By now everyone is aware of the data breach of Sony’s Playstation Network. I say by now, because this time last week you might not have been. Millions of online gamers, myself included, found the Playstation Network ‘unavailable’ since 19th April, with no real explanation given. A technical hitch of some sort? We should be so lucky.
When the full horror of the situation emerged, that actually Sony had been the victim of potentially the biggest data security breach in history, it was almost a full week later. Almost a full week.
Given the fact that usernames, emails, passwords and most crucially (potentially) credit card details had been lost, this represents an absolutely unacceptable delay. With so many online accounts for users to manage these days, people often use the same password across multiple accounts for ease of memory. So when an email and password for one account is compromised, the security risk is like a pebble thrown in a pond. And the ripples aren’t pretty. Victims of the monster.co.uk data breach a few years ago will remember finding their facebook and twitter accounts posting spam and virus laden links to their peer network, if they shared a password across monster and twitter or facebook.
Sony may or may not be to blame for the hacking attack. But what they are definitely guilty of, is poor continuity planning and even poorer customer focus.
The damage to the brand has been amplified by the poor crisis communications strategy. Sony’s official line is that they had to find out whether user data had actually been lost before communicating. Sorry, that’s not good enough. If there’s even a chance of it, they should have comunicated ASAP.
Speak For Your Customers
In the war room that no doubt was hastily assembled at Sony HQ on the 19th, where was the customer champion? Who was the one in the room representing customers? I’ve been in similar situations, and whilst technology teams might want to keep shtum and put collective heads int he sand, as marketers it is our role to say that is absolutely not acceptable. Especially now, with platforms like Facebook, Twitter, and blogs. Customers can ask questions directly and quickly. A good customer focussed brand needs to answer them. Swift communication is not only key to protecting the brand, but is also frankly non-negotiable. To not give customers the warning to change their passwords on other accounts until 6 days later is utterly unacceptable.
What We Can Learn From This
The lesson in all this is two fold. Number One, make sure you have continuity plans in place, with solid and accountable action plans. If the worst happened over a bank holiday weekend for your brand, what would happen? Do you know who would do what, and when? If you don’t, you are putting yourself in a vulnerable position. Number two, be the voice of the customer. I often preach that everyone in a business is a marketer in some way. Everyone has the power to influence an element of the marketing mix, whether that’s the guy who cleans the washroom influencing physical evidence or IT team influencing product reliability. But as marketers, we really are the ones who should have the customer at the front of our minds, and speak for them. It might not always be popular in the boardroom (or the war room) but customers pay the bills, and any brand which disrespects that, will regret it at their leisure.
Never be afraid to be the one who says, “if I was a customer, would 6 days in the dark be acceptable to me?” If it wouldn’t be, don’t let it be so. Someone at Sony should have put the customer first and insisted on customer communication as an order of absolute priority. It’s not the crisis which is remembered – it’s how a brand dealt with it. In this case, that’s not good news for Sony.