toggle mobile navigation

4 Crisis Communication Lessons from Heartbleed

Posted by Taylor Radey on April 16, 2014

If you have online accounts, you’ve likely received an onslaught of communications about Heartbleed, a serious vulnerability in the popular OpenSSL cryptographic software library. The bug, which allows for the stealing of information normally protected by SSL/TLS encryption, was brought to light when almost simultaneously discovered by security firm Codenomicon (@CodenomiconLTD) and Google researcher Neel Mehta (@neelmehta).

(For more on Heartbleed, see the Codenomicon-created educational site and this CNET FAQ.)

But Heartbleed also offers important crisis communication lessons to marketers that are extremely applicable in a hyper-connected world where panic spreads like brush fire. Whatever the crisis, here's how to handle it.

Lesson 1: Time is of the Essence

Whether a security breach, product recall or other major concern, your reaction time is critical. Do not wait until the perfectly crafted response is complete or every piece of information has been gathered—act.

Evernote Heartbleed Blog Post

HubSpot's (@hubspot) 300-word post wasn't elaborate (and Evernote's was a mere 109—see above), but they got the job done. Both addressed the problem head-on, and gave customers clear and transparent insight into what the companies had learned, what they were doing to resolve the problem, and what steps (if any) recipients needed to take. 

Lesson 2: Cover All Your Bases

Consumers have an ever-widening array of channels to learn about and engage with your company. And when trouble occurs, they'll turn to all of them. Leave no stone unturned: Communicate on every outlet available to you. 

Cloud-based password manager LastPass (@LastPass) came out of this ordeal looking better than ever. The company sent an email to all its customers reassuring the security of LastPass and linking to a blog post with more information. 

LastPass Heartbleed Crisis Communication Email

The blog post gave more detailed information on the breach itself, and what it means for LastPass users. LastPass used its Twitter account to drive users to the blog post, and to communicate updates. 

LastPass Heartbleed Crisis Communication Tweet

But what really made LastPass stand out was the LastPass Heartbleed checker, a dedicated page that allows anyone—not just LastPass users—to enter a domain and see whether it was vulnerable to Heartbleed. It's this type of universal Youtility that cements customer loyalty and plants a seed in the minds of future prospects. Look for opportunities to turn a problem into an asset by providing unique value to those affected.

LastPass Heartbleed Checker

Lesson 3: Structure Messaging Strategically

When communicating with stakeholders, take a page out of the journalism handbook and think inverted pyramid. It's tempting to lead with apologies or assurance, but what people want is answers, and they want them now. Don't keep them guessing. 

  • First: Lead with the problem. Explain it as clearly and concisely as possible.
  • Next: How it impacts the audience specifically. What are the actual and potential ramifications?
  • Then: Next steps. What are you doing about it? What do they need to do about it? Where can they go to learn more? Again, be clear and actionable, offering additional resources if available.
  • Finally: Reassure them of your commitment to a resolution, and to them. Let them know who they can contact with questions or concerns. Humanizing your brand is important, but in order for it to be perceived as authentic, your words must be backed by action.  

HubSpot and Evernote (@evernote) both took this route, making the bottom line the title of their posts.  

HubSpot Heartbleed Blog Post Title

When the takeaways are more complex, learn from Mashable's (@mashableeasy-to-digest chart summarizing the impact on top websites. The more proactive you can be in answering readers' top questions, the more confident they'll be in your ability to handle the situation.  

Mashable Heartbleed Chart


Lesson 4: Update As Needed, and Be On-Call for Questions

As important as it is to address concerns early, it's equally important to follow up. Update consumers as information is announced or a resolution is found, and make team members available to respond to questions, concerns and even complaints. LastPass timestamped updates to its initial blog post, demonstrating ongoing effort to resolve any issues. Buffer's post (@buffer) included a list of helpful resources for users wanting to learn more, and encouraged users to tweet the company with any follow-up questions.    

Buffer Heartbleed Resources

Crisis communication strategy will and should be adapted based on the scenario, the severity and the audience it affects. But for marketers operating in an always-on world, one thing is certain: Every second counts.    

Who do you think did a good job of communicating the Heartbleed Bug? What do you think defines outstanding crisis communication? Let me know in the comments. 

comments powered by Disqus