UBER
C R I S I S C O M M U N I C A T I O N S P L A N
KatherineVirden
April27,2016|GEORGETOWNUNIVERSITY
Virden 2
TableofContentsAboutUber…………………………………………………………………………………………………………………………...3ACrisisDefined……………………………………………………………………………………………………………………..3PreparationMindset………………………………………………………………………………………………………………4Structure………………………………………………………………………………………………………………………….......5RapidResponseTeam……………………………………………………………………………………………………………6CurrentRegulationsinPlace………………………………………………………………………………………………….8PotentialCrises………………………………………………………………………………………………………………………8Crisis#1…………………………………………………………………………………………………………………………………8
- Background………………………………………………………………………………………………………………..8- Uber’sResponse…………………………………………………………………………………………………………9- Recommendations……………………………………………………………………………………………………..9
Crisis#2……………………………………………………………………………………………………………………………….10
- Background………………………………………………………………………………………………………………10- Uber’sResponse……………………………………………………………………………………………………….11- Recommendations……………………………………………………………………………………………………11
Crisis#3……………………………………………………………………………………………………………………………….12
- Background………………………………………………………………………………………………………………12- Uber’sResponse……………………………………………………………………………………………………….13- Recommendations……………………………………………………………………………………………………14
Conclusion……………………………………………………………………………………………………………………………14AppendixA………………………………………………………………………………………………………………………….15AppendixB………………………………………………………………………………………………………………………….16AppendixC…………………………………………………………………………………………………………………………..18AppendixD………………………………………………………………………………………………………………………….19
Virden 3
AboutUber: Establishedasthedominantplayerintheridesharingmarket,UberTechnologiesInc.isanAmericaninternationaltransportationnetworkcompanyheadquarteredinSanFrancisco.Itdevelops,marketsandoperatestheUbermobileapp,whichallowsconsumerstosubmitatriprequestwhichisthenroutedtosharingeconomydrivers.AsofApril2016,theservicewasavailablein60countriesand404citiesworldwide,andsinceitslaunch,severalothercompanieshaveemulateditsbusinessmodel,atrendthathascometobereferredtoas“Uberification.”ItisestimatedthatUbergenerated10billiondollarsinrevenueattheendof2015.
SinceUberisestablishingallofthe“firsts”fortherideshareindustry,itisbothahugeopportunityforthecorporation,butwhenacrisishits,Uberisthefirsttobeblamedorreferencedevenifthebrandisnotinvolved.Evenwhenaconsumeropenstheirphonetocontactarideshareoption,whetherit’sUberornot,itisnotuncommontoreferenceallcompaniesas,“takinganUber”becauseUberisthebiggestandmostfamoussuccessfulglobalridesharingservice.EvenjustdoingaquickGoogleNewswithrecentarticlessearchpullsupswarmsofnegativemediastoriesaboutUberasitdealswithcrisesonadailybasis.ACrisisDefined:
Astheworldleaderintherideshareindustry,eventheinternalstructureofUberTechnologiesInc.doesnothaveamodeltofolloworsetthestandard.Everythingisbeingdoneforthefirsttime,whichmeansUberhasahighturnoverrateforinternalstaffmemberswhomaynotknowifthey’llhaveajobinamonthanditisararityifprojectslastmorethantwoweeks.Withanenvironmentlikethis,itcanfeellikethecompanyisinahigh-stresscrisisatalltimes,whichisunsustainableforstaff.ItiscriticalthatallUberstaffmembersunderstandthedifferencebetweenanissueandcrisistobereadyforeachinstanceandnotwasteenergyorstressaboutissuesthatdonotmatterwhenaninevitablecrisisislurkingrightaroundthecorner.
ThedefinitionofacrisisisitisanyunpredictableeventthathasthepotentialtonegativelyimpactUber’sbusiness,relationshipandreputationwithstakeholders,corporatepartners,employees,customersandthecommunity.Crisesareinevitablethesedays,especiallywithhowfastinformationtravelsaroundtheworld,butevenmoresoforUberbecauseitispavingthewayforridesharecompaniesandtheservice-basedtechnologyindustry.Criseswillnothappeneveryday,butissueswill,andsomeofthecharacteristicsofanissueincludethatmediadoesnotreportonthetopicinhighvolumes,itcanberesolvedin-house,Uberstockswillseelittletonoimpactortheissueaffectsindividualsonalocalorregionalscale.
ThebiggestdifferencebetweenacrisisandissueisthatacrisisaffectsUber’sbottomline,stocks,orabilitytoconductbusiness.However,ifanissueisnotdealtwith,ithasthepotentialtoblowupintoacrisis.Oftenissuesmaypresentthemselvesinchatroomsorforumsandifignoredfortoolong,canturnintoacrisis.Forinstance,beforethelawsuitinAnnHarbor,MichiganthatclaimsUberkeepsallthetipsdriversearnlikelybeganinacomplaintboxonanUbersiteandgraduallygainedtraction.Whenenoughvoiceschimedinaboutthe
Virden 4
allegedunfairpractice,alawsuitaswellasquestionsaboutUber’sreputationandhowittreatsdriverswerebroughttotheforefrontinacrisis.PreparationMindset:
Itisimpossibletopredictyournextcrisis,buteffectivepreparationandtherightcross-functionalteamcanhelpmitigateitsimpactonUber’sreputationandbottomline,anditiscriticaltohaveaplaninplacetobereadyforthenextonetostrike.First,itisimportanttoanalyzeandprioritizecertaintypesofcrisesanddevelopbenchmarkandevaluationtoolslikedata-drivenfiltersandriskassessmentstoensurethefirststatementmadebyUberwhenacrisisbeginsisthought-throughandwillmitigatethedamagethathasalreadybeendoneversusmakingitworse,whichiswhatusuallyhappens.Uberissettingthestandardfortherideshareindustryandshouldshowcasehoweffectivelyandswiftlyitisabletoreacttoacrisis.Itisnecessarytoidentifydifferenttypesofcrisesandthelevelsofextremity.
