell’s Twitter feed, which has 45,000 followers, is more of a lovefest.

If this whole incident sounds a bit familiar, it may be because Domino’s faced a similar, albeit more damaging crisis in 2009 and pioneered the use of the company president mea culpa via YouTube.

Marsha Horowitz, the senior executive vice president and head of crisis communications for public relations firm Rubenstein Associates, says that Taco Bell had no choice but to respond via social media. “By coming out aggressively, it makes them appear that they feel very confident,” Horowitz says. On the other hand, there’s no escaping the truth that what the USDA calls beef and what the average person considers beef are two different things. “We’re learning this, but Taco Bell’s not the only one doing it,” Horowitz says.

The use of social media to address a public relations crisis is fairly new, but brands like Taco Bell are learning. Last year, Toyota’s adept use of social media helped counter potentially devastating news reports about recalls. In fact, it may have even helped the brand.

Will Taco Bell fare similarly? Horowitz says despite the low pickup rate in social media to Taco Bell’s response, the brand is already over the hump. “They took the lemons they were handed and made lemonade,” says Horowitz. “Or maybe they took bland beef and turned it into a spicy burrito.”

More About: facebook, PUBLIC RELATIONS, taco bell, twitter, youtube