How Doxing Can Have a Ripple Effect on Organizations, with Hart Brown, R3 Continuum

Intro: [00:00:05] Live from the Business RadioX studio inside Renasant Bank, the bank that specializes in understanding you, it’s time for North Fulton Business Radio.

John Ray: [00:00:19] And hello again, everyone. Welcome to another edition of North Fulton Business Radio. I’m John Ray. And we are not back in our normal haunt inside Renasant Bank in Alpharetta in North Fulton, but we look forward to that day soon. But the folks at Renasant are busy right now, and they’re working on a second-round PPP. And if they do what they did on the first round, they’re going to end up helping a lot of business owners, and a lot of them that weren’t even their clients.

John Ray: [00:00:50] So, that’s the philosophy they have at Renasant Bank. If you’ve got problems with your big bank that you’re tired of voices that are generated by computers, and phone trees, and all that kind of stuff, and it’s hard to get a live person to speak to, go to RenasantBank.com and find their local office, and give them a call, and you’ll talk to a real person, and they’ll set an appointment, and deal with you like face to face and the way these things work. So, I’ve worked with them for some time and delighted with the experience, and I think you will be too. Renasant Bank, understanding you. Member FDIC.

John Ray: [00:01:38] And now, I want to welcome Hart Brown. And Hart is a Senior Vice President with R3 Continuum. Hart, welcome.

Hart Brown: [00:01:46] Thank you very much. Thank you for having me.

John Ray: [00:01:48] Great to have you, Hart. Tell us a little bit about you and R3 Continuum. How you serving folks out there.

Hart Brown: [00:01:55] Sure, sure. So, as you mentioned, I’m Senior Vice President with R3 Continuum. I’m responsible for their crisis management services, but R3 more broadly service as a critical service for organizations as it relates to behavioral health, psychological services, as well as crisis response services. So, one of the key things I think is helpful for people to know and get a sense of, we’re responding to roughly 18,000 crisis events each year. So, roughly in that range of 75, up to 120 potentially every day. And those run the spectrum of anything from natural disasters to the types of things that we’re seeing right now related to unrest, and through cases of mergers and acquisitions that may be problematic for integration purposes and, ultimately, workplace violence as well.

John Ray: [00:02:55] Now, the topic at hand is fairly specific around doxing and the effect doxing can have on organizations. So, first of all, let’s set this up and explain what doxing is.

Hart Brown: [00:03:11] Sure. So, it’s a unique term that I think represents what many of us are seeing right now play out in real time. So, it’s just how we categorize what we’re seeing. So, one of the things that’s continuing to play out, and doxing has been around for some time, traditionally, it’s been housed within the hacking type of community. Now, it’s being used more broadly. And the way it’s being used now is if someone is identified in a protest or somebody is identified making a statement, somebody has done something to gain the attention of the individuals that may not agree with them, what they’ll do is they’ll go on a digital campaign for civil disturbance.

Hart Brown: [00:03:56] And that digital campaign is intended to get all of their personal information, their families’ information, anything that they can gather from those individuals. And it may start from just a picture, and then researching that picture on social media. And then, from picture, getting a name; and name, getting residence; and a residence, getting a vehicle. And then, they start to publish that information both within communities of interest that they have, as well as more broadly across the internet, trying to put a negative spotlight on that individual and, potentially, even the organizations they work with.

John Ray: [00:04:35] And presumably, that individual’s family, and loved ones, and all those close to them, and that kind of puts pressure on the individual themselves.

Hart Brown: [00:04:44] Absolutely. So, even though there is not necessarily a direct threat against that individual, or family members or others, there’s an implication. There’s something that’s implied that says, “If I’m releasing this information out on you, I have an expectation that other people may take that information and do something against you.” Maybe in the cyber domain, they may start a hacking campaign or something against you and your family, the organization you work for, or others or it may actually be physical, where someone makes an effort to approach you at your home or your family.