ThefirstandworstlevelisCODERED,whichiswhenUberiscaughtcompletelyoffguardwiththecrisis.TheKalamazoo,MichiganUberdriverthatkilledsixpeoplewhilecollectingUberfaresisanexampleofthisandthereismoreinformationaboutthisspecificcaseintheplan.ThesecondlevelisCODEORANGE,whichiswhenthecrisisgainstractionandlosesitinasimilarpatterntoawave.ThebackgroundcheckslawsuitinCaliforniaisanexampleofthisbecausesecurityisalreadyahighlycontentiousissuesoeverytime“Uber”and“backgroundchecks”areinthesamesentenceorarticleinthenewsmedia,thecrisisblowsupagainandUberisonceagainunderfire.ThelastlevelofacrisisisCODEYELLOW,whichisacrisisthatUbershouldhaveseencoming.Forinstance,theAnnHarbor,MichiganlawsuitaboutunfairUberpracticesthatincludewithholdingtipsfromdriversandtheinabilitytounionizehasbeenanegativeheadlinetiedtotheridesharecompanyforyears.Itshouldcomeasnosurprisethatthereisalawsuitwithonlytwoplaintiffsnow,butwiththepotentialtoexponentiallygrow.ItisCODEYELLOWarecrisesthatoftenstartasissues.
WhenUberfacesacrisis,itiscriticaltostayaheadofthenegativeconversationsswirlingintheinterwebsabouttherideshare.Ubermustplanandprepareforcrisesbyfollowingthesefivesteps:
1. AssesstheSituation
a. Useanincidentassessmentguidetogatherrelevantinformation.TheIncidentAssessmentGuideisfoundinAppendixA.
2. ConvenetheRapidResponseTeama. Theteamisdescribedinmoredetailbelow.SinceUberdoesnothavean
effectivecrisiscommunicationsteaminplace,forallcrises,itisimportanttoemployallpeoplenomattertheissueissocialmediarelatedorhastodowiththemurdersofsixpeople.
3. EstablishResponseStrategya. Determinethemessagingcontentforstakeholders,internalstaff,customers
andemployees.4. PreparetoCommunicate
Virden 5
a. BrieftherightexecutivesandmakesurethespokesmanorwomanisaneffectivepublicspeakerbecauseeveryoneiswatchingtoseewhatUberdoes.
5. MonitorandAnalyzea. Monitoringandanalyzingthedataiscriticaltosuccessfullysurvivingacrisis.
TheUbercrisisteamwoulddowelltohaveteamsofpeoplemonitoringconversationsaboutUberonallsocialmediaplatformsandanalyzingthedatausingGoogletomakesurethemessagesUberdeploysduringacrisisarerelevantandtargetthecorrectaudiences.
CODEREDWORSTCRISISLEVEL
Majordestabilizingeventwithhighriskofbrand/reputational
impact
CODEORANGECRISIS
Moderatelydisruptiveeventswithlimitedriskof
brand/reputationalimpact.
CODEYELLOWISSUE/CRISIS
Minor/Containedeventsorconflictswithnosignificant
brand/reputationalimpact,butimportanttoaddress.
FULLTEAMENGAGED:YesACTIVATIONTIME:ImmediateASSEMBLYMETHOD:ImmediatemeetinginConferenceRoomQorConferenceCall563-999-2090Accesscode:664-674
FULLTEAMENGAGED:YesACTIVATIONTIME:4hoursASSEMBLYMETHOD:Scheduledmeeting
FULLTEAMENGAGED:Forthetimebeing,yes.Revaluatethis9/23/16.ACTIVATIONTIME:AsappropriateASSEMBLYMETHOD:Scheduledmeeting
Structure:
ThestructureofUberTechnologiesInc.isunlikemanybusinessesintheworld.Asidefromthefounder,allstaffmembersaremillennialsthatarebright-eyedandbushy-tailedtobeonthecuttingedgeofnewtechnology.TheheadquartersisinSanFrancisco,buteverystateofficerunsasitsowncorporationandcanmakedecisionswithoutalertingtheSanFranciscoofficeandCEO.Sincethisisthecurrentstructure,arecommendationwouldbetohaveaRapidResponseTeam,rolesandpositiontitlesdescribedinthenextsection,ateverystateofficebecausewithessentiallyautonomouspowerintheseoffices,theyallneedtobereadyforacrisis.CertainlythisisimportantforstateslikeMichiganandCaliforniawheremanyoftherecentnewsandlawsuitshavestemmedfrom,buteachstatethathasanUberofficemusthaveaRapidResponseTeamreadytotakecontrolwhenthenextcrisishappens.ThoughtherearemultipleofficesaroundAmericaandtheworld,theyallworkforonecompanywithonereputationthatmustbeprotectedinthisdigitalagewhereacrisiscanstartanywhereatanytimeandspreadrapidly.
