[00:00:00] Nathan Wrigley: Hello there and welcome once again to the WP Builds podcast. You've reached episode number 387 entitled building customer trust through transparent crisis management with Marc Benzakein.
It was published on Thursday, the 29th of August, 2024.
My name's Nathan Wrigley, and before we get to Marc and our interview and chat about this really interesting subject. First of all, a few bits of housekeeping.
The first thing to mention is that if you like what we're doing, head to WP Builds.com forward slash subscribe. Follow us on those channels that you find there. You can message us on those channels. And probably the best thing to do is to submit your email address into one of the forms there, and we will send you a notification, an email notification, twice a week. One when we produce a podcast episode, that's what you're listening to now. That comes out on a Thursday. But we've also got our, this weekend WordPress show, which we do live every Monday, and that is repurposed on the following day. So the Tuesday as a podcast episode as well. WP Builds.com forward slash subscribe.
The next thing to mention is that if you would like to get your product or service in front of a WordPress specific audience, well we have that. And you can find more details at wpbuilds.com/advertise. And four fantastic companies that have done that are GoDaddy Pro, Bluehost, Omnisend and Memberful.
The WP Builds podcast is brought to you today by GoDaddy Pro. GoDaddy Pro the home of managed WordPress hosting that includes free domain, SSL, and 24 7 support. Bundle that with The Hub by GoDaddy Pro to unlock more free benefits to manage multiple sites in one place, invoice clients, and get 30% off new purchases. You can find out more at go.me/wpbuilds.
We're also joined by Bluehost. Bluehost, redefine your web hosting experience with Bluehost Cloud. Managed WordPress hosting that comes with lightning fast websites, 100% network uptime, and 24 7 priority support. With Bluehost Cloud, the possibilities are out of this world. You can experience it today at Bluehost.com/cloud.
We're also joined by Omnisend. Omnisend, do you sell your stuff online? Then meet Omnisend. Yes, that Omnisend. The email and SMS tool that helps you make 73 bucks for every dollar spent. The one that's so good hits almost boring! Hate the excitement of rollercoaster sales? Prefer a steady line going up? Then try Omnisend today at omnisend.com.
And we're also joined by Memberful. Memberful, building a membership website? Check out Memberful. Memberful allows you to easily add gated content, private member spaces, payment collection, and more to your WordPress website. Get started for free at memberful.com/wpbuilds. That's M E M B E R F U L .com forward slash WP Builds.
And sincere thanks go to GoDaddy Pro, Bluehost, Omnisend, and Memberful for keeping the lights on over at WP Builds. Do remember content like this cannot be produced without the help of these fabulous sponsors. So all of them in turn, thank you so, so much for helping us keep on keeping on.
Okay. What have we got for you today?
Well, it's a podcast episode with Marc Benzakein. Marc, as you will hear, has been in the tech space for a very long time, especially in the WordPress space. But this episode is really different. We've never touched on anything like this, because this is all about something that happened in a business that Marc was working with several years ago, where essentially they were, if you like, hacked. And they faced the demand for a very large amount of money.
And it's all about Marc's approach to handling that, and keeping the customers. Because obviously, if something like that happens, it would be easy to go into denial mode. Just ignore the problem. Don't mention it to the public, to your customers. But that's exactly what mark didn't do. He opted instead for transparent, open, and honest. And you can hear for yourself the results of that, and how Marc feels that's the best way to go forward, should this happen to you?
So here it comes. I hope that you enjoy this episode.
I am joined on the podcast by Marc Benzakein. Kain. Kein.
[00:04:59] Marc Benzakein: Benzakein.
[00:05:00] Nathan Wrigley: Benzakein. I've done this to you so many times.
[00:05:03] Marc Benzakein: That's alright. I, if it were Smith, if my last name was Smith and you were, mispronouncing it, that would be, embarrassing. But, Benzakein.
[00:05:13] Nathan Wrigley: Marc's. been on this week in WordPress several times, and and I thought it would be really nice to bring him over onto the WP Builder Podcast to have a chat. as is always the case, we share show notes prior to the recording of the podcast audio. And Marc was very kind to offer me up about eight different subjects.
And the one that I chose is unlike anything we've ever recorded before. Basically, it's gonna be a story. With me interjecting and going, wait, what? How no. that kind of thing. It'll be really interesting. But before we get to that Marc, just tell us a little bit about you. This is a WordPress podcast, so maybe skew it, skew your biography in the WordPress direction, but over to you. Just tell us who you are and all of that.
[00:05:56] Marc Benzakein: WordPress, isn't that a blogging.
[00:05:58] Nathan Wrigley: It's a blogging platform. Nothing.