John Ray: [00:05:22] What you’re describing is something that strikes me. The word that comes to mind is a loose confederation of bad actors, one of which gets the ball rolling. And without any necessarily coordinated communication, they kind of feed on each other with this effort. Did I describe that correctly?

Hart Brown: [00:05:53] Yes. And what the term we assign to that is something called “cause stalking.” And many of us may remember, certainly, watching political figures or other high-profile individuals, they may gain negative attention by people that want to follow them, be close to them, be around them, stalk them, whatever it may be. And that includes issues related to relationships that may not have ever developed or where they may have developed and then ended. You have these stalking types of situations. Then, there’s a subset of stalking that’s related more to group stalking. And so, they’ll start to recruit their friends to start stalking a single individual.

Hart Brown: [00:06:39] And then, we have this issue of cause stalking. So, somebody does something that’s against, potentially, a cause that I believe in, and I’m going to recruit more and more people – it could be all around the country, it could be all around the world – to start doing things and following whatever they can to harass or cause problems for that person. So, the cause stalking is really where we see this increase right now.

John Ray: [00:07:07] Now, there are some obvious answers, I guess, to this question, but maybe some less obvious ones as well, which is why I ask it. How do leaders of organizations know that this is taking place? What do they need to watch for?

Hart Brown: [00:07:26] Yeah. So, this is where you start to play off both the physical space and the cyberspace at the same time. Somewhat difficult for many organizations. But one is just understanding and getting a sense for the sentiment of the individuals that you work around every day. Is there unrest? Are there things going on? Is the culture not at a point where you would want it to be, where people may be acting out in certain ways? You just want to be aware of that potential. Then, starting to look at what’s going on in the overall environment. Is there targeting coming out? And most of this does have a tendency to come out in the news. Is there targeting of companies like yours? All right. So, that would give you an indication that, potentially, that spotlight may start to turn around and hit you. So, that would be another one.

Hart Brown: [00:08:20] Then, you start to look for things related to social media. So, is your name, is somebody else’s name, is the organization’s name being put out in social media in a negative way? And there are many different tools – some quite easy, some very elaborate – to be able to do that social media monitoring and give you alerts that say, “Hey, something is going on in this space. You may want to look or read the actual post.” Things like consumer sentiment as well. What’s going on in the consumer space? Is there, potentially, any sort of backlash or something that may be going on there?

Hart Brown: [00:08:53] And then, issues related to hacking. So, are there increased number of hacking attempts on your site that you may get an alert on? Is there increased efforts to get your personal information, which, now, we all know the term phishing, but there’s also spearfishing, which is highly specific dedicated to certain individual to try and get them to click and hack; or wailing, which really is targeting more the leaders of an organization, the top of the organization, and focusing specifically on them. So, you’ll see all of these start to happen at the same time, potentially, if somebody in your organization is being singled out or doxed.

John Ray: [00:09:37] We are chatting with Hart Brown. And Hart is the Senior Vice President with R3 Continuum. Hart, I’m curious why now, why this has not been a feature. We’ve had political unrests before, maybe not quite like what we’re having now, but we’ve had it before. We’ve had protests before. Why now? Why is this so prevalent now versus before?

Hart Brown: [00:10:12] So, it’s a great question. And there’s a number of trends that are coming together all at the same time to generate the situation we’re in. One is from a traditional protest type of environment, a typical rally type of environment that you might see that goes on virtually every day at different parts of the country, different parts of the world. You’ll see throughout the day, it has been very common that in the afternoon time frame, people will start to gather and build up. They’ll do their marches, rallies, whatever it is, and the vast majority of them being peaceful in nature. As you go later on into the night, things have a tendency to potentially change. And so, the risks related to hostility and others begin to increase.

Hart Brown: [00:10:59] What we found over the last six months, and this is a relatively recent trend, and the trend comes more from Europe than it does from the US, is that these protests have a tendency to go on for months and months and months in that same fashion and have not really resulted in any major change. And then, we had a protest in Kyrgyzstan, and that protest built up very, very quickly during the day, and they immediately made an effort and were successful in making entry into government buildings. That day or the day after, the president, at that point in time, resigned. And so, in the protest community, what they saw was this idea of speed has a tendency to make a change, where the traditional approach didn’t. So, that was one indicator.

