Steven L. Johnson

Is there a way to see how many posts we’ve given a “thumbs up?” I’ve been giving thumbs up as I read comments, but I can’t remember how many I’ve done.

Rachel — I don’t know of any for you to see your “thumbs up” history. I can see ratings on an admin screen but I don’t think that is made available to individual users.

Professor Johnson,

I was wondering when we will receive our grades for the activities from week one? I realize that this is a large class with a lot of action going on, so I am understanding that it takes time. The reason that I ask is that I waited until today to start the discussion board because I wanted to get feedback from week 1 to alleviate the risk of making the same mistake twice. Your instructions have been clear and I feel confident that I did well but I would sleep better at night actually knowing how I did and where I can improve. I can’t afford to wait any longer on the DB as it is creeping up on the deadline. I just want to make sure I am meeting all the requirements, so I hope this is something you can address. Thank you.

Regards,

John Ledbetter

Professor Johnson- just want to say thank you for your efforts in getting the grades out significantly quicker this week. You have decreased my stress level! I am much more comfortable knowing where I stand and what I need to do to get better.

Building versus buying is never much of a decision for me because I live in a dorm without a kitchen. Yes, I have a fridge, but I also have a meal plan where I “prepurchased” ten meals a week, so going out to buy the ingredients to make more food would not be cost effective. I do not eat enough meals throughout the week to need to go over my meal plan limit, so “buying” will always be the best choice for me in the current situation.

I typically make my own breakfast because it is cheaper and I can select what I want to eat depending on what I feel like eating. Some days I have cereal, other days eggs. Yogurt and fruit are added occasionally. And sometimes, I eat nothing if I don’t have time. The idea is that I can pick what I’m in the mood for, instead of having a premade breakfast. I can be much more flexible with what I eat if I make the food myself rather than buy it. There are several factors underlying the decision of whether to make or buy breakfast; the most important ones are time, budget and whether or not I have enough food on hand. Similar principles could be applied to a business deciding whether to build custom software or purchase “canned” software, as the article mentions. To dig deeper still, I think what really explains the decision is the importance of breakfast (or customized software) to the decision-maker’s in the perspective of the decision maker. I take breakfast somewhat seriously because it is healthy to eat breakfast and I enjoy breakfast food (sometimes I have it for dinner). A business may, over time, develop a strong need for custom software depending on the nature of its operations. Overall, the breakfast analogy does a very good job illustrating the factors a business may have to consider in the decision of whether or not to institute custom software.

Even after reading the case and supporting material, I had to go to the Airbnb website to better answer this question (as a prospective renter). As with hotel reviews on Trip Advisor, I would want to have some assurance that the glowing reviews I am reading are in fact genuine and not the hosts buddies posting fake reviews.

The notion of an ‘elite’ reviewer would be helpful. Also, the more reviews, the better the information. As we learned in stats, with a bigger sampling, we can be more assured that the star ratings are accurate.

With a hotel, I have a lot of websites and sources to check reviews. But with a host on Airbnb, I only have Airbnb reviews to go by. So I would be much more skeptical. Just as EJ had a bad renter, the renter could end up with a room that is far worse than advertised.

Having never used Airbnb before, I can only draw on my own experience using Vacation Rentals By Owners (VRBO). As a VRBO renter, I went through all reviews and paid attention to references both good and bad about the hosts/owners. Politeness, responsiveness, and attention to details are important qualities that use along with the price of the rental to decide whether or not I want to rent from a particular owner. If I were to use Airbnb in the future, I expect these are the same qualities I want to know about their hosts before renting. In addition, it would be really good to know why hosts/owners on VRBO and Airbnb did not accept reservation requests from certain renters. When choosing a hotel, I read the reviews on the hotel and evaluate the entire hotel staff against the qualities I want similar to the VRBO owner or Airbnb host.

Renter’s and hosts both need specific information when determining their potential picks. Renter’s usually want to make sure that the place is clean and the price is affordable. As a renter, those would be my primary concerns. The rest may depend on location, size, and amenities. For me, this would be similar to a hotel. The other thing I would look for that may be different from a hotel, would be if the host has any pets. Pets can sometimes change the environment.
As a host, I would like to make sure the renter’s are responsible meaning that they will pay and they will be clean. Another thing a host may want to know about a renter is the occupation as a renter. If a host sees a student, they may be wary of having them occupy their home. However if they have a professional, they may be more willing to rent the space. As a renter, I would like to give as a little as possible with all the security breaches occurring in the world today. The one information I would be willing to give would be my name. Giving more information than required makes it easier for someone to stalk you.

I think if I were to rent a room/house to a stranger, as a host I would certainly want to know who they are, why they are here in our town, where they are heading to, their destination/origination, how long they are planning to stay, what is their background, any references I could call/check, any criminal records, or their past stays via Airbnb. All such information I definitely want to know prior to the guest checks in. Additionally I certainly would like to know everything that is in the best interest of both to protect me and my property.
As a potential renter I may not be willing to give away all the information, but I certainly would like give out my name, my home address, any credit card info, copy of Driver’s license, possibly even a reasonable deposit to assure the host of any incidentals. I would also be willing to sign a contract with the host for the duration of my stay within reasons to protect both.
I think if I were to rent and stay at some stranger’s house, then I certainly would like to know what references I can get about the place, about the host and any past rental reviews/experiences, any criminal records of the host. It is different than a hotel as Hotels have a brand, reputation, amenities and ratings. Also you could read the reviews online, the higher the star rating, better your experiences will be and so will be the price you pay to stay and enjoy the amenities

As a renter, is it acceptable to expect information on a host – personal information, criminal history, information on the property itself (is it safe, has there been any recent damage)? With a hotel, I reference Trip Advisor or Google to see what other travelers have said about their experiences. I want to know if the place is clean, updated/modern, has dining options. With a hotel I accept (or maybe assume) that the hotel is meeting all of its government regulations in order to operate as a hotel – that it meets regulations for safety. I also expect (or, again, assume) that the hotel owner has taken the proper measures to run background checks on employees, that a safe and hospital environment is being provided. I also rely on brand – Marriott, Hilton, for example – to ensure that they are actively engaged with the hotel owners to provide a level of safety and assurance. I do not get that same assurance with Airbnb.

In providing the platform on which two people can engage in commerce, there needs to be a level of responsibility place upon the platform provider to either A) require hosts/property owners to provide detail about their property and the people also living on the property and/or B) government needs to step in and regulate Airbnb just like it would any other hotel.

Airbnb gives hosts some direction on complying with their local regulations, and says they’re ‘working with governments around the world’ to clarify rules, but leaves the onus on the host to find and comply with local laws. – https://www.airbnb.com/help/article/376

I think the platform providers – Airbnb and Uber, for example – are looking for a method to bring buyers and sellers together without having to engage in normal regulations and laws – leave it to those conducting the commerce. I would like to see more regulation on both in the name of consumer protection.

As an Airbnb renter and a female who frequently travels alone, my concern is about the safety of the unit I’m renting. I’d like to know how often the keys are changed for the apartment. Have the keys been changed recently? If so, when? Perhaps Airbnb can make it a policy (not sure if there’s one currently in place) that the host change the locks from time to time. I think women would want to have more information stating how safe and secure the unit is. For example, I’ve really only booked places from hosts who clearly state that the unit has a security system in place or the unit is inside a building with security downstairs or has a guard at the gate – anything to make me feel safer in a stranger’s space. (I might be a little paranoid!) Also, many hosts on Airbnb demand up front deposits, but don’t state when that deposit will be returned. I ran into a little issue with both Airbnb and HomeAway where the deposit was returned several weeks late. Not a huge problem since the deposits were eventually returned, but no one should have to deal with that headache.

I wouldn’t have to worry much about either of these issues in a hotel. With CCTV and security personnel in a hotel along with the number of hotels guests, I feel safer – particular at some of those larger brands like Kimpton, Hilton, Hyatt, etc. Also, I’m not required to leave a deposit for my stay and am only required to sign off on charges made to my card for incidentals. I’ve been using hotels more for these two reasons. Perhaps more people would be willing to try Airbnb’s service if they didn’t have to work about these additional concerns.