Thestructureofthecrisisresponseplanwillbelaidoutinthefollowingformat:firstisthedescriptionoftheRapidResponseTeam,orthefivepeoplewhowillbeonthegroundandreadyforthenextcrisistohitUber.ThentheplanwillgoovercurrentinternalregulationsatUberaswellasfederalregulationsthathavebeenmadeinrecentyearstocatchupwithUber
Virden 6
asitisawildlysuccessfulridesharecompanythathasexpandedalloverNorthAmericaandtheworld.FollowingthatisadescriptionofthreecrisesthatUberhasfaced,continuestofaceandmayfaceinthefuture.ThespecificcasesincludethetragiccasewhereanUberdriverinKalamazoo,Michigankilledsixinnocentpeoplewhilecollectingfares;thelawsuitforincorrectlylabelingthebackgroundchecksystemUberhasinplaceinlargeCaliforniacitiesisanotherbecausetheissueofbackgroundchecksandtheirvaliditywillnotbegoingawayanytimesoon.Thelastcasetolookatistheinstanceofcyberwarfare,liketherecenthackingthattookplaceatSnapchat.Uber’ssuccessdependsonthestructureandsafetyofitsappthatholdsthefinancialinformation,locationdataandpersonalcontactinformationofmillionsofpassengersanddriversaroundtheworld.Theplanwillexplorethesecurrentandpotentialcrisestodeterminethenextbestcourseofaction.RapidResponseTeam:
TheTeamofUberemployeesandleadershipthatwillbeemployedimmediatelyafterthediscoveryofacrisis.Theteamwillpracticecrisisdrillsonabi-monthlybasisbecausetheinternalstructureofUberchangesweekly.Itisimportantfortheteamtobeuptospeedonrolesandreadytotackleanychallengesthattherideshareservicemayfaceatanygiventimebecauseitisthemarketleaderandsettingthestagefortherestoftheindustry.Thelistofteammembersisinnoparticularorderbecauseatthetimeofacrisis,theyareallonequalplayingfieldwithonemission:toprotecttheUberbrandreputationandimpactthebottomlineaslittleaspossible.TheRapidResponseTeamneedstothinkofitselfasjustthat,ateam.
Duringacrisissituation,emotions,tempersandstresslevelsarehigh,butwithcontinuouspractice,understandingofindividualrolesandthegoaltopreserveUberasthego-torideshareserviceforcustomersaroundtheworld,theteamwillbeabletoworkeffectivelyandswiftly,whichisimperativeinadigitalage.Informationmovesinsecondsandit’scriticalthattheUberRapidResponseTeammovesfaster.Therolesarefirstlistedoutwithabriefdescriptionofthepositionontheteamandshownbelowinagraphicforvisualimpact.ThecircleshowsthatallmembersoftheUberRapidResponseTeamfeedintooneanotheranddependononeanother’ssuccessandexpertiseknowledgeintheirrespectivefieldstowadethroughanycrisis.ItisimportanttorememberthisstructurewhilereadingthroughthepotentialcrisesUberhasfacedandmayexperienceinthefuturetoprovideaframework.
- PublicRelationsDirector:TheUberPRdirectorshouldbeconstantlymonitoringpotentialissuesanddevelopingresponsetemplatesforscenariosbefore,duringandafteracrisis.Whenacrisisarises,thePRdirectorisresponsibleforcraftingstatements,mediaoutreachfieldingcalls,overseeingpressreleasesandpreppingothersforinterviewstoensurebrandconsistencyandunity.
- GeneralCounsel:InacrisissituationUberwillneedoutsideassistancesotheUberLegalRepresentativewillprovidecriticalinputonminimizingriskandmaintainsanactiveroleinreviewingmessagesandprovidinganalysisandadvice.ItistheLegalRepresentative’sjobtounderstandandnavigateimportantlegalnuancesthatotherfieldstaffanddepartmentsmayoverlook.
Virden 7
- ProductManager:TheUberProductManagerisresponsibleforanytechnicalorsafetyissuesthatmayarisewithintheUberfieldappthatisusedbyconsumersworldwide.Thisteammemberwillprovideinsightintotheimpactontheapplicationandaresolutionplantoensurethecrisisisclearlyandaccuratelyarticulatedtocustomersandthemedia.
- InformationSecurityOfficer:ThisroleiscriticalbecausetheUberbusinessmodeldependsonthesecurityandprotectionofitsdriversandconsumer’spersonalandfinancialinformation.TheITSecurityOfficerprovidesvisibilityandinsightintothenatureofacyber-attackorinstancesofunauthorizedaccessandsecuritythreats.
- InvestorRelationsChief:Thisteammemberisresponsiblefordiscerningandcommunicatingthefinancialeffectsofacrisistoshareholdersandotherinvestors.TheyarealsotaskedwithbalancinginvestorconcernsandUber’sreputationduringacrisisbybeinghonestabouttheimpactonthecompanyfinances,evenifitcausesapprehensionforshareholders.
Alsoworthnoting,isthatstemmingoffofthesecriticalpositionsincludesmorebackupforeachteammember.However,intheeventofacrisis,itisthesefivepeoplethatneedtobereadytohitthegroundrunningatamoment’snotice.ThePRDirectorcantapintotheothercommunicationsstafftoestablisheffectivemediamonitoringtotracktheconversationonthemedia,chatrooms,forumsandsocialplatformstomakesurethemessagingsentoutbyUberisrelevant.Similarly,GeneralCounselcanseekhelpfromitsadditionallawyerstodeveloppolicyunderstandingandlegalese.Eachofthesefivemembershaveotherstafftotapintotocontroltheconversationaboutthecrisis,butwhenthecrisisisfirstidentified,itisthisRapidResponseTeam,showcasedinthegraphicbelow,thatmustworktogether.
Crisis
PublicRelationsDirector
GeneralCounsel
ProductManager
InformationSecurityOfficer
InvestorRelationsLeader
Virden 8
CurrentRegulationsinPlace:TobecomeanUberdriver,applicantsmustprovidetheirphonenumbers,social
securitynumbers,e-mails,address,proofofcarinsurance,andvehicleregistration.UberusesCheckr,acompanythatperformsbackgroundchecksusinglocalandfederaldata.Unliketaxicompanies,Uberdoesnotrequirepotentialdriverstoprovidefingerprints,whichcanallowbackgroundcheckslinkedtodatabasesfromtheDepartmentofJusticeandtheFederalBureauofInvestigation.
PotentialCrises:SinceUberisestablishingallofthe“firsts”fortherideshareindustry,itisbothahuge
opportunityforthecorporation,butwhenacrisishits,Uberisthefirsttobeblamedorreferencedevenifthebrandisnotinvolved.Evenwhenaconsumeropenstheirphonetocontactarideshareoption,whetherit’sUberornot,itisnotuncommontoreferenceallcompaniesas,“takinganUber”becauseUberisthebiggestandmostfamoussuccessfulglobalridesharingservice.EvenjustdoingaquickGoogleNewswithrecentarticlessearchpullsupswarmsofnegativemediastoriesaboutUberasitdealswithcrisesonadailybasis.Someoftheseinclude,butarenotlimitedto:
• February20,2016whenanUberdriverwentonashootingrampageinKalamazoo,Michiganandmurderedsixpeoplebetweencollectingfares.
• Recentlawsuitfor$25millioninSanFranciscoandLosAngelesformisleadingpassengersaboutthesafetyofthebackgroundchecksbyallowingaconvictedmurder,sexoffendersandfelonstheabilitytodriveforthecompany.
• Hundredsofallegedcasesofdriversrapingpassengers.• Surgepricing/overcharging.• AnnArbor,MichiganlawsuitforUbermisleadingpassengersbytellingthemthatthe
fareincludesatip,whenthetipdoesn’tactuallygetpassedontothedriver,butiskeptbythecompanyandallgasandmaintenancechargersarepaidoutofpocketbydrivers.
• Terrorism–thepotentialsurgeofterroristorganizationshijackingcarsorkillinginnocentpassengersatrandom.
• Cyber-warfareisanotherdangerbecauseeverybusinesshastheirownappnoworsystemthatcollectsconsumerinformation,andnoneofthemaresafefromcybercriminalsstealingvaluableinformation.
ForthepurposesofthiscrisisplanthatisdesignedtohelpensureUberisabletomaintainasuccessfuledgeasitpreparestodealwiththecrisesthatwillcomeup,thethreetopicsthisplanfocusesoninclude:Kalamazoo,Michigandriver,JasonDalton,whokilledsixpeoplewhilepickingupUberfares,therecentlawsuitoverthemisleadingbackgroundchecksystems,andthethreatofcyber-warfare.Crisis#1Background:
OnFebruary20,2016inKalamazoo,Michigan,anUberdriverbythenameofJasonDaltonshotandkilledsixpeopleandgravelyinjuredtwootherswhilepickingupUberfares.