Hart Brown: [00:11:50] The next indicator is you see security apparatus start to build up, which is natural in this process. And so, now, you start to see more and more of a balance between those that may want to do something and the security apparatus, at least, as we see it today, is starting to balance out. That means that group of individuals that might want to do something are going to have a harder time. And the natural progression there is you’ll see more bomb threats, you’ll see more incendiary threats, you’ll see those kinds of things. Because I can’t get in, because I can’t get close, I’m going to try other ways to harass or be a problem.

Hart Brown: [00:12:32] The next one is we’ve seen an increase in personalization throughout this time frame. So, it’s not just an ideology that we’re talking about. We’re really starting to see more and more that there’s a focus on certain politicians, on certain CEOs, on the actions they take, on the votes that they put forward. All of that now is highly individualized, which is different from what we’ve seen before. And so, you put all of that together, those individuals that want to harass or do something, the inability to do so from a physical sense, from a security perspective, the highly engaged, personalized approach, and now, this idea of doxing, “Let’s just go after those individuals, their homes, their families,” is becoming more of an increased trend than we’ve seen before.

John Ray: [00:13:24] What you’re describing in some of the various examples you mentioned is something that goes beyond particular movements, or points of view, or strands of protest, however you want to term that. I mean, you’re describing something that comes from the left, comes from the right. It comes from a lot of different places, right. So, to identify this activity with one particular individual, party, movement sounds like a mistake.

Hart Brown: [00:14:02] Correct. And the reality is information is everywhere. And it’s very difficult once your information is out there to do much to try and bring it back. So, as these types … And all of the movements learn from each other. And so, those that are more inclined to become hostile or use harassment as a means to an end are more likely to use this kind of tactics. So, I think this is sort of going into not only the first half of this year but, really, at least, through 2021, we’ll see this continuing to occur.

John Ray: [00:14:41] So, negative PR is obviously the goal. So, what should company executives, board of directors, business owners, what should they do when that negative PR occurs?

Hart Brown: [00:14:59] So, great question. And a lot of organizations, unfortunately, going through this in real time right now and having to make decisions – what they do with certain employees that have been doxed, and do they make a statement, or do they not make a statement? The first thing to understand in this process is … and I sort of go back historically to the world of crisis PR. Historically, there was this move to say we have to get ahead of the message. We have to say something. We have to engage. And what you find in today’s social media and media environment, it’s incredibly difficult. You’re just not going to be able to get ahead. You’re certainly not going to be able to create the message going forward in the first few minutes or few hours. It is going to go the way it wants to go.

Hart Brown: [00:15:46] So, the first thing to realize is you don’t have to jump out and say something right up front. It is important to do a risk assessment. So, what is being said? How many people are saying it? Why they’re saying it? All of that becomes very important. That helps to gauge when and how to potentially make a statement. Organization may never make a statement if the risk assessment says, you know what, the risk is very low from this event overall, any push, anything we do to put a spotlight on this case is likely to bring more negative attention on us, not necessarily positive. So, that’s the first big step.

Hart Brown: [00:16:29] Then, understand how the case occurred. So, a quick after action, a quick investigation as much as you can. Is this a single individual and has his or her information was easy to get by somebody outside the company, and they’ve put it forward, or is this something that is incredibly difficult to get this person’s information and publish it? Important to know potentially who. And in our world, we refer to it as an adversary. Who is this adversary? Is this somebody that just did it on a Saturday to do it, or is this something that’s really likely to potentially become an extended or elongated process? Are they going to do more? It would be an important part of that that risk assessment.

