Internet Reputation Management Guidelines Building a Roadmap for Continued Success



Similar documents
Internet Reputation Management Guide. Building a Roadmap for Continued Success

Information Security Incident Management Guidelines

SYMANTEC MANAGED SECURITY SERVICES. Superior information security delivered with exceptional value.

Fraud and Abuse Policy

Is Your Company Ready for a Big Data Breach? Sponsored by Experian Data Breach Resolution

Ten Questions Your Board Should be asking about Cyber Security. Eric M. Wright, Shareholder

CYBER & PRIVACY INSURANCE FOR FINANCIAL INSTITUTIONS

Data Privacy: The High Cost of Unprotected Sensitive Data 6 Step Data Privacy Protection Plan

Standard: Information Security Incident Management

CGI Cyber Risk Advisory and Management Services for Insurers

An Oracle White Paper November Financial Crime and Compliance Management: Convergence of Compliance Risk and Financial Crime

Into the cybersecurity breach

CYBER4SIGHT TM THREAT INTELLIGENCE SERVICES ANTICIPATORY AND ACTIONABLE INTELLIGENCE TO FIGHT ADVANCED CYBER THREATS

JOB ANNOUNCEMENT. Chief Security Officer, Cheniere Energy, Inc.

State of Minnesota. Enterprise Security Strategic Plan. Fiscal Years

IBM Security QRadar Risk Manager

Getting real about cyber threats: where are you headed?

Risk Management Policy and Framework

Cybersecurity: Considerations for Internal Audit. IIA Atlanta Chapter Meeting January 9, 2015

DETECT MONITORING SERVICES MITIGATING THE EPSILON BREACH SUMMARY

The Cost of Phishing. Understanding the True Cost Dynamics Behind Phishing Attacks A CYVEILLANCE WHITE PAPER MAY 2015

Acceptable Use (Anti-Abuse) Policy

Data Security Incident Response Plan. [Insert Organization Name]

Cyber4sight TM Threat. Anticipatory and Actionable Intelligence to Fight Advanced Cyber Threats

Privilege Gone Wild: The State of Privileged Account Management in 2015

GUIDANCE FOR MANAGING THIRD-PARTY RISK

Business Case Outsourcing Information Security: The Benefits of a Managed Security Service

CyberArk Privileged Threat Analytics. Solution Brief

Web application security Executive brief Managing a growing threat: an executive s guide to Web application security.

Fostering Incident Response and Digital Forensics Research

Accenture Intelligent Security for the Digital Enterprise. Archer s important role in solving today's pressing security challenges

New York State Department of Financial Services. Report on Cyber Security in the Insurance Sector

VERISIGN DDoS PROTECTION SERVICES CUSTOMER HANDBOOK

Application Security in the Software Development Lifecycle

KASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES.

Information security due diligence

Procedure for Managing a Privacy Breach

Demonstrating the ROI for SIEM: Tales from the Trenches

BEST SECURITY PRACTICES IN ONLINE BANKING PLATFORMS

with Managing RSA the Lifecycle of Key Manager RSA Streamlining Security Operations Data Loss Prevention Solutions RSA Solution Brief

Introduction to Data Security Breach Preparedness with Model Data Security Breach Preparedness Guide

DIGITAL STRATEGY AND TACTICS FOR BRAND REPUTATION MANAGEMENT

Cyber Threat Intelligence Move to an intelligencedriven cybersecurity model

Information Security. Incident Management Program. What is an Incident Management Program? Why is it needed?

Reducing Cyber Risk in Your Organization

THE 2014 THREAT DETECTION CHECKLIST. Six ways to tell a criminal from a customer.

Managing IT Security with Penetration Testing

ASSUMING A STATE OF COMPROMISE: EFFECTIVE DETECTION OF SECURITY BREACHES

Stay ahead of insiderthreats with predictive,intelligent security

Building a Roadmap to Robust Identity and Access Management

DEMONSTRATING THE ROI FOR SIEM

Strategically Detecting And Mitigating Employee Fraud

Addressing the Sale of Counterfeits on the Internet

THE SECURITY EXECUTIVE S GUIDE TO A SECURE INBOX. How to create a thriving business through trust

Security. Security consulting and Integration: Definition and Deliverables. Introduction

5 Lines of Defense You Need to Secure Your SharePoint Environment SharePoint Security Resource Kit

Rx-360 Supply Chain Security White Paper: Incident Management

THE NEW REALITY OF RISK CYBER RISK: TRENDS AND SOLUTIONS

Advanced Threat Protection with Dell SecureWorks Security Services

Chapter I: Fundamentals of Business Continuity Management

Italy. EY s Global Information Security Survey 2013

How To Create An Insight Analysis For Cyber Security

Data security: A growing liability threat

Executive Management of Information Security

Bad Ads Trend Alert: Shining a Light on Tech Support Advertising Scams. May TrustInAds.org. Keeping people safe from bad online ads