[00:06:00] Marc Benzakein: Okay. Yeah. My name is, Marc Benzakein, or Benzakein or however you wanna call me. And, And, I, have pretty much been involved in technology since the age of 10 when I started doing programming on the mainframe at the university. My dad taught at, I was up there all the time and I think that, all the professors got so sick of me that the math and computer sciences department decided to gimme an account and. And shoved me into the little terminal rooms and, I was hooked ever since. And, throughout my life, I've been involved in everything from photography to network administration, to building an ISP to, To eventually getting involved in WordPress. I was the operations manager at ServerPress for about 10 years where we made a desktop server and, which is a, local development plat, software.
And, Ended that in 2022. And now I am currently doing marketing and PR type stuff for a couple of companies. MainWP is, the main one. And, and, I have a. Family, eight kids, six of whom have been adopted, through foster care. And, that's a whole nother story. And then, I got one, who's graduating, in June. And life moves pretty fast.
[00:07:46] Nathan Wrigley: Yeah. I, I confess when, I hear the number eight with associated in the sentence, I have this many kids that's, oh, that's, that's, I, have three and, man alive.
[00:08:01] Marc Benzakein: Let me tell you, for a long time it was just one kid. And what I found is that, it, there's actually this thing called that, that I call subtraction through edition. The more kids you have, the more they entertain each other.
And, I remember there was one time that I had. I literally, from all the neighborhood kids and everything, there were 19 kids in the house and I was the only adult and, and I was sitting in the living room.
I was actually watching tv and I had this moment, just this brief moment where I thought to myself, if these kids realize that I'm the only adult in here, if they stop long enough to realize I'm a dead man.
[00:08:43] Nathan Wrigley: I always think that about teachers, the teacher at the front of the classroom, if the kids figured it out, the ratio, is definitely against teacher, the.
[00:08:52] Marc Benzakein: Yeah. Then it becomes a whole Lord of the Fly.
[00:08:54] Nathan Wrigley: Yeah.
[00:08:55] Marc Benzakein: After that.
[00:08:56] Nathan Wrigley: Anyway, we're already off on attention. Marc and I, got in contact with each other about an hour and a half before this podcast started, and we were supposed to press record more or less immediately, and we just got, chatting.
So this'll probably be an, a lovely random ram rambly episode, but let's see where it goes. So the, thing that you said to me was. One of the things anyway that you said you might like to talk about, was about crisis management and I've, never ever thought about this. Not even a little bit. the worst that's happened to me is that my WordPress websites have gone down.
I've had to find a backup and all of that kind of stuff. But then I clicked on the link that you provided and read the story. And as I read through the story, I was absolutely certain this is, what we're gonna talk about. 'cause it's so interesting. Now we, will link to a document that you can read to give you the full story.
But where's the
[00:09:55] Marc Benzakein: actually, by the way, that's actually not the full.
[00:09:57] Nathan Wrigley: That's not okay.
[00:09:58] Marc Benzakein: Yeah.
[00:09:59] Nathan Wrigley: Okay. It gets better, but there's no point in for the podcast audience, we really need to be told that story. So let's rewind the clock. Let's go back to the beginning of this. where were you working? What was the kind of role that you were doing?
What was the company? And then honestly, the floor is yours. Just tell us this story and we'll get into it. and I'll interrupt if I see fit.
[00:10:23] Marc Benzakein: so this happened and I want to say I know that it was, in March of, I want to say 2001, but I'm not absolutely positive. It might have been two. Thousand two. Anyway, somewhere in there. And the reason I know it was in March was it happened at the same time that my brother was getting married.
[00:10:44] Nathan Wrigley: Oh.
[00:10:45] Marc Benzakein: and so I had, thank goodness he did not ask me to be his best man, but I did have groomsman duties and family duties and people flying in from all over the place. And, and this happened basically over a weekend, the same weekend that my brother was getting married. And so it was, It was a really fun, quotes, thing to manage. But, essentially what had happened was, We had, there was a, a, security breach. we, I was running a company called Link Line Communications. At the time I was, I think I was the network administrator. I might have been the general manager.
I don't remember. And we had gone through quite a few changes structurally as a company. we had brought in a new CEO, and a number of things had happened and, this, a lot of people are gonna just, I. Freak out over this, but we were running, Microsoft, IIS at the time. and there was a security breach where, somebody had emailed us, and this was, so there were several things that happened, some things that frustrated the living daylights outta me, which was there was a hacker who had emailed our CEO and said.
I have access to all of your customer data, and if you don't pay us, it was, he wanted $40,000. I think if you don't pay me $40,000, I'm going to go to your customers and tell 'em that I have their data, blah, blah, blah. the typical extortion thing. And what was frustrating to me was, I, there are very few people that I. The humanly dislike. The CEO happened to be one of those people in my life, and, he didn't. and by the way, he liked me as much as I liked him. So the frustration for me was he had been getting this emails for about two weeks and had not told me about them.
[00:13:01] Nathan Wrigley: Oh.
