The likes of Facebook and Twitter have created new ways for businesses to connect with their customers. Now they must learn to use these social media platforms while not ignoring the reputation risks they pose

Reputation economy is the Silicon Valley-coined term that describes the way the standing of a product, person or company is framed by the evaluation of consumers. These days, it is normally applied to the realm of web 2.0, which refers to all the interactive and network-based applications of the world wide web, such as blogs, wikis and social networks.

A company might spend millions building up its reputation in the eyes of consumers, but it can easily be broken – and is increasingly vulnerable online. The explosive growth of user-generated web content is one of the main dangers. Social networking sites, like Facebook and Twitter, but increasingly also user review sites, such as TripAdvisor and Yelp, offer consumers a soapbox to express their views or pass judgment on anything from the latest celebrity haircut to the price of fish.

One of the big differences with this new form of media is that it doesn’t play by the same rules as more traditional formats, such as newspapers, where content is checked for accuracy before being published. That’s partly because of the opaque legal rules governing the electronic environment, where internet libel isn’t always easy to prove.

Added to that, more and more people are using these networks to communicate. Over 211 million people in Europe use social networking sites, mainly Facebook, according to the European Network and Information Security Agency.

And so, while web 2.0 offers great opportunities for companies to engage with their customers, through blogs, forums, dedicated pages on Facebook and so on, it also poses a significant risk to corporate reputation. “The internet has changed the entire landscape of corporate reputation management,” says Leslie Gaines-Ross, the chief reputation strategist for public relations firm Weber Shandwick. “It has had a vast impact on how companies are perceived. The general public is much more cynical than it used to be: it doesn’t take companies or their chief executives at their word. Instead, consumers do their own investigations or dig deeper.”

There is so much more activism among consumers, she says, and no bad news goes unpublished. “Disgruntled consumers blog and twitter, and they get so much more coverage because they’re so easy to find. Basically, companies and their chief executives are naked today, and it’s really hard to deal with.”

Danger ahead

Social networking sites clearly pose a big threat to a company’s brand: a recent survey of more than 1,000 office workers found that 42% of those aged between 18 and 29 discussed work-related issues on social networking sites and blogs. However, these websites also represent plenty of IT security risks for businesses.

Security software provider Sophos surveyed over 500 organisations and discovered that 72% are concerned that employee behaviour on social networking sites exposes their businesses to danger, and puts corporate infrastructure – and the sensitive data stored on it – at risk. Survey respondents were asked which social network they believed posed the biggest security risk. Sixty per cent named Facebook; 18% said MySpace; 17%, Twitter; and 4%, LinkedIn.

“Finding the balance between harnessing so-called ‘web 2.0’ technologies for business benefit and maintaining strong security is key,” says Ian Bowles, chief executive of software security vendor Clearswift. “It isn’t difficult to envisage an employee posting unauthorised comments about their organisation’s product or service quality issues on a blog, causing major brand damage. But at the same time, banning all blog access is not the answer, as it cuts the organisation off from conversations with partners and customers.”

“Using and participating in these online services and communities forces enterprises to relinquish a level of control that they historically would not tolerate,” Gartner fellow Joseph Feiman explains. “It is forcing enterprises to rethink their security strategies.”

The risks are characterised by inbound IT threats, such as malicious malware or a hacker gaining access to an employee’s online account, as well as the external (mainly reputational) risk of engaging with this technology.

A big beast that many companies are already wrestling with is the question of employee blogging. Some organisations encourage it, others forbid it, and some have no policies at all. “It’s a two-sided coin,” Feiman explains. “On the positive side, blogging can build strong communities, brand awareness and transparency but, on the negative side, blogging can reveal corporate secrets, arm disgruntled employees and have undesirable consequences.”

PricewaterhouseCoopers saw social networking as an opportunity. Its director of security, William Beer, explains: “We looked at Facebook and what it meant for the firm from a brand reputation point of view. We felt that it was something we should recommend adopting, as long as certain precautions were taken.” PwC updated its acceptable internet use to cover social media and also updated its security awareness training, Beer says.

He explains the business benefits: “We have communities that we use to engage with some of the universities to help graduates understand the culture of the firm before they join.”

But he believes most other firms are still unprepared to deal with the risks. “I tend to see from clients that they’re not sure what controls to put around these technologies, and their knee-jerk reaction is to lock it down and block it.”

Crisis points

There are plenty of real-life examples of how the web can swiftly cause damage to a company’s reputation. British furniture retailer Habitat was hit by a social media crisis when it started linking its sales tweets to unrelated current affairs news topics – these included stories about violence during the Iranian elections – in an attempt to boost visibility. Angry twitterers accused the company of profiteering from social unrest.

Elsewhere, a growing number of businesses are falling victim to spiteful online attacks. These include the setting up of websites solely to destroy reputations. “All it takes is for one disgruntled ex-employee to post malicious comments on a blog or an internet forum about a perfectly good business,” Barker explains. “Bad news travels very quickly on the web. That business is suddenly at risk as the internet has no fact-checking capability and all because of someone who has an axe to grind.”

Following an incident in 2008, Virgin Atlantic dismissed 13 staff members who had posted comments on Facebook criticising the cleanliness of the company’s fleet and its passengers. Similarly, British Airways check-in staff at Gatwick posted messages on Facebook saying travellers were “smelly” and criticised the chaotic operations at Heathrow.

