Angie McKaig - E-Business Consultant and Entrepreneur
followups: crisis management2010.02.26
Yesterday I took blogTO to task on their handling of a major crisis: their site had been hacked several weeks ago and started distributing virii to their readers. Not only did they botch the handling of that period but going forward, their handling wasn't much better.
(If you're just starting into this conversation and want to follow along at blogTO, please do yourself a favour. For the time being, please disable all JavaScript, Flash, and Java code from executing in your browser BEFORE visiting the web site. If you don't know how to do this, I'd strongly suggest avoiding the web site until it's clear that they have sustainably removed the threat.)
After some back-and-forth on Twitter, and also in my blog post, the owner of blogTO invited me to call him to discuss further. Which I did. We spoke for over a half an hour about the issue and, while I could see that some of these points were hard for him to consider, he was giving them their due.
Getting stuck into plodding, slow-response (I'd almost deem "corporate") thinking needn't be permanent.
The one thing the owner DID do was listen, as hard as it was for him to do. He thanked me for my time and my passion, and posted an update on the web site asking others if they, too, had had a problem.
By this morning there were over twenty responses, many of them echoing what we'd already heard. I followed up with a comment of my own asking what the company intended to do differently this time?
Within an hour, the web site was taken down (finally!) while the company investigated this problem, and remains down as of this writing.
What's important to take away here is that while it took in my opinion FAR more effort on the part of their users to get the company to listen, they did, in fact, listen. They were far more transparent and responsive than they had been up until this point.
And that's a shift in the right direction. Crisis management can be learned.
All Tim said was that the web site was scanned and that nothing was found on their servers; hence, he believed it was a cache issue. I'm not certain whether he consulted with their security consultants about the new reports or not.
I *did* ask him directly whether it mattered whether or not it was coming from a user's cache of BlogTO or from the server - it was still on their computers, caused by blogTO, and therein lies the problem, the culpability, and the responsibility of the web site owners to help their users through this. *They* need to be the experts here - and if they don't have that expertise in house, they need to make sure they find another way to get the information their users need disseminated to them.
Frankly, my largest concern is that large number of people who did NOT get a virus warning. Everyone seems to be mostly concerned with those who did - but honestly, my concern is with those who either a) did not have antivirus installed or b) whose antivirus didn't even *catch* the problem but instead let it sail on into the system. You've got to assume that's a significant portion of people affected, as well.
That's why it's so critical for blogTO to step up with clear written instructions on WHAT the threats actually are (what viruses are they? what do they do? - so that folks can gauge their risk levels), HOW to check to see if you have been infected, and WHERE to go from there if you have indeed been infected.
That's responsible leadership for ANY web business.
IMO. :)
Thanks for your comments, John.
My irritation with the most recent incident is that no word was said for two days despite people reporting malware alerts, and then when it was, it was stated that the site was clean and it was a cache issue. When the site was found not to be clean, that post was left up until today, so anybody who didn't venture into the comments would still think that there was nothing to worry about. Meanwhile, people were reporting malware alerts and attempted downloads right and left. And the site remained up. (That "Are you seeing virus warnings?" article has now been removed, along with the comments outlining what people were dealing with.) It was almost off the front page anyway.
The original warning post, following at least two weeks of infection, was off the front page within a few hours and then was invisibly relegated to the obscure "site announcement" button. Any user who didn't visit during that day likely didn't even see it, and I'm sure many, many people who were infected still have no idea it came from blogTO. Or what to do about it once infected. Or that they may have been reinfected over the last couple of days.
The fact that they had this problem is not what is infuriating people; it's that they knowingly continued to allow their readers to get infected for a huge chunk of time. Twice. And even after presumably learning their lesson the first time, the site stayed up again for two days after people were reporting reinfection.
The perception to blogTO's readers, which may differ from reality, is that page/ad views were more important to preserve while they worked on this problem in the background.
A new explanation just went up, and while they mention a "breach" and that the site was "not as secure as it should be," what they're NOT telling people clearly is that the blogTO dangerously infected a lot of people's computers. To those who haven't been following it, or to those who aren't tech savvy (probably a massive part of the readership), it's (intentionally?) downplaying the severity of the threat.
Marc, I hear you, and agree. I do hope we'll see more from Tim in the upcoming hours that provides a better explanation.
I *do* believe that one of the biggest problems here is communication. Tim nor his editors seem well schooled in how best to speak to their readership about this, how to make their readership feel best about the situation, how to address concerns and how to provide the information in a clear and easy to read format that their users really need.
Nor do they seem to have someone as well schooled in the customer experience - both from a design and obviously from this experience an interaction point of view.
Both of these things are necessary to pull blogTO out of the hot water it finds itself in, as well as a good dose of understanding their responsibilities to their readers long term.
And, you know, possibly someone on staff who has a clue about technology and security. :)
This is a painful learning experience for them, I guarantee you. We'll have to wait and see if they actually learn enough from this experience to satisfy the needs of their readers.
Thanks for your comments and concerns everyone. We are trying our best and although that's clearly not good enough (both in our estimation and yours) it's unfortunately the situation we find ourselves in. We have no full time web development or security staff so unfortunately we're slower to respond sometimes than we'd like. And as Angie mentioned neither the editorial team, any of the site's contributors nor I are experts when it comes to web security so we are relying on the advice and guidance of others when assessing the situation and responding with technical fixes.
What kind of virus is it?
This is the 2nd time my laptop is not working now.
Angie were you able to get any information on how Tim came to the conclusion that is was our cache and not his website that was the problem during your conversation? All I read was that the site was "scanned" and no problem was found which is pretty vague. I'll admit to being a little naive when it comes to website security, but I'll assume Google knows a little bit about it and they had no problem finding issues on blogTO.
http://safebrowsing.clients.google.com/safebrowsing/diagnostic?site=blogto.com/
I'm a little less diplomatic and a little more annoyed now with the knowledge that it takes at least two days to believe people when they tell you your website is a security risk. Clearly the preventative measures blogTO employs is not working.
Thanks for writing about the issue and helping Tim out, hopefully Tim can get it together and fix his great site permanently.