At the very least, I would expect Airbnb to do a thorough background check on all of its hosts. The application to be a host should be a similar experience to going through an interview process for a job. Airbnb is essentially hiring these individuals and their spaces to work for them to provide monetary gain. Due diligence to ensure the new “employee” has no criminal record, has a clean and friendly space, will retain customers, and will ensure to maintain Airbnb’s brand integrity should be the minimal requirements for “employment.” Once hired I would put the host on a probationary period and would judge them based on guest reviews. Once they acquired adequate reviews and customer reactions I would take them off the probationary period. This would give a potential guests full exposure to the hosts past. At the very least I would expect the home I was renting to be free of criminal activity and have a clean friendly experience for the money spent. I expect the same things for the hotels I choose while traveling for work. I expect them to be in good low crime neighborhoods, the staff to be friendly and accommodating, and the rooms to be as clean as possible for the money I am willing to spend. I would expect reviews of the hotels to provide me the same information I’d ask of an Airbnb property.

I think renters would like to know more about their host other than just an address and a name. Similar to hotel, if i was the guest I would want to make sure that the home is safe and the host or anyone in their home does not have criminal history. Unlike hotels that might not provide their other clients details, I would also like to talk to other people who have stayed with the host if their information is available and they are willing to verbally share their experience (verbal is more than often different from written recommendations).
I think hosts should have their guest permanent address information and contact references that they can use to verify who the guests are prior to hosting. They should be able to request a background check on potential guests. I am not sure how willing I would be to directly give all my information to the host, but once the reservations are made I would be willing to provide background check information to Airbnb to complete and forward to the host.

Before entering into an agreement to stay at a host’s accommodation, I think its fair to know/see that the home has met basic safety requirements, has insurance and pictures all of which are expected when staying at a hotel. As far as the host themselves, a yearly background check with the local authority would dispel any fears that they are unsavory. Employees of a hotel, are screened, interviewed, background checks and references are checked before they are hired. Most if not all hotels carry out yearly reviews of staff and anything not becoming of the hotel’s image is taken care of. When entering a hotel you are covered by the hotel’s insurance, should you fall, or slip while on property. Would the hosts insurance cover you when an accident like this would happen? I think renters should know aspects about the house, such as how long has it been used as an Airbnb property, how many people are renting rooms at one time, does the house have security issues with break-ins etc. I think it would be important to know if the Airbnb property is lived in by the host or is used for an investment. When a host lives there themselves this would provide opportunity for the renter to have issues or concerns addressed immediately.

I think that the information renters are provided with should be consistent with basic information expected from a hotel. Is appropriate that hosts disclose accurate and comprehensive facts to the renter to allow them to fairly make a well-informed decision. Details regarding safety, location, photos, available amenities and so forth are necessary. I do not feel that it should be required of the host to reveal any personal information to the prospective renter. This is a business transaction and it should be the responsibility of Airbnb to perform background checks and such to guarantee their service and ensure the integrity of the host.

Before the internet was the place to find reviews on almost anything, there was one “most respected” source for hotel reviews. Triple A was the place to go, (as in physically go… to one of their offices), to obtain their booklets listing among other things, almost all the hotels/motels in any geographic area you were going to be traveling in. Each hotel was rated on various factors, and all the amenities were listed as well. One source for all reviews, considered fairly objective and consistent, made “comparison” shopping fairly easy. Search for the factors that were important for you, then compare price, quality, location, etc., and make your choice.
Of course the landscape is a bit different now and with countless sites and countless reviewers, all with their own set of preferences, pet peeves.. some hardly ever with a bad thing to say and some quite the opposite, it makes it difficult to fairly weigh which reviews you should rely on. There are algorithms that review the reviewers now.
With all that being said, my suggestion for Airbnb is to incentivize everyone, (all renters and providers), to submit a review. A form with all of the most common attributes to be factored should be provided by Airbnb. For hosts/locations, renters should be asked, as an example, about cleanliness, convenience of the location, safety, noise, response of the hosts for any unforeseen problems, etc. For renters, the hosts should submit a completed form with what other hosts will want to know, i.e., were the guests respectful of the property, clean, etc. As much of the form should be on a one to five scale or other similar type scale. And space for comments should also be included.
And then Airbnb should have the results collated in a way that is easy for review by a prospective host or guest. By collecting reviews from all users, I believe a more accurate picture will be obtained. Otherwise, the “talk radio” factor comes into play; as in talk radio where too often those at one extreme or the other are the only ones being heard.

I think the renters should have minimal information about the hosts. Information such as ratings from previous renters and an overall rating from Airbnb would be the ideal information for the renter about the hosts. This information is different from the information provided from a hotel to the host because hotels are typically larger businesses. Hotels can have reviews by the BBB, travel websites, as well as other advertisements. I think the hosts should not know much about the renters other than the fact that they are capable of paying for the stay and providing a security deposit. I would only be willing to give my payment information. I think any damage or incidentals can be covered by a deposit and short term renter insurance if there is significant damage.

Since it is the hosts homes they are opening up, they should be allowed to request as much information as necessary from a perspective renter. It would be up to the renter with if and how they want to respond. If the host isn’t comfortable with the answers, or lack thereof, you can opt not to move forward with the transaction. But as a renter, I would be willing to provide any information with regards to my financials and background to Airbnb direct, but not directly with the host. Airbnb is an established company and I would trust that my information is safe with them. It would be up to them to extend information to the host without compromising things of personal nature including my bank information, social security number, home address, etc. Should the host have generic questions about me: Do I have a criminal background? Do I have a history of positive business with the company? Am I tidy person? My age range? (some may not want to rent to under 25-like car rentals), What is the nature of my travel? I would have no issue with them supplying that. I would not mind answering any questions when communicating back and forth with the host of this nature nor would I mind Airbnb speaking on behalf of the things I submitted to them as long as it isn’t particulars. This is where reviews on both host and renter will help with creating future potential business easier. Maybe some of the tedious questions for information can be avoided based on maybe a simple five-star checklist for both host and guest to review prior to doing business (see below). One being poor to five being exceptional. Is this a full proof method, no, but it would save you wasting time on conversation if the host/renter doesn’t measure up to your expectation.

Was the guest tidy?
Were the host’s accommodations as stated?
Ease of transaction?
Would you recommend this host/renter?

At a minimum, renters should have a host’s name, address, telephone number, and email; very similar to what a hotel would require. The more information a host/Airbnb require the more reluctant many people will be to use their services. Instead of requiring significantly more information than a hotel uses Airbnb should model a hotel risk management method, hold a credit card number. Airbnb should require PayPal or a credit card and let customers know that any damage or stolen goods will charged to the account number. While this would not alleviate the trauma associated with being robbed, it should provide a sufficient deterrent without requiring renters to obtain ‘abnormal’ amounts of personal information to feel secure.

Holding a financial account number combined with a robust review system should offer both renters and hosts the information they need to make decisions. When I book a hotel I willingly provide this information, and use consumer reviews (hotel website, TripAdvisor…etc) to make final decision. It shouldn’t be different for Airbnb.

I think it is appropriate for a host to inquire specific information from a potential renter. Because it would be difficult to hold credit card information for renters (due to both security issues and data maintenance issues), hosts should obtain enough background information to make them comfortable with the potential renter Beyond basic information such as name and contact detail, I think the host should request the potential renters social security number so that a background and credit check can be completed. The combination of those 2 reports should provide the detail needed to decide whether the potential renter is a good fit.

I believe that the hosts should undergo a more rigorous screening process than the renters. When a renter goes into a host’s space, they are effectively putting themselves in the hands of the host. The host will surely have a set of keys along with codes to disarm any security system. If I am a renter and either I alone or with my family were going to stay in another person’s room/home, I want the utmost assurance they are trustworthy. On the other hand, when a host lets a renter use their space, only their possessions are at risk and they control to some extent which possessions are at risk. For this reason, I think that hosts should have to undergo an involved screening with a full background check. While it is still important to hosts to have access to some renter information, I don’t think something like a background check would be appropriate.

