What is Media Security?
About ten years ago I stumbled upon a website called Lemme Tweet That For You.
For someone with near-zero Photoshop skills, it was enormously handy for creating confidential internal digital strategy presentations. At the time, I was in corporate communications at HP working with our legal and investor relations teams on how to break market-moving news on Twitter and Stocktwits in a compliant way. Easily mocking up “real tweets” helped a lot.
The implications of the ability to create internet-scale confusion with zero production or technical skills seemed profound to me. Some in the media picked up on this around the same time.
The problem is such a complex one that even explaining it clearly for clients has taken more than a little ingenuity, humility, and collaboration.
Based on our experience dealing with mis- and disinformation across sectors like health, technology, CPG, and government, we believe the unique mix of skills and capabilities required to address them demands a new name: Media Security.
As part of Weber Shandwick’s public launch of our Media Security Center, we’re sharing our definition of the concept here.
What is media security?
Media security is the practice of protecting the reputation or brand image of an organization, group, or individual from attacks that use content and influence through any form of media (digital, social, broadcast, and beyond) to inflict harm.
Effective media security practices also help prepare and launch communications campaigns — particularly ones that reflect the values of a company or brand — or take a position on political, social, or human rights issues.
How is media security different from cybersecurity?
Cybersecurity is commonly defined as the practice of protecting critical systems and sensitive information from digital attacks. Common goals of these attacks conducted on companies include accessing sensitive or proprietary information, extracting ransom, or disrupting business operations.
Information security is another related term that is a subset of cybersecurity and refers specifically to processes designed to safeguard data.
Media security is closely related to cybersecurity, especially when cyberattacks become public and harm reputation or brand. Preparing for cybersecurity events, publicly disclosing them, and managing the subsequent media narrative are among the most important functions of modern corporate communications.
So while cybersecurity is primarily focused on securing technology infrastructure, media security is primarily focused on securing reputation and brand.
How is media security different from brand safety or media responsibility?
Brand safety refers to the practice of ensuring that advertising is not placed with content that is objectionable or inappropriate. An example would be a 15-second pre-roll ad that is placed before a user-uploaded video of pirated content. Or an ad placed in content that violates the terms of service of the video-sharing service that sold the ad space.
Media responsibility goes one step further and refers to the practice of evaluating the media channels used for advertising — particularly social media platforms — to ensure those channels do not contribute to societal harm by, for example, failing to moderate hate speech or inadequately protect the welfare of minors using the platform.
So, brand safety and media responsibility are focused on helping organizations make decisions about where to place advertising messages. Media security is focused on protecting reputation or brand image from attacks that use content and influence through digital or broadcast media to inflict harm on an organization, group, or individual.
What types of harm does the practice of media security protect against?
When confronted with a report detailing angry social media posts — or the potential to provoke one by launching a bold new brand campaign or ESG initiative — one of the first questions a decision-maker will ask when evaluating whether to respond is: “Will this activity impact my sales?”
While near-term sales impact is a top criterion for weighing a response, disinformation campaigns, bad-faith narratives and other forms of media-based attacks can inflict harm across many other dimensions that must be considered when crafting a strategy to address them. For example:
· Employee morale and sentiment (“I wish my company had/hadn’t spoken out about that.”)
· Focus, bandwidth, attention of directly affected employees (“The whole brand team and our CEO were consumed by the issue for weeks.”)
· Partner and customer perception (“Even though this creative idea aligns with our brand values, it could hurt our relationship with a key supplier because they hold a conflicting point of view.”)
· Government relations (“Our team in Brussels recommends we share the company POV on this legislation publicly, even though it may upset certain domestic political parties or foreign governments.”)
· Precedent (“We’ve never commented publicly on an issue like this before; if we do now, how will that change our communications strategy when confronted with similar issues in the future?”)
· Brand equity and long-term growth strategy (“Our continued support for this cause has resulted in largely negative social media sentiment, but it is improving our brand favorability and corporate reputation among key growth audiences.”)
· Physical or psychological safety (“The home addresses of our CEO and some members of our Board of Directors have been shared on an anonymous message board.”)
· Stock valuation and investor relations.
How is media security practiced? What are some key tactics or processes?
The practice of media security builds on and integrates tools and tactics used by crisis communications specialists, data scientists, digital media strategists, and cybersecurity experts.
Above all, it is informed by a future-facing, anticipatory mindset focused on preparedness.
Example practices include:
· Preparation: A holistic strategic planning process includes auditing response protocols and benchmarking the media environment, scenario planning, and red teaming — and conducting “live fire” simulations to build confidence in response protocols.
· Policy development & education: Establishing the processes, protocols, and ethical guidelines your organization follows when addressing these issues (as a function of ESG) and educating employees on these new policies.
· Governance: Breaking down silos, defining the relevant decision-making bodies within the organization, and establishing processes for effective coordination and collaboration.
· Detection and measurement: Deploying advanced analytical tools that can automate identification of inauthentic activity, malign groups of users, influential network relationships, and harmful narratives.
· Communications strategy: Applying insights, preparation tactics, and executive alignment to choose what to say, where to say it, and when.
Lemme Tweet That For You is no longer online, but there are plenty of substitutes now, and of course the domain of artificially created content has advanced dramatically in just a few years’ time.
For better (or mostly worse), it’s all now part of the modern communications playbook, and incumbent on industry leaders to take the time to understand it.
Intrigued by our Medium content? Please clap, highlight or share with others.
