Thursday, September 26, 2013

LexisNexis Data Breached - But Your Unique Identity is Much More Than Data Stolen Over the Internet

In light of this week's LexisNexis Data Breach report, it's worthwhile to explore the true value and usefulness of this kind of data that might be stolen from you.

Sensitive, personal data (PII, or "Personally Identifiable Data") is usually protected, but no protection is guaranteed if outside your complete control in any way – most people should assume their most-used data reflecting their personal identity (like SSNs, tel #s, DOB) is already public, if not already being used illegimately.  Where you drive, what you buy, who you meet with, your outwardly-visible or audible physical characteristics – this information is already public in many ways, as well as captured through commercial or government systems to some degree. This is particularly true the older you are, or the more active you are using this information on the Internet (regardless of standard firewall, encryption, VPN, password or other security and privacy protections leveraged).

However, a person's "Unique Identity" is not simply this data, but also the context around this data, and its derivatives (or "information packages").

Your unique identity includes the data and patterns that reflect "Observations" of you – what you do, say, when, where, with what device, aligned with what other events, etc.  Observations can be hard to dispute, but also can easily be recorded or interpreted wrong.  Or they might be falsified (like hair color), or simply mis-typed. Some observations are typically indisputable, especially in combination (like iris color, retina pattern and voice pattern) – but this data still requires validation.

Your unique identity also includes "Assertions"; this includes most common PII data that's been provided by the user (you) or a verified 3rd-party, or auto-generated by computer systems (like IDs).  "Strong" assertions are nearly indisputable, like verified biometrics (i.e. validated fingerprints) or your personal work or bill-paying history – but it's usually expensive and difficult to collect and properly validate all of these. However, since these assertions are usually historical and are just another form of static data - this kind of data or knowledge may be easily obtained through fraudulent means. 


"Weak" assertions include information provided by the individual or others, as user-entered or system-generated data. These assertions are only as good as the controls and auditing devised to validate and verify the encounter (i.e. how the data was entered) and the data itself.  Data can be bad, very bad.  The LexisNexis data thieves certainly stole a lot of data (weak assertions) - but some of it might actually be quite useless.

Therefore, the fact that your common PII data has been stolen or hacked isn't necessarily cause for critical concern.  The concern lays more so with the systems and services you use, or that are used on your behalf, that rely on this data to perform.

If critical information and services valuable to you are protected by security systems that take into account your holistic "unique identity", as described above – you're still, probably, well-protected (but obviously that's not guaranteed).  These kind of systems offer multiple, overlapping capabilities such as:

  • Multi-factor authentication
  • Identity Proofing
  • Progressive Authentication
  • "Defense in Depth" multi-layer information and system assurance (accredited/certified)

If you are gaining access to, and supplying, very sensitive information about yourself (or others) – and the only information requested from you is this kind common PII data – then avoid doing this if possible; i.e., avoid sharing too much you're not comfortable with. Fraudulent access to your information by others is quite feasible.  Or - avoid supplying the very most sensitive information, including:
  • Information about your personal habits, travel, relationships
  • Photos or videos of you, your friends & family, where you live or work
  • Any medical or mental status
  • Your work status, role, access to system, people or information

Sunday, September 22, 2013

Anatomy of a Crowdsourced Startup Funding Fail - 8 Recommendations for Marketing Successful KickStarter Campaigns

This is some professional perspective and analysis regarding a recent campaign to raise donation capital through crowdsourced funding tools available on KickStarter.  At the end of the day, the campaign was not funded, and didn't reach its goals (From $100K to $1M).  Not that it didn't have a chance, and wasn't backed by some very savvy and knowledgeable product designers/developers - the failure was all about Marketing 101.

Note – this is actually a prediction, halfway through the initial campaign – as measured by the stats and trends so far, and the very predictable performance (albeit from the always-easier armchair quarterback seat). We’ll eat our shorts and donate if it actually turns around…

Update 9/24 - the campaign has been pulled from Kickstarter, citing availability of operating funds now no longer necessitating crowdsourced funding....a lukewarm "save" in the face of pending campaign failure. 

If you’d prefer not to read further, here’s the simple takeaway – include professional marketing experience and planning for your campaign, before the campaign (unless you already know it's totally kick-ass, from others...).

The product (let’s call it the “Elektrowatch”) is a consumer-focused electronic entertainment device.  Without revealing the specific brand, suffice it to say that it was a new product in a well-understood market, with a few unique (but technical) qualities that might set it apart from the pack. One of which was its use of open, non-proprietary technologies, therefore enabling future enhancements and derivative creation. On the other hand, its uniqueness wasn't a smack-down clear differentiator - it didn't create a market, it would be relatively easy to copy, and its slice of the consumer electronics pie would likely be interesting, but fleeting.