I think there had to be a balance of information given and withheld in both of these questions. While you want to give enough information for host and renter to make a decision on whether they are going to stay somewhere or whether they are going to take someone in as a renter, you also want to leave a level of privacy for both. I think renters should have similar types of information given about hotels. They should have non-biased reviews available so they can have a clear understanding of where they will be staying. Maybe a star-rating system like hotels have? Airbnb has implemented a review session and their co-founders visit and stay at homes of key hosts, so there is a “vetting process” of hosts, although an informal one. I think they need to take the next step and give a clear way to compare hosts, like the star system. For information about renters, I believe its a lot different. Because the risk that hosts are taking on by allowing strangers into there home, potentially while they are not there, they need more information about renters than hotels do, because hotels are set up better to deal with problem guests, as they don’t leave the building all to the guests, there is usually someone on staff there at all times. Plus, they have insurance to cover potential damages. I think background checks should be done on renters. Now, this won’t catch all would-be misfits, but it might help deter them. Also, Airbnb must make it where you have a complete profile before you can rent from a host. This would help the host get more information about the renter. Also, I think that a higher rate should be charged to rent from a host initially. Once the renter has left the host and the host has inspected their place, a refund can be given to lower the cost of the rent. Apartment complexes use a similar strategy with deposits. This would help deter people from damaging other’s property. As a potential renter I would be reluctant to give up a whole lot of information about myself, but I think if Airbnb provided cost incentive to doing so or outright denying the chance to rent from hosts if they do not, renters will be accepting of giving up more information.

What kinds of information do you think hosts should know about renters? As a potential renter, how much information would you be willing to give?

I look at it like I am renting a hotel room for the night. You are in a strange house and you are responsible for all the items in the room. Hotels have the same policy; damage anything in the room, and you are subject to pay for it. Now there are times incidents happen that are out of someone’s control, but when you are in a strangers home, you have to be careful not to damage anything. Hosts should have the ability to know everything about the renter when it comes to protecting their homes. AirBnB is built on trust between parties, but not everyone is willing to cooperate. If I was going to rent my home, I would need to see a government ID as well as a credit card just in case anything is stolen or damaged. I would be perfectly fine if AirBnB facilitated this as well. As a renter, I would be perfectly fine showing my ID and handing over my CC to AirBnB. It would establish a second layer of trust between myself and the host.

Renters should be aware of the host’s identity and background. This is different than the information you expect from a hotel because a hotel is a business establishment, not a personal residence. Hotels have multiple residents and are typically in well-populated areas, whereas the host’s home could be in a secluded area in which you are the only resident. If a renter is staying at a personal residence they should be informed about the owner of that residence for safety purposes. After all, this owner will still have access to the premises while you’re staying there.

I believe hosts should have enough information about renters to identify them and adequately assess the risk of housing them (i.e. government issued ID and background check). Additionally, hosts should have the information needed to recoup compensation for any damages caused by the renter (i.e. credit card for a security deposit). As a potential renter, I am willing to provide personal identification as well as a security deposit. I am willing to provide the information needed to allow the host to protect their interests, as long as my information is handled securely and I am dealing with a reputable host. For instance, I would be willing to provide credit card information to Airbnb, but would be unwilling to hand over my credit card to the individual host.

When it comes to researching a place to stay for vacations, I tend to be on the overkill side of investigation with respect to the cost, quality, location and other features of places we’re considering. I expect this information to be readily available for my review and I typically am skeptical about any hotel/vacation house that lacks such information. That said, I am not interested in providing anything but the minimum information required to my potential “host” and would probably lose interest in any place requiring more than the basics. The Airbnb model, in my opinion, always leaves room for further questions and I don’t believe requiring additional information from renters will improve the business model. Instead, I think establishing stronger financial accountability for renters would be a better route to take for improving satisfaction.
Just as a hotel holds a credit card for incidentals or rental agency requires a security deposit, I think Airbnb needs to establish similar financial safeguards. While I felt bad for EJ’s experience from our reading, it seemed to me that EJ did not properly hedge the risk of her transaction. While avoiding the damage created by the renter would be difficult to predict, providing a stranger access to her “entire life” was simply a poor business decision and she dearly paid for that. I’m not sure access to additional information about the renter would have helped avoid her situation.
Both renter and host, at least to some extent by using Airbnb, are accepting that the transaction is a riskier venture than your typical rental. As many of you have commented above, why not reflect this risk with required renter deposits at levels that provide a comfort level to hosts?

Here are two additional considerations for improving Airbnb’s business model.

1.Charge potential damage fee to renters. I used to be a front desk clerk at Sheraton. Prior to check-in, on the day of your arrival or the night before, the hotel controller runs your credit card for pre-approval. A “hold” is put on the card for the room rate, tax, and incidentals. Incidentals are room service you may order or movies you may watch or items taken out of the mini-bar. The incidental charge is adjusted at check-out. At Sheraton the standard incidental charge was $50.00. So, if you only used $25.00 of the pre-approved incidental charge during your stay, the remaining $25.00 is credited back to your charge card.

Following the hotel model: Airbnb could charge renters a potential damage fee prior to their stay. They could set the fee at $75.00 to $100.00 and credit renters back the fee amount if no damage is reported. Unlike hotels, it would be beneficial for Airbnb to make the pre-approval/hold known so renters know they are responsible for potential damage. The fee would become standard business practice at Airbnb and potentially lessen their insurance liability. The onerous is now on renters to curb deleterious behavior and be respectable of the host’s property.

2.Host should write reviews of renters. In additional to pre-screening or having other information readily available about renters, host should write reviews. In most cases, hosts are bringing someone into their home – a sacred space for all of us. You want good guest. Airbnb penalizes hosts for having reservations about particular guest and descends them further down the search engine. It is understandable that Airbnb wants to cater to its customers, but host should be given some latitude as they are also an important part of the business model. By having host write reviews, other hosts are privy to a renter’s mannerisms, temperament, past problematic issues, respectfulness of property. In fact – whether they are a good guest. This should be an internal mechanism (I don’t know if this should be made public or not) but it keeps Airbnb’s processes fair and may even attract high-tier hosts, especially if they know they have some input on who stays in their home.

I don’t think you can look at this from the perspective of how a hotel operates or what kind of information a hotel obtains when exploring the business model of Airbnb. As Chase mentioned earlier you are dealing with a personal residence. The fact that people even let some stranger into their home based on reviews makes my head explode.
The only way I would ever get involved with something like Airbnb is if they set up a system like LiknedIn so I could see who a potential renter knows that is in my network. Let’s say Chase wanted to rent my beach house in Florida (I wish that was even a possibility). I could look at Chase’s network of friends on Airbnb and see if we have any common connections. If we did I would pick up the phone and call one of those connections and ask about Chase.
Based on Airbnb’s model, however, I honestly believe you can’t collect enough information to make things secure. I think the renter and host should be able to see the same amount of information for each other because this is how you create trust. This doesn’t mean credit card info or driver’s license info is shared. That kind of secure stuff is handled by Airbnb and only used if and when a crime is committed. I know we reviewed an incident of a host being a victim, but I would nervous as a renter too. If I’m a renter and the host knows more about me than I know of them I’m not going to proceed because I’ll be worried the host may be setting me up and saying I stole something that didn’t even exist.

I believe when you are participating in a service like Airbnb the renter should know as much about their hosts as the host knows about the renter. We have all heard the horror stories about meeting up with someone anonymously on websites like craigslist where you know very little or nothing about each other and it leads to disastrous results. When dealing with a company they are required to have a business license, business insurance and you can easily research information such as better business bureau ratings, which makes us fairly safe when dealing with them as they are not anonymous.

Dealing with an individual they may not have insurance or a business licenses so it is critical that we know enough information about them that if there was a problem we can contact them or be able to take appropriate legal action if needed. We should have exposure to their legal name, address and phone numbers as well as information should be collected by Airbnb and held if needed that includes social security numbers and even a full background check. The renter should be able to view any incidents that may show up on a background check as it can help eliminate potential issues.

I understand there are privacy – not to mention cost – concerns with implementing an extensive background check program for either renters or hosts, but I think the need for security certainly justifies having at least some type of vetting system in place. For hosts, certainly the name, address, occupation, photograph, and an indication of having passed a background check should be readily available. Renters need to know that they will be staying at the home of someone credible who has been vetted. I think the “burden of proof” if you will should be on the hosts, since renters are in more of a vulnerable situation entering a stranger’s dwelling than the hosts are by hosting a stranger. Ultimately the reviews will be the main guide for renters, but I believe a starting point should be, as stated above, providing main identification information plus submitting to a background check. I’ve never used Airbnb but I would feel much better reserving a room at someone’s home if I knew they had been vetted by a third party and I could see their main identifying information, knowing that too had been verified. If I were a host I would have no issue giving this information. The challenge here from an information systems standpoint would be finding a reliable and affordable vetting system/vendor and integrating company software into that system so that checks could be accomplished seamlessly online. In another post I mentioned using an online webcam-based, proctor-type vetting system whereby a verifier could check photo ID etc..,

Renters and hosts using the Airbnb service should be open to sharing some information, but only that which is pertinent, such as criminal background. This type of information is more necessary in this type of transaction compared to a hotel because of the personal nature of the exchange. The key difference is that the host’s home has personal and potentially irreplaceable property that may potentially be stolen or vandalized by a renter. The article notes a birth certificate, passport, and more that were stolen by one renter from a host’s locked closet. This type of scenario does not exist in a hotel, which offers a room owned by a company, not an individual.