[00:13:02] Marc Benzakein: What had happened was I was having a meeting with my network administration team and somebody says, what are we gonna do about this Terrio situation? And I said. What Terrio situation and Oh, didn't, apparently the CEO had end around me, gone to one of the network administrators and said, Hey, I'm getting this email. Is there anything to it? And they said, they'll look into it. it turned out they had looked into it and they had found that there was actually, a, a. Hole, a security hole within IIS that would have allowed him to access this customer data.
And my immediate reaction was, of course, I wanted to throw up. And then after that it was anger because this was something that we should have addressed. In my opinion, two weeks ago when the emails started coming in, which is what turned it into a bigger crisis, because then all of a sudden the clock was ticking because he had given us a deadline. And, I. And so I, thought about it long and harder, and I'm like, this is above my pay grade to deal with this. I, I, my thing was, I know we need to get ahead of this somehow. I know that we need to take care of the problem first and foremost, but my whole thing. From day one, was always be honest with your customer.
Especially, I used to say this all the time. Keep in mind our hands are in their pockets, okay? And nothing is going to lose. Nothing is gonna cause a user to lose faith faster than when you have your hands in their pockets and you're not being truthful with them. The whole basis, the whole foundation of trust, everything that you have in a relationship with your customer is out the door. And, so.
[00:15:12] Nathan Wrigley: Can I just pause you there.
[00:15:14] Marc Benzakein: Oh yeah, Absolutely,
[00:15:15] Nathan Wrigley: the story for a moment. 'cause I wanna know a couple of things about the company. First of all, what kind of industry, was this, what.
[00:15:23] Marc Benzakein: Okay, this was an internet service provider. so this was, the early days of, the, kind of the wild, west of the internet. a little bit. It was, post A-O-L-A-O-L was already on its way out. More and more people were going, it was dial up. people in their 56 k, sports, their modems and if you remember all that stuff and.
[00:15:46] Nathan Wrigley: And what kind of data were you holding back then? I'm guessing, email addresses, names, physical.
[00:15:54] Marc Benzakein: And physical credit cards.
[00:15:55] Nathan Wrigley: Oh.
[00:15:56] Marc Benzakein: Yeah. Back then, it wasn't as easy for people to pay by PayPal or, whatever and or Stripe or. Fact, stripe and, square, we had to have relationships actually with a credit card processor. And you remember the old days of the credit card terminals with the buttons on 'em and okay, you either had that or you had. A very rudimentary kind of system that people could put their credit card information in. But generally people called us in with their credit card numbers and we entered it into our system. And so we had all of this information and.
[00:16:33] Nathan Wrigley: Okay.
[00:16:35] Marc Benzakein: This was a long time ago. There have been a lot of, security things that have gone into place as a result.
[00:16:41] Nathan Wrigley: Right. Yeah. Tokenized payments and all of.
[00:16:43] Marc Benzakein: To, yes. Yes.
[00:16:45] Nathan Wrigley: But the point is you've got data, you've got really valuable data that could, be exploited for financial gain, but could also be socially engineered. you've got their addresses and their names and things like that.
just one other thing. How do you have any notion back in that year, 20 21, 20 22, whichever it was, how prevalent were.
[00:17:06] Marc Benzakein: Let's go 2001. 2001. 2002.
[00:17:09] Nathan Wrigley: Yeah. Oh, sorry. Apologies. Yeah. Yeah. 2001. 2002. How, prevalent were, hacking, attempts back then, because you hear it all the time now. In fact, it's, it's an industry. There are people who just do this as a day job, but back then was this kind of thing much more rare.
[00:17:28] Marc Benzakein: Yes and.
No. it was. was probably, I'd say percentage of hackers versus percentage of legitimate users is probably the same as it is now.
[00:17:40] Nathan Wrigley: Yeah.
[00:17:41] Marc Benzakein: maybe not. They were, back then hackers had to know what they were doing these days, you can go on the internet and find a formula and it's I can bake a cheesecake from scratch. I don't know the first thing about baking, but I can go online and find the information. Whereas 20 years ago, I'd have to like. Go to the library, get a cookbook or something. It's the same, thing.
And, and there were people, there was no such term that I remember back then. I could be wrong as an ethical hacker, but the whole thing that always was interesting to me was I was always hacking things just to see if I could do it. And, so there's that whole ethical hacker side of things. And then there's the people that want to extort. Money out of you or, do something else nefarious, corporate espionage. corporations were paying hackers big bucks to be able to get into other people's data files and things.
[00:18:42] Nathan Wrigley: Okay. So it hacking was a thing.
[00:18:44] Marc Benzakein: It it was a thing It was a thing. Yeah.
[00:18:46] Nathan Wrigley: Okay. Sorry, I, interrupted the.
[00:18:48] Marc Benzakein: That's okay.
[00:18:49] Nathan Wrigley: at the point where you were talking about, trust and honesty and how the whole pyramid of a company really relies upon the foundation of trust. carry on. Okay.
