News 19 May 2017
This week's cyber attacks were a (literal) shock to the system. Unexpected, global repercussions left few countries untouched, and everyone wondering - is this just the essence of the age we're living in - that some foreign body can slip a bug into some innocuous email and hey presto they have our medical records detailing our (perhaps sordid) past?
It is indeed a terrifying prospect. How many links a day do you click on from your boss? How many zip file downloads in a week? It appears that despite whatever preventative measures you've put in place to stop hackers from getting on your computer, they're able to get by them. What does this mean for business? Nothing really, apart from doomsday itself.
The reason attacks like this don't get solved is because of a number of factors, the most compelling of which is victim co-operation. If a company reveals their system has been hacked, it can translate into a massive dive in stock prices requiring innumerable contingency plans to be put in place. Customer trust itself is invariably lost, and a steady dip in revenue will result until WannaCry have left the headlines and the PR nightmare is finally over.
Below are the reasons why hackers like WannaCry should scare the living daylights out of businesses everywhere.
1. They have the ability to infect even the most complex and broad systems, such as Britain's healthcare organization
All eyes are on the U.K after WannaCry got into what is one of the bedrocks of any country: its healthcare system. Locked out of computers and files, nurses and doctors within the NHS experienced difficulty carrying out even the most menial of tasks once the hackers got into their computers. There is speculation that because of the time it took to regain control of their entire network, lives were lost in the process. Like any healthcare provider throughout the world, the NHS is a business at its core. Having already been under scrutiny by the parties lobbying for favor in the upcoming British election, this cannot have been an easy week in the office for the IT department and those in PR, dealing with those whose information were too readily available for the hackers.
2. They don't care who they're targeting, hitting corporations big and small
The virus that infected the machines was called Ransomware, a malicious piece of software that blocks access to a computer system until a ransom is paid. One of the targets of the hack was Disney's next movie release, Pirates of the Caribbean 5. Hackers threatened to post the forthcoming film online in segments unless Disney paid the ransom in bitcoin. Disney's CEO Bob Iger has not budged, however, and refused to pay the ransom, instead working with federal investigators in the US. FedEx has also been hit in the US, but has said that it has “resumed normal operations,” and that its computer systems were healthy again.
In Asia, the situation seems less hopeful. More than 40,000 organizations were hit, 4,000 them academic institutions, including two of China’s most prestigious schools.
3. Their methods of monetary extraction are virtually untraceable, using the elusive bitcoin - making another attack a veritable promise
Bitcoin is a digital payment system invented by an unknown programmer, or group of programmers, under the name Satoshi Nakamoto. It was released in 2008 and has since been used in countless transactions within the 'dark web'. The transactions take place between users directly, without an intermediary, and as such cannot be traced because there is no third party involved. Once WannaCry had access to the computers they put up a ransom on the homepage requesting $300 via bitcoin for their computer to return to normalcy. 'Following the money trail' however does not apply here. Bitcoin, with close ties to North Korea, remains a stable monetary system.
4. Unless every single victim owns up to the breach, the likelihood of these hackers being caught is very low
It can be hard to pinpoint the extent of disruption, since some companies don’t report the attacks for fear of potential damage to their corporate reputations. For some companies, it’s easier to pay the $300 ransom, and then move on. This makes it more difficult for a comprehensive investigation to be carried out using international agencies. Again, this is another opportunity for a hack like this to be carried out with as much ease and destruction.
5. There were people and prevalent agencies that were aware this malware existed and did nothing to safeguard against such a breach
The Chinese government has placed the blame on the NSA for the attacks because apparently they had knowledge of the malware used to invade people's computers. The U.S government and its agencies are meant to act as safeguards for the countries' individuals and their corporations, and in this case, they majorly failed. What is the purpose of a security agency - if not to provide security? WannaCry have managed to expose a major hole in the so-called network of agencies charged with protecting the country's corporate and economic infrastructure. The effect from this and governmental uncertainty in general was a sharp decline in the value of the dollar. All in all, it was a bad week for all in business here in the U.S.
Nasdaq confirmed the dollar dipped this week amid political uncertainty. Photo courtesy of Barrons
Not too many years ago, my advice to political candidates would have been pretty simple: "Don't do or say anything stupid." But the last few elections have rendered that advice outdated.
When Barack Obama referred to his grandmother as a "typical white woman" during the 2008 campaign, for example, many people thought it would cost him the election -- and once upon a time, it probably would have. But his supporters were focused on the values and positions he professed, and they weren't going to let one unwise comment distract them. Candidate Obama didn't even get much pushback for saying, "We're five days away from fundamentally transforming the United States of America." That statement should have given even his most ardent supporters pause, but it didn't. It was in line with everything Obama had previously said, and it was what his supporters wanted to hear.
2016: What rules?
Fast forward to 2016, and Donald Trump didn't just ignore traditional norms, he almost seemed to relish violating them. Who would have ever dreamed we'd elect a man who talked openly about grabbing women by the **** and who was constantly blasting out crazy-sounding Tweets? But Trump did get elected. Why? Some people believe it was because Americans finally felt like they had permission to show their bigotry. Others think Obama had pushed things so far to the left that right-wing voters were more interested in dragging public policy back toward the middle than in what Trump was Tweeting.