Despite the above, Airbnb members, both hosts and renters, are not entitled to know more than is necessary from the other. Anyone entering into this type of scenario takes on a certain level of risk. A background check or knowledge of personal habits may weed out some potential bad apples, but will certainly not be able to catch every type of incident that could occur (broken property, for instance). Some type of insurance either from the renter or Airbnb would cover part of the risk in a similar manner to a hotel keeping a guest’s credit card on file for “incidentals,” but some personal property is irreplaceable, and the host must acknowledge this risk before entering into the transaction.

I think renters need some way to know that hosts are trustworthy – as a renter, I wouldn’t want to pay for a property that was misrepresented, either in location, cleanliness, size, amenities, or presence of host. AirBnB charges your card once the reservation is made (at least that’s how it worked with my reservation), so if there are issues, AirBnB has your money while you attempt to solve the problem and/or get a refund. How to determine whether a host is trustworthy is the problem. AirBnB relies a lot on reviews – guests are asked to review and rate hosts after a stay and hosts are asked to do the same for their guest. I suppose renters could look at reviews to get a heads up regarding potential issues, but, this ties into the issue of believability of online reviews – there’s no way to know if a review is truthful or not. I like Will’s suggestion to set up a LinkedIn-like system so I can see if I’m connected to the host in some way, allowing me to check on the legitimacy of the property and trustworthiness of the host. Since AirBnB asks for a LinkedIn and/or Facebook connection as a way to verify both renters’ and hosts’ identities, I don’t think it would take too much programming to show the connections (they have that access already), just a change in privacy settings.
–
Likewise, I think hosts needs to know that renters are trustworthy. I don’t think I’d be willing to submit to a background check even if was conducted by AirBnB and was required to use their services. I would be willing to provide a credit card with an authorization put on hold – similar to how hotels operate – to cover any damage. I’d probably be willing to provide access to my LinkedIn and Facebook profiles to help hosts determine if we had any mutual connections, but I’d need to be reassured that connections wouldn’t receive marketing emails because of the link. Ideally, renters would provide some sort of government-issued ID – again, like a hotel – and AirBnB does ask for that as an extra verification step, but I’m not comfortable uploading an image of my driver’s license to a website, no matter how safe it’s supposed to be. Examity’s requirement of this really made me nervous.
–
Ultimately, the model of AirBnB is dependent on people trusting each other with their home or temporary lodging needs. For some people this isn’t a problem. For others, it’s a non-starter, no matter how much verification is provided.

I think the information that hosts should know about renters should be equal to that which a hotel knows about its guest. They verify your ID and take a credit card for incidentals. You also sign a contract that states you are on the hook for anything that happens in the hotel. For this, I think the host and renter should both inspect the property similar to what you do when you rent a car. Brief inspections to make sure you don’t get blamed for something that happened prior to you occupying the rental.
As a potential renter, I don’t think I would be happy to give any more information to a host then the bare minimum. I wouldn’t object if Airbnb had a more thorough screening process that was part of creating an active profile so long as the information was secure.

Technology has enabled many companies and private individuals to become better at sharing and the rapid growth of the collaborative or sharing economy is proof of this phenomenon. One of the company that does this well is Airbnb. Airbnb sharing service is based around accommodation where people can list anything from a spare bed to a mansion on their site which then gives Airbnb the opportunity to connect people who have room to spare with people who need somewhere to stay. Sounds good, but I would imagine that Airbnb have to decide what information guests and hosts should provide and the degree of flexibility everyone should have. Let me start by saying that I believe it is in the renter’s interest to ask questions and do their homework before they make the final decision to stay at a particular residence. Find out if the place is in a good neighborhood, if the place is noisy, what kind of parking is available, etc. And, as it relates to the property renters should be clear on questions around safety, privacy, insurance and legal liability. With that being said, there should be some kind of screening mechanism for potential host( and guest) to ensure that online profile match real life identities. Requiring personal SS# may be a little invasive but renters should ask hosts to provide photo IDs, external references (not just reviews on site) and a cell phone number or an email address as an emergency contact. In addition, a background check should also be required. Individuals have their personal ID checked all the times so why not hosts? This would help in creating a more trusted environment. Finally a host providing services is not the same as a hotel providing services. Hotels are business establishments and not private residence so risks and accountability are clearer.

What do you think Sunnylake should do now? Would you make the same recommendation to your manager if all of your office was locked out of its computer systems?

– I think Sunnylake should take their entire system off-line and limit it to internal communications only. The hospital can then function, in a limited capacity, while IT works to find the leak and correct the problem. Working to continually solve the problem while the hackers still have an unknown access point and could potentially be monitoring their activity is futile – even if IT ultimately knows their system better. By taking the system off-line, I mean all remote access should be blocked, all communications with the world wide web severed – wireless capabilities blocked – only devices that are hardwired to the system should be permitted to function.

Oops, posted that to the wrong thread, by bad!

What kinds of information do you think hosts should know about renters? As a potential renter, how much information would you be willing to give?

-I think hosts should know basic demographic data about renters, i.e. age, sex, ethnicity, and occupation. I think renters should know the same about hosts. As a potential renter, this is absolutely information I’d be willing to submit. Additionally, I think both parties need to provide access to historical transactions and the comments therein. Sharing one’s home, or one’s investment property is an intimate ordeal, and given this system, requires more information then a standard hotel transaction.

Although I agree with many of my classmates comments, I believe that attempts to increase security for both renters and owners may ultimately hurt the Airbnb business model, that keeps costs at a minimum and the system profitable.
For example, if hosts require that renters reveal significant personal information, prior to a reservation being accepted, the door for abuses, invasion of privacy, and discrimination may be opened. This could potentially deter renters who already might be sceptical of the process from using the service. Extensive background checks would also inevitably raise the cost of each transaction and thus the Airbnb administrative fees would most likely have to go up.
For hosts to be subject to more rigorous reviews and penalization for not renting their properties, owners may simply choose to rent their property via different route or service, thus selection and competition could be reduced, and thus prices for rentals raised. Asking renters to supply an high security deposit may also be a deterrent for would be renters, and likely would not accomplish the goal of protecting owners property.

My suggestion is to keep the process relatively the same. Require the owners have insurance. Give renters the option of buying a travel type of insurance, and providing some sort of “guarantee” on the properties’ essential qualities. Require that owners keep all personal items in properly secured areas, or off site, and deal with individual incidents as well as possible with good PR.

1. What kinds of information do you think renters should know about hosts? How is this similar or different to information you expect to know about a hotel?
I think the number one thing renters should know is the criminal record of their hosts. It is only right that you know the background of someone’s home you will be staying in. By knowing the hosts criminal record it could save renters from possible headache or worse down the road. Also the review history from previous guests should be available to renters so they have more information on a host before deciding to rent. With review’s come items like room cleanliness and safety which should also be available to renters. The only difference here is that a hotel is a medium to large scale operation with sets of local and federal laws mandating what they can and can’t do to an extent. But besides that even issues like the ‘hosts’ criminal record is relevant because hotels get the backgrounds of their employees before hiring just like the Airbnb renters should have the right to know about their hosts. Items like safety and cleanliness are equally relevant whether it’s a hotel or a host’s home so most of the information that applies to Airbnb hosts apply to hotels.
2. What kinds of information do you think hosts should know about renters? As a potential renter, how much information would you be willing to give?
Similar to the previous question I think that hosts should know just as much if not, more information about their renters in order for incidents like “EJ” to become minimized. Hosts should be given the criminal records of their renters to then it gives them the discretion on whether or not to book the reservation. Hosts should also be given all previous reviews from other hosts on the renters they want to book. This way they can find out if their renters have a good reputation from previous stays. It should also be a requirement for renters to state whether they are smokers and if they want to bring pets. When I helped my parents with their rental properties the smoker issue was a top priority because it made everything smell. As a potential renter I would be ok with giving any criminal history, if I smoke, and any reviews about me from other hosts as long as they are truthful.

