Disinformation attacks are spreading. Here are 4 keys to protecting your company

“When left unaddressed,” writes Lisa Kaplan, “online disinformation creates offline impacts affecting reputations, employee safety, and financial bottom lines.”
“When left unaddressed,” writes Lisa Kaplan, “online disinformation creates offline impacts affecting reputations, employee safety, and financial bottom lines.”
DKosig— Getty Images

It will be months before we fully grasp the significance of two key events—the impact of disinformation leading to a violent insurrection culminating in an assault on the U.S. Capitol on Jan. 6, and the impact of the recent digital attack that breached SolarWinds Orion, a network-monitoring software widely used by U.S. government agencies and private-sector organizations. 

Those two events each spotlight the same dire problem: The networks that pushed disinformation about the pandemic and the election have demonstrated that the information they weaponize to reach users is not only effective, but deadly. Those same disinformation strategies have been turned against major brands and industries ranging from pharmaceutical companies to online retailers.

With confirmation that Russian hackers were behind the SolarWinds attack and that they gained unprecedented access to at least 425 of the Fortune 500, including the top 10 telecommunications companies, there will be seemingly endless stolen data that can either be made public or used to micro-target segments of the population with disinformation. While we may not have all the details, we do know that our adversaries are well-versed in how to steal our information to use it against us. And given speculation around the size and scope of the breach, they will likely have an arsenal of information to distort and deploy against us. 

This wasn’t the first time and won’t be the last that foreign-backed and criminal disinformation operations have targeted Americans. But while much of our national-level discussion has centered on the risk to elections, we must look at the disinformation ramifications of this national security incident through a broader lens. In 2021 and well into the future, major brands, especially those strongly associated with western democracies, will increasingly be a key target of disinformation campaigns, with the goal of destabilizing a company or our larger economy. 

Just one false claim alleging a company breach, or a conspiracy theory targeting a company’s practices—such as a single allegation that an employee was involved in the violent insurrection—can set off a chain reaction, making shareholders anxious and customers tense, and putting the brand’s reputation and bottom line in jeopardy. 

Organizations can no longer sit back and hope for the best. 

Having combated disinformation campaigns in both the public and private sector, I can tell you firsthand that the impacts of online disinformation—both short- and long-term—can be catastrophic. When left unaddressed, online disinformation creates offline impacts affecting reputations, employee safety, and financial bottom lines. 

To understand the gravity of this threat, just look to Wayfair, the U.S.-based furniture and home decor e-commerce company, which was recently the target of a viral conspiracy theory. Back in July, an anonymous QAnon conspiracy theorist falsely claimed that the company operated a vast child-trafficking operation in which it shipped and sold children in its industrial cabinets. As a result, the company took a reputational hit, QAnon followers attempted to short the stock, and Wayfair CEO Niraj Shah was personally targeted. 

Years earlier, the National Football League found itself at the center of a viral disinformation campaign during the “take a knee” movement, in which various players knelt during the playing of the national anthem to draw attention to police violence against Black people. Nefarious actors used the NFL’s and quarterback Colin Kaepernick’s brands to amplify the already heated rhetoric around the movement on both sides of the debate, employing social-media manipulation tactics in order to achieve their goal of a more polarized United States. 

As you’re reading this, pharmaceutical companies Pfizer, Moderna, and especially Johnson & Johnson are battling disinformation campaigns surrounding their COVID-19 vaccines. Rumors have been spread to sow doubt in the vaccines’ effectiveness and challenge the idea that they can be safely administered. (All three vaccines are, in fact, safe and effective, and should be taken if given the opportunity.)

No one has to face this challenge alone. We must stand together against the rising tide of false information that robs our citizens and businesses of truth and facts. Exchanging information and sharing lessons learned is essential. We must work collectively to stay ahead of this ever-growing threat.

Here’s what companies can and must do to prepare for and effectively combat targeted disinformation campaigns: 

Assess your vulnerability 

Companies must understand their vulnerabilities and the threat actors they are up against in order to form a data-driven strategy to detect and mitigate instances of disinformation and misinformation. Whether a brand is attacked by a nation-state because it’s viewed as closely aligned or representative of a country, or directly targeted by a competitor that has hired a for-profit disinformation actor, at the end of the day it’s your bottom line and customers to lose. 

However, knowing your vulnerabilities is half the battle. Having the data to understand how to enhance your brand awareness and directly address the threats against you will enable your organization to artfully play the game of digital chess the 21st century requires. 

Establish effective capabilities 

Disinformation and false claims spread through the digital universe in a matter of minutes, not months. Online, false information travels six times faster than the truth. The nature of disinformation is fundamentally different than traditional crisis communications or dealing with good old-fashioned lies on the Internet. You simply don’t have time to react; you need to use information that puts you in the driver’s seat.  

Companies need to invest resources beyond brand monitoring to understand the digital threats they’re up against when it comes to communicating online. False claims and conspiracy theories are increasingly found beyond the reaches of brand awareness platforms, which primarily rely on Twitter data. With more users now being removed from mainstream platforms for promoting violent and conspiratorial content, we’re seeing an even greater shift toward fringe platforms, from which disinformation can often leap to mainstream feeds. 

Companies must get ahead of the rumors, detecting them as soon as possible so that they can address the threat head-on through mitigation tactics ranging from legal to communications options, before it’s too late. If a company cannot do this internally, they should look to outside firms for assistance.  

Prepare your workforce

Disinformation fundamentally shifts the way that people think about you and your brand, impacting everyone at your organization—from your call center fielding inquiries from customers about false claims, to your C-suite trying to make decisions about which vendors may pose the greatest risk in your supply chain. Educating employees about the telltale signs of disinformation or misinformation, why it matters, and what to do about it will empower your organization to be more resilient in the face of targeted rumors, false claims, or conspiracies. It will also ensure that employees themselves are not unwilling participants in a nefarious operation.

Be prepared to act

While you might not be able to stop a disinformation campaign from targeting your company, you can mitigate the resulting damage through thorough preparation. Early, decisive action is critical to containing the threat, so companies must have a tried-and-true response plan in place so that when the false narratives start, you are in control. While there is no one-size-fits-all approach to effectively responding to disinformation your organization’s plan should cover: Who is involved in the response; what are the short-term, medium-term, and long-term goals for combating disinformation; and how will you respond and when? All of these decisions should be unique to each organization and its goals, as well as its appetite for risk and the organization’s threat landscape. 

These are all steps that companies can and should take. But the conversation shouldn’t stop there. In order to address the broader threat posed by disinformation, we also need to start talking about the structures that led to its proliferation and who should be held accountable for safeguarding those structures against disinformation.

Disinformation operators have their sights set on businesses. We’ve seen from the events at the Capitol how dangerous disinformation can be when left unchecked, and the threats it poses to physical safety, brands, reputations, and bottom lines. That’s why leaders should be prepared, not surprised. The availability of information that will inevitably be exploited by foreign governments and sold to criminals vis-à-vis the SolarWinds hack increases the vulnerability to disinformation for all of us.

Lisa Kaplan is the founder and CEO of Alethea Group, an associate of Argonne National Lab, and a fellow at the National Security Institute. Follow her on Twitter at @lisackaplan.

More opinion from Fortune: