Billions of Google searches occur every day. Sources estimate that the average person conducts between three to four daily Google searches. While these statistics do not include searches occurring on Bing (2.96%) or Yahoo (1.51%), Google maintains about 92% of the search engine market share. While Google is protective of specific search statistics, the company does provide a yearly list of the top trending Google searches. A quick review of the trending search list for 2021 shows both companies and individuals among the top searches. It is safe to say that you and your company are being Googled frequently.
Google provides us with an immense amount of information at the click of a button. While Google undoubtedly makes our lives easier, this instantaneous access to information has created an opportunity for cyber-attackers to interfere with search results.
While you can’t completely avoid an attack to your online reputation, you can take preemptive measures to minimize the impact and duration of reputational cyber-attacks. Businesses and individuals should consider the following seven simple steps to protect their online reputations.
1.) Conduct Regular Google Audits of Your Online Reputation
The value of conducting regular Google searches of your name and business cannot be understated. While most people occasionally Google themselves, many only do so when applying for career opportunities or engaging in an important business interaction. Unfortunately, if something negative pops up during a job search or potential business opportunity, it is often too late to do effective damage control.
Damaging internet content should be removed or corrected as soon as possible. Negative internet content, especially content of a salacious nature, has a tendency to spread rapidly. A simple comment can be liked, shared and republished, transforming a simple internet cleanup issue into an expensive, overwhelming and catastrophic problem.
People should have a firm grasp on the results of a Google search of their name and/or businesses. Because search results are constantly changing due to algorithmic updates, searches should be done regularly and frequently.
A reputational threat can take many forms. It can be a news article, photograph, negative business review, social media post or even a threat from an anonymous online actor.
When conducting a search result analysis for an individual, the searcher should consider undertaking the following types of Google searches:
- Full First Name and Last Name
- Shortened First name and Last Name
- First Name and Maiden Name
- First Name (full and shortened) and Last Name and City of Residence
- First Name (full and shortened) and Last Name and Current Place of Employment
- First Name (full and shortened) and Last Name and College
- First Name (full and shortened) and Last Name and Occupation
When conducting a search result analysis of a company, the searcher should consider the following types of searches:
- Full Company Name
- D/B/A
- Company Name (Full and D/B/A) and the word “reviews”
- Company Name and the word “complaints”
In addition to reviewing the first few pages of search results, the searcher should also monitor image and video results. Any concerning content should be quickly documented by URL and screenshots so that it can be addressed.
2.) Set Up Google Alerts
Conducting regular and effective Google searches can be extremely time consuming, but it doesn’t have to be. There are countless automated monitoring services that can assist in conducting monthly, weekly, daily and even instantaneous searches of your name or brand. People interested in protecting themselves or a business from online reputational attacks can consider paid and free monitoring services.
Here are some simple suggestions:
- Google alerts: a simple tool that can help you monitor your online reputation. Google alerts is free, easy to use and can provide notifications as often as you would like. You can create a Google alert of a subject here.
- Paid Monitoring Tools: There are various paid monitoring tools that exist for both individual use and for business use. We recommend checking out online reputation management software programs like Podium or Birdeye, which offer access to media monitoring, online reporting, consumer intelligence and much more via a paid software subscription.
- PIMeyes: a paid image monitoring service that monitors the web for images. PIMeyes utilizes facial recognition software to monitor your face on the internet. This monitoring software not only detects the location of the specific image you uploaded, but it also detects related images. So, if you upload one image to PIMeyes and conduct a search, the software can also show you the location of other photos of you on the internet. You can check out PIMeyes here.
3.) Buy Your Domain Name
Buying your domain name is one of the most powerful defenses you can enact to protect your online reputation. When a person wants to attack your online reputation, one of the easiest and quickest ways to do so can happen through the purchase of your first and last name as a domain name.
For more context, consider the following domain name attacks we have seen at KJK:
Case #1: The Internet Attack on A Company
A disgruntled employee quit a non-profit organization. The ex-employee endeavored to take down both non-profit and the leadership of the non-profit. The ex-employee purchased a domain name for the non-profit. (This often looks like purchasing a .com extension instead of a .org extension). The ex-employee continued to publish negative and false commentary about both the leadership and company. The ex-employee amplified the smear campaign by adding new pages to the website, daily, including anonymous testimonials allegedly penned by current and past employees. To further increase the social reach of the site, the ex-employee claimed the non-profit’s name on social media profiles and paid for a Google Ad campaign to increase the visibility of the website so that it displayed prominently on the first page of Google in a position that was above the company’s actual webpage. The website received so much attention that the complaints were picked up by news platform, resulting in news articles.
While a company and the leadership members experiencing a similar situation as the aforementioned scenario would likely have legal claims, ranging from employment claims to defamation and privacy torts, this situation creates an expensive and complicated issue for a company. Once something becomes public, it may be difficult, if not impossible, to remove. In the above case study, the business had no choice but to target the website and the news articles to try to remove them. Unfortunately, a situation like this can embolden other employees to take similar actions. Furthermore, the ability to publish online content anonymously adds an additional layer of complication. The risks of this distressing and public situation occurring can be minimized if a company buys multiple variations of its domain name, and further claims related social media profiles.
Case #2: The Internet Attack on a Company Leadership Member
A leadership member of a large company separates from a company to pursue other opportunities. During the separation, this leadership member receives a series of threatening emails from an anonymous email address. The threatening emails direct the leadership member to a website. The leadership member checks out the website and discovers that the domain is comprised of his first and last name. The website appears at the top of a search of his name and contains a photo of him. While the leadership member is searching for employment, he spends the next two years in litigation to discover the identity of the anonymous online attacker in an uncertain and expensive process.
