PBS NewsHour staffers who were awake late last Sunday before Memorial Day, including myself, were just as startled as the rest of the Internet to discover a legitimate-looking blog post on our site claiming that late rapper Tupac Shakur was alive.
We were under a hacking attack. Suddenly, it was time for damage control.
I hope you never find yourself or your organization in a similar situation, especially at midnight on a holiday weekend, but in this era of high-profile hacking, everyone needs a plan in case your site, publishing systems, servers or social media suddenly fall under someone else’s control.
For any organization, such an incident would be a pain. But for one that doesn’t have a 24/7 staff, it’s especially prudent to have a plan and react as quickly as possible.
In others’ past crises, such as a flub tweet from the Red Cross or one of Southwest’s planes skidding off a runway, just to name a couple, I’ve been impressed by social media responses.
So how can you protect your organization’s reputation and put your best face forward if your site is compromised and/or false information is spread?
While a full response to a hacking incident should include your IT, legal and management teams as quickly as possible, here are six techniques we used in our social media response during those critical first hours, and six things you could do to prepare for a similar incident.
6 Tips If You’ve Been Hacked
1) Don’t Panic
It might be very tempting to freak out. Stay calm, especially in your online presence. The sooner you realize it could be a bumpy ride for a while, the sooner you can start making things right.
Having your site hacked is an invasive feeling. But regardless of what’s racing through your mind, having a meltdown on Twitter or Facebook will only make matters worse and potentially fan the flames of the bad actors you’ve encountered. Punch a pillow, shake your fists, have some ice cream, just keep it offline.
2) Be Quick
PBS NewsHour is responsive to daily breaking news, but generally in a more pensive, analytical manner. There are some excellent Twitter accounts that specialize in minute-by-minute breaking news. However, should your site suddenly become the news due to a hacking, you must respond as quickly as possible to minimize the harm. Until some sort of Twitter correction mechanism comes along, this is the best you can do to save face and serve the public. As a news organization, understand that you want to be the one quoted in the inevitable articles and the primary source that gets retweeted the most.
Be quick, coherent, professional and straightforward in your responses.
3) Be Personal
Your first response could be as simple as tweeting “Yes, something is going on. We’re working on it and we’ll get you more details soon. Thanks for your understanding,” and including your initials, or using your personal account to respond. If people can connect a real person to a brand on Twitter, they’re generally more likely to forgive anything from typos to corrupted servers, in my experience. I went to my personal account to update others so our @NewsHour timeline wasn’t flooded with “No, it is not true.” That was an effective way to get some retweets, which helped get the message out that it was a hoax.
4) Cover All Accounts
Sure, Twitter is the best way to send out several updates, but don’t forget your other social media accounts. Posting a message on Facebook allows you to provide updates and answers within a single thread. Lead the conversation as much as possible instead of playing catch-up.
To see if false information is spreading other places that might merit a response, be sure to search kurrently.com, search.twitter.com, facebook.com/search and Google.
5) Repeat, Repeat, Repeat
Repeat your updates as much as needed. Reword as the situation changes, but remind everyone that you are aware of the problem, working to fix it, and appreciate their patience.
But remember, keep it simple, short and stay on message: Our security has been breached and we’re working to fix the problem.
6) Know Your Limits
So after all that repeating, retweeting, Facebooking, Googling and more, you’re starting to wear out. It is important to know your limits and stop before you make a dumb mistake. (I called it quits around 3:30 a.m. ET, after a coherent sentence seemed like a distant memory, and I am very happy I did.) Tell your editor that you’re wrapping up. Let your followers and fans know that you’ll be back on the case in a few hours.
6 Tips to Plan for a Possible Attack
This incident has taught me some lessons as well. Here are six things to consider before a crisis, and ways to plan ahead.
1) Keep Contact Information Handy
I didn’t realize how much I rely on texting, email and Gchat until I was stuck searching for home phone numbers for our IT chief. Knowing “I have it somewhere…” is not quick enough in the moment of a crisis.
2) Realize the Die’s Likely Been Cast
No matter how quickly you remove any intrusive content, you should realize that someone has probably already tweeted a screengrab or uploaded your page to an archiving site such as Freze.it faster than you can say Command-Shift-3 or Alt-Print Screen. Once it’s on your site — no matter how briefly — it pretty much belongs to the web and there’s likely no pretending that it didn’t happen — as much as you might want that to be the case.
In the same vein, remember that technology can let you down. Normally on weekends, I turn on a feed to @NewsHour from our Rundown blog just in case I’m not able to get to a computer or cell phone if breaking news is posted. When new posts are found, it updates once an hour.
Even though I turned off this feed as soon as I could after the hack, the technology took over and a tweet with the Tupac story was sent from @NewsHour. As I was already in the middle of crisis control, it was a quick delete, but it does cause me to reconsider the use of RSS or Atom feeds at all for our Twitter accounts.
3) Watch Your Words
If you unwittingly made big news, you should assume that your tweets will be quoted. Out of the dozens of posts and articles mentioning our response in the past week, only three people contacted me directly for further comment. Instead, bloggers and reporters quoted tweets from my account and @NewsHour. Some did not include the context regarding other tweeters and the specific questions they asked. For example, this tweet in response to a long conversation was quoted here.
4) Make Friends
Make sure you know your fellow journalists on Twitter, especially those who report on your beat or specialty. They can become allies and also tip you off when something may have happened to your organization or beat. (The first tweet I saw was from a very tuned-in journalist, Anthony de Rosa.)
5) Have a Back-Up Plan
Don’t let your site going down stop you from creating content while you work to get everything back to normal. The news doesn’t stop. Neither should you. We used Tumblr, and PBS MediaShift used Facebook. Have something set up just in case. (Poynter’s Jeff Sonderman wrote in more detail about what to do if your site goes down or has significant troubles.)
6) Keep Perspective
Remember, things could almost always be worse. Hopefully in a few days this too shall pass. (Remember fake reports of Steve Jobs’ death? Dan Gillmor did). Fix as much as you can as fast as you can. Then make sure your organization rebounds smarter and stronger. Trust that your audience will understand your plight and hopefully admire your steady, straightforward approach to fixing a brief anomaly.
Teresa Gorman is the social media production assistant at “PBS NewsHour.” Before reaching NewsHour, Teresa spent time as a community journalist in upstate New York. She first caught the public media bug as an intern at NPR, and hasn’t looked back since. You can find her on Twitter @gteresa.
You can also take comfort in knowing that the LulzSec hackers that did this to you all got arrested and faced serious charges and pretty harsh sentences. lol