Guest Post: Tips to Prevent Earnings Leaks

Earnings leaks are becoming commonplace. The most recent occurrence was Microsoft, which then had to issue a statement explaining how the information got out before it was supposed to.

Greg Radner, global head of PR services for Thomson Reuters, has written a post with advice about how to keep this information from getting out before it’s meant to. (Thomson Reuters offers a number of products and tools for IR pros and other communicators.) Click through for more.

Now You See It, Now You Don’t
Another earnings leak…really? Last week Microsoft earnings were leaked early from their website. This latest issue was traced to a company that was able to gain access to a copy of the earnings release by guessing at the naming convention used for the URL where the release was posted. They basically guessed at the URL based on the URL used last quarter. And the information then spread virally through social networks.

This follows other similar, high-profile leaks of unpublished material information in November. In the cases of Disney and NetApp, Bloomberg was able to discover earnings information the companies had uploaded to non-public areas of their websites in advance of their official earnings announcements; this time by guessing at the name of the PDF document.

Back in the summer of 2010, we also saw a rash of security incidents affecting the press release business. Several releases were sent out from companies that did not authorize the release. In these cases, it’s believed that the hoaxster used social engineering techniques to pose as a company representative and send the fake release via e-mail to the wire provider for distribution. Since then, the wire providers have stopped accepting releases submitted via e-mail.

Security breaches like this should not be taken lightly. Early access to this type of market moving information could provide a trading advantage and potentially put the company in hot water with the simultaneous distribution requirements of Regulation Fair Disclosure.

The NYSE recently sent a letter to its issuers reminding them that “it is of critical importance that you consider your current practices in light of [these breaches] and also how new technologies and social media practices can potentially impact your company’s disclosures.”

Having built and managed secure portals for board-level communications, I know firsthand the importance of website security. Proper disclosure controls and Web publishing procedures don’t just magically happen. They take effort and proper attention to detail.

Here are some steps you can take to reduce the risk of a selective disclosure incident:

• Consider using a secure publishing tool to disseminate your release. The tool should:

    • Require a username and password to access the system to ensure that only authorized users can publish releases on behalf of the company.• Require users to change their login credentials every 30 days.• Ideally, incorporate the latest two-factor authentication methods as an added security measure. A validation code can be randomly generated for each release and emailed only to users with publishing rights at the company.

    • Ensure that links to releases are randomly generated URLs so they cannot be guessed by outside parties.

    • Publish your release simultaneously to your IR website and all points of disclosure to reduce the risk of an inadvertent disclosure.

• Reduce reliance on third parties during the publishing and distribution process, ensuring no one outside the company sees the release until it is published. A secure platform can enable companies to publish a release immediately or schedule it for distribution at a future time so they do not need to publish from an unsecure e-mail or mobile system.

• Make sure your web publishing tools and procedures have been audited by a reputable security firm or independent website expert to assess the overall security of the platform.

You can help your company avoid this type of disclosure scenario by using a secure publishing platform that keeps material information hidden until you’re ready to release it. No misdirection or magic tricks required.

Recommended articles