While the leadership member was able to discover the identity of his attacker, this process took two years. Furthermore, the data points were extremely difficult to trace, with no guarantees that the end result would yield identification of the attacker. Situations like the above can be mitigated by the purchase of your first and last name as a domain.
Case #3: A Personal Attack
A man searching for employment conducted a Google search of his name and discovered that someone purchased a domain containing his first name and last name. The website contained false accusations of sexual assault, his photos, his social media profiles and the name of his current company.
Because the man did not discover the website until many years later when he was applying for jobs, and the website was no longer active, his removal options were limited. A person in a situation like this would have no choice but to file a lawsuit or try to get in touch with the website operator.
While all three of the above client scenarios are different, there is one disturbing similarity. The cyber-attacker utilized the same tactic to attack the subject’s reputation through the purchase of the individual or company’s domain name. This strategy guarantees that the attacker will have high placement of his or her message on Google, thereby taking control of the subject’s reputation.
Fortunately, becoming the target of a domain name attack can be minimized by preemptively purchasing domain names containing your first and last name and/ or your company’s name. Domain names are often extremely cheap to purchase. For example, GoDaddy charges $2.99 a year for your first domain. A person purchasing a domain should also consider paying for upgraded privacy protection services so that private contact information is not public.
Individuals, members of corporate leadership and businesses should think about purchasing the following domains:
- FullFirstNameAndLastName.com
- ShortenedFirstNameAndLastName.com
- FirstNameAndMaidenName.com
- FullBusinessName.com
- BusinessD/B/A.com
Purchasers should also consider purchasing multiple extensions of the above, including .com, .co, .biz and more.
4.) Claim Your Name on Social Networking Sites
As illustrated in the first case study in section three, an easy way for cyber-attackers to damage your online reputation is by claiming your name as a handle on a social media site. An attacker can then publish damaging information to that handle, create an account impersonating you or even extort you for money. Claiming your legal name and business name on social media profiles is a quick and easy way to protect yourself from a reputational cyber-attack on social media.
Keep in mind that many social networking sites have policies against social media handle squatting. While social media handle squatting is prohibited, the reality is that there is an entire black market for the purchase and sale of account handles. If you are going to claim your social media handles, you should make efforts to publish some information to it so that the account is not taken for lack of use.
5.) Claim Business Directory and Review Profiles on Directory and Review Sites
Online reviews and business directory sites have become an essential promotional tool for companies. The value of positive online reviews cannot be understated. Unfortunately, negative reviews must also be addressed. While negative reviews have become an unavoidable cost of doing business, some negative reviews are published as the result of a reputational cyber-attack. The negative effects of a fake review can often be mitigated by a timely and calculated response. Fake reviews that do not represent an actual customer experience can be removed.
In a situation involving fake online reviews, quick action is necessary to minimize damage. However, operators of a company cannot take effective action against online threats if they do not control online business profiles. Claiming online business profiles on review sites like Google My Business and social media platforms like Facebook can help a company control the narrative before, during and after a crisis. Additionally, the companies operating business profiles and review sites often have internal support teams and tools to assist users in addressing issues occurring on the platforms. These support teams and tools are often difficult, if not impossible, to access without claiming your business profile.
6.) Reevaluate What Information You Publish on Social Media Sites
Anything you post on social media, including from a private setting, can become public information. Even well-intentioned posts meant for small groups of people can be misinterpreted and shared with a larger audience, resulting in immense reputational damage. Social media users who are interested in minimizing the risk of an online reputational attack should exercise extreme caution before making any posts that could be considered salacious, risqué, insensitive, or overly political.
Social media users should also be aware that social media accounts on platforms like Instagram and Snapchat consistently get hacked. Hackers often pull valuable information about a victim from his or her social media account. This includes a victim’s legal name, email address, physical address, phone number, current location, photos, and even valuable clues about passwords. Hackers can then use this information to harm you by exposing your private information to the public, impersonating you, and extorting you for money.
Social media users should not store any information on social networking sites if they are not comfortable with that information becoming public (this includes storing private, intimate photos). You may also want to consider refraining from providing social networking sites with your full legal name or utilizing an email address that contains personal, identifying information. For more tips on how you can protect your privacy on social media, please check out our article, Ten Ways You Can Protect Your Privacy on Social Media.
7.) Create a Company Policy That Encompasses Internet Content
Internet policies have become a necessary component of employee handbooks. These policies offer guidance to employees about appropriate technology use in the workplace. But internet policies can also be used to protect a company’s reputation from future online attacks by current or former employees.
While employees have certain rights under various state and federal laws to discuss negative company experiences, they do not have a right to disparage an employer with company-owned technology and resources. A company can minimize the risks of an employee led internet attack by drafting a policy that governs the appropriate time, place and manner for employees to utilize technology. This should encompass firm software and computers, company and personal cell phones, as well as social media publications. Companies should, additionally, have a protocol regarding the proper use of copyrighted and trademarked company materials, both during and post-employment. Lastly, companies should consider establishing prohibitions against the public disclosure of a company’s internal processes or procedures, exclusions against posting content that harasses, threatens or disparages colleagues, customers or clients on the web, and limits to taking photos in the office of a company’s confidential or proprietary information.
Our Attorneys Can Help You Address Cyber-Attacks to Your Online Reputation
Negative content can often be removed or pushed down in Google search results. But effective removal requires quick and calculated action. If you discover negative internet content and you want address it, the internet defamation and content removal attorneys at KJK can help you assess your options. This can range from taking legal action to hiring a crisis management public relations professional or utilizing the services of a suppression company. If you have questions questions about this article or would like to discuss further, please contact KJK Defamation & Content Removal Attorney Ali Arko (ALA@kjk.com; 216.716.5642).