[00:19:00] Marc Benzakein: and the thing is, I knew that it was important that I was, I knew it was important that we controlled the narrative, and I, don't want that to sound like manipulative.
[00:19:19] Nathan Wrigley: Yeah.
[00:19:20] Marc Benzakein: but. In a way, I guess it is, but for me, controlling the narrative, the, fundamental. Philosophy behind controlling any narrative is it has to be based completely on truth, right? You can't control a narrative and have it be based on a lie because it's just gonna fall apart. However, if you say nothing or if you sweep it under the rug, or if you hide it, then what you're doing is you're giving control to everyone else to control the narrative.
[00:19:54] Nathan Wrigley: Right.
[00:19:55] Marc Benzakein: And humans being what humans are, we're going to make the narrative the worst possible narrative we can come up with. They did this on pur purpose. they were sloppy, they blah, blah, blah, this and that and the other thing, because that's what we do as humans. And and the reason they're going to believe that narrative is because we didn't say anything about it in the first place, which means we have something to hide.
[00:20:24] Nathan Wrigley: Yes. I think in, this generation now with, there's so much history of just saying nothing, literally saying nothing in the face of a security breach or just playing it down, pretending oh, a little bit of customer data may have been compromised. Whereas, a year later we find out that the entire. database was, exfiltrated, including credit card information and what have you. And, then that's the moment where you really do lose trust with that company. Look for good, really.
[00:20:56] Marc Benzakein: Correct. Correct.
[00:20:57] Nathan Wrigley: all those bridges, so you want to control the narrative, but not from a nefarious point of view, but from the point of view of, look, if we tell the truth from the outset, we can maybe salvage something of our reputation from this. Okay.
[00:21:11] Marc Benzakein: And it's not just that, but it's getting the right message out there, you can say. The same exact thing two different ways. And one way comes across as positive and proactive, and the other way comes across as negative. And, and you're washing your hands of it.
this particular security breach was something that actually was, something that Microsoft came out and said, oh yeah, this is a known issue, et cetera, et cetera. Here's what you need to do to fix it. So, we could have just sent out the message that says, oh yeah, this is Microsoft's fault, right? This happened, but it's Microsoft's fault.
[00:21:58] Nathan Wrigley: Yeah.
[00:21:59] Marc Benzakein: Or we could say, this happened. We're very sorry that this happened. This is why this happened, and this is what we're doing about it. And this is where we need, we are trying to make this as easy on you as possible, but this is. you may need to get involved. and and so messaging is really important and I go back to. Large companies, like I go back to, say for instance, the United, issue a few years ago where they wouldn't let the women who were wearing leggings onto the plane or they drag that doctor off of the plane and you had these kind of PR nightmares where the CEO wakes up the next morning and there's like this tweet storm that happened overnight, which is why I say crisis management.
having a plan or something in mind ahead of time is important because. Back then there wasn't that 24 hour tweetstorm.
[00:22:57] Nathan Wrigley: Oh yeah. Yeah, that's true. At least you could have a week or so before.
[00:23:00] Marc Benzakein: Yeah.
[00:23:01] Nathan Wrigley: Yeah.
[00:23:02] Marc Benzakein: And, you look at a company like United or some of these big corporations and their, a lot of times their crisis management, philosophy is, we'll just wait it out because we can afford to, but most small businesses can't. Any small business, like we were a company of, I think we had 13,000 users at the time.
Which, was, it was an okay size company for an internet service provider. in that time. That doesn't sound like much now, but back then, we were growing. We were doing okay. And, but any negative, press or any negative thing, like a breach, not handled properly could impact our business in a way that we'd have to shut the business down.
We were still, and You have to keep in mind that there are some companies that they don't have to worry about the PR aspects because they've got shareholders and they know that yeah, they're gonna have a bad quarter or bad two quarters, they're gonna have to answer to those shareholders or the stakeholders. But eventually things are gonna, they've got the money, they've got the deep pockets to be able to outlast it. And that is an attitude that a lot of. Companies have I, I don't subscribe to that. I think that is right, but that's me.
[00:24:24] Nathan Wrigley: I'm, hoping that in the back of everybody's mind listening to this, if you're a WordPress user, you can imagine a sort of congruent. Scenario, something which was adjacent to this. I don't know, your, website gets hacked. Somebody deface something, your server goes down.
You've just got an a moment in time where it's gone from everything's fine to a sudden piece of information, which means that, oh wait, we've gotta pause whatever we're doing and get out in front of this. So I'm hoping, dear listener, that you are drawing the parallels here. So let's go back to the story.
[00:24:56] Marc Benzakein: Okay, back to the, story. Yeah.
[00:24:58] Nathan Wrigley: Yeah.