When staying at a hotel, I’m not required to give the company any other information about myself other than my name, address, phone number, and credit card information. However, with a hotel stay, the situation is one of my entering into a legally binding contract with a company that is experienced in the travel business, staffed by people who are legally employed by the company, and insured against any kind of damage that I might cause while I stay there. By contrast, if I connect with a stranger on the Airbnb for the purpose of letting him stay in my home, I should reasonably expect to have him provide a good deal more information in order to establish that he’s trustworthy enough to do so.

The Airbnb website states “Trust makes it work.” Personally, while I understand the potential pushback the company might get from asking for more information, I tend to fall into the “trust but verify” camp. From both a risk management and an ethical standpoint, I think the unique nature of the transactions Airbnb facilitates requires that a good deal more information be obtained from both hosts and guests than the article suggests was the case in the period leading up to the “EJ incident.” Hosts are not employees of Airbnb, and their behavior cannot be supervised or controlled in the typical manner. Guests are not coming into insured, company-owned facilities. While I may well be in the minority on this point, I’d think that in exchange for the advantages that this unique service provides to both hosts and guests, providing more background information to establish one’s trustworthiness wouldn’t be asking too much.

For example, a basic, one-time selective records check could go a long way to helping ensure that neither hosts nor guests are exposing the company to unwarranted risks. While not infallible (or free), a combination of social security number scan, license verification, criminal record and sex offender records could help establish a basic indication of trustworthiness. Individual hosts or guests would not have to be privy to the results of said checks. Rather, the company could simply identify said host/guest as having passed their background checks, along with whatever other indications of trustworthiness the company offers (e.g., host ratings of guests and vice versa). True, such measures would have costs associated with them, but I were opening up my home or were venturing into someone else’s, I’d be put at ease knowing that the company had made some effort to prevent me from entering into an agreement with someone who has already demonstrated a serious lack of trustworthiness or responsibility.

Hosts should have access to the following information: renter’s full name, hometown, travel intent, first timer or not, previous Airbnb stays, previous ratings with dates, references, Facebook or social media site – allows you to see that the person is real and what they look like. In addition, hosts should know the number of people renting, age and gender.

I know that many are not comfortable with sharing information on their social media sites. While I agree that it could expose you to more harm the other part of me thinks that in the social media world nothing is truly private.of I were a host or a renter I would feel more comfortable knowing a little bit more about who I was renting to or from. Insight into their social sites would make me feel more comfortable rather than an user with no pictures or information.

When I rented an apartment in France through an apartment renting service, I was asked to provide copy of my passport along with other information. When I helped my son lease an apartment while in college, I had to complete an application that included providing my social security number and I was informed that the landlord or the landlord’s representative would check my credit report. I am considering renting my apartment when the Pope is in Phillie, so turned to the web for guidance. This site http://www.nolo.com/legal-encyclopedia/how-screen-select-tenants-faq-29137.html recommends landlords vet their potential tenants by:
• employment, income, and credit history
• Social Security and driver’s license numbers
• past evictions or bankruptcies, and
• references.
Since I would expect to be able to follow the site’s recommendations, as a person who plans to continue to use Airbnb, I am fine with sharing the same information with those who would rent to me. I have been a victim of identity theft, so giving out sensitive information does give me cause for concern, but I completely understand why someone who is considering offering their home to a stranger would want to check out the possible tenant.

As a very cautious, sometimes too cautious, consumer, I believe that the more information is provided and needed, the better the outcome. I believe this to be true if you are either a renter or a host. I think as a smart consumer, a renter should know as much as possible about the host, or anything for that matter. A renter should research the host, the location, review ratings for the host (from various sites – this can prevent bias reviews) and the company responsible for the transaction. These steps are very important when renting from a website such as Airbnb rather than a hotel. Airbnb is allowing individuals to rent out their personal homes; whereas a hotel, is renting out a distinct location created for this type of transaction. Furthermore, hotels are fully insured, have established reputations, and have various regulatory bodies governing them to ensure safety and compliance with the law (to include BBB – Better Business Bureau). Although I believe that there is a huge level of comfort when renting a hotel room, rather than a room from a total stranger, I still do my research when making hotel reservations. The way I see it, would I accept a meal from a total stranger in the street? No. Then why would I accept a room from that person!

Similarly, as a host, I would want to know as much as possible about the person I am renting to and the company I am using for this transaction. Let’s not forget, this is a total stranger that I am allowing into my home. Although I would never consider using a site such as Airbnb, if I were to become a host, I would want to do a background and credit check on the person. I would want to research the renter on the internet to see what information is readily available. In the new age of social media, there is very little to hide. I would check Facebook, Instagram, and/or Twitter to see what type of extra-curricular activities this individual enjoys during his/her down time. I would check the BBB to see what (if any) cases have been filed against the company and the outcome. Additionally, I would google the company to see if I am able to find news coverage on the services being provided by the company. Lastly, I would purchase insurance to ensure that if an unexpected incident occurred, I would not lose everything that is important to me. Oh, I would take all of my valuables and secure them somewhere outside of the house.

As a renter, I am willing to provide as much information to the company sponsoring this transaction (not to the host) as required. The host should do his/her due diligence while I would assume that the company will perform its own verification and will keep my personal information confidential. The way I see it, if the company know minimal information about me, they know very little about the host; therefore, making the transaction unsafe and unreliable.

I think in a model like this, there’s always a double edged sword situation with information. On one hand, both the host and the renter would ideally like to have maximum amount of information about each other. However, I doubt either party would want too much of their personal information at the disposal of a stranger. There’s no reason for some stranger to know my social, my income, or even where I’m coming from despite the utility of such information in making hosting/renting decisions. Perhaps, if this information went through some third party, it would make these transactions safer. I am imagining a platform within Airbnb (or even in application to other similar services like Uber) where an authorized, unbiased third party validates the credentials of the individuals akin to a background check. Then, they could produce a report that would give a general safety rating based on predetermined criteria, rather than disclose specific private information. This would give more confidence to each party without having to sacrifice safety and privacy. Although some websites already utilize background checks, I would like to see a more comprehensive check on the individual with choosing more criteria for evaluation and sacrificing specificity (eg. both criminal and parking violations cited for individual as one comprehensive score rather than knowing many details about one traffic violation). As far as what I information would make me more comfortable with either renting or buying, I would like to know criminal history, any property violations/complaints, any name inconsistencies, and just information validating the identity of the individual.

As a person who has used Airbnb but never as a renter I have only used the site to monitor the comments about the owners. Getting information to try to prevent any type of damage to the property including credit history, social security number, and others may not necessarily be all that easy to obtain. Although background checks have become much more doable with the internet there is still an issue with Airbnb in this regard.

I spoke with a personal friend who has had hundreds of properties that he rented out through Airbnb to find out ways that he screens potential renters to prevent any negative scenarios with his apartments. The most common situation that he tries to minimize is people renting out the space to throw a party for fear of the possible damage that might occur.
The suggestions are
1. Meet the people in a place other than apartment location. If the vibe of the person is wrong then he will not go through with the rental.
2. Use a Facebook search of the potential renter to determine their friend associations for the possibility of parties and untoward events, etc. If the person’s friends on Facebook are all about partying he will not rent the apartment.
3. Because his apartments are in New York City a common face-to-face question that he asks is where the people are coming from. Anyone who lives in New York City and is looking for a place to crash for the night is refused rental for fear of the apartment being used only for partying.
4. Although questionable based on Airbnb rules, much like hostels you could hold the passport until the person leaves to ensure no damage.
5. Since Airbnb holds the security deposit you can increase the deposit amount to cover any potential damages. Obviously, the nicer the home the more the deposit will need to be.
6. Routine inspection may be valuable through a mandatory daily maid service for multiple night guests.

Interestingly he states that Airbnb claims to have insurance but it is impossible to meet the significant number of qualifications required. Also, personal insurance will not cover damage by sub-letters so you would need to claim that the property was damaged by you, the owner.