Reference Architecture: Enterprise Security For The Cloud

MEMORANDUM. Date: October 28, Federally Regulated Financial Institutions. Subject: Cyber Security Self-Assessment Guidance

GLOBAL BUSINESS DIALOGUE ON ELECTRONIC COMMERCE CYBER SECURITY AND CYBER CRIME SEPTEMBER 26, CEO EDS Corporation

Managing intangible assets It is time to act

Formulate A Database Security Strategy To Ensure Investments Will Actually Prevent Data Breaches And Satisfy Regulatory Requirements

A Risk Management Standard

Privilege Gone Wild: The State of Privileged Account Management in 2015

The Changing IT Risk Landscape Understanding and managing existing and emerging risks

TECHNOLOGY PARTNER CERTIFICATION BENEFITS AND PROCESS

This agreement applies to all users of Historica Canada websites and other social media tools ( social media tools or social media channels ).

Implement security solutions that help protect your IT systems and facilitate your On Demand Business initiatives.

Managing cyber risks with insurance

Cyber Risks and Insurance Solutions Malaysia, November 2013

RISKY BUSINESS SEMINAR CYBER LIABILITY DISCUSSION

ALERT PRESERVING YOUR REPUTATION FINANCIAL SERVICES. Glass, china, and reputation are easily cracked, and never well mended.

Cyber intelligence exchange in business environment : a battle for trust and data

Mitigating and managing cyber risk: ten issues to consider

security policy Purpose The purpose of this paper is to outline the steps required for developing and maintaining a corporate security policy.

CYBER & PRIVACY LIABILITY INSURANCE GUIDE

ACCEPTABLE USE AND TAKEDOWN POLICY

Defending yesterday. Financial Services. Key findings from The Global State of Information Security Survey 2014

QUANTITATIVE MODEL FOR INFORMATION SECURITY RISK MANAGEMENT

Transcription:

Internet Reputation Management Guidelines Building a Roadmap for Continued Success

Table of Contents Page INTERNET REPUTATION MANAGEMENT GUIDELINES 1. Background 3 2. Reputation Management Roadmap 5 3. Prevention 6 I. Establishing an Internet Reputation Management Council 6 II. Developing policies and procedures 7 III. Training and communicating with staff 8 IV. Measuring progress against objectives 8 4. Monitoring 9 5. Analysis 10 6. Mitigation 11 7. Summary 12 INTERNET REPUTATION MANAGEMENT WORKBOOK Workbook Elements 14 I. Sample Questions for Prevention Stage 15 II. Internet Reputation Management Council 16 III. Mitigation Processes 17 o The BP Process 19 IV. Rules of Engagement 20 V. Guidelines and Best Practices for Social Media Participation 21 VI. Sample Policy Statements 23 o Social Media Participation Policy 23 o Internet Incident Response Policy 24 o Software, Internet Use and Email Policy 26 o Policy Acknowledgement Form 29 VII. Social Media Incident Response Processes 30 ABOUT BRANDPROTECT 34 ABOUT BRANDPROTECT.. 30 2

1. Background Internet-based brand fraud, defamation and identity theft are relatively new additions to business risk for most organizations. The conventional view is that damaging activities, such as identity theft attacks, became a legitimate concern to law enforcement agencies and enterprise risk managers as recently as 2003. During this time, corporate information technology departments were focused on building firewalls to secure their internal information systems, customer databases and e-mail systems. Companies with high profile brands were caught unaware and ill-prepared to implement measures to combat internet-based threats targeting their valuable brand names. As a result, criminals were able to operate in an open and ungoverned environment stealing personal customer information, misrepresenting brands and redirecting web traffic, causing a substantial amount of financial and reputational damage to legitimate enterprises. Today, with ever more coordinated and sophisticated criminal activity and the explosion of social media, there is an urgent call to action for companies to immediately establish an enterprise-wide state of readiness to combat internet fraud, reduce the severity and levels of brand abuse and to mitigate the financial harm to customers and collateral reputational damage to the corporate brand. When threats appear, organizations need to consider a number of key questions in assessing their state of preparedness (see Workbook for more potential questions): Corporately Who are the various internal stakeholders responsible for reputation management and what are their needs? How are decisions being made and what approval processes are there? Who in the organization needs to be involved? What help do we need to design, implement and run the process? Specific to an Issue What is the size, scope and level of severity of the problem? How quickly, and to what extent, can the problem be solved? What kind of skill set will be required to effectively mitigate this new risk? What formal and informal processes are already in place that we can build upon? 3

