The Risk Most Organizations Still Underestimate.
Many people associate security with firewalls, phishing and ransomware – all very visible and obvious technical threats. Disinformation is much less obvious, quieter and in some ways harder to contain.
For example, if a false narrative about your company’s product goes viral on social media, the story may even contain some truthful elements that will convince many to believe the story. By the time your communications team begins to respond to the false narrative, it has already shaped the perceptions of your product, resulting in hesitation from the consumer and myriad questions from your business partners.
What complicates things is that disinformation does not always come from an adversary. The source could be a competitor, an activist group, or even a well-intentioned employee disseminating incomplete elements about a product. Often, the sources of the disinformation are unknown.
Most companies still view disinformation as a public relations issue rather than a security issue. This matters because public relations is reactive; whereas, security is proactive.
You might be interested in: Finding Strategic Direction in an Era of Constant Noise
A true integrated approach implements the elements of both a physical Security Program and a Public Relations Program. The tools used to monitor for shifts in the narratives; the cross-functional teams that align legal and communications with cybersecurity; and the clearly defined protocols for rapid response to disinformation would begin to resemble a Risk Management Program more than Crisis Management.
The employees of the organization also play a crucial role in mitigating both internal and external disinformation, which requires a sustainable method of educating them about the speed and agility at which misinformation can spread – via on the job training in addition to formal classroom training. An employee may unknowingly supply the true context of an internal communication to disinformation sources outside of the organization, resulting in disinformation that gets spread very rapidly.
While there is some degree of control of narratives by organizations, it is often very limited in terms of surpressing or eliminating the narratives. It is often counterproductive for organizations to attempt to control every aspect of disinformation due to the impression of defensiveness or lack of transparency created.
Ultimately, organizations cannot take complete control of the disinformation narrative. However, they need to put themselves in a position that enables them to curate their reputation by remaining agile in responding to disinformation, communicating what they stand for, and continuing to build trust, despite the potential for everything in the information environment to be in turmoil or confusion.
In the end, this will lead to an organization with a higher level of security in terms of both physical and reputational definitions.