[00:24:59] Marc Benzakein: so what ended up happening was the minute that I found out about it, I realized I was, outta my depth. I knew that something had to be done from a PR standpoint. I knew we had to inform the customers and I knew we had to craft a message that was meaningful. I just started looking at PR agencies like randomly and. As I'm like digging in, I found this company that they specialize in crisis management. That's all that they do. I'm like, crisis management. Yeah. That's what I need. That's what this is. That's a great term for it. I'd never heard the term before. I did not know what it was, but the minute that I saw it, I was like, bingo and, so I called, I called him up.
His name was Jonathan Bernstein. I don't mind plugging him. and I called him up and I said, Hey, I have an issue. I don't know how to handle it. And he said. He said, okay, let me tell you a little bit about who I am, what I do. I'm an ex-Marine, and he went into this whole thing of, how he got into doing crisis management and, what it was and what it means to him.
And, he said, first we have to find out as much as we can about this Zil Cheerio guy, because if he's hitting you, chances are he's hit several other people. And as it turned out. the CEO finally, after I went in and had this confrontational meeting with him, he decided to call the FBI, and the FBI got involved and they're like, oh yeah, Terrio, we know who he is. He has actually extorted as much as $4 billion.
[00:26:47] Nathan Wrigley: Good grief.
[00:26:48] Marc Benzakein: Yeah, 4 billion with a B. And, and, he's done it successfully, and it's because he legitimately has the data and most companies have just paid the ransom and swept it under the carpet. we were a small company. We didn't have the $40,000 to write a check.
we could have, but it would've really put a huge dent into, into our operations. And I, I. We got the FBI involved and the FBI talked to Jonathan and the FBI said, look, this is what we know. We know that the, bank transfer that they want goes through Yemen and we suspect that this is cyber terrorism and that the money is going to towards terrorist organizations. So that's. and, so then of course Jonathan, being an ex-military guy was like, okay, we really can't give him any money.
[00:27:50] Nathan Wrigley: It definitely paints a different picture.
[00:27:53] Marc Benzakein: Yeah. And, and, I said, we're not going to give him any money, but we need to figure out how to get around this. And he says, okay, this is how we craft the message.
And so he says, we need to attack this from. The fir, the first step is the story that we need to tell is we need to attack this from, we need to hit the cyber terrorism thing hard because keep in mind, this was in the wake of 9 1 1 and, some other things. And so it was still very fresh on people's minds.
Terrorism and being hit at home and all these things were very fresh on people's mind and once again, it was based on truth. This was not made up information. This was actual facts. And, and, it sounds almost like it's to, to me it still sounds almost like it's out of a movie.
[00:28:40] Nathan Wrigley: Yeah. Yeah.
[00:28:44] Marc Benzakein: And, so it's based on, that's the important thing, but what points do we want to cover first? So the next thing that we did was we, crafted an email that was gonna go out to all the customers that basically said, this is what's happened. We want you to know about it. Here is what we are doing about it. Now, here is what we did about it. I called up every single credit card company. I gave them a list of our users and I said, please put an extra flag on all of their cards. And make sure that the charges, 'cause once again back then it wasn't like it is now. You go down to seven 11 and you're gonna get a text message that says, did you just try to charge.
$10 at seven 11? It didn't work like that back then. if, there was fraud involved with your credit card, you had to call the credit card company and, report it in general. And I had all the credit card companies flag them. and we created, I had our webmasters create a secure interface in which people could update their credit card information for payment information to us.
'cause once again, back then there wasn't like credit card forms and secure and all that stuff. there were, but it was just starting to come into, in, into, vogue. It wasn't everyday stuff. Our customers, we all basically got by a phone call. they signed up and and we did that and we put that in the email and basically said, this is what happened.
This guy named Terrio is trying to extort us for $40,000. we have reason to believe that the money is going towards, terrorism. We are not going to pay this and. In the meantime, John, the CEO was stringing Terrio along basically.
[00:30:50] Nathan Wrigley: Oh.
[00:30:50] Marc Benzakein: Look, yeah, so he was saying, look, we don't have the money right now.
Which is why if I had known about it two weeks prior, we would've had the time we needed without the stringing along because at any point in time, Terrio could have said, you know what? You strung me along enough. I'm. I'm pulling the plug. Here we go. And we basically, John bought us an extra three days during that three days, which was the weekend that my brother was getting married.
During that three days, we had network administration going through, doing a top down security audit and everything, making sure that everything was fine. We had the letter crafted, we did everything that we possibly could, and then we coordinated the, the disbursement of the email, to go out essentially the night before our. Deadline that we had strung Ter along on. occurred. So I think Sunday night was when the email went out and Monday was the day that we were supposed to pay up.
And but we didn't wanna send the email out before we had made sure that the security audit was done because we wanted to make sure that he couldn't go in and do it again.
[00:32:11] Nathan Wrigley: Got it.