Hart Brown: [00:17:13] And then, creating a bit of a response plan with triggers or we call them triggers, if-then statements. If we see this, then we’re going to put out this kind of a statement. If we see this, we’re going to put out this kind of a statement. And create three or four potential scenarios, so you know what to do in these cases. And then, ultimately, you have to monitor how those statements are going. If you’re going to make a statement, important to get that feedback to make sure it achieves what you wanted to achieve.

John Ray: [00:17:43] Hart Brown is with us, folks. And he is a Senior Vice President with R3 Continuum. Hart, clearly, the concern for companies and other organizations is that the effect within the organization, these attacks may be aimed toward one individual, maybe a CEO, but there’s got to be ripple effects within the organization to employees and other constituencies of that organization.

Hart Brown: [00:18:18] Absolutely. So, we generally break these up external and internal type of situations. External, if you’re a publicly traded company, we’re looking for if there’s negative publicity, is there a stock drop? Is there an activist investor potential issue that’s going to be raised by this? Other types of things, what’s happening to reputation? Is there a potential hit there? Is there a potential issue related to maybe a product boycott, depending on what type of organization you’re looking at? Defacement, whether it’s defacement of a website or something along those lines, or advertising that may be out in communities. We’re seeing that more and more. And ultimately, threats. So, as you said, what we see is while one individual may be singled out, the rest of the employee population, potentially, has a tendency to feel that and recognize the potential that they’re all now, on a broad basis, under some kind of threat.

Hart Brown: [00:19:18] So, internally, some of the things we see, obviously, fear, anxiety, those are natural reactions when these kinds of things occur and your employer’s name is now involved. And that’s the leaders, that’s employees, and that’s their families, right. You can envision the conversations at home. I don’t necessarily want you to go to work today because your employer’s name is all over the news. We see issues, potentially, with hostility within the organization itself. So, some employees may believe differently from other employees, and that may generate some hostility or customers against the employees if you’re in retail, or restaurant business, or something along those lines.

Hart Brown: [00:19:57] So, polarization is an issue. Now, individuals are recognized as to where they are on the potential list of issues. And you see that play out back and forth. Walkouts. If you have leadership that are involved for one reason or another, and the employees don’t necessarily believe in leadership any more, walkout, sickouts and others. So, a number of things playing out internally and a number of things, potentially, playing out external.

John Ray: [00:20:25] I’m interested in … because I know R3 does a lot of work not just in crisis, I guess, after the event, if you will, has occurred, but in trying to help your clients with the prevention side of things. And so, one of the issues around prevention here with this issue is you’ve got so many companies that want to be further engaged in various causes, right? I mean, that’s become a trend here in recent years. And what kind of counsel do you give your clients when it comes to how they weigh the risk of doxing, the effects that might come from the cause-related marketing and other activities that they want to engage in?

Hart Brown: [00:21:26] Yeah. So, it’s a great question. Obviously, looking through and thinking through both from a risk perspective, as well as a financial perspective, right. So, the risks may be incredibly high to focus only on one part or one part of your customer base, but the financial return on that might be high depending on the situation. So, there’s always that balancing act of, is there a financial return for doing that or not?

Hart Brown: [00:21:56] And then, the second is from a leadership perspective, how closely do they want to be aligned or are they already aligned with a specific cause? And, again, we see that on all sides of the spectrum and what that means for four organizations. So, it is a challenge. It’s something that has to be really well thought out, both from a financial and risk perspective. And there are a number of campaigns that have been highly successful that have made a statement that have been able to establish themselves with a cause and have been able to walk that line very successfully without alienating other parts of their business.

John Ray: [00:22:42] Folks, we’re here with Hart Brown, Senior Vice President with R3 Continuum. Hart, I’m curious, as we kind of wind down here, where is all this going? And what do you see ahead in terms of the kind of activity that companies need to be and organizations need to be watching out for going forward related to this?

