For a small business, reputation damage may be a bigger risk than natural disaster or even terrorism. After all, a careful backup plan can avert most problems an earthquake or fire might cause, but damage to a reputation is long-lasting and often permanent, and every customer interaction has the potential to create it.

Fortunately, there are ways to minimize the risk and get out in front of the dangers.

Responding to Reviews

Businesses frequently receive scathing reviews and ratings at popular sites such as Yelp, Citysearch, and Angie’s List that are dedicated to reviewing businesses and services. It is incredibly easy for consumers to post reviews on these sites, whether or not the reviews are accurate or complete. Because of their popularity, these sites often show up at the top of Google search results, and Google has even begun to integrate consumer review sites directly into the search process for retail businesses.

Do not panic if you receive a negative or critical review. Inevitably, at some point, a customer or client will be dissatisfied. It might be your fault, or your suppliers’ fault, or the fault of somebody with no connection at all to you. But, no matter the reason, in the Internet age, a dissatisfied customer is likely to turn to the Internet to vent frustrations.

It is simply impossible to remove much criticism from the Internet, and attempts to do so will often make the problem worse. So recognize that criticism can help you improve your business by inspiring you to alter your policies or to change consumer expectations surrounding your business.

A chart that the Air Force developed to show factors to consider when responding to online criticism is also useful for businesses. It recommends not responding if the criticism is a “troll” (seeking attention through extreme behavior) or a “rant” (motivated by anger and not logic), or if you cannot clearly show that the criticism is incorrect.

If you choose to respond, maintain a calm tone and a helpful demeanor. Be honest about who you are and why you are writing. Never engage in personal attacks (if a consumer directs personal attacks at you, just ignore them) and never attempt to blame the consumer, even when the problem really is the consumer’s fault.

In your response, carefully explain what steps you took to resolve the problem, such as offering to refund money or provide a replacement. If the problem relates to the consumer’s expectations, explain how those expectations should have been set (e.g., the cover copy clearly says that the book is for ages 13 and up).

In some cases, it may make business sense to extend an unusually generous offer to resolve the problem. For example, if you have a strict “all sales are final” policy, you might consider making an exception to it for an angry customer who has begun to blog extensively about a complaint, especially if the customer has made contact with a powerful consumer-oriented blog or reviewer.

If you are contacted by a consumer blog site, especially a heavily trafficked site, it may be similarly wise to offer a careful explanation of what steps you took to resolve the problem and then to make another generous offer to fix it, again. (When in doubt, you can check a site’s popularity with tools like Alexa.com. If a site is among the top 10,000 global sites, it is extremely powerful; a site that is among the top 20,000 is still somewhat powerful, especially if it is focused on a region or industry.)

And remember that you may sometimes have to respond to sham review sites, which encourage users to post harsh critiques of businesses, make sure the negative reviews appear in Google, and then offer the affected business an expensive “investigative service” to remove the negative review.

Handling Hoaxes and Urban Legends

Hoaxes and urban legends can spread through email, discussion sites, and even face-to-face conversations.

If you have been the victim of an online hoax or urban legend, your best bet is often to get ahead of the rumor as quickly as possible. First, clearly debunk it on your own Web site. Explain in a calm, rational tone why the rumor is false and try to provide verifiable facts. If you cannot yet prove that the rumor is false, find a creative way to show how confident you are that it is wrong.

Make the link to your rebuttal prominent on your company’s homepage: Many users will come to your company’s site to verify or disprove the rumor, and you need to make the answer easy for them to find.

Next, contact any media organizations or blogs that have repeated the rumor and ask them to publish a clarification or correction. Again, use a calm and rational tone to explain why the rumor is wrong and maybe even why it is hurting your business. The more doubt you can inject about the earlier stories, the less trouble you will have convincing later writers to verify both sides.

To deal with comments from the public, use the same techniques. For email or postal messages, send a response that calmly explains why the rumor is false and presents as many verifiable facts as possible. For telephone complaints, you can instruct employees to direct callers to the Web site to reduce the risk of a telephone argument or a large waste of staff time. If your business is being harassed by “loop faxes” or autodialer phone calls, you might work with the local telephone company to identify the source of the problem.