Further, the recent leak of more than 90,000 pages of classified military and intelligence documents by Wikileaks is a sharp reminder of the vulnerability of corporations to data leakage. The Wikileaks website promises to publish and comment on leaked documents alleging government and corporate misconduct.

Incidents like this have encouraged companies to develop internal web 2.0 policies to try to control their employees’ behaviour. But while these may exert some influence over internal staff, customers are free to say what they like. There have been plenty of cases of brands being criticised online, with major consequences. In one example, Johnson & Johnson company Motrin launched an ad campaign in 2008 with an online video about it seeming fashionable to carry your baby in a sling – despite the resultant back pain – so as to look like “an offical mom”. The badly misjudged ad offended scores of mothers who, empowered by social media, started airing their grievances. It led to a Twitter revolt, and the story moved into the mainstream media before Motrin could axe the ad, which is now immortalised on YouTube (go to our website for the link: Motrin was forced to temporarily shut down its website, pull the campaign and issue an apology.

Shifting trends

The risks of online reputational damage are exacerbated by the fact that fewer people are reading print publications and instead are turning to the internet for their news. In 2008, the News Media Consumption Survey from America’s Pew Research Center found that online readers comprised more than a third of all news consumers. Two years earlier, fewer than a quarter of newspaper readers viewed content online (see graph ‘Print v online readership’, below). This is being driven predominantly by a substantial shift in how younger generations read newspapers, according to Pew.

“News travels so quickly now,” Gaines-Ross says. “People can access information much more easily these days, and if they hear a scandal about one product, they can easily find out who makes it and choose to stop buying any of their products.”

But Chartis risk adviser and cyber security expert Pascal Lointier thinks that nightmare scenarios are an exaggeration. “I’m very cautious regarding online reputation, because there’s a strong amnesia regarding cyber incidents,” he says. “Most of these incidents are intangibles, so you forget very quickly. Plus it’s actually quite hard to access historical information on commercial indexing search engines, like Google.” Other types of cyber risk, he says, like the fines or class actions that result from data leakage, are much more significant.

Nevertheless, faced with these risks, some companies are turning to online reputation management companies to offer damage limitation.

Tricks of the trade

Plenty of PR consultancies offer brands ‘online reputation management’ services, and some of them promise to be able to bury bad news online, so that negative comments and stories don’t show up on search engine results. Although this sounds like a murky form of censorship, it’s more about boosting positive coverage than gagging negative stories, says Nathan Barker of Liverpool-based Reputation 24/7.

“Our experts use internet-monitoring tech and other techniques to help firms improve their online profiles by hiding damaging stories and promoting positive headlines,” Barker says. “We use our in-depth understanding of search engines and how they work to make sure only the results that clients want to view are shown when people search for their name, business or brand on Google or other search engines.”

The trick Barker’s firm uses is to create hundreds of new sites full of positive information about the brand or individual, which then saturate the search engines to the point that the negative content no longer shows up. “This forces anything undesirable back to pages two, three and into the internet abyss,” he says. “In short, online reputation management can effectively bury bad publicity by manipulating Google.”

It’s not all about reactive strategies like this, however. Some companies prefer to proactively use the new web technologies to their advantage. The pizza chain Domino’s, for example, responds to customers’ Twitter complaints. It has several community managers who monitor the feed and take care of the issues or forward complaints to the right department. Others look to social media to boost sales. US airlines Delta uses Facebook to reach out to customers, who can book their flights using the social networking tool. Other airlines, such as Virgin and JetBlue, do the same.

Another trend is for companies to use Twitter to announce company news, results and performance numbers. IR Web Report published a list of 10 companies that actively use Twitter to tweet to investors and the media in this way: Proctor & Gamble, Roche, eBay, Garmin, Lafarge, Potash Corp, Metso Group, BASF IR, Corning and Syngenta.

“The internet is great because it allows companies to talk to their customers immediately and give their point of view,” Gaines-Ross says. “But on the other hand, rumour and hearsay can damage a reputation just as quickly.” There’s plenty of misinformation out there, she adds.

The evidence suggests that companies need to go into web 2.0 with their eyes wide open to the risks as well as the benefits. As Barker says: “It’s unfairly damaging, but mud sticks. So the sooner you can wipe it clean, the better. That is why it’s vital to have a reputation management strategy.”

Whether that strategy involves trying to cover up mistakes once they’ve happened or engaging positively with consumers in an increasingly diverse media environment is for companies themselves to decide. But there’s no sense ignoring your company’s online presence either, as a final piece of advice from Gaines-Ross attests. “If you want to win the war of reputation, you’ve got to be online.”

Five top tips to protect your online reputation

1. "Do the right thing in the first place," says Leslie Gaines-Ross of Weber Shandwick. "Whatever you say internally or in the restaurant on Saturday night can turn up somewhere, so be careful."
2. Monitor what's being said about you and your competitors, and make sure that gets through to the top of the organisation on a regular basis. "Social media monitoring is a whole new industry," Gaines-Ross says.
3. Have a crisis plan in place. Coca-Cola, for example, has a dedicated website that it uses to dispel myths and rumours about its products. "If you have a customised company site that uses all sorts of media, you can get your message out there immediately."
4. Listen and react to what's being said about you. Some companies use communities of interest, where they invite people who are interested in their products to interact in an online community, such as through Twitter or Facebook. "Finding your advocates and working closely with them is a good strategy. They'll defend you if there's a problem."
5. Have social networking policies in place and make sure that staff are following them.