As a renter I have to admit there is really very little I seek to find out about the host. If I find out the host regular lives in the property or at least stays there at some interval it provides a level of comfort that the host cares for and maintains the place better than if it is strictly a full time rental property. I’m not certain why this gives me some comfort, maybe just the thought that the person spend time there equates that the host cares for the place. Reviews from past renters may provide insights, though reviews often come with bias. A check with the BBB may reveal complaints or a history without complaints. If the host does not live or stay at the property, there may be a property management property that provides information and comfort. Management companies are easier to check out. They generally have more available information, references, and reviews. Other than these things I don’t seek too much about the host. I do seek to learn about the area. Learning the local area such as shops, entertainment, recreation, etc. provides a sense about the property.
A hotel stay requires much different information. A hotel is generally selected with past experience in play, at least experience with the franchise. A hotel is researched for location and amenities. The host, being a company, is for the most part understood and accepted with a greater level of trust from experience, reputation, and expectation that the staff will correct any deficiencies. A hotel rental is perceived to have less risk. A hotel, being a company, comes with standards, rules and regulations that provide a replacement for needing to know about an individual host’s reputation and history.

Renters should know the criminal history of their hosts so they know they are renting from law abiding property owners. Hosts should also provide documentation that shows they have property insurance and their property passes the required home inspections to ensure their guests are staying in a safe environment. Every hotel has to pass safety, fire, and food inspections, which are on display in the lobby. I frequent hotels at least twice a month for business and as a customer; I have become accustomed to look for inspections, especially hotels that I have not stayed in before. It puts my mind at ease when I am away from home, and I am rest assured to be in a safe environment. I think rental properties should be held to the same safety standards, although they are not sanctioned by the government to do so. It would be a good idea for the government to step in and enforce that rental properties or hosts be required to show the necessary inspections to protect renters.

Hosts should also provide a list of names and contact numbers for every guest who rented their property to prospective renters. Renters should have the ability to call former guests to ask about their experience in customer service, conditions of the property, and the environment. When we used Airbnb in Paris, we stayed in an apartment that was located in an extremely noisy center of town, which was located near a university. Students were out partying every night to 3 am and we had no visibility to this prior to residing there. If we were provided a reference list, we could have inquired about the location and environment. The host did not disclose this, since he was eager to rent the property. Also, we arrived to the property and the host was an hour late to meet us to give us the keys. While, they compensated us for our lunch while we waited, this was terrible customer service and extremely frustrating. Who knows if we had a reference list we could have been informed about the poor customer service and noisy environment.

These questions go to the core of what you believe Airbnb should be. Are they the itermediatary and background screener between hosts and renters or is their role more importantly to match supply and demand. I would say on a persona level that I would be unwilling to compromise on details of a renter if I were hosting. I would be more apt to turn down requests if I wasn’t 100% certain of the information I was given. From my experience renting only once, I knew that I was under pressure to provide greater details, especially since I wanted to rent a place in Paris that I believed I might not have a chance for as my first rental on their web site. That being the case, I was willing to provide details of myself that would be verifiable by searching the Internet and should have put the host at quite a bit more ease. Revealing personal information about oneself to an online rental source, particularly an individual can be quite concerning, but from both perspectives, you would want enough information to be able to presume your own safety and know you are renting from a reputable individual and from the host, you’d want enough to trust the safety of your home or apartment to that individual. This is a subjective amount of information, and in many ways Airbnb is allowing the consumers and hosts to decide how much is important to them, while allowing an open enough forum to provide varying levels of that information without restriction.

I feel that I am expected to give up a lot more information about myself to Airbnb than I would to a hotel. The only difference is: there are set fees that the hotel assesses me if I trash one of their rooms compared to what Airbnb does. Just solely based on renting my house to someone for a period of time, the personal value that I have in the place, I would want to know as much as I can about the person(s) renting my place. Not necessarily from a financial background but more a criminal background. I would also want to ask a lot of questions of the person to get a feel of what they’re about too.

From that logic, it’s highly unlikely for me to use the service. I would just rather rent a hotel room and let it be that.

As I have rented from VBRO before, which has a similar business model as Airbnb, I was reluctant to give out too much information. I felt as though as I was using a credit card I was safe enough against any duplication of my credit card details as I could always cancel my card, but I would not feel comfortable with giving too much information. If the host asked me for my birthdate or social security number, I would definitely not rent from them as I am sure many other people feel the same way.
As a renter, I felt as though seeing pictures of their house as well as other reviews by other people made me feel comfortable enough to not worry about being scammed. I also think that a lot of us rely on either VBRO or Airbnb, rightfully or wrongfully in regards for screening out hosts. I would hope as a renter that if any owner had a criminal past or mis-advertised that the website would ban them from their service.

In regards to any information which a host should provide I think that they have a lot more at stake than the renters. After all they provide a service and a key to their residence and a lot of trust. If you were to book a room at a local Bed and Breakfast place would you ask the owner for their ID and credentials? If you did, they would most likely be offended and ask you to leave.

For this type of service transaction, the hosts are entitled to know the renter’s identity. In my case, they asked for a copy of my passport at the time of check in for a short stay I found it to be an appropriate and reasonable request before renting their house. It it were a long term lease they would be entitled to the customary questionnaire- SS#, credit history and salary amount, evictions, etc. However, if Airbnb and/or the host informed me that a criminal background check would be required in order to rent a place for a few days, I would find it equally insulting and would take my business elsewhere.

I am not sure that renters need to know anything personal about the host other than who to contact if there is a problem with the property. Renters should know what they are getting for their money. They need to know the location of the property, its proximity to local attractions, public transportation, etc. Most importantly, the property should be reflected properly in the advertisement. Things such as number of bedrooms/bathrooms, condition of the property, available parking, etc are important features to renters.

Hosts have more at stake since they are financially vested in the property. They need to know who the renters are, their permanent residence, how many people will be staying in the property. A credit card should be on file with Airbnb in case there is a problem. I would not have a problem giving this information to a host.

I think the most important information that a host should provide including the location, condition and basic features of the property, and special requirements from the host to a potential renter, such as pet, smoking, any damage and etc. However, the host should do background checks, credit history checks and some other important issues before he or she could accept the potential renters. Because host wants some financial gain and take advantage of the vacant property, not a financial loss. Therefore, they should know a potential renter better prior to invest.

I think as a renter staying in someone’s home I would want to know way more personal information about both them and their place then I would be concerned about when staying at a hotel. With a hotel I’d compare sites try to pick the best price for the room and possible extra amenities, search for any blogs about recent bedbugs at the hotel and book my stay. I don’t know if there is enough information that would make me feel comfortable staying in a stranger’s place especially if they are staying there at the same time. There are plenty of serial killers who had no criminal record before they were caught. I feel the same way about letting a stranger stay in my private home. There is no amount of information that would put me at ease to allow a stranger to stay in my home even if I wasn’t there. Dealing with squatters’ rights is the first thing that comes to mind. At least a hotel doesn’t have to deal with squatters and if the state law is not that clear cut in a particular jurisdiction at least as a business, dealing with the eviction process would be easier for a hotel then for me trying to evict someone from my personal residence. To look at it from the other side though, if I was willing to be a potential renter, I think would want to be very forth coming with personal information to the host who is no more than a stranger. If it was being vetted by Airbnb and only giving the host a green light that I was reputable, maybe.

When building your profile on AirBnB I would assume that renters and hosts would want to know similar information about one another. In some case renters are just renting a room and they are staying with the actual host. In that case, I would want to know some type of background – do they have a criminal? How old are they? Do they have a family? How many other people are also staying there? As a host I would be curious what their “personal rating” was as a renter… Do they have references from other AirBnB hosts? Do they have the funds to supply a security deposit?

Essentially, AirBnB is equivalent to a “short-term” lease. This means renters should provide employment, income or credit score/history, driver’s license number, and references. The reason the host is different than a hotel is because they are also living in this space. Hotels rooms don’t include personal belongings, have direct access to the customer’s credit cards, and has insurance for severe incidents.

As a renter, I would expect to know the host’s criminal background check, hobbies, and any medical condition that could put a guest at risk. Anon-smoking guest may not be comfortable with a host who smokes especially if the host happens to be around during the stay. Personally, I would not be comfortable renting from an individual with a history of violence.

Similarly, hosts should know about renters’ criminal background. Many things are at risk here. An unknown child offender could attempt to rent in a neighborhood where they are not supposed to be. Such critical information will remain unknown except a background check is run. Lastly, I would not give more than the rental description and basic personal information, including my own background check to provide some sense of security for the potential guests.

I have previously heard a little about Airbnb, read in the news about its rapid increase in value as a company and some of the recent problems (similar to EJ’s story, the issue in NYC about ‘illegal hoteling’, renters who never leave), but never thought once about using the service. Maybe I just thought of it as renting someone’s couch. The negative press probably didn’t help. This perception certainly influenced how likelihood (or unlikely) I was going to use their platform.

