What Can Banks and All Companies Learn from Apple’s Latest Glitch?0 February 22, 2019 at 9:31 am by Steven Minsky
Even a $1 trillion company cannot hide in the See-Through Economy. After a fourteen-year-old boy discovered a serious bug in Apple’s group FaceTime feature, his mother e-mailed, faxed, and tweeted the report to Apple. However, it wasn’t until after her tweet went viral that the bug was disabled. How could Apple have responded more efficiently and avoided this reputational risk?
Most Apple users are familiar with FaceTime, Apple’s video chatting software. The feature had recently been upgraded, so that users could loop multiple people into a group FaceTime. However, the feature has been disabled as a result of a major glitch discovered a few weeks ago by fourteen-year-old Grant Thompson. The serious privacy flaw could force a user’s device to pick-up an incoming group FaceTime even if they declined the call. The bug even enabled access to the recipient’s camera if they interacted with their device’s hardware.
Upon discovering the significant security and privacy flaw, Thompson’s mother immediately e-mailed a bug report and video to Apple on their support site. She also called and tweeted at CEO Tim Cook and even faxed a letter using her law firm’s letterhead. Despite her efforts, after several weeks the incident report had still not been processed. Thompson didn’t hear back from Apple until after national media outlets broke the news about the FaceTime glitch and traced the report back to her original tweets. Ms. Thompson’s tweet on the other hand, was escalated to the public, instantly. This is an example of the See-Through Economy at work, which encapsulates the shift towards transparency and accountability brought on by social media and technology. Before Apple could formally acknowledge the issue, the public had been made well-aware that their privacy was at risk.
Reputational Risk in a See-Through Economy
When there is not a clear path of communication to the company, consumers are empowered by social media to voice their issues. Because an enterprise-wide risk management process was not in place, Apple could not respond and resolve the issue before Ms. Thompson’s tweet went viral on twitter. As a result, the glitch not only exposed Apple to major privacy violation risks, but also to reputational risk.
Companies can no longer effectively manage reputational risk after the fact, so they must take a proactive risk-based approach to ensure the risk does not occur in the first place. Customer-facing incident management software is essential to handling corporate mishaps. With connected incident management tools, organizations can immediately resolve issues through an efficient workflow that directs the incident to the appropriate parties.
Difficulties in the reporting process prevented the issue from being resolved sooner. Although the tech giant has a bug reporting channel, it is available only to designated specialists in the tech or security field. Given there was no public-facing channel for users to report security and privacy issues, Ms. Thompson used traditional methods including calling their support line, faxing, and tweeting. Unfortunately, the support line she reached was for traditional product support, which was not prepared for escalating security and privacy issues. Once her tweet went viral, Apple’s social media team was able to escalate the issue to the appropriate people; however, the bug publicly demonstrated Apple’s slow response and lack of escalation process.
Businesses Need to Revamp Customer-Facing Incident Management
Apple is not the only corporation who has struggled with implementing customer-facing incident management. As a result of the change in “Know Your Customer” laws, it has been a challenge for financial institutions to execute anti-money laundering regulations properly. Citibank recently rolled out a compliance program designed to protect customers and the company from illegal financial activity. However, what was initially designed as a program intended to catch terrorists has left multiple innocent customers with frozen bank accounts and zero notice. Without a customer-facing website to escalate issues, the remediation process is time-consuming with significant barriers to reach the appropriate employees.
Citibank is not unlike other banks, financial institutions, and most companies. While many have internal whistle-blower hotlines to report misdeeds, very few companies have reporting channels accessible to customers. Surprisingly, many financial institutions even require physical mail as a part of their complaint reporting process. These channels primarily serve as a means for customers to feel “their voices have been heard”. Often times, financial institutions do not have the management processes to identify and filter risk, fraud and misdeed reported from outside the organization. As a result, the resolution process is ineffective and complaints are typically aggregated over time serving no real purpose over than for process improvement.
With effective enterprise risk management in place, customer responses for a variety of issues can follow a clear and cost-effective path to resolution. Customer-facing incident management offers customers easily-accessible channels to escalate their incident reports. In the See-Through economy, risk transcends every industry. Regardless of what the incident is, be it a major software bug or innocent customers’ bank accounts being inadvertently frozen, incident management and reporting are essential components of effective risk management.
Take the Steps to Improve Your Incident Management Program:
Without effective incident management tools, incident reporting can be a large source of liability. Having a disconnected reporting process is not only a disservice to the customers, but can negatively impact the company as well with exposure for negligence.
With the help of an enterprise risk management system, you can stay ahead of the curve in the event of an incident. With incident reporting software, you can give customers an outlet to easily submit issues that are immediately forwarded through a remediation workflow. While social media will still be at customers’ finger tips, you can ensure they are satisfied with a seamless and efficient resolution process. Incident management software will also give you a better understanding of why, when, and where incidents are happening, so you can prevent them from recurring in the future. Implementing the following pointers will help to improve your incident management program, so you can avoid ending up like the aforementioned companies.
- Front-line reporting: Empower customers and employees to submit incidents in customized forms that collect all the information your organization will need to engage the appropriate business units in the resolution process.
- Automate Workflows: Design a workflow for each incident to get it routed to the right people across business silos to resolve it efficiently and cost-effectively.
- Centralize Incidents: With all departments in one system, they can easily communicate with one another about issues that arise and work towards a solution.
- Generate Reports: With all of your incident information in one place, you’ll be able to uncover trends within your data. Then, implement controls to prevent future incidents.
Download our Incident Management eBook
Check out our complimentary eBook, “How to Take a Risk-Based Approach to Incident Management,” for more information on how to resolve issues and engage the right people in the right amount of time.
About the Author: Steven Minsky
Steven is a recognized thought leader in ERM, CEO of LogicManager, and co-author of the RIMS Risk Maturity Model. Follow him on Twitter at @SteveMinsky
This article was originally published on LogicManager.com
Note: By submitting your comments you acknowledge that insBlogs has the right to reproduce, broadcast and publicize those comments or any part thereof in any manner whatsoever. Please note that due to the volume of e-mails we receive, not all comments will be published and those that are published will not be edited. However, all will be carefully read, considered and appreciated.