[00:32:11] Marc Benzakein: And we had to time all of this just right. And, and I, remember, being at my brother's reception and I. The, the rehearsal dinner, and I was just on my phone constantly. I, feel, I still feel bad about that, that I was like on my phone constantly, okay, where are we with this? Where are we with this?
Where are we with this? But, Once again, it, this was something that didn't happen as commonly as it does now. now it's oh, mother of all breaches, what does that mean? Oh yeah.
Okay. Gotta just, yeah. But back then it was a big deal and, the thing that was really cool about this was I knew when we wrote that email, that. It was going to be well received. I knew, I could just tell, I had a feeling that people were going to read the email, they were gonna be understanding, and they were going to appreciate that we were honest and transparent with everything which, which is what ended up happening. ultimately when all was said and done. Weeks later, we would continue to get emails from, customers that basically said, the way you handled this is why we are with you as a company. We know that with technology, there are things that we don't know, can't know, can't predict, and. we appreciate the fact that you kept us informed throughout all of it. And we had contingency plans in place for you in case there was overflow, on the phone systems, for customer support, which didn't happen because we put out enough information on our website. To talk about it. we were very public about it and so we gave the people all the information that they needed upfront so that they wouldn't have to call unless there was a problem.
And so we never got overwhelmed with phone calls. Our customer service department handled things just fine. Usually it was a five minute call and all resolved. and that was. That was really what got me into man, crisis management is really a cool thing.
And, it's not something yeah, but I am so grateful for that experience because I think in terms of lots of things, it actually shaped a lot of the way that I deal with customer support and customer service now, which is. Always this idea of just always like recognizing that it is a relationship and that everything is built on trust. So if you screw up, you say, I screwed up. if it's, I remember going back to those link line days. I remember one of our, Our upstream providers was, at that time it was called GTE, but now it's called Verizon. And I remember so many times when we had, issues with the upstream provider, we'd have to call them up and they'd be like, okay, you know what's going on? And we'd explain what's going on. And you'd hear all kinds of typing going on. All kinds of typing. All kinds of typing, right? And then at the end, they're like, we don't see anything wrong at our end. But magically, after all that typing. worked, And, I remember how that made us feel like we couldn't trust GTE. Right, it made us feel like we can't trust you, but we have to have you because you're the only game in town. and my mentality was we can't ever let our fee, our customers feel this way.
[00:36:07] Nathan Wrigley: Yeah, it's a, it's so interesting this story on so many levels. A, the, fact that you are, hacked. B, the fact that you are in a, in an environment, you're in an age, so back in, 20. Sorry, I was gonna do it again. 2001, 2002.
[00:36:23] Marc Benzakein: Turn of the century.
[00:36:24] Nathan Wrigley: That, that, that like even. Yeah. But you in an era where there was no social media, so the time pressure wasn't so great, so you could play this kind of cat and mouse game with the hacker, and the hackers probably weren't that savvy about that kind of count and mouse, just assuming that A, you'd either roll over. Or B, you'd never reply to them, and what have you. And then also the fact that in the meantime you were using that time that you were buying. There must have been a part of you, by the way, during that time that was thinking, oh, this could just go south at any moment. Because really the hacker could just press go on.
[00:36:59] Marc Benzakein: Every, every, there was not a minute during that 72 hour period that I was not thinking.
[00:37:07] Nathan Wrigley: Any minute now. Just any minute.
[00:37:09] Marc Benzakein: Any minute.
[00:37:10] Nathan Wrigley: But you managed to buy the time, but in that time you did a whole bunch of things that you could then report to the customers IE, you'd got the phone system ready just in case it's swamped. You've got the credit card companies on your side and they flagged so that if any peculiar transactions start to come through, they can do that.
And then I think the key bit. Is that you couch the whole language in an apology. It's not okay, this is just a thing. Don't worry about it. There was a Microsoft thing, blah, blah, blah. It's more okay, this is bad, but, and we're really sorry. Here's what we did and let's just see where we go from here.
And it sounds from the article, this is so strange to say, but it sounds from the article as if the company did. outta this experience in terms of you gained customers and you didn't lose customers. that's incredible.
[00:38:06] Marc Benzakein: Yeah. No, I, would say that the result of all of that was that our foundation of trust with our customers increased, by multiples.
[00:38:19] Nathan Wrigley: Yeah. Yeah. Okay. Okay. So again, the parallels between somebody operating a website business where you're managing websites, you, you can draw the parallels for yourself, but there's so many similarities when you've, now that you've been through that experience and you've got 20 plus years of rear view mirror to, to think about it, is there anything about the businesses that you've been involved with since then where you've had a totally different posture in, other words, have you put.
Groundwork in so that if something like this did happen, you've got the documents ready to go, you've got the, I don't know, you've got the email kind of pre-written. You've got the, I don't even know what that means, but do you know what I mean? Has it altered the way you've done things so that you've got preparations made prior to it happening?