Elektrowatch was interesting, had the potential to actually be exciting (to the gadget community, at least), did have a very large, well-recognized world-wide market (though tilted towards the Japanese culture), and was in fact a US-owned startup.  The timing was right - a great fit for the upcoming holiday season (Christmas/New Year). It actually worked, was branded, and was shippable with (limited) customer support. Enough moxie and experienced backing among the founder and his stakeholders was available to expect reasonable donation-based funding via channels like KickStarter (or Indiegogo – but KS is a usually a better choice for new, creative products).

Call it "startup introversion", "head in the clouds", "technology blinders" or simple fear and reluctance to engage outside expertise for a capability likely not understood at all by the founders - the campaign failure boils down to apparent ignorance of these marketing-related elements:

1) The Plan 

For a marketing or outreach campaign to adequately gain interest and achieve results, especially with time, resource, budget and stakeholder expectation constraints, you need a plan. Particularly on kickstarter, where you must be ready to rally for funding over a short period of time, with constant campaign updates, stretch goals, buzz maintenance, etc.  A project plan (created BEFORE the campaign!) will address discrete schedules and dependencies, roles and assignments, risks and contingencies, costs and spending, tools and services, plus performance monitoring and feedback.  Then it needs to be executed, and managed. And updated or adjusted. A plan you’ve spent more than an hour on, and have vetted with all critical stakeholders (don't count on social media strangers to execute!). This means you need a Marketing Campaign Project Manager - and the technical, product and company leadership should be not doing this; they need to make sure the product, brand and company will operate as advertised.

2) "Made in the USA" means made-in-the-USA

If this idea is actually important to you and your target market, then actual, hands-on creation and manufacturing (or programming) needs to happen in the US, by US taxpayers.  Conceived/funded in the US, managed and programmed (SW) in India, and designed/manufactured (HW) in China does NOT equal Made-in-the-USA - it equals an obvious poser.  If in fact it's not made in the US, but is being marketed here (and to other Western countries) - it still needs to be marketed with appropriate cultural affinity, i.e. absolute proper, American English (if you write Java, hire someone else to write marketing copy!).  This applies in reverse, obviously, to other countries and cultures, and their languages.

3) Is it a brand or a product?

What exactly are you selling? Something to buy once and use, or something to invest your time, money and attention in, as part of a larger, long-term movement, community, experience?  This particular product was only a product, with some hints about a "developer community" and mass-appeal-and-adoption-based-on-what-it-does; but these facets weren't developed or marketed specifically, nor was there any identified value to be gained from participation other than immediate gratification and entertainment (even the titling and key messaging was unclear, mixing the product name with unclear messaging - i.e. no SEO value at all, particularly on the KickStarter site itself).  The donation would basically yield a disposable, short-lived diversion...quickly fulfilled by the next amusement.  This leads neither to scalable success nor brand growth. To shake this out – some very significant market research is usually appropriate – this is actual paid research and surveys by industry experts, not a bunch of Google or Facebook searches by random stakeholders.

4) Who cares?  

As all marketers know, the key to success is knowing your demographics, your buyers, your influencers.  And then speaking directly to them, in ways they prefer, about the benefits for them and their sphere of influence.  Particularly with donation-based funding (vs. investment, where the goal really is just about money), you need to discover and market to people who actually care....care about the market segment, care about the particular startup ecosystem, care about the difference this product will make in people's lives.  Maybe also those who care about only themselves - but beyond just the "ownership" factor, into the "it's really going to help me" space. (Note to video producers - your videos really need to be authentic; fake enthusiasm from paid models and extras is truly vilified by today's media generation.)

One helpful segment of the caring actually are the Kickstarter investors - most of whom invest multiple times, and become quite interested, enthusiastic, sincerely active in their support not only of the product, but of the forum, concept and community.  Listen to them, respond to them, maybe even ask some of them for advice BEFORE the campaign - especially when they end up saying things like "this is an exciting project... but given the current trend ... projections don't give a rosy picture of this getting funded, unless the founders do extensive marketing...do some marketing research."

One other note – the world context at this time is trending eCommerce for the holidays; this fun fact doesn’t yet seem to be addressed as another draw, another opportunity to attract not only donors, but real orders…

5) Social Networking isn't Interactive Marketing

Professional online marketers have figured it out, but it's taken a while for this hype-cycle to burn out, and the newbies, recent grads, interns, career-changers-turned-social-media-pr-experts-because-they-can-log-into-hootsuite need to pay attention to legitimate practitioners with revenue-producing track records. Promoting and marketing your product through social media is not a replacement for a comprehensive, integrated marketing strategy...it's just a part of it. "Likes" aren't "Conversions" or "Material Pledges of Support". Interactive marketing requires expertise in interactive design, SEO, communications/PR, content production, optimization and management (including press releases and video), event support, user analytics and many other disciplines; things neither your product development team nor recently-graduated Intern actually do every day.