Virden 9
DaltonhadnorecordofmentalillnessandhadsuccessfullypassedtheUberbackgroundcheckrequirementssotherewasnowayUbercouldeverknowthatthismanwouldgoinsane,butsincehewasworkingforUberandearningthecompanymoneyatthetimeofthekillings,theresultsareUber’sproblem.ThekillerlaterblamedthemassacreonUberbysayingtheridesharingapptookoverhismind“likeartificialintelligencethatcantapintoyourbody.”OnceagainUber’snamementionedintandemwiththistragedyinthemediafurtherlinkingit.Dalton’shomewasraidedwherepoliceconfiscated11gunsandfourhandguns,andhewaschargedwithsixcountsofmurder,twocountsofassaultwiththeintenttomurderandeightfelonyfirearmviolations. Evenworse,beforeDaltonhadtakenthelifeofanyinnocentvictims,apassengerbythenameofMattMellenhadriddenwithDaltonseveralhoursbeforetheshootingtoalertnotonlythepolice,butUberSupportofthedriver’serraticanddangerousdriving.Mellen’sfiancéepostedawarningonFacebookaswell,whichcanbefoundinAppendixB.MellensentanemailtoUberbecausethecompanydoesnothaveanemergencyline,whichissomethingthatneedstochange.Daltonhasrecentlybeendeemedmentallyfittostandtrialformurderandattemptedmurdercharges.Uber’sResponse:
Theresponsehasbeentepidatbest.UberagreedtohelpKalamazoopolicewiththeinvestigationofDaltonandhasbeennotifiedofthearrestsoftheEastLansingdriver.Uber’ssolecorrespondencerelatedtothecrisiswasatweetissuedonedaylaterthatlinkedtothesamestatementontheUberwebsite.Andthatwasthat.Afterdoingfurtherresearch,the@Uber_SupportTwitterhandlewasactiveFebruary3andnotagainuntilMarch17,whichlooksawfulfortheUberreputationandwhenanothercrisishappenscouldbebroughtuptofurtherdamagetheridesharereputationbecauseitcompletelydisregardedthetragedyinKalamazoowhentheUberSupportsystemisexactlywhereanyoneexperiencinganemergencyissent.MellenreachedouttoUberSupportandwasmetwithsilence.Thelackofactivityonthe@Uber_Supporttwitterpageisamissedopportunity.Theaccountwouldhavebeenagreatplacetoprovidereal-timeupdatesorsolutionsdependingontheconversationthattheRapidResponseteamwoulduncovertoworktopreventanothertragedyatallcosts.The@Uber_MIorofficialMichigantwitterpageretweetedtheoriginalUbertweetandonlyreferencetothetragedy.Recommendations:
RecommendationsfortheUberRapidResponseteamwouldbetoonlyuseTwittertosendupdatesaboutthestatusofthevictimsinatragedylikethisortopostreal-timeupdatesaboutwhatUberisdoingtofixtheissues.WhenthecrisisinKalamazoooccurred,itwouldhavebenefitedtheUberreputationastherideshareindustryleaderifithadcomeoutandapologizedtothefamiliesofthoseinjuredrightawaybecausethosewerethepeopleimmediatelyaffectedandtheonestheAmericanpopulationweremostconcernedabout.
Virden 10
WhenUberrespondedtothecrisisbyjustsendingoutatweetasitssolecorrespondenceaboutthetragedy,itcameoffasunprofessionalandveryinsensitive.SixpeoplediedbecauseofacrazyUberdriver,andthatisnotsomethingthatwillgoaway.ThecaseofJasonDaltonneedstocontinuedtobeexploredbecausewhenacustomergetsinanUberdriver’svehicle,itisaveryintimateexperiencewithasignificantamountoftrusttogetfrompointAtopointBsafely.AnotherrecommendationwouldbetofirstmonitorandfigureoutwhatthemajorityofchatterisaboutUber.UsingGoogleTrendstoidentifytheconversationandothermonitoringtoolstogatherinternalandexternalalertslikeGoogleAlertswouldbeagreatwaytomonitorwhatthesocialconversationsaresayingaboutUber.“IceRocket”isanothergreatsitetolookintohowmanytimes“Kalamazoomurder”and“Uber”areusedtogetheronFacebooktocontinuetoidentifywhattheconversationisaroundthebrandtodrivestrategyanddiscoveropportunitiesforaction.Sendingoutapressreleasewouldbeanextsteptoacknowledgethegravityofwhattookplace,whilealsolookingprofessional.
Alongwiththis,thetwosurvivingvictimsfromJasonDalton’smurderousrampagearereleasingstatementsorvideosofupdatesabouttheirwell-being,butunfortunatecircumstancestohavehavetolivewiththetragedyeveryday.Uberhasnotreleasedanycommentsorstatementsofcongratulationsonthesurvivors’success.Byattemptingtosweepthehorrifictragedyundertherug,itpresentsahugeproblemintheeventthatanotherCODEREDcrisislikethisonetakesplacebecauseUber’sresponseorlackthereofwillbeattheforefrontofthemedia.IthasastronglikelihoodbecauseDaltonhadpassedtheUberbackgroundcheck,yethewentcrazy.What’stosaythiswouldn’thappentoanotherdriver?Crisis#2Background: ContinuingonwiththethemethatUber’sdriversmaygoinsanewithoutanywarning,killotherpeopleorharmpassengerscreatingaCODEREDcrisissituation,thelikelihoodofthiscontinuesbecauseUberhasbeensuedfor$25millionbySanFranciscoandLosAngeles,Californiaformisleadingpassengersaboutthequalityofitsbackgroundchecks.ToconductbackgroundchecksUberusesCheckr,abackgroundchecksystemthatonlylooksbackinpersonalrecordsforsevenyears,whichmeanstheydonotincludeanycriminalrecordsfrommorethansevenyearsago.Uberusesthissystemtogivepeopleasecondchanceatacareer.