Another theory is that Trump's lewd, crude, and socially unacceptable behavior was deliberately designed to make Democrats feel comfortable campaigning on policies that were far further to the left than they ever would have attempted before. Why? Because they were sure America would never elect someone who acted like Trump. If that theory is right, and Democrats took the bait, Trump's "digital policies" served him well.
And although Trump's brash style drew the most handlines, he wasn't the only one who seemed to have forgotten the, "Don't do or say anything stupid," rule. Hillary Clinton also made news when she made a "basket of deplorables" comment at a private fundraiser, but it leaked out, and it dogged her for the rest of the election cycle.
And that's where we need to start our discussion. Now that all the old rules about candidate behavior have been blown away, do presidential candidates even need digital policies?
Yes, they do. More than ever, in my opinion. Let me tell you why.
Digital policies for 2020 and beyond
While the 2016 election tossed traditional rules about political campaigns to the trash heap, that doesn't mean you can do anything you want. Even if it's just for the sake of consistency, candidates need digital policies for their own campaigns, regardless of what anybody else is doing. Here are some important things to consider.
Align your digital policies with your campaign strategy
Aside from all the accompanying bells and whistles, why do you want to be president? What ideological beliefs are driving you? If you were to become president, what would you want your legacy to be? Once you've answered those questions honestly, you can develop your campaign strategy. Only then can you develop digital policies that are in alignment with the overall purpose -- the "Why?" -- of your campaign:
- If part of your campaign strategy, for example, is to position yourself as someone who's above the fray of the nastiness of modern politics, then one of your digital policies should be that your campaign will never post or share anything that attacks another candidate on a personal level. Attacks will be targeted only at the policy level.
- While it's not something I would recommend, if your campaign strategy is to depict the other side as "deplorables," then one of your digital policies should be to post and share every post, meme, image, etc. that supports your claim.
- If a central piece of your platform is that detaining would-be refugees at the border is inhumane, then your digital policies should state that you will never say, post, or share anything that contradicts that belief, even if Trump plans to relocate some of them to your own city. Complaining that such a move would put too big a strain on local resources -- even if true -- would be making an argument for the other side. Don't do it.
- Don't be too quick to share posts or Tweets from supporters. If it's a text post, read all of it to make sure there's not something in there that would reflect negatively on you. And examine images closely to make sure there's not a small detail that someone may notice.
- Decide what your campaign's voice and tone will be. When you send out emails asking for donations, will you address the recipient as "friend" and stress the urgency of donating so you can continue to fight for them? Or will you personalize each email and use a more low-key, collaborative approach?
Those are just a few examples. The takeaway is that your online behavior should always support your campaign strategy. While you could probably get away with posting or sharing something that seems mean or "unpresidential," posting something that contradicts who you say you are could be deadly to your campaign. Trust me on this -- if there are inconsistencies, Twitter will find them and broadcast them to the world. And you'll have to waste valuable time, resources, and public trust to explain those inconsistencies away.
Remember that the most common-sense digital policies still apply
The 2016 election didn't abolish all of the rules. Some still apply and should definitely be included in your digital policies:
- Claim every domain you can think of that a supporter might type into a search engine. Jeb Bush not claiming www.jebbush.com (the official campaign domain was www.jeb2016.com) was a rookie mistake, and he deserved to have his supporters redirected to Trump's site.
- Choose your campaign's Twitter handle wisely. It should be obvious, not clever or cutesy. In addition, consider creating accounts with possible variations of the Twitter handle you chose so that no one else can use them.
- Give the same care to selecting hashtags. When considering a hashtag, conduct a search to understand its current use -- it might not be what you think! When making up new hashtags, try to avoid anything that could be hijacked for a different purpose -- one that might end up embarrassing you.
- Make sure that anyone authorized to Tweet, post, etc., on your behalf has a copy of your digital policies and understands the reasons behind them. (People are more likely to follow a rule if they understand why it's important.)
- Decide what you'll do if you make an online faux pas that starts a firestorm. What's your emergency plan?
- Consider sending an email to supporters who sign up on your website, thanking them for their support and suggesting ways (based on digital policies) they can help your messaging efforts. If you let them know how they can best help you, most should be happy to comply. It's a small ask that could prevent you from having to publicly disavow an ardent supporter.
- Make sure you're compliant with all applicable regulations: campaign finance, accessibility, privacy, etc. Adopt a double opt-in policy, so that users who sign up for your newsletter or email list through your website have to confirm by clicking on a link in an email. (And make sure your email template provides an easy way for people to unsubscribe.)
- Few people thought 2016 would end the way it did. And there's no way to predict quite yet what forces will shape the 2020 election. Careful tracking of your messaging (likes, shares, comments, etc.) will tell you if you're on track or if public opinion has shifted yet again. If so, your messaging needs to shift with it. Ideally, one person should be responsible for monitoring reaction to the campaign's messaging and for raising a red flag if reactions aren't what was expected.
Thankfully, the world hasn't completely lost its marbles
Whatever the outcome of the election may be, candidates now face a situation where long-standing rules of behavior no longer apply. You now have to make your own rules -- your own digital policies. You can't make assumptions about what the voting public will or won't accept. You can't assume that "They'll never vote for someone who acts like that"; neither can you assume, "Oh, I can get away with that, too." So do it right from the beginning. Because in this election, I predict that sound digital policies combined with authenticity will be your best friend.