Upon discovering the significant security and privacy flaw, Thompson’s mother immediately e-mailed a bug report and video to Apple on their support site. She also called and tweeted at CEO Tim Cook and even faxed a letter using her law firm’s letterhead. Despite her efforts, after several weeks the incident report had still not been processed. Thompson didn’t hear back from Apple until after national media outlets broke the news about the FaceTime glitch and traced the report back to her original tweets. Ms. Thompson’s tweet on the other hand, was escalated to the public, instantly. This is an example of the See-Through Economy at work, which encapsulates the shift towards transparency and accountability brought on by social media and technology. Before Apple could formally acknowledge the issue, the public had been made well-aware that their privacy was at risk.
When there is not a clear path of communication to the company, consumers are empowered by social media to voice their issues. Because an enterprise-wide risk management process was not in place, Apple could not respond and resolve the issue before Ms. Thompson’s tweet went viral on twitter. As a result, the glitch not only exposed Apple to major privacy violation risks, but also to reputational risk.
Companies can no longer effectively manage reputational risk after the fact, so they must take a proactive risk-based approach to ensure the risk does not occur in the first place. Customer-facing incident management software is essential to handling corporate mishaps. With connected incident management tools, organizations can immediately resolve issues through an efficient workflow that directs the incident to the appropriate parties.
Difficulties in the reporting process prevented the issue from being resolved sooner. Although the tech giant has a bug reporting channel, it is available only to designated specialists in the tech or security field. Given there was no public-facing channel for users to report security and privacy issues, Ms. Thompson used traditional methods including calling their support line, faxing, and tweeting. Unfortunately, the support line she reached was for traditional product support, which was not prepared for escalating security and privacy issues. Once her tweet went viral, Apple’s social media team was able to escalate the issue to the appropriate people; however, the bug publicly demonstrated Apple’s slow response and lack of escalation process.
Apple is not the only corporation who has struggled with implementing customer-facing incident management. As a result of the change in “Know Your Customer” laws, it has been a challenge for financial institutions to execute anti-money laundering regulations properly. Citibank recently rolled out a compliance program designed to protect customers and the company from illegal financial activity. However, what was initially designed as a program intended to catch terrorists has left multiple innocent customers with frozen bank accounts and zero notice. Without a customer-facing website to escalate issues, the remediation process is time-consuming with significant barriers to reach the appropriate employees.
Citibank is not unlike other banks, financial institutions, and most companies. While many have internal whistle-blower hotlines to report misdeeds, very few companies have reporting channels accessible to customers. Surprisingly, many financial institutions even require physical mail as a part of their complaint reporting process. These channels primarily serve as a means for customers to feel “their voices have been heard”. Often times, financial institutions do not have the management processes to identify and filter risk, fraud and misdeed reported from outside the organization. As a result, the resolution process is ineffective and complaints are typically aggregated over time serving no real purpose over than for process improvement.
With effective enterprise risk management in place, customer responses for a variety of issues can follow a clear and cost-effective path to resolution. Customer-facing incident management offers customers easily-accessible channels to escalate their incident reports. In the See-Through economy, risk transcends every industry. Regardless of what the incident is, be it a major software bug or innocent customers’ bank accounts being inadvertently frozen, incident management and reporting are essential components of effective risk management.
With the help of an enterprise risk management system, you can stay ahead of the curve in the event of an incident. With incident reporting software, you can give customers an outlet to easily submit issues that are immediately forwarded through a remediation workflow. While social media will still be at customers’ finger tips, you can ensure they are satisfied with a seamless and efficient resolution process. Incident management software will also give you a better understanding of why, when, and where incidents are happening, so you can prevent them from recurring in the future. Implementing the following pointers will help to improve your incident management program, so you can avoid ending up like the aforementioned companies.
About the Author: Steven Minsky
Steven is a recognized thought leader in ERM, CEO of LogicManager, and co-author of the RIMS Risk Maturity Model. Follow him on Twitter at @SteveMinsky
This article was originally published on LogicManager.com