Click here to preview the new Fast Company

Want to try out the new

If you’d like to return to the previous design, click the yellow button on the lower left corner.

WikiLeaks Stalks Corporate America: How Companies Can Prepare

Julian Assange told Forbes he plans to publish a "treasure trove" of documents belonging to the private sector. We talked to crisis communications professionals about how companies should prepare.

The U.S. government so far has been WikiLeaks’ target of choice when it comes to dumping reams of confidential information out into the open. But that’s about to change. In an interview with Forbes published Monday, WikiLeaks mischief-maker-in-chief Julian Assange said at least half the treasure trove of documents the organization is sitting on belong to private corporations, and sometime early next year, it plans to do a megadump of materials belonging to one of the country’s leading banks. (Rumors are swirling that it’s Bank of America.)

All of which begs the question: Are American companies prepared for the hits coming their way? WikiLeaks’ revelations won’t stop with the yet unnamed bank. Assange told Forbes that not only does the organization have similar piles from pharmaceutical, financial, and tech companies, but that the number of documents being leaked to them is exploding "exponentially." That means private companies can no longer regard leaks on this scale as occasional aberrations happening to a handful of unlucky targets. In an age when any employee can walk out the door with gigabytes’ worth of data on a thumb drive, the likelihood that your company get hit one day just got that much larger.

Surveys, however, suggest that most companies are woefully unprepared for this new environment. According to a Harris Interactive poll, only 9% of companies have crisis protocols in place. Fast Company talked to several crisis communications experts to find out how corporations should get their houses in order before the onslaught begins. Here’s what they said:

WikiLeaks’ revelations will probably hit at companies’ reputations, rather than expose their confidential corporate information.

In the past, companies have focused on guarding competitive information, like strategy documents, and confidential customer information, like banking customers’ Social Security numbers. But those probably aren’t the kind of documents WikiLeaks will release, say experts who talked to Fast Company. The organization will more likely be focused on publishing embarrassing information than revealing trade secrets: "Baudy conversations that go on every day at companies all over the world," for example, says Edelman Executive Vice President and U.S. Director of Issues, Crisis, and Risk Management Harlan Loeb, like "those that involve trashing a competitor, saying in pretty graphic terms what they’re going to do." In other words, information that creates an "enormous reputational risk."

Assange himself has suggested as much. In the Forbes interview, Assange pointed to the notorious Enron emails that were released as part of an official probe as representative of what they planned to dispatch. "Yes, there will be some flagrant violations, unethical practices that will be revealed," he said, but "it’s also all the regular decision making that turns a blind eye to and supports unethical practices: the oversight that’s not done, the priorities of executives, how they think they’re fulfilling their own self-interest. The way they talk about it."

...but that’s just as dangerous.

Bank of America’s stock dropped 3% yesterday on the rumors that WikiLeaks had the company in its sights. Reputations have bottom-line impact. And in a world where leaking and publishing those documents is increasingly easy, reputations are all the more vulnerable. That means  companies need to think more expansively about where their reputational threats lie. Specifically, you should…

Identify your areas of risk.

Do employees regularly talk trash on internal emails? Do they describe in unsavory terms how they plan to destroy competitors or take advantage of customers? Do communications show executives encouraging bad behavior, or not taking strong action to dissuade it? And if those emails got out, would you be embarrassed? If so, you need to develop a plan for how you would explain that behavior—to the public, as well as to your customers, partners, and other stakeholders. Better yet, consider re-examining your corporate culture so that internal behavior is more aligned with your public image. What "happens in Vegas" (or in your corporate email system) no longer "stays in Vegas." It winds up on YouTube. Or worse. "Your values need not only be what you talk about but what you live out through your fingertips," said David Chamberlin, Senior Vice President and Director of Issues & Crisis Management, MSL New York.

And this applies to all companies, not just large ones that seem like they’d make tempting targets for WikiLeaks. "No matter what you make, sell or serve, your organization is a potential target for data theft that can place all your valuable relationships at risk," Chamberlin said.

Think apologies and reforms rather than blame and prosecution.

In the wake of the military and State Department leaks, some officials have talked about prosecuting Assange on national security grounds. But going on offense like that won’t work for a company if all the leaked documents do is reveal shady behavior. The public at large will be more focused on the wrongdoing than the manner in which the documents were obtained. Don’t blame, and don’t point fingers, said one expert who spoke on background. Be accountable and take action that demonstrates you’re addressing the problematic issues. Said Chamberlin: "Consumers will forgive mistakes, but they will rarely absolve an organization that doesn’t behave responsibly."