I went to their website – I am impressed with the design – makes it seem as if the ‘products’ they’re offering really do belong to them. I found a houseboat rental in Paris on the river, with an up close view of the Eiffel Tower, for $235 a night (minimum 3 nights). You certainly cannot get that from a Courtyard by Marriott! I can say that after reading the case, this article on culture, and giving their web site a brief review that my opinion on Airbnb has changed. The company seems to be vested in its community of hosts and users – that there is a corporate social responsibility effort to promote safe renting, safe hosting. Based on my change in perception I may give Airbnb a thought for an upcoming trip or vacation.

I have never used Airbnb or Uber and have conflicting opinions based on the case, the Sundarajan article, and my own experience browsing the Airbnb and Uber websites today.

Airbnb seems to have made progress with improving their culture of partnership with their hosts after the EJ incident. As per Sundarajan, Uber still doesn’t get it. And he feels as though there is an opportunity to improve Uber’s ‘platform culture’. Having just finished HRM class, I found his arguments very compelling.

But I’m not sure how any of that affects my decision as a consumer to use them. Sundarajan himself admits to being a heavy Uber customer, despite his criticisms of how they treat their drivers.

The main reason I don’t use these services is that I’m just a bit ‘old school’ and cannot make the leap to actually paying a seemingly random person to sleep in their house or ride in their car. I would need to see that a place has had dozens or more glowing reviews o even consider it. But I admit that this assignment has gotten me to perhaps consider it in the future.

I am a big fan of Uber and have been a loyal user since I was introduced to it two years ago. The reason I became enthralled with the service was clearly convenience and the economics of its business model. I was no longer hostage to a local dispatch centers that wouldn’t answer or never sent a taxi and Uber rates were incredibly competitive. I could now speak directly to the driver prior to pick up and the driver was truly concerned with their service as they were rated by me as I was rated as passenger. I have never used Airbnb but my good friends have. They also are enthralled with their experience. They no longer have to deal with long lines following check in in large metropolitan cities and they have a good understanding of the accommodations due to prior ratings and the pictures included by the host. The criticisms of Mr. Sundararajan are real and disturbing and may in the future have an impact on Ubers success due to poor labor relations. Clearly the culture platform on Uber will need to be more consistent with that of Airbnb when conditions change in the future and the providers have choices to align with companies such as Lyft. At this point there are so many inadequacies in the transportation network throughout this country that the present Uber business model is able to flourish. This is in contrast to the hotel industry which must pay attention to labor to be effective in providing the right value experience to the guest. We see this especially with high end providers such as the Four Seasons and the Ritz who make it a point to provide service as well as strong labor relations. Only when there is more competition is in the transportation market place for providers will Uber need to change their cultural platform or become a marginalized player in a business model they originally created.

I haven’t used either Airbnb or Uber before. I just learnt about these two companies during our case studies while pursuing MBA. I did go to their websites today and found interesting things and meaningful uses of each. In the Airbnb website, surprisingly I found few hosts in and around my town and in Boston. Prices were surprisingly affordable. But I couldn’t find any Uber services here in Boston. Although we have zipcar with the exception of taxis, which has similar services to Uber here in Boston.

I am a bit neutral in my views as I have no personal experiences with either company. I will try them out cautiously if a situation arises and hopefully learn from it. After reading the article by Sundararajan A, I believe both these companies have a very different platform culture. Both these companies have grown exponentially in their demand and the size but have faced many challenges over the years since the inception. Airbnb has invested significantly in creating communities and partnerships, best practices with the emphasis on community and connectedness. But Uber appears to be the opposite and community building isn’t their priority. They are struggling to create harmony between the company and the service providers like the drivers and also struggling with the rider safety issues etc.

After reading about few incidents with Airbnb like for example EJs and others, I am not sure if I will want to try them out anytime soon. I’d rather go with the regular hotels where I feel safer and enjoy the comfort of hotel amenities and hospitality.

I have not used either platform before, but my sister uses Uber all the time. I also have many friends that use Uber and love it. While I have read the negative reviews that Uber has gotten in the press lately, I feel the company is a great company. I really like the Uber platform on the phones. It makes it easy to use and to be able to spot when a car is nearby or when it has arrived makes it a great device. The article has enlightened me on the differences between the culture of AirBnB and Uber which I was not aware of. I wasn’t sure about the treatment of its drivers. After reading the article, I’m sure Uber will become unionized like the taxi drivers. Uber was a great start-up idea with its use of fresh innovation, but I still don’t feel like I would use Uber. I love my car and plan on driving as long as I can. I really do hope that self-driving cars don’t become standardized even though they will be the future at some point in time. The real question as the article points out is Uber ready for the future of driving?

I used Uber once while at a wedding in Pittsburgh last summer, and I was pretty impressed. I really liked the app and the simplicity of the whole process. I liked that the fare was fixed ahead of time so I didn’t have to worry about being taken the long way to my destination to rack up the bill. While on vacation in Boston a few years ago, we took a taxi from the city to our hotel just outside and were pretty sure the guy was missing turns and looping around for a higher fare. The other thing to like about Uber was that the car was clean and new and a “regular” car (well, a Prius anyway).
Price and convenience would have me go with Uber again if I needed a ride. Since I would be using it very infrequently, I don’t follow much of what is going on with the company itself. I will say that based on the reading, if they don’t make efforts to improve (or even impart) their culture, the product is at risk of suffering and becoming less of an option for me. It does seem like making efforts like Airbnb does to create a community would work wonders to keep the model moving along in the right direction. The concept of driverless vehicles moving products rather than clients was an interesting postulation as to Uber’s motives…

I use Uber weekly throughout major metros throughout the country, and have been since 2013. An aspect that I appreciate is instant gratification, a car typically arrives within minutes if not seconds, and as a business traveler I love the cashless transaction.One of the biggest problems I have with the taxi industry is the emphasis on cash transactions. I would much rather use a company credit card than use cash and wait to be reimbursed. I also appreciate that they work for the good rating, and typically seem to want the best rating possible and will render service to gain it. Another great feature is the tiered approach where you can choose anything from an UberX to an UberBlack. In business situations the Uber Black can be extremely beneficial when entertaining a client. I typically try to spark up a conversation with the driver, and as the article alluded to I have witnesses a change in attitude within the last year. Initially drivers were excited with the service and growth of the brand. I hear more and more about a big brother type of atmosphere within the Uber company. I’ve had multiple drivers that have told me they are leaving Uber and going to Lyft due to the opportunity to have better financial gains and a better business model. I do enjoy using Uber and generally have a very positive perception of the company, however I will acknowledge that they need to adjust their business culture to ensure inclusion and delegate a positive culture within their driver ranks to ensure they do not lose market share to companies such as Lyft. Lyft may have identified a weakness in Uber’s company that they can expose to both the company driver and consumer.

I have not used either Airbnb or Uber before, but after reading about them I believe they both offer services that I would choose to use if the need ever arises. From what I have read so far they both have positive and negative reports. I believe the positive outweighs the negative as both companies have identified a need in the market and found a “new age” way of bringing together consumers and suppliers. Uber offers convenient transportation at competitive rates and from what I have read so far they offer reliable pick up service and you can contact your driver directly and even track their location once they are on their way to pick you up, this option gives you a head up of how long it will take the driver to get to you plus you know ahead if there is going to be any delays. As for Airbnb, I looked at their website to see what is available around my town. I was surprised to see the large number of listings available, their descriptions were accurate and the rates were certainly much cheaper than what tourist pay for hotels.

I have used both services before. It’s been a year or two since I’ve last used Airbnb, but, since I live in a city, I use Uber all the time. It’s my preferred method of transportation next to subway/rail or ZipCar. Although I haven’t used the service in quite some time, I have a pretty positive view of Airbnb. When the Attorney General here in NY went after Airbnb, I was one of its strongest proponents. I believe it provides a service that’s needed in this metropolitan area, which has many high-priced hotels with extremely tiny rooms. When visitors don’t want to spend the money to stay in a Manhattan hotel, I often tell them to visit the site before making a decision.