ThemissionisonethatmanycanappreciateandpartofUber’sCorporateSocialResponsibilityeffortstoworkwithpreviouslyincarceratedindividualsforpettytheftorsellingdrugsthatoftenputyoungpeopleinthesystem,andwhentheygetoutareolderandhavefeweropportunitiestosucceed.However,UberisresponsibleforthesafetyofallpassengerswhentheygetinUbervehicles.ThecompanyisunderfirefornotusingLiveScan,acompany
thattakesaperson’sfingerprintsandrunsthemthroughFBIandstatedatabaseslookingforcriminalhistoryormatches,andunlikeCheckr,itdoesnothavealook-backlimit.LiveScanisusedbytaxicompaniesinmostCaliforniacitiestoscreendrivers.UberhascomeunderfirefornotusingLiveScanbycriticsincludingdistrictattorneysinLAandSanFrancisco–callingthedriverscreeningprocess“completelyworthless”
Virden 11
becauseitlacksfingerprinting.Uberhaspushedback,arguingthatLiveScanisnot100%accuratebecauseifaperson’sprintsaresmudged(theoriginalprintsweren’tproperlytaken)orsmoothed(fingertipscanbecomelessdefinedwithageanduse),thepersonmaypassaLiveScanbackgroundcheckevenifheorshehadbeenarrestedandfingerprintedinthepast.UberhasalsoarguedthatLiveScanisflawedbecauseFBIandstatedatabasescontainfingerprintsofpeoplewhowereneverchargedorconvictedofcrimes,whichmeansinnocentpeoplemaybeflagged.Uber’smaincompetitorintheU.S.,Lyft,alsodoesnotuseLiveScan. Again,whenanUberpassengergetsinadriver’svehicle,theyareplacingtrustinthatdriverandtheUberbrandthattheywillgetfrompointAtopointBsafelyandwithoutissue.TheheadlinesaboutUber’sbackgroundchecklawsuitallpointtotheword“misleading,”whichfurtherharmsthereputationbecauseitmeansthecompanypurposefullyheldbackinformationthatcustomerswouldliketoknowaboutwhoisdrivingtheminordertoincreaseprofits.ThisdoesnotworkinUber’sfavorbecausethoughitistheleadingridesharecompanyintheworld,itisstillacorporationandtheworditselfhasaverynegativeconnotationinAmerica.Sacrificingthesafetyofitspassengers,thewaythecompanymakesitsmoney,inordertomakemoremoneybyhiringdriverswithquestionablereputations,isjustenoughofareasonformillennials–atargetaudience–tostopusingtheservice,nomatterhowconvenientitis.ItisabsolutelycriticalthatUberemployeesunderstandthegravityofthecompany’sactionswhenitpurposefullywithholdsinformationthatislaterfoundout.Uber’sResponse: TheUberresponsetotheCalifornialawsuithasbeentotakeitsbestlawyerstocourtandinsteadofpaying$25millionindamagestothestateforthemisleadingbackgroundchecks,ispaying$10million(butisliableforanadded$15milliontobringto$25millionifUberdoesnotcomplytothechargeswithin90days).Uberhasstoppedclaimingitsbackgroundchecksare“industryleading,”butdidnotadmitwrongdoing,asisstandardforsuchsettlements,andsaiditalreadyhasmademanychangesprosecutorssought.ThelawsuitwasnottheendoftheworldforUbereitherbecauseitstruckdealswithSanFranciscoInternationalAirport,LosAngelesInternationalAirport,andnumerousothersinnorthernandsouthernCaliforniatoallowitsdriverstodropoffandpickuppassengersatterminals.Recommendations:
Theridesharecompanydoeslistexactlyhowitconductsbackgroundchecksonitswebsite,whichisgreatforthereputationtobeaccessibleandtransparentbycuriouspassengersandreporters.However,arecommendationwouldbetoreleaseastatementaboutthelawsuitandthestepsUberistakingtoensureitsdriversandpassengersaresafe.Uberhasyettotrulyemphasizetheimportanceofsafetyinthewakeofanyofthecrisesithasdealtwith.