Based on BrandProtect s experience in protecting the rights, revenue streams and reputation of organizations worldwide for over a decade, we have developed a strategy and roadmap to ensure that policies, processes and procedures are established within the early stages of an Internet Reputation Management Program. Recognizing that each organization will face its own specific internal and external challenges in dealing with internet threats, BrandProtect has provided these full-scale Guidelines. It is our recommendation that you adopt all or parts of this Roadmap that are applicable to your organization. This will help to ensure successful implementation of a customized Internet Reputation Management Program. The following document outlines the steps involved to define internal and external project resources, and the Workbook provides process requirements, timelines, deliverables and expected outcomes, including the following: 1. Creation of an Internet Reputation Management Council with crossorganization representation 2. Development and implementation of internet reputation management policies based on corporate risk management strategies and response processes 3. A risk assessment and mitigation process to help analyze threats and establish appropriate mitigation strategies 4. Defining the rules of engagement to be followed to help guide organizational response to threats 5. Development of corporate policies, with particular emphasis on those relating to social media participation, given its special and potentially explosive nature 4

2. Reputation Management Roadmap One of the primary objectives of any program is to assist in establishing longterm policies, strategies and processes involving cross-functional participation to improve internet reputation management. With a long-term corporate focus on risk management and prevention, organizations will be able to minimize the damages resulting from online criminal activity, intellectual property rights abuses and defamatory discussion. The critical components of an effective Internet Reputation Management Program are illustrated in the diagram below: Roadmap to Establish a State of Enterprise Readiness The focus of this document is on the first stage of prevention, with the attached Workbook serving to further help guide efforts across the entire roadmap. Within prevention, the key elements are as follows: 1. The formation of an Internet Reputation Management Council 2. The development of policies and procedures 3. Training and communicating with staff 4. Measuring progress against objectives 5

3. Prevention I. Establishing an Internet Reputation Management Council BrandProtect recommends setting up a cross-departmental Internet Reputation Management Council, made up of key internal stakeholders representing those functional groups that have ownership of the brand, enterprise risk management, customer information files, investor relations, and legal and human resources. The objective of bringing together this crossfunctional group is to ensure that ownership and management of the brand is carried out at the enterprise level. Most corporate brands are typically represented across multiple external stakeholder touch points such as the internet, customer service department, call center, retail outlets, broadcast media advertising, investor communication vehicles (e.g. press releases, analyst calls, annual reports), channel and alliance partners, resellers, agents and brokers. In this regard, the brand has high exposure. These are all collection points for customer information and they usually cover expansive geographic areas that present unique challenges in ensuring compliance with brand standards and protection of proprietary information. Council representation should consist of a variety of roles within an organization, for maximum effectiveness. These include: - A Team Leader, responsible for day-to-day operations and process management - Functional area leadership with representation from groups that have responsibility for managing and protecting the brand, including: E-business, Human Resources, Marketing, Investor Relations, Legal, Public Relations, Security and Fraud, and IT - Executive level sponsorship In our experience, a program s success is predicated on the contribution that these roles provide. Each is crucial in defining how the company uses and protects brands with respect to corporate standards of governance. The cross-functional team will not only provide leadership on securing the brand, but will also act as agents of change by championing the implementation of training and policymaking within their respective departments. Executive leadership paves the way for cross-functional collaboration and resource collaboration, along with contributing to building a culture that is aware of the value of its brand and the dangers that threaten this valuable corporate asset in the age of internet threats. Finally, the Team Leader marshals the necessary resources to ensure that on a day-to-day basis the brand is safeguarded and that the appropriate processes are established and in place to address issues as they are encountered. 6

Setting up an Internet Reputation Management Council is a collaborative process; therefore, a company should instill a philosophy of internet reputation management by: 1. Identifying key internal stakeholders and inviting them to participate in a meeting to establish the guidelines of internet reputation management within the company 2. Planning to meet regularly to keep abreast of industry and technology changes as well as emerging forms of internet-based threats 3. Establishing goals and targets such as building a structure and policies to set up a Best of Breed Governance Policy ; setting metrics to track performance from the outset 4. Establishing emergency response protocols 5. Implementing training policies and communication within the organization 6. Reviewing, measuring, evaluating and managing progress against objectives II. Developing policies and procedures By building in a defined set of response procedures, it is possible to minimize the amount of damage that a phishing, identity theft, brand attack, or even a social media crisis can inflict. A defined set of procedures can also greatly reduce the amount of time the call center staff spend on the telephone, or provide your Investor Relations and/or Public Relations department(s) with documentation (key messages/talking points, press release templates, etc.) that are prepared in advance so as to minimize public response times. And since employees may unknowingly infringe on disclosure requirements and even contribute to espionage by revealing information that is either sensitive or not in the public domain, having internet reputation management processes and policies in place can help create a structure and culture of corporate awareness, allowing employees to be better able to detect brand infractions on their own and to proactively minimize the risk of their occurrence. 7