[00:39:08] Marc Benzakein: Once again, that's a yes and no question, answer. I think, I, because the problem with a crisis is a, crisis creates a reactionary state, right? And, you're reacting to something and you're reacting to now knowing what you didn't know. As a general rule, and because we can't know what we don't know, it's, it can be very difficult. So of course we go through our heads and we say, okay, what do we do if this happens? What do we do if that happens? And you have these theoretical, situations, but you can't know until it actually happens.
[00:39:54] Nathan Wrigley: Yeah.
[00:39:54] Marc Benzakein: Exactly how to react. It's, good to play these kind of games, quote unquote games where you are like, okay, what happens if somebody wants to extort money from us?
Or what happens if there's a security breach and all of our passwords are compromised? What do we do in those cases? How do we go about, informing our customers? What message do we want to leave our customers with? I. This is a branding thing from top to bottom. And so if your brand all along was we are transparent with our customers, come first.
And we're not afraid to expose the underbelly of, the ugliness. That may occur that may exist within our company, just because of whatever. every company has things that they're working through, but they're not perfect. And if, you're not afraid to do that, you're already laying the groundwork for. If something happens, people are going to naturally believe you because you've always been honest with them.
[00:41:09] Nathan Wrigley: Yeah. That's nice. That's worth a lot.
[00:41:12] Marc Benzakein: and that's a, that's, it's worth everything. and so it makes it a lot easier to manage a crisis when you've already established the trust. And, the honesty and everything upfront. And so I know your question was, have I changed the way that I do things? I think I'm much more willing now to discuss the things that aren't going Right.
ahead of time rather than, oh, let's just fix that and maybe nobody will notice, which probably even, back then with Link line, there probably was a little bit of that always went on.
There was, probably a, let's just fix that and nobody will notice, and chances are that was true. But, and, I'll bring up something that happened at MainWP a couple weeks ago. We had somebody who, Sent us an email and said, MainWP may have been part of this mother of all breaches thing because you may have some customers that are You know that overlap with some of these other companies that have been compromised, and if they use the same passwords everywhere, then MainWP may be at issue. So what did we do? we could have said there's nothing to this, which there probably wasn't. MainWP was never the issue. What was the issue was that we have customers at MainWP that are also customers of another company that was part of the security breach, and if they used a standard password, which a lot of people do, they use the same password on everything. Then in that particular case, their account would be easily accessible because of this other company that. That the, that the breach exposed. So what we could have easily done was we could have easily said, you know what? This really has nothing to do with Main. WP Main, WP did not have a security breach, and, we didn't.
We went through and we verified all the things that you're supposed to do, but instead, we sent an email out to our customers. Dennis wrote an email, and the, email said, look. We were contacted by a user. This is what happened, your MainWP.com account, and this only affect MainWP. It doesn't affect.
[00:43:52] Nathan Wrigley: Your little dashboard.
[00:43:54] Marc Benzakein: Yeah. I, need to make sure to, clarify that, but it says that in the email too. And we basically said, this is exactly what happened. This is why we're telling you about it, and there is nothing. For you to worry about Main, WP wasn't hacked. However, as a result of this, we are now enforcing two FA authentication Absolutely.
Across the board. so go in and activate your two fa, things like that. And the whole point of that is it's a much more proactive approach to crisis management so that you don't have to be reactive to that. 72 hour cycle where you're just like banging your head and making sure that, trying to do a security audit in 72 hours when you've got this deadline and write a pr, handle the PR with your several, thousands, 500,000 customers, million customers, whatever it might be, and trying to do all of that and coordinate that and, time that and all that when you're in a reactionary state. There's a chance you're going to miss something
[00:45:05] Nathan Wrigley: Yeah, and just in a panic sort of sword of dam state as well where the presume well anyway, carry on.
[00:45:12] Marc Benzakein: Yeah. So it's always important, in my opinion, the, first step in crisis management is to address everything. Like it's important now, and, if it is something that impacts your customers, you let 'em know. And that way when the real crisis happens, because any company, if you're in business for any period of time, eventually a crisis will hit you.
I, something who knows what it might be, but eventually a crisis will hit you. When that happens, your customers, you've already established so much trust with them that your customers are going to listen to what you have to say, and they're going to be on your side.
[00:45:59] Nathan Wrigley: Yeah. Yeah, I guess that's the takeaway from this episode, by the way. Brilliant story. Absolutely love that. But the, the takeaway is, be honest, be upfront.
[00:46:11] Marc Benzakein: Yeah. It really is that simple.
[00:46:13] Nathan Wrigley: Yeah, and, therefore, you're not gonna ruin the hard won relationship that you've got with these people. And let's be honest, nobody's massively wedded to an ISP given a chance to find another ISP for financial reasons or because some, security bombshell that you've just learned about. It's not difficult for all of those 13, 15,000 customers to just say, I'll just go find another one. There's probably.