Aspreviouslymentioned,gettinginastranger’scarisanintimateexperience.ManyoftheUberdriversaremenandsometimestheypickupwomenwhoareinebriated.Thisneedstobetalkedaboutbecausegettinginastranger’scarisauniquelyintimateexperienceandwithoutthesimilar,ifnotthesamerequirementsastaxicabs,Uberisstillliableforthe
Virden 12
customersineachdriver’scar.Thereneedstobecompany-wideregulationsandstandardsfordriversandpassengersandtheabilitytoholdthemaccountable.Driversneedtobeawareofrepercussionsofanynegativealtercationsbetweenthehoursof11pmand4amwhenmostpeoplewhotakeUber’sareundertheinfluence.Anyaltercationsbetweenthosehoursshouldnotbetolerated.UbershouldcontinuetoemphasizethatanypersonwithDUIscannotbedrivers.Itshouldalsobeanoptionforpassengerstoreportdriversanonymously,evenontheapp,iftheyfeeluncomfortableorbeabletoalertthenearestUberHQifadriverneedstobereported.ItisabsolutelynecessarytoemphasizethatsafetyofthecustomersasUber’sfirstandforemostpriority.Crisis#3Background: Thelastcrisisiscurrentlyaveryrealthreatbecauseithastodowithcyberwarfare.Uberneedstohaveastrategyinplacetohandleabreachintheirdatabecauseitisapossibilityintoday’sworld.High-profilecompanieshavedatastolenorarehackedonadailybasis.SomeofthemorerecentincidentsincludeSnapchat,whenahackerinfiltratedthesystemandstolestaffinformationthroughafaultyemail;GeorgetownUniversity’smedicalinsuranceprogramexperiencedadatabreachandSonyPictureswashackedbyChina.Inanefforttoprotectclassifiedinformation,thePentagoncreatedaninitiativecalled“HackthePentagon”thatchallengedthebestcoders,engineersandcomputerscientistsintheworldtobreakintothePentagonsecuritysystemstobuildoffofthoseideasandcreateanevenstrongerandmoreprotectedsystemfortheUnitedStates’mostclassifiedinformation. Uberneedstohaveprecautionsinplacetopreventadatabreach,butalsobereadyincaseithappens.Uberdidexperienceadatabreachthatput50,000drivers’infoatriskinearly2015,andasaleadingridesharecompany,itisatargetbecauseeachapponindividualphonescontainssensitiveinformationlikepassengeranddriverpersonalandfinancialinformationaswellaslocationservices.IntheeventthatUber’ssystemsarehackedandthecompanyisn’tprepared,thecompany’sstockwillplummetandday-to-dayoperationsoftheridesharewillbedestroyedbecausecustomerswillbeafraidtolosetheirinformationtoanunknownsource.Uber’sbusinessmodeldependsonholdingthesensitiveinformationofeachpersonthatusestheappandthatdataiskeptbetweentheinvisiblefourcornersofitsappandifthose‘walls’arecompromised;thecompanycouldbeonthebrinkofanenormouscrisis.Uber’sResponse:
ThecorrespondencebyUberafterthe2015databreachwasasimpleblogpost,whichwasagainaveryunprofessionalwaytoapproachthecrisis.Thepersonalinformationofdrivers,thedirectreasonUbermakesmoney,wasbreachedortakenwithoutconsentoftheindividuals.TheUberinvestigationconcludedthattheinitialdatabreachwaslinkedtoaComcastIPaddressbelongingtoChrisLambert,thechieftechnologyofficeratrivalserviceLyft.
Virden 13
AseparateIPaddressreportedlyexecutedthehackandthatuserremainsunidentified.TheDepartmentofJusticecontinuedtolookintothecrisisaswell.
Uber’sresponsewasapologeticandusedablogposttoalertdriversofthebreachaswellasmedia,andthecompanyreachedouttoindividualsthatmayhavebeenaffected.KatherineTassi,Uber’sManagingCounselofDataPrivacywastheonewhowrotetheblogpost.Sheshowcasedatimelinethatfeaturedtheexactinformationthecompanyknewforsureandhighlightedthatdriverswouldreceiveoneyearoffraudprotectioninsurance.Shepointedoutthatthecompanyhadfiledalawsuittoleadtotheconfirmationoftheunnamedpartythatbrokeintothesystem.Theresponsewasprofessionalandtransparent,whichworkedinUber’sfavor.Theblogpostwasonafamiliarforumforcuriouscustomerstoaccessaswellasinternalstaffandmedia.ThetimelineofeventsshowsthatUberwascompletelyawareofthedatabreachandcommittedtoensuringallpartieshadaccesstowhatthecompanyknew.Insteadoftryingtocoverupthedatabreach,thecompanyowneduptoitandprovidedasmuchinformationaspossible. Recommendations: InordertopreventdatabreachesinthefirstplacethereareafeweasystepsUbercantake.Fourstepstopreventasecuritybreachinclude:
1. Step1:PrioritizeUber’sbusinessobjectivesandrisktolerance.ItiscriticalforUbertostrikeabalancebetweenprotectingdataassetswhileenablingproductive,innovativeworkplaces.Ofcourse,thisisnearlyimpossibleasthereisnosuchthingas100-percentsecurity,however,decisionsneedtobemadebytheRapidResponseTeamaroundthedifferentlevelsofprotectionneededfordifferentpartsofthebusiness.WhenUberislookingatthebusinessobjectives,itneedstodeterminewhichpartsholdthehighestriskifbreachedlikethesensitivedataofpassengersanddriversandhowtobestprotectthatinformation.
2. Step2:ProtectUberwithaproactivesecurityplan.Awarenessisessentialtosecurityplanningandsoisunderstandingthethreatlandscape,byactivelyworkingtoUberagainstthosethreats,requiresbothtechnologyandpolicy.
3. Step3:Prepareyourresponsetotheinevitable:asophisticatedattack.Withtheconstantevolutionofadvancedpersistentthreats,andtheintenthackershaveonfindingavulnerability–itisnearlycertainthateventuallyUberwillsuccumbtoadatabreach.Havingacoordinatedandtestedresponseplaniscritical.TheRapidResponseTeamneedstoprepareforthisinstance.
4. Step4:Promoteandsupportacultureofsecurityawareness.Allittakesisonecarelessemployeetoundoachiefsecurityofficer'smasterplan,whichiswhyeveryemployeemustworkinpartnershipwithsecurityprofessionalstoensurethesafetyofUber’scorporatedataisbuiltintothecultureoftheorganization.
