Back in the day, I was an engineer with expertise in three areas that collided after the terror attacks on 9/11; industrial control systems, water & wastewater treatment and software development. A highly unlikely series of events (too long to recount here) led me to become heavily involved in the areas of vulnerability assessments and risk management for the Australian water industry.
And now I’m going show how that experience can help save save you from an internet marketing disaster.
In a previous newsletter, I told you that it’s important to diversify your social media marketing portfolio. I mentioned that you don’t want to have all (or most) of your eggs in one basket in order to protect yourself from potential threats like a service shutting down or your account being suspended. But we don’t have an infinite amount of resources and any business needs to prioritize the allocation of those resources. How exactly does a business understand, quantify, rank and mitigate those risks?
You guessed it; an internet marketing risk assessment.
Why to Perform an Internet Marketing Risk Assessment
[nonmember]The Inbound Marketing Inquirer is a weekly premium article that’s free to view for members. Create a free account now:
[register_inquirers (free)][/nonmember]
[ismember]
Before I explain how to perform an internet marketing risk assessment, let’s talk about why they’re a good idea. As I’ve mentioned many times before, threats abound in the world of internet marketing but they’re not all created equal. Some are much less likely than others and their impacts can be very different. In fact, the same threat may have almost zero impact on one business but a terrible consequence for another.
Let’s consider a very short list of hypothetical threats that your internet marketing program might face:
- Various forms of website attacks
- Distributed denial of service (DDOS) that shuts down the site
- Hacking that causes defacement
- Malware resulting in Google penalty and/or blacklisting
- Claims of copyright infringement against your content (see how one blogger lost five years and 100,000 posts worth of work)
- A Google penalty cripples your referral traffic
- A social media contest goes horribly wrong
- One of your employees publicly embarrasses a customer
You get the idea. These are all threats that businesses face with their internet marketing, but their likelihoods are all different and so are their consequences. Maybe your company handles sensitive information through its website and already has extremely tight security and monitoring. In that case the likelihood of a hack is probably (hopefully) very low. And if you only get 5% of your website traffic from organic search than a Google penalty is both highly unlikely and also of very little consequence.
Unless you can organize all of these threats in a way that lets you understand their relationship to your business, it will just give you a big ice cream headache. But once you can do that, it becomes clear which ones are prioritize and which ones are not. You can establish a ranking of the largest threats and take them on one by one to mitigate them.
Here’s how to do that:
How to Perform an Internet Marketing Risk Assessment
It’s time for a couple of disclaimers. The methodology I’m going to cover is best described as “quick and dirty.” There are many types and levels of risk assessment that trained professionals employ for high stakes situations every day in finance, insurance, security and other areas. What I’m describing is a sort of “back of the napkin” approach that will help you identify and prioritize a specific set of risks.
In other words, please don’t use this to secure your water treatment plant or manage your 401K.
The Risk Assessment Process
A typical risk assessment process includes the following steps:
- Identify: Create a catalog of all of the risks you face in your marketing efforts. These could fall into multiple areas such as loss of traffic, reputation damage, loss of assets, etc.
- Analyze: Utilize qualitative, semi-quantitative and/or quantitative methods to calculate risk based on likelihood and consequence ratings.
- Treat: Take steps to avoid, reduce likelihood, reduce consequences, transfer or retain the risks, then develop and implement a monitoring plan.
In this article, in the interest of keeping it somewhat shorter than the Encyclopaedia Britannica, I’ll focus on one aspect of the second step; semi-quantitative risk analysis.
Semi-Quantitative Risk Analysis
A high level definition of risk is the likelihood of a threat occurring and the consequence of that occurrence. For example:
- Low likelihood, low consequence: There is little chance that I’d miss watching the Game of Thrones season finale but if I did it’s of little consequence because I can DVR it and stay off of social media until I watched it.
- Low likelihood, high consequence: A giant asteroid hitting the earth is extremely unlikely, but the consequence would be the extinction of mankind.
- High likelihood, low consequence: When you but a lottery ticket, it’s highly likely that you’ll lose but what were you really going to do with that dollar anyway?
- High likelihood, high consequence: Angelina Jolie recently had a double mastectomy because she had a good chance to contract deadly breast cancer.
After you create a list of threats, the next step is to assign a risk level. Threat templates are a useful tool for doing this. Using a table similar to the one above, they work by matching up a likelihood and consequence for each threat. It’s called semi-quantitative because you’re using judgement (not mathematical calculations) to assign a ranking that results in a final calculation.
In order to utilize this type of threat template, you need to establish consistent descriptions and/or calculations for likelihoods and consequences. For example, you may settle on using four likelihoods; extremely likely, somewhat likely, somewhat unlikely, extremely unlikely. Or you may want to break them out into specific percent chances of their occurrence. Similarly, the consequences need to be either qualitatively or quantitatively described. Perhaps you can estimate monetary damages in each case or else simply rank them as inconsequential, moderate, terrible and catastrophic.
The Risk Management Process
Once you create a list of threats and assign a risk level to them, you’ve begun the creation of a risk register. Now it’s time to treat those risks. The first step in risk treatment is to monitor the risk. If you’re concerned about Google penalties, then you might implement one of the many professional SEO monitoring tools on the market to track and identify potential problems. In doing so, you also need to establish a schedule measuring and reviewing along with the roles and responsibilities of anyone involved. You’ll need to establish metrics and limits for each risk you’re monitoring. For example, the number of exact-match anchor links could be a Google penalty metric you’d want to keep an eye on.
From this point forward, it’s a “Lather. Rinse. Repeat.” process. Measure, take mitigation steps, repeat. By implementing a semi-quantitative risk analysis, you’ll have a reliable tool to help you identify your biggest risks, properly allocate resources and measure the effectiveness of your efforts.
[/ismember]
Top Marketing Stories of the Week
LINKEDIN SPONSORED POSTS: 1,819% BETTER CTR PERFORMANCE THAN PPC, 73% LOWER COST
Christopher S. Penn recently gave LinkedIn sponsored posts a shot and told us about his experience.
The 100 Best Free SEO Tools & Resources for Every Challenge
The title says it all!
Food Truck Worker Says He Was Fired For Tweeting About Customers Who Didn’t Tip On $170 Bill
This is the story I’ve been calling a social media “triple fail.” Nobody won in this except maybe us observers getting lessons in what not to do.
