While the world slows down and businesses watch their short-term revenue dwindle, some other companies—those that provide a service or product fit for our current circumstances—find themselves in an opportunistic situation. While that opportunity is fortunate—especially the privilege of being in a position to serve the world in its hour of need—it can also come with its own set of risks. For example, not having the bandwidth or capacity to meet the influx of demand, or finding yourself the focus of unwanted national attention for one reason or another—such as the situation that Zoom, the videoconferencing app, has found itself in.
As thousands upon thousands of people work from home, Zoom has seen a massive rise in customer base and usage. Unfortunately, with all of this new usage comes those who a) investigate things like the company’s privacy policies, which were found to be lax, and b) want to exploit or use the app for harm’s sake, offending and victimizing the company’s innocent customers. Apparently, Zoom’s less-than-adequate security features made it especially easy for both of these types of people to be satisfied in their quest. As a result, Zoom has been experiencing some serious backlash over the past several days, including having the FBI issue warnings on how to properly use the app in order to protect oneself.
#FBI warns of Teleconferencing and Online Classroom Hijacking during #COVID19 pandemic. Find out how to report and protect against teleconference hijacking threats here: https://t.co/jmMxyZZqMv pic.twitter.com/Y3h9bVZG30
— FBI Boston (@FBIBoston) March 30, 2020
Zoom’s response to the backlash
This afternoon, Zoom issued a statement to their customers addressing the fixes that they will be putting in place as a result of the lax security and its repercussions. The email described what the new default settings and functions will be and how to properly use them.
Upon reading the email, there was something that really didn’t sit right with me; something fundamentally “un-crisis-ready” that is worth mentioning and discussing here. Following is the opening paragraph to Zoom’s email which contains the message that I’m here to discuss:
We’re always striving to deliver you a secure virtual meeting environment. Starting April 5th, we’ve chosen to enable passwords on your meetings and turn on Waiting Rooms by default as additional security enhancements to protect your privacy. […]
Do you see anything wrong with the above communication? Let’s explore this and the underlying sentiment and message it expresses.
“We’re always striving to deliver you a secure virtual meeting environment.
Part of implementing a crisis ready culture means that you conduct exercises to identify and understand your high-risk scenarios—a.k.a. your most likely, high-impact issues and crises. While the discovery that the brand was providing user data to Facebook could have been an IT oversight or glitch—a possibility that I made sure to confirm with a cybersecurity and cyber defense expert—the privacy and security flaws, which led to things like “Zoombombing“, was a risk that could have, should have, been anticipated and mitigated long ago.
All of this leads me to doubt the first line of their statement.
Let’s now look at their second line:
Starting April 5th, we’ve chosen to enable passwords on your meetings and turn on Waiting Rooms by default as additional security enhancements to protect your privacy.
The wrong word choice here is “we’ve chosen”. This gives the impression that they proactively made the choice on their own to fix these security flaws which, we all know, is not the case. They did not chose to, they were forced to as a course of issue management and crisis prevention.
Two simple sentences can make all the difference in your crisis communication.
Crisis Ready Institute blogger, Patrice Cloutier, published an article earlier today where he opened with the following two sentences:
Writing the right statement in a crisis can be a daunting task. That statement, how it’s written and delivered, may become the defining moment of your response.
How right this statement is.
Zoom’s choice in how they opened their statement made all the difference. Their first two sentences tell us a lot about the company. They tell us that they are unable, as of yet, to be vulnerable, honest and forthcoming. And with this underlying message, comes the risk of customers not believing the whole of their statement and, ultimately, the values of the brand.
You always have two options when it comes to issue management:
- Respond ineffectively and you will chip away at the trust and credibility of your brand, every time and over time; or
- Respond effectively and you will strengthen the trust and credibility of your brand which, amongst other advantages, leads to you gaining the benefit of the doubt when things really go awry.
Zoom unfortunately chose the wrong option. It would have been so much stronger for Zoom to come out and admit that they have made some unfortunate oversights, apologize to their community for letting them down, and then prove that they care and are going to commit to doing better now and moving forward. From there, they could have introduced the fixes that the email goes on to describe.
That would have been real, personable and honest. That would have been the more vulnerable and therefore the more admirable thing to do. That would have expressed and showed its customers that maybe they made a mistake and have learned from it and, therefore, maybe they deserve to be trusted and given a second chance to prove that they are true to their words and commitment.
Crisis Ready Rule: A mistake can be forgiven. The appearance of a cover-up will not be.
Yes, it’s scary to admit that your service has not been up to par. But, in a case like this, it’s a truth that has already been demonstrated and that customers are already feeling. Avoiding the truth, trying to dance around the truth or denying the truth altogether—and attempting to come across as having chosen to implemented the solutions on your own—does nothing to rebuild that fragile trust that was waiting to see precisely how you would choose to respond.
Ultimately, the underlying message to all of this is what it says about a brand’s culture that chooses, let’s call it, “issue management option 1”. Every action, every non-action, every communication and every non-communication relays a fundamental message about who you are as a brand. Choosing issue management option 1 communicates a fundamental issue and reveals a brand that is not crisis ready.
The moral of the story, ladies and gentlemen, is that honesty counts for A LOT.
Founder and CEO of the Crisis Ready Institute, Melissa Agnes is the author of Crisis Ready: Building an Invincible Brand in an Uncertain World, and a leading authority on crisis preparedness, reputation management, and brand protection. Agnes is a coveted keynote speaker, commentator, and advisor to some of today’s leading organizations faced with the greatest risks. Learn more about Melissa and her work here.