Monitor employee sentiment—they’re your most likely leakers.

Data security at corporations has historically focused on external threats—corporate espionage or hackers. But the folks at WikiLeaks aren't stealing the documents they're publishing. Other people have provided them to the organization. And many of those digital "whistleblowers" could be employees. Bradley Manning, who is suspected of leaking military documents, was a U.S. soldier, for example. Happy employees don’t leak documents, Loeb said. "WikiLeaks is the cathartic outlet for a disgruntled employee." Companies should make a point to periodically assess employee sentiment, Loeb said, and make genuine efforts to address points of concern.

Prepare, prepare, prepare.

The advent of WikiLeaks is going to force companies to "think about 'what if we’re next?'," Chamberlin said, and prepare for the worse. That means scenario planning, risk assessment, and developing action plans, just as you would for any other disaster. And that means making it a core operational function, not just an afterthought left to the PR department. "Managing your reputation is not about spin and is not a job to be left to public relations professionals," Chamberlin said. "It is a management function that must begin at the top."

Follow E.B. Boyd on Twitter.

[Image: Flickr user R_SH]

Add New Comment


  • Guy E. Shannon

    Companies and governments are just names, it's the poeple behind the names that enable corruption. Such people deserve to be exposed, just like any other individual who is executing corrupt activities that affect the welfare of others. Just take a look around your town at the retail inventory. Is this inventory held in ownership or is it financed (floored) by commercial loans and investors? I think very little is really owned any more, except by the banks who loan only digits in a book and can then take away your hard assets; while printing and keeping the money for many other things. We live in an interesting world where greed has been feeding upon itself for some time. Did the Great Depression ever end? I think not; it's just been manipulated to keep us afloat. Now the hole in the hull is just too big to plug. And the life jackets are few. No more women and children first; nope, it's every man for himself.  

  • Meteja Sosa

    I respect the work Assange is doing--SOMEONE needs to get the truth out there (as journalists used to)--but wow, talk about putting your head in the lion's mouth.

    Whomever is the subject of the corporate paper they're talking about in the article, perhaps the only solace they can take is that it is highly likely Assange will be in prison (for something or other), and WikiLeaks wiped clean from the hard drives of history by the time this material can be released.

    Either that, or this will be used as an inciting event to further ratchet down access to information (perhaps a partial repeal of the FOIA)? Look at how a couple lead paint incidents in toys gave rise to the some cases of salmonella in bagged salads gave rise to the FDA Food Safety Modernization Act (SB 510)...the WikiLeaks incident could easily be used to repeal part or all of the Freedom Of Information Act. Keep an eye on that.

  • Arjen Kamphuis

    What Clay said. Do not kill, do not steal, do not pollute, do not lie, do not cheat. It is not that difficult being an ethical company. Its apparently just a lot harder to make fast easy money that way. The Cluetrain Manifesto said it over a decade ago: treat humans as humans and not as fodder.

  • Earl of Worthington

    There is nothing to be afraid of if you have nothing to hide. It starts with operating a company like it is your family. If you consider your employees as part of your family, they would treat you the same as their family.

  • Ryan Gerding

    So much of the attention has been focused on the content of information that's leaked, and on what to do once it is leaked. From a business standpoint, it's critical that attention be paid to securing and protecting valuable data--who has access to it, how they have access to it, and what they do with it once they get access to it. Privilege Access Management both provides a deterrent, and in those instances where employees are still intent on making mischief, a means of helping law enforcement identify the source of a breach much faster.

  • Clay Forsberg

    The easiest way to prepare for a 'reputation leak' is to keep the leakable items at a minimum to start with. All companies will have their dirty laundry, but if a company makes it a policy, from the top down, to have integrity - the damage will be minimal. Look at Nike and the Chinese sweatshops. No longer an issue.

    When you look a Bank of America, you have a company that seems to be the antithesis of ethical. I need not reference details since I'm sure all reading this is well aware of their shenanigans. The pharmaceutical companies aren't much better. Can you say "the Canadians get the same drugs for a third of the price."

    The last thing people want is "after the fact spin." Apologize, promise change (as you indicated in your piece) and actually make some 'honest to goodness reform.' Everybody falls down, and just about everybody is given a second chance - Michael Vick case in point. But it's how you react when you're down and whether you blame someone else for your mishap ... now that's the solution.