Virden 14
ThefirststepstheRapidResponseTeamshouldtakeintheinstanceofadatabreachwouldbefirstgatherallnecessaryinformationtoensurethatbeforetheteamreleasesanycommunicationithasthefactsstraight.Itisrecommendedtotakeonly12hourstogatherthisinformationbecausethoseaffectedwillneedtoknowtoprotectthemselves.ThesecondstepwouldbetosendaninternalmemoalertingUberstaffofwhathastakenplaceaswellasdriversoranyoneaffectedofwhathashappened.EnsurethatthoseaffectedhaveadirectlinetocontactUberstaffforanyquestions.Followingthis,UberneedstobringinITsecurityandcomputersciencedatamanagerstoassessthedamage,figureoutwherethehackerbrokeinandbegintheprocessofprevention.ItwouldbebestifUbergotoutaheadofthenewsandiftheCEOTravisKalanickdidapressconferencetoarticulateexactlywhathappened,whatUberisdoingtopreventitandprovidedtransparencyonthesiteoracontactnumberforfurtherquestions.TheCommunicationsRapidResposneTeamMemberwouldneedtobrieftheCEO.ItwouldlookgoodforUbertohaveMr.Kalanickdotheconferencebecausehehasyettoformallyaddressanycrisesthecompanyhasfaced,buthasinsteadgiventhetasktootherleadingUberemployees.IfTravisaddressedtheroom,itwouldshowstakeholdersthatUberisworkingtogetthecompanybackontrackwhileprioritizingtheirunderstandingoftheissueandsafetyofallinformation.
Otherstepswouldbetogobackandupdateallpasswordsforsocialmediaaccountsstrongandunrelatedtothecompany.Thesitepasswordmeter.comisahelpfultooltousetocreatetherandompasswords.NationalSecurityAssociationprofessionalsalsorecommendusingpasswordswithfourrandomwordsinasequencewiththeoccasionalnumberthrowninbecauseitwouldtakefarlongerforahacker’scomputercodetofindapatternwithallthewordsintheworldversusthenumbers.Oneexampleofapasswordsetuplikethiscouldbe:“ribb3tunicorny@m$our”orsomethingalongthoselines.ItisalsoimportantthatUberchangesthesepasswordsevery30-90daystoensurethesecurityandprotectionofsensitivedata.ReservingURLslike“UberSecurityUpdates”tocreatewebsitestosendUberusersandcuriouspartiesforinformationwouldbeanotherwaytocontroltheconversationandhelpsalvagetheUberbrandreputation.Conclusion: Inanincreasinglydigitalworld,itisonlyamatteroftimebeforecompaniesacrosstheglobeexperienceacrisis.Whatmakesorbreaksacompanyishowtheyrespondtoit.Astheleadingridesharecompanyintheworld,Ubermustbepreparedforcrisesbyrespondingto
issuesbeforetheyexpandandprioritizingthesafetyofdrivers,passengersandallinternalstaff.TheRapidResponseTeaminthisplanshouldpracticecrisisdrillsbi-monthlytoadapttotheever-changingUberanddigitallandscapeandensuremaximumpreparednessforanydisastertostrike.TheplanismeanttoarticulatehowtorespondtothethreecrisesshouldtheyhappenagainandidentifyevenbetterwaysfortheUberteamtoreactwhentheydo.
Virden 15
AppendixA:
AssessingUber’sResponsePlans:PostCrisisUbershouldusethefollowingtabletoassessyourorganization'splanstorespondtoacrisisandto
createaplanofactiontoaddressdeficiencies.
Question Assessment
CrisisPlanning
1.Dowehavearepresentativesetofplanningscenarios? |-------|-------|-------|-------|pooradequateexcellent
2.Dowehaveaflexiblesetofresponsemodules? |-------|-------|-------|-------|pooradequateexcellent
3.Dowehaveanestablishedmatchingofresponsemodulestoscenarios?
|-------|-------|-------|-------|pooradequateexcellent
4.Dowehavepresetsignalsforactivatingthecrisisresponseorganizationandforgoingbacktonormaloperations?
|-------|-------|-------|-------|pooradequateexcellent
CrisisOrganization
5.Dowehaveaclearchainofcommand? |-------|-------|-------|-------|pooradequateexcellent
6.Dowehaveacommandpostandbackup? |-------|-------|-------|-------|pooradequateexcellent
7.Dowehavetherightcommunicationchannels? |-------|-------|-------|-------|pooradequateexcellent
8.Haveweputinplacetherightbackupresources? |-------|-------|-------|-------|pooradequateexcellent
OrganizationalLearning
9.Doweconductregularrehearsals? |-------|-------|-------|-------|pooradequateexcellent
10.Dowedodisciplinedpost-crisisreviews? |-------|-------|-------|-------|pooradequateexcellent
ThoughtsforCorrectiveActions
________________________________________________________________________________________________________________________________________________________________________________________________________________________________________
Virden 16
AppendixB:Uber’sResponsetoKalamazoo,MichiganmurdersonFebruary20,2016aswellasFacebookPostbyMattMellen’sfiancée.Tweet:
OfficialStatementLinkedtoTweet:
Virden 17
AppendixBContinued:FacebookPost
Virden 18
AppendixC:Uber’scurrentemergencysysteminplace
Virden 19
AppendixD:GoogleTrendsfromJanuary2016toMarch2016comparingtheUberKalamazooincident(blue),toUberdata(red)andbackgroundchecks(yellow).
Top Related