A Crisis of Credibility

“A man has no more character than he can command in a time of crisis.” – Ralph W. Sockman

It seems like every day I hear another story about someone who has been victimized at the hands of malicious hackers and scam artists. Yesterday afternoon, my personal email account became the latest target. Either through a direct attack, or as the result of a trojan picked up from another poor soul’s account, thousands of emails proclaiming the glories of “working at home” went out under my name. If you’ve ever been impacted by one of these attacks, you can sympathize with the feeling of dread that came over me.

As I drove home from the office, my cell phone came alive with calls, emails and texts from concerned family, friends and colleagues. They all were pretty sure this was the result of a computer virus or some other external assault, and were kindly reaching out to make sure I knew about it. Anyone who knows me understands that I would never engage in this type of mass spam campaign – even if I had something worthy to say. But I’m sure my credibility took a hit nonetheless.

Credibility is not something to be taken lightly. If you want people – customers, coworkers, family and even strangers – to believe what you have to say when it counts, you have to speak from a foundation of trust. Credibility is built one brick at a time. Everything thing you say, everything you write, everything you do works to form the impression people have of who you are what you stand for. But it only takes one crisis to bring that wall of credibility crashing down.

How you respond to a crisis speaks volumes about your credibility. Too many companies have found themselves vilified because they did not respond appropriately when it mattered the most. When you properly address the crisis, you’ll find your credibility is maintained, or even enhanced, rather than damaged.

Here are some basic rules for managing a crisis. I’ve included the steps I took yesterday in response to my email problem. Maybe it will help you should you find yourself the victim of a similar attack.

Act quickly. Several companies have made headlines recently because they chose to sit on a problem for too long before addressing it. You have to move quickly in order to assure your customers that the problem is not being ignored. Don’t assume a crisis will pass away quietly. They rarely do. Even if your customers aren’t talking to you, they’re talking to someone. And you can be sure the conversation isn’t a positive one.

[As soon as I could safely get home, I began attacking the issue with my email account. I knew I couldn’t wait until I changed clothes or had dinner.]

Communicate early. Don’t wait until everything has been fixed before you communicate with your customers. They want (and need) to know that you are aware of the problem and actively addressing it. In the absence of any official word, people tend to fill in the blanks with their own assumptions.

[The first thing I did was communicate, in the best way I could, to those affected by the issue. I wanted them to know it was not intentional and needed to warn them against opening the spam email. I didn’t want them to suffer the same effects I did.]

Fix it. Fast. When something blows up that has the potential to impact your credibility, you can’t afford to move slowly. You need to stop the bleeding, so this is no time to appoint a committee. Your ability to quickly recognize and address the issue will speak volumes to your customers. Gather your best people, outline a plan, and execute.

[Next, I stopped any outgoing email from the affected account. Luckily I could still get in, so I changed the password. Then I deleted all contacts so that nothing could populate the To: line without me typing it in directly.]

Address the weak spot. Just because you’ve solved the immediate problem, don’t assume your work is over. While the issue is still hot, you need to take the steps necessary to keep it, or something similar, from happening down the road. Now is the time to diagnose, improve processes, and apply preventative measures. Companies that don’t take the opportunities to learn from their mistakes risk making them again. The impact to their credibility can be devastating.

[I’ll no longer be using that particular email account to send any correspondence. I don’t want future, legitimate emails I might send being viewed as spam. Since the attack occurred while my PC was powered down, I don’t think it was the result of a virus or other malicious software. But I went ahead and ran an anti-virus scan anyway. I logged in to my other accounts (facebook, linkedin, etc.) and changed the associated email address. I also changed all of my passwords to be sure those accounts won’t be compromised.]

Thankfully, my network of friends knows me well enough to realize I didn’t intentionally betray their trust. Those I’ve talked to are savvy enough to realize email scams are an unavoidable part of living in a connected world. Hopefully I’ve bolstered their trust in me by responding as best I could to my involvement in this one.