Furthermore, relying on your personal social network and social media interns will only get you so far - at some point you'll either need to generate some truly awesome, viral news, or start leveraging the networking experience and assets of the mature PR/marketing communities in your industry. Also, social media used wrong, in ways that counter the objectives of your marketing campaign - can quickly and irrevocably destroy your product and brand's reputation.  Double-whammy - no positive goals are achieved, and negativity must now be overcome.

In this case, there was some limited, focused social coverage and feedback about the product, both "earned" and via the brand's own channels (plus help from a “Socialite”) - but it started late (too late for SEO value) and tailed off quick, wasn't amplified or extended, and simply didn't deliver conversions (notwithstanding KickStarter's own online presence and social promotion). This appears to be backed up by SocialMention stats – i.e. decent “passion”, but “neutral” sentiment, plus no “strength” or “reach”.  TweetReach also shows little significant reach, and Topsy analytics show an amazing lack of Tweeting right around the launch date in particular, despite the “share with friends” sweepstakes offer on Facebook (!), plus auto-tweets from KickStarter themselves.

6) Advertising isn't Marketing 

"Buying" visibility and customers is very different than "earning" them.  For brand new products however, with a short-fused campaign goal - buying and managing advertisements (especially online) is essential, and should be planned in the budget.  Adwords, LinkedIn, Facebook, AOL Ad Networks for example - all have very reasonable and extremely well-analyzed advertising options (search, content and community-focused), and best of all, they can immediately reach targeted demographics without the typical, organic SEO or social media ramp-up.  Search advertising in particular is a great way to quickly and cost-effectively test marketing messages and demographic targets, as well. Buying and managing ads, however, is a professional competency all its own - though it must be aligned with other marketing and communications tactics. Your programmer, your CEO - they will not know how to do this effectively (it’s not their job) - yet it must be done.

7) Donations aren't Investments - Except They Are

With platforms such as KickStarter, donors aren't getting any financial investment value, i.e. material ownership stake in the company, contracts, shares, etc.  Donors generally get a discounted product, some online recognition or perks, an invite to the party, a T-shirt, a heartfelt "thanks from the team". They may parlay this online recognition into personal or professional gain - but it's generally an altruistic transaction, or one for the curious (i.e. to try something new, test something out, be the first on the block or "lead adopter").  A best practice goal for backer or donation solicitation, is to actually cause the donor to become invested - in a way that the donor ends up selling and marketing for you, providing or pledging invaluable feedback and assistance, continuing to engage, and otherwise becoming a full-in, committed and active member of your new brand's community.  This is called elongating and expanding the pipeline, future buying interest (plus some protection and mitigation against hard times).  For this particular product, there were some hints at donor investment value - but they really weren't spelled out, marketed and validated.

8) Win to win

One of the most effective marketing tactics to win visibility, customers, revenue - is to win contests, certifications, showcases, bake-offs or reviews.  Don't lose.  Don't enter unless you'll win, don't ask unless you'll get the answer you'll want. Smart, experienced marketers will only play for the guaranteed, or even manufactured "win", leaving little to chance.  (Make up your own "contest"!) Entering a personal electronic gadget in a contest for the best tech startup, in an area known as a hotbed for backing socially, environmentally, politically engaging products that can "change the world" - isn't a good idea. Nobody cares.  In this case, the product lost, and lost big. Furthermore, searching for reviews, product comparisons, official validation or other marks of distinction reveal nothing - only multiple requests from the hardcore for more technical detail.  Note - if the techies don't get it, the end-users sure won't.  Not only do competitive losses and non-placements make marketing and fundraising an uphill battle, but lost is any upper ground to shout about.

Now what?  

The nut is cracked, the product and its market edge exposed, the “social proof” wasn’t achieved, the unreasonably high goals weren’t met, and the exposed donor community and attending electro-gadget press corps have moved on to the next shiny ball.  Can a new campaign be initiated?  Probably, but only by observing the points above, as well as including a very new, fresh feature (therefore addressing new market segments) and branding update.  Otherwise, this particular kind of crowdsourced fundraising is probably now out of reach for this particular product. The best next step is simply to market the heck out of it, while the window is open, and earn true "operating funds" - or at least a better idea of its legs for profit.

And, learn the lesson - get a solid, experienced marketing team engaged WAY BEFORE the campaign. Try KME.