DON’T PANIC BUT YES WE ARE UNDER ATTACK
I think it’s time for a little healthy paranoia.
If you are a high profile individual, or if you hold a top position in a high profile organisation, or if what you do is intrinsically interesting, then, yes, you should be paranoid. Assume you are under attack. An army of people is after your secrets. They may be sitting in a back room of a Moscow apartment; they may be lurking at a table next to you in an airport lounge, or even in that car with blacked-out windows parked discreetly outside your house. They may be anywhere. But what they have in common is that they are looking for information you don’t want them to have, and they have the tools to extract it.
Of course, you may operate in an environment of meticulous care, where your commercial and business secrets are safeguarded and protected with professional skill and rigour. More and more enterprises are recognising that safeguarding confidential information has to be one of the basic fundamentals of good management. But that still leaves your personal life unguarded, and that can just as surely destroy your professional reputation.
The threats to our privacy are growing exponentially, as smart technology worms its way into every corner of our lives. There is a well-publicised report now being investigated by the Information Commissioner of LG smart TVs on sale in the UK feeding confidential information and data back to the manufacturers in Korea. Even simple household appliances seem to be morphing into sinister tools of intrusion, with reports from Russia that hidden microchips had been discovered in kettles and irons imported from China, and that these were there to pump spam data and malware into wi-fi networks, allowing confidential data then to be sent to a foreign server. Not a story you’d necessarily believe, but you wouldn’t want to bet your career against the possibility, either.
Recently I took part in a presentation to a group of generals visiting from a friendly third world country. A colleague with a security background caused an uneasy ripple when he showed them how easy it was to transform their mobile phones, undetectably, into wireless microphones broadcasting everything they said, and the meetings they held, to be listened to on his own phone, wherever he happened to be.
The same colleague also showed how easily and quickly the entire contents of your phone can be downloaded, if you leave it in the wrong hands for just a few minutes. At government offices and embassies around the world, he insists on removing the battery from his phone before handing it in. “It doesn’t prevent them getting at it, but it makes it more difficult”. Perhaps a reason to choose a phone with an easy-to-remove battery!
I’ll leave it to others who are better qualified (and at Chelgate we work with several) to talk about the challenge to corporate confidentiality, and the ways of building better protection into your business. But the people cracking open your secrets are not just looking for commercial information. They are after your reputation, too. All the recent talk of phone hacking is really only the glimmering tip of a very large iceberg. Hugh Grant may never have his phone hacked again. But his privacy will still be far from secure.
Law firms are coming at the same problem from the legal perspective, and ending up in much the same place. Keith Schilling explained to me over breakfast recently how Schillings had acquired an IT security company, and you can see how that makes sense. You want to keep your clients’ privacy safe, if you can. But if it’s compromised, you need to know how and by whom if you are going to be able to put it right.
For PR professionals working in Reputation Management, Reputation Protection has become an increasingly central part of the job. A vital part of this is helping our clients to protect their privacy, spotting when it has been compromised, and moving quickly to counter the damage. Sometimes a vital part of the response will be a legal one, and PR firms increasingly need to work closely with their colleagues in the law. But at other times the legal route may not be either the best or the quickest way to contain the threat. But this will depend on a bunch of different factors – scale, motive, accuracy and source being just a few. A PR firm with Reputation Protection skills will have a range of tactics it can deploy, both online and offline, usually faster than any legal process can be put in place. But often, the most effective response will be a broad spectrum one, using IT, PR and legal responses to re-establish control.
Of course, prevention is better than cure, and the professional PR practitioner needs to have at least a basic understanding of good privacy practice – sufficient at least to conduct an initial review of client vulnerabilities. They may be as secure as the Bank of England when they in the office, but what do they do when they are at home, or travelling the world. Just how secure is their wireless network at home? Do they use public networks when they travel? When they settle down for the evening in that charming Kuala Lumpur hotel, and they connect to the hotel network, just how private are they? Or, if you are Chancellor of a great European nation, should you really be spending hours every day texting on your insecure personal phone?
Of course, even if your personal privacy is absolutely watertight, that may not be enough, which was another point Keith Schilling made as I wrestled with my morning croissant: “Who knows what photos are being posted and stories told by the VIP’s children to all their friends on Facebook?”
In fact, these days, anyone holding down a high profile job should have a proper Privacy Audit to check on potential vulnerabilities. It’s hard to manage reputation if your every minor indiscretion, embarrassing faux pas or domestic issue is potentially out there on public view. At Chelgate we know enough to offer general guidelines, and to know whether you need one. But this really requires very expert capabilities which we don’t pretend to have. But we know people who do, and that audit, and the strategies springing from it, need to form a cornerstone in any high sensitivity Reputation Protection programme.