[00:46:40] Marc Benzakein: And they, very well could have, it could have been very easy. EarthLink, was very big in the day. If you remember EarthLink, I don't know. But their corporate headquarters were half an hour from us. it was like, we were all in this little microcosm, this, kind of general area.
And, it was very easy for people to move to EarthLink or to some other ISP that, Didn't have, you know that by the way, we also very quickly soon after, changed everything to Linux servers, but that's a whole nother story.
[00:47:15] Nathan Wrigley: Okay. Yeah. Yeah. the, IAS thing is, yeah, who, who knows. But, so there we go. Encapsulated in a few words, trust. more trust and a bit more trust and possibly the word honesty as well. do those things be prepared? What a fascinating story. Like I said at the beginning of the show, we don't do stories normally.
We talk about product or we talk about, a Marceting strategy or something like that. And I think that's the first time we've done that. I think I should do more. I've really enjoyed that.
[00:47:46] Marc Benzakein: It was, it's, a fun story too.
[00:47:48] Nathan Wrigley: Oh yeah. Yeah. And I suspect knowing you a, little bit like I do now, I suspect there's a few more lurking around, in, your head somewhere.
[00:47:58] Marc Benzakein: You can't live this long without having a few stories.
[00:48:01] Nathan Wrigley: Marc Benzakein. Keen. Kind. Keen. Cain. Kind. Cain. Keen.
[00:48:07] Marc Benzakein: It's the least intuitive of everything that you wanna say.
[00:48:10] Nathan Wrigley: Marc really enjoyed having you on the podcast today. Just before I say farewell, where can people find you on the socials, on the email, whatever you like.
[00:48:21] Marc Benzakein: at Marc Benza, and that's M-A-R-C-B-E-N-Z-A-K. That's me on the Twitterverse. and, I think, I think that's where I'm on Instagram too. and then on LinkedIn you can find me, Marc Ben Kain. and, where else, am I'm not on Mastodon really. I should be, but I'm not. I, don't know why. and, yeah, Facebook, you can find me on Facebook. You can find me just about anywhere. and I, also wanna say one more thing, and I'm just doing this because they're my friends and I wanna say this. I'm gonna be speaking at Work Camp Canada. I, this is the first. word Camp Canada. So it's a countrywide.
It's not just a city like Word Camp Toronto or anything like that. These guys are working their butts off to put together a really good word, camp. I can't wait to go and I hope that, the 8 million listeners, to this podcast, I, hope some of you will come and, see me there.
[00:49:37] Nathan Wrigley: Word campaign. there was a joke in there somewhere. Thank you so much, Marc, for chatting to us today. I really appreciate it. Thank you so much.
[00:49:47] Marc Benzakein: Thank you.
[00:49:47] Nathan Wrigley: Okay. I hope you enjoyed that really interesting conversation. We've never touched anything like that before. If you've got any comments for Marc or myself, head to WP Builds.com and search for episode number 387, and leave us a comment there. We'd really appreciate that.
The WP Builds podcast is brought to you today by GoDaddy Pro. GoDaddy Pro the home of managed WordPress hosting that includes free domain, SSL, and 24 7 support. Bundle that with The Hub by GoDaddy Pro to unlock more free benefits to manage multiple sites in one place, invoice clients, and get 30% off new purchases. You can find out more at go.me/wpbuilds.
We're also joined by Bluehost. Bluehost, redefine your web hosting experience with Bluehost Cloud. Managed WordPress hosting that comes with lightning fast websites, 100% network uptime, and 24 7 priority support. With Bluehost Cloud, the possibilities are out of this world. You can experience it today at Bluehost.com/cloud.
We're also joined by Omnisend. Omnisend, do you sell your stuff online? Then meet Omnisend. Yes, that Omnisend. The email and SMS tool that helps you make 73 bucks for every dollar spent. The one that's so good hits almost boring! Hate the excitement of rollercoaster sales? Prefer a steady line going up? Then try Omnisend today at omnisend.com.
And we're also joined by Memberful. Memberful, building a membership website? Check out Memberful. Memberful allows you to easily add gated content, private member spaces, payment collection, and more to your WordPress website. Get started for free at memberful.com/wpbuilds. That's M E M B E R F U L .com forward slash WP Builds.
And sincere thanks go to GoDaddy Pro, Bluehost, Omnisend, and Memberful.
Okay. That really is all that I've got time for.
I hope that you enjoyed it. Like I said earlier, leave us a comment, go to wpbuilds.com. Search for episode number 387, and drop a comment into the WordPress commenting system. Okay, all I've got to do now really is fade in the typical, cheesy music that I bring to bear on each and every episode. And say, stay safe, have a good week. Bye bye for now.
[…] to Marc Benzakein’s wild story on the WP Builds podcast of a hacker who demanded […]