Some hoaxes can take the form of manipulated photos or images. The same rules apply: Get out in front, provide a prominent rebuttal, and explain fully what the reality is.

The easiest way to defuse a modified image is to find the (unedited) source image that provided the base for the manipulation. If your rebuttal shows the original and modified images side-by-side, most viewers will be easily convinced. (Try searching images.google.com using keywords related to what appears in the photo. If you find a close match, try Google’s experimental “similar images” tool to look for other candidates (similar-images.googlelabs.com).

You may also want to try so-called reverse image search tools like TinEye.com, which allow you to upload the attack image and search for similar images anywhere on the Internet.

If you can’t find the original image directly, it might be worth contacting an expert digital photographer (or even a digital forensics expert) to determine if there is any objective evidence of manipulation that will help you convince others that the image is a fake.

Making Common Cause

If other businesses have been impacted by attacks similar to one launched against your company, contact them and see if you can work together, or if any of them have devised effective tactics for dealing with attacks. Our lawyers tell us that we are supposed to advise you to be careful about the antitrust implications of joining forces with competing businesses, but we think that in most cases working together to overcome a persistent or nasty smear will be feasible.

Maintaining Data Security

The files and data that belong to many companies are not adequately protected from accidental or malicious disclosure. Once revealed, information can be used maliciously or just spread by users interested in gossip.

One of the most common mistakes made by users of file-sharing software (like Gnutella, Limewire, or Kazaa) is making personal documents available to other users by placing them in the “shared” directory. The easiest way to avoid this problem is by not using file-sharing software unless you are absolutely certain that you understand how it works and which files it will share. Double-check (or even triple-check) the settings of the software to make sure that it is not sharing a directory or file that you want to keep private. And never place personal files in a directory that is used for file-sharing.

Users can also trigger reputation damage through security breaches by leaving their private files on a portable storage device and then losing it. For more security, use flash drives available with password-based encryption or even flash drives that require the owner’s fingerprint to unlock the data.

When you dispose of or sell electronic devices, be sure to remove all sensitive data. It is not enough to simply use the “Recycle” command in Windows. Instead, either physically or digitally wipe the data on any hard drive you sell or trash.

A power drill will render any hard drive useless to all but the most determined data thieves, although it renders the disk useless to the buyer too. Simply drill four holes all the way through the hard drive, being sure to puncture the round magnetized “platter” inside the drive. To digitally wipe data, use a program like BCWipe that deletes files and then repeatedly overwrites them with random garbage, making them difficult or impossible to recover except through extremely advanced computer forensics. After digital wiping, the drive can still be used, but the process often takes hours.

To avoid damage that starts with phishing, never trust a link that is sent by email, especially if it appears to be from your bank or some other financial institution, and use one of the commercial antivirus programs that come with antiphishing plug-ins for Web browsers. Although they are not perfect, they can reduce the likelihood of falling for a fake email.

Metadata embedded in documents can also create difficult privacy and reputation problems. Many commercial editing systems, including the Microsoft Office suite, attempt to help users collaborate by automatically storing hidden information in documents, including the name of every person who edited a particular document and possibly a revision history with information or comments that people removed before saving the final version of the document. This hidden information can easily be retrieved and analyzed.

You can avoid this problem with Office 2002 and 2003 documents by using Microsoft’s Remove Hidden Data tool, an add-in available at Microsoft.com (go to wildwest2.com/go/1309). Office 2007 has its own tool for the purpose, the Document Inspector feature. But many people are not aware of other metadata (like that in many camera-phone images), and tools don’t yet exist to zap all potentially embarrassing metadata.

Of course, viruses, Trojans, and worms can also lead to data security breaches. Do not install software from unknown sources, and always use extreme caution when downloading email attachments; if somebody has sent you a file that ends with “.exe” that you weren’t expecting, make sure that the person really meant to send it before you run it.

Michael Fertik, the founder and CEO of ReputationDefender, serves on the advisory board of the Internet Keep Safe Coalition and is often featured on television and in print media. David Thompson is general counsel and chief privacy officer of ReputationDefender. This article is derived from their book Wild West 2.0: How to Protect and Restore Your Online Reputation on the Untamed Social Frontier, copyright © 2010 Michael Fertik and David Thompson; all rights reserved. Published by AMACOM Books, a division of the American Management Association.