Hart Brown: [00:23:11] So, yeah, again, a great question. So, here’s one of the things, we started off early last year when COVID-19 really started to have an impact, certainly, in the US. We took a look at all of the information we had available at the time, and what we realized was that most of the research that has been done on major crisis events, major disruptive events, major traumatic events are point in time. So, they’re geographically separated and time separated from other potential events. So, you can think of a hurricane or a situation like that, it occurs, it’s over, and we recover.

Hart Brown: [00:23:49] What we realized pretty early on was we’re in a very long duration crisis event. The question then becomes, what does that mean for individuals and how do organizations leverage the situation we’re in to make sure that individuals are getting the help they potentially need in reestablishing productivity? And so, we went on this study and we referred to it as the emotional comfortability index. What we realized during that time is there’s the stacking, there’s this compounding stressors on top of COVID-19, on top of isolation or lockdown, stay-at-home measures, on top of financial concerns, economic concerns, layoffs, terminations, furloughs. There’s lots of these types of things. Then, you can add the food insecurity and others. That compounding stress type of environment lends itself to a higher risk for civil unrest. It’s just one more thing that people have a tendency to take on and say, “You know what, enough is enough,” and they begin to voice their concerns.

Hart Brown: [00:24:52] The underlying conditions that we saw throughout last year for heightened unrest, and to give you a sense, unrest is really somewhere around three to five times baseline in 2020 over what we saw in 2019. The underlying conditions are still there, and they’re really not going to let up until, potentially, in the summer when the vaccine becomes a bit more available to us. So, as we start to peel away the compounding stressors, unrest or issues related to unrest will likely decrease as well, but not necessarily go to zero. So, for the first six months of this year, unrest, doxing, targeted harassment, those kinds of things are highly likely to be occurring on a daily basis. The second half of the year, we might see a slight reduction in those, but we do see that, at least, through 2021, these kinds of issues are going to be front and center, and will be a challenge for organizations.

John Ray: [00:25:51] We were chatting before we came on about the size of companies that are subject to this, and you made an interesting point that there’s really no company too small to be immune from this activity.

Hart Brown: [00:26:09] That’s right. While we may see large companies making very big decisions on who they’re going to do business with or not do business with, the reality of the situations that the targeting of individuals reaches all different types of organizations. So, we’ve seen everything from very, very large social media companies be in the spotlight, all the way down to real estate agents, small or regional insurance companies and others that just an individual made a decision, they were then put into the spotlight because people went and researched them. And now, they see these cascading events where they have issues potentially with customers and clients, they have issues potentially with banks wanting to do business with them, they have issues with payment processors that may not want to do business with them. And it becomes quite difficult for them. And that’s really all the way down to one and two and three people and family businesses. So, it’s tough for everyone.

John Ray: [00:27:14] Hart, this has been great and very timely and important information for businesses or their organizations. I would love it if we could get to the most important question, which is if someone has heard something that makes them want to be in touch with you and the other professionals at R3 Continuum, how can they do that?

Hart Brown: [00:27:38] I would love for anyone who has an interest to obviously go to the website. The website is www.r3c.com. That’s just the letter R, the number 3, the letter C, dot com. Or they can always reach out to me directly. And that’s Hart.Brown@R3C.com.

John Ray: [00:27:59] Hart Brown with R3 Continuum. Hart, thanks so much.

Hart Brown: [00:28:02] Thank you. Appreciate it.

John Ray: [00:28:05] Yeah. Folks, just a quick reminder that you can find this show on all the major podcast apps. North Fulton Business Radio is the search term. We’re coming up on show number 320 or 330. I’ve lost count. But the point is we’re out there, and I would love it if you would go find the show, and give us a five-star review. It’s not about me, it’s not about Business RadioX, it’s not about the show per se. It’s about the guest on our show. It enables folks to find the show, so that they can potentially plug in to folks like Hart, who offer the services they need. So, if you could do that for us, we’d greatly appreciate it. And connect with us on social media. We’re on LinkedIn, Facebook, and Twitter, North Fulton BRX. So, for my guest, Hart Brown, I’m John Ray. Join us next time here on North Fulton Business Radio.