Detecting malicious identity attacks is one of the hardest tasks that many organizations face today. The reason why this is so, is because most of the BPR attacks are products of extremely sophisticated campaigns (yes, some people actually do this) and rely on the availability of special professional skills such as ethical information gathering, slander proficiency and business intelligence. 47% of all corporate crises are due to a conscious defamation and roughly about 70% of them are triggered by someone inside the company. The main objective of this type of offence is to spoil the credibility of the target in front of its stakeholders. The various means that can be used, focus on turning the unpleasant circumstances of the target against its very own corporate identity.

splash black

If you do not have the opportunity to hire professional security consultants or if you suspect that someone is deliberately trying to discredit you or your organization, here are some basic steps you can take in order to inspect your current reputation status:

  1. Keep a good eye on your business rivals.

    Have a good understanding of the SWOT trends of your competitor. Be aware of what they are up to and what they are willing to achieve. Know their allies and managing practices. It is also a good idea to make an attachment to your risk assessment plan, showing how each security vulnerability could be related to some of your corporate enemies.

  2. Monitor your company’s activities.

    Do no wait for a crisis to happen to realize that something is wrong with your organization. Try to be updated of every ongoing process and conflict affecting your business and people working with/for you. I mean everything - relationships, frictions, ideas, ambitions and so on. I know that this sounds like too much, but having as much information as possible will always help you respond promptly to any in/out-coming threats and more importantly to define the source of the information leakage, if it occurs.

  3. Know the basic methodology of Black PR campaigns.

    Usually BPR practitioners operate in two major ways - stealing information and behavior provocation. Spend some time analyzing your own vulnerabilities and what kind of data is valuable to the attacker.

  4. Check your computer networks regularly.

    Information is the digital-age equivalent of gold. It is everything and it must be protected at all costs. But guess what? Computers, just like humans are vulnerable to attacks.

    Performing regular security checks on your computer networks is a must, as it will provide you with information about the potential ways hackers could get in and alert you to what resource they may have access to. In case your systems’ security perimeter has been compromised, hire a tiger team to perform a forensic analysis that will give you further insights on the damages. This information is essential for the anti-BPR campaign.

  5. Rely on your own contacts.

    Maintaining a good network of contacts is always helpful in cases of malicious identity attacks. Spend some time investing in good professional relationships. Let your allies know that you appreciate all information related to you or your organization. Don’t forget to pay them back with the same integrity.

  6. Investigate every minor complaint.

    One of the most common tricks used by black-hat PRs is to submit a vast number of complaints in consumer complaint reports ( both internal and public ). If you find their claims are false or a bit exaggerated, trace the message to the original author and see if there is a possible reason why this person would want to discredit you or your organization, or contact the users directly for more detailed information. There are lots of power tools out there (like Patvera), showing the relationship between emails and user names.

  7. Know your employees.

    AAs I have mentioned above, most cases of negative public relations start from inside the organization. Needless to say, it is important to know the people working for you, especially those having access to the most sensitive information in the company. Also, keep in mind that the greatest risks are coming from those with short - term contacts with the organization, such as cleaners, interns and office improvement staff.

  8. Analyze the media coverage.

    The idea here is to find out who stands behind the negative coverage your company is receiving. This could be a single person, a whole corporate entity or just someone who anonymously is trying to set you up. One of the easiest ways to find out is to analyze the sponsors/allies of the particular media or just call the editor’s office and ask how they got this information.

    If the exposed information is not true you can either seek an injunction or sue for reputation damages. However, if the story about you is true, your next move should be to urgently call your crisis team and try to predict your rivals’ further intentions.

  9. Setup traps.

    Here is a little strategic game. If you wanna make sure that all of your problems are due to an intended negative campaign, place bait all over your networking systems and see who falls into the trap. You can do this by posting specific juicy information (it could be true or false, but definitely something that is not a threat to your business) in some of your internal applications. If this information is leaked after that, you can always check your networks and find the IP address of the intruder. Additional hacker/hi-tech tricks can also be used.

  10. Personal BPR.

    Here is the good news. Unlike corporate defamation, negative personal attacks are easier to detect. Their main aim is to destroy personal reputation and involves all of the methods used for other types of organizational violation.

    Usually one the most common signs of BPR, is that the target suddenly becomes involved in many unpleasant situations.