Examples of policies usually needed within an organization include: Policy towards employment listing security in conjunction with Human Resources Develop and police linking agreements via contracts and channel management Maintained and managed master lists of authorized users of corporate trademarks Established, communicated and enforced on-line advertising standards and protocols Established, communicated and enforced written corporate disclosure policy Established and continuously refined crisis communications plan Policy on how, where and if employees should conduct discussions online Policy for domain name registrations While creating these strategies and processes will take some time, once completed they will reduce response times to security breaches and fraudulent activities. This saves your organization tremendous time and money on recovery procedures and enables a focus on moving forward. Furthermore, implementation strategies will assist your organization in adopting a culture of corporate asset management and protection. III. Training and communicating with staff The best intentions and plans will not result in success without the understanding and collaboration of the extended organization, including partners. The extent of internet threats is such that only through marshalling the collective efforts of the many in finding, assessing and determining the steps to take when issues are encountered can an organization truly achieve its goals. This requires involvement of stakeholders in both the development and rollout of plans, as well as ongoing solicitation of their views and communication to them of actions and progress. IV. Measuring progress against objectives Simply put, success can only be determined on the basis of having clearly stated objectives in place. These can be both quantitative (e.g. reduction in the number of identity theft incidents, number of defamatory issues, etc.) or more qualitative in nature. They can also be split between external and internal goals, the latter being of particular importance in larger, less cohesive organizations. Determining a select set of objectives to achieve and monitoring progress should be a priority for the Internet Reputation Management Council. 8

4. Monitoring Effective internet reputation management is dependent on the ability to gain visibility into your internet presence. This requires understanding the particular internet ecosystem involved. The diagram below depicts the variety of ways brands are represented online, from its website through to the presence of associated marks on non-corporate sites, through to how they are being discussed in social media. These are the areas to be monitored for true coverage. Tools like Google s Blog Search, Alerts, and Trends enable organizations to monitor their brands ad hoc and for free. However, the time required to use these tools is prohibitive, and they do not provide comprehensive coverage of data sources and are highly dependent on the indexing patterns of search engines. Large enterprises need comprehensive coverage that requires an advanced automated solution in order to be able to adequately search and parse relevant data and do so in a timely fashion. Internet monitoring specialists like BrandProtect can simplify and make more effective any monitoring effort, usually at a fraction of the cost of any comparable internal effort. 9

5. Analysis Processes need to be put in place to help in determining priorities for addressing the massive volume of information obtained through any monitoring of the internet. While companies often tackle internet reputation management in different ways in different parts of the organization, in doing so they are not able to benefit from a more coordinated effort, as many of the issues encountered can have an impact on a variety of stakeholders. This is depicted in the diagram below. The Internet Reputation Management Council plays a crucial role in coordinating efforts across the organization; in effect becoming, or at least supporting, the Chief Reputation Officer s role. Crucial to its success is the ability to have access to data that has been sufficiently filtered for accuracy and relevance, as well as having the tools in place to assist with the interpretation of and reporting on findings. Access to BrandProtect s secure portal and its features provides for such capabilities. 10

6. Mitigation Processes need to be defined based on the type of threat observed. Broadly speaking, these break down into the three areas associated with threats to customers, to the company s assets and threats to reputation association with community perception. These will require processes to address the following in particular: 1. Brand abuse what constitutes a trademark violation, traffic diversion or other unauthorized association; who within the organization needs to be contacted; how to respond to an attack 2. Pre-determined response strategies to attacks on your reputation for your Public Relations, Investor Relations, Marketing and Call Center functions 3. Security & fraud response to identity theft attacks, both from a process and resources standpoint, as well as those from interaction with Investor Relations and/or Public Relations Through the implementation of a formal monitoring system, threats to rights, revenues and reputation can be reported to the appropriate stakeholders in a timely fashion. The key benefit is that stakeholders are alerted to the impact of brand infringements on their respective functional areas. These alerts should act as triggers for intervention, either at the policy, process, or technology level. Rules of engagement need to be in place and understood in order to then ensure such intervention is conducted effectively. To this end, BrandProtect offers the following services: Incident Response: Rapid response to deal with all forms of identity theft attacks Cease and Desist capabilities: Automated system tailored to address specific infractions Social Media Engagement: Subject matter expertise in-house and via partner Education Support: For employees and customers Forensic Development: Capturing of necessary data to assist with litigation support Further, key internal stakeholders should meet on a regular basis (we recommend monthly) to discuss relevant internet reputation management issues. These internal stakeholders should be prepared to drive internal training and implement internet reputation management policies within the organization. 11

7. Summary By following this roadmap to establish long-term policies, strategies and processes involving cross-functional disciplines, organizations will be able to minimize the damages resulting from online criminal activity, intellectual property rights abuses and defamatory discussion. To further customize your organization s approach, please reference BrandProtect s Internet Reputation Management Workbook in next section. 12

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information