TSTT's communications breach

Paolo Kernahan

"How to squander trust and alienate customers." This has to be the handbook TSTT managers are reading from.

Reports trickled out of a major digital raid on the company's database – people's personal information had been "dumped" onto the dark web.

TSTT, for its part, suggested hackers tried but failed to access its systems. Its statement said, "At the onset of the threat, TSTT's incident response processes were swiftly activated."

The line minister, Marvin Gonzales, presumably armed with assurances from TSTT, confidently put his head under the guillotine and said, "That is not true."

It was eventually proven to be true.

The company vacillated in print between throwing doubt on whether the purloined data came from its systems to eventually admitting – Yeah, that's us. Hard luck dey!

Still, the severity was downplayed: "No data was lost or manipulated..."

Technically, it wasn't being dishonest. The data wasn't lost per se – it could be found by anyone with the know-how and intent on the dark web.

It's important to get one point clear: no one is expecting TSTT's data systems to be impervious to cyberattacks. As IT systems have become more sophisticated, so have hackers. Malware is being deployed to extort companies and people everywhere. People's identities, intellectual property, and credit card information are stolen every day online. That's just the nature of the world we live in today.

TSTT can be forgiven for a breach of its data systems; a wilful breach of the public trust is another matter entirely.

After first issuing a denial, TSTT's credibility on everything it said thereafter was shot. Indeed, there was a sense that people who were clanging the alarm bells about the incident were being accused of mischievousness.

Here's why a proper communications strategy was so important in this affair.

Ordinary citizens don't understand data dumps and ransomware and the dark web and all this. Few people know what it means for their sensitive information – identification, email addresses, scanned personal documents, etc – to be released into some sort of criminal digital underworld.

Where was the counsel for the public on whether they should change passwords, for example? Basic instructions on what they could do to protect their personal information online?

But then, TSTT couldn't very well do that after having pooh-poohed the idea that the data breach was anything to be worried about in the first place.

This was a massive communications failure from a massive communications company.

It's worth noting that TSTT is also, traditionally, one of the highest-paying companies in TT. One would think there would be competence, awareness of best practices and performance commensurate with bloated salaries.

The company's approach to the breach bore the tenor of an old-school standard denial – a contagion it was happy to pass on to the line minister. And we all know how uncomfortable politicians are with telling untruths to the public.

Why wasn't anyone fired for misleading the minister and causing him public embarrassment? The answer is simple: accountability is a completely foreign concept in this country.

What TSTT and other entities like it don't understand is, they're operating in a world that's changed, even if, fundamentally, they haven't.

More than ever, and for better or worse, digital platforms have democratised information. The old gods, the gatekeepers, have less sway over a public who can now freely access information online with a few clicks.

Pretending that this isn't so isn't just negligent, it's foolish. Either you get ahead of the narrative or have it written for you.

Crisis communications are nonexistent in this country. Businesses either don't care or don't think interacting honestly with the public holds any value for them.

To be fair, Trinis' tolerance for contempt and carnal abuse knows no finite element.

This absence of crisis communications is pervasive in our society. Recently there were complaints from members of the public about unauthorised charges made to their credit cards seemingly emanating from PriceSmart.

When the media contacted the company for comment, the response was...a dial tone.

PriceSmart may not have been at fault in this instance. Abysmal communications, though, did nothing to endear the company to aggrieved customers.

Both public- and private-sector players need to get with the programme. Society as a whole has got away with not needing to adapt to a changing world because we had the inoculation of money.

That's gone. Now we must either catch up or catch hell forever.