I’m also a strong supporter of Uber’s efforts to remain in the area and break into other cities. The price and cleanliness of the UberX and Black Cars I’ve been in are hard to beat when compared to the cabs I’ve taken outside of those in NYC. However, like the author of the article mentioned, I have noticed a difference in that overall happiness of Uber’s drivers. The top complaint has been that Uber’s prices are now too low for the drivers to make the money they used to make. A few have even mentioned their plans to quit Uber altogether. This certainly affects my opinion of Uber as a company, but as long as the prices remain low and the drivers courteous, I will continue to use it.

I have use Uber a few times and have to say I will use them many more times. They are much more convenient, clean, and professional than the standard taxi service. The ability to use the app for payment makes getting home from any where less stressful. Lets not forget the whole “tipping” concept that a lot of cabbies live by. With Uber you don’t have to think about it. For the average user it is not necessary to know anything about the company because each driver tends to act like his/her own company. I have not seen the changes in the culture Arun spoke of in his article. I am however in Jacksonville, FL so the price changes may have limited affect due to our cost of living being lower than most. As long as the drivers remain this way I tend to think of each driver as their own company and am treated like their only customer in return.

I have only ever used Uber before and I have only used the black car service. I too like so many have said that I like the fact I can pre-pay the fare and not have to fumble or worry that the credit card machine won’t work. I felt each time that the Uber drivers make more of an effort to keep the cars clean and present themselves in a professional manner. I have had so many bad taxi stories from dirty cars, drivers talking away on their cellphones and claiming the machine doesn’t work so, they have to run you to the ATM to pay the fare. I have never tried Uber X, I found it strange when I saw an advertisement looking for drivers and the prerequisite was a clean license and a car that was no older than 5 years. My college aged son was all over that as well as his friends thinking they could make a quick $ in their beat up suburban wagons. There has been some recent bad publicity with Uber service in foreign countries, in particular India and that has made me slightly wary about traveling alone. Although through following the author Arun Sundarajan, he has a new story on Twitter about a new safety feature being piloted in India by Uber, called Safetipin. http://techcrunch.com/2015/02/23/uber-safetipin/
Because of the issue in India, Uber announced stricter background checks. Initially drivers here were excited about the Uber service, no longer being subjected to strict rules about fares and pick ups etc., but Uber has done little to foster that excitement and build a loyalty and culture within the firm. I do like that you can see where the car is and the drivers name and picture before pick up.

I’ve used Uber before but not Airbnb. Prior to these readings I had no real opinion of either of them as companies. I had heard positive feedback from friends about their experience with Uber, but no one ventured any opinions as to the company itself. My experience using Uber was very positive. However, after reading the assigned articles, I have a very different view of the one company versus the other. If they were competing companies in the same market, and if both services were otherwise close to equal, I would clearly choose Airbnb over Uber, based on my opinion of the company.
I recall being in a restaurant with my family and our meal was brought to the table after too long a wait, and some of the entrees were over cooked and other items were already cold that should have been warm. One of the entrees wasn’t even what was ordered. We were very upset. But moments after we let the server know about the problems, the manager/owner came over and profusely apologized, and corrected all of our meals, and told us it was on the house. In addition we were given a hand written “coupon” to return and have another meal, also on the house. That restaurant took a bad experience and turned it around so that we became loyal patrons. I see a some of that philosophy in how Airbnb, belatedly, responded to the EJ incident. The company reviewed what occurred and made changes to constructively improve the business model to the benefit of the users. That impresses me as a company I would prefer to do business with.

I have used Uber before and I have a positive view of them. The Uber experience felt more like a friend giving me a lift than a taxi cab experience. The use of the personal vehicle made me feel comfortable. Also, the fact that the driver was pleasant and struck up good conversation made the transition from stranger to associate flow relatively smooth. I’ve only used the service once, but I will definitely use it again when the situation presents itself. Also, I have a friend that is a part-time Uber driver and he is very content with the structure of the company. He has been trying to recruit me for a few months, but I haven’t budged. I hate driving any way.

I use Uber often when I’m in Chicago or NY. I’ve had very good experiences from the short wait time and pleasant drivers, no waiting for my credit card to process or cash exchange is great too. I do have some coworkers who have experienced some ‘rate jacking’ in NY. Essentially when it’s raining they saw the price for a trip go significantly up compared to the same trip from a previous days. While from a supply/demand standpoint this makes sense (try catching a cab in NY when it’s raining), it really rubbed my coworkers the wrong way. Even though my experiences have been pleasant their unhappiness makes me think about using Uber again. When you combine that experience with all of the negative press, especially around their treatment of driver’s, it is definitely enough to make me rethink.

I have never used Airbnb or Uber before however, I have friends who have used Uber and have had mostly positive experiences. I have heard complaints of peak rates during busy times, which leads me to believe some customers are being taken advantage of. On the same note, Uber provides a convenience. You aren’t waiting an hour or two for a taxi that may or may not arrive.
It is funny we are taking about Uber this week as the below article came up on my Facebook newsfeed today. A California man took Uber twelve miles and was hit with a $452 charge. He was aware of the surge pricing due to the hockey event he attended, however, to me that is beyond excessive. Uber did nothing to make the man whole after he requested some sort of credit. Don’t entirely blame them as he was aware of peak pricing but seems unfair and a poor way to attract business. Based on this experience, it definitely will make me think twice before using the service. If I’m in a real pinch, I’ll at least make sure I do my homework thoroughly before requesting service.
I perused both websites. Super impressed with how Uber presents themselves. While I never used them and despite the surge pricing, it seems they are very concerned about customer safety and do their due diligence by getting background checks and necessary feedback before employing drivers. Airbnb has to be doing something right (based on their site alone) with over 15 million guests served. My concern with them, based on article readings, is that I don’t know that I would feel safe using their services.
http://www.nbcphiladelphia.com/news/national-international/South-Bay-Passenger-Frustrated-Over-452-Uber-Fare-294149401.html

I have used Uber on several occasions. I heard about it ~3 years ago, downloaded the app, and caught a ride in a black towncar in Philly. It was easy and relatively inexpensive. I used it again when I was caught in Camden with no cabs in sight. What a relief it was to have a car arrive and whisk me out of there! I’m living in Scottsdale, AZ now and Uber is very popular out here – it is a 0 tolerance state meaning if you’re caught drinking and driving, you’re going to “tent city.”

It wasn’t until recently that I came to understand that it’s just a regular Joe driving their own car, not a professional driver. That has soured me on the service a bit. Rightly or wrongly, thoughts of “The Bone Collector” come to mind. I haven’t done a lot of research but I wonder about the insurance these drivers have and if they’re adequately covered if there were an accident.

Most of what I hear about Uber these days is negative press. Some of the statements made by executives running the company have made me cringe and left me wondering if they have a brain in their collective heads. They seem to be very immature and unable to handle criticism. They are facing a lot of opposition, but need to put their best face forward. The emotional reactions are not endearing them to investors or users (like me).

http://www.bloomberg.com/news/articles/2014-11-19/uber-may-need-adult-supervision-as-controversy-builds

I have used Uber as well and my experience has been positive. I agree with the article that the name “Uber” is becoming synonymous with the action of getting a ride. I have heard people say that they will “uber their way home.” There is no doubt that the company has been wildly disruptive to the personal transportation industry. That said, I share concerns about the negative press the company has received. Uber relies on its network of drivers. About three years ago when I had my first experience, the driver loved the company. I wonder how drivers feel now. The drivers are the main touch point between Uber and the customer. If they are not happy — or feel they are working under a surveillance state — it will show in customer service.
For additional information about the financial impact on drivers, I checked out a Washington Post article. It seems that there are a number of unexpected costs facing drivers. It’s surprising and makes me wonder how long Uber will be able to recruit happy, content drivers.

Chris, Uber drivers are well compensated regardless of fees. During peak times and especially holidays, Drivers are made more for their services. I know a few drivers personally and they are making 70,000-100,000$ Regardless of fees, I think that they are paid exceptionally well for driving their own vehicles and being their own bosses.

I used Uber for the first time about two years ago, while visiting a friend in NYC. After what seemed like an endless wait for a taxi, my friend explained Uber and ordered a car. I was skeptical at first, as it appeared to be a random black car coming to pick us up. My initial experience was a positive one. Our driver arrived promptly, and was cordial and conversational. I was shocked to find that no money exchanged hands upon our departure. Since then I have used Uber 3 additional times, twice in New York and once in Philadelphia. Regardless of the location I have always had a good experience. All drivers arrive quickly and I have always gone from point A to point B without a hitch. Originally, my views of Uber definitely increased my likelihood of using their service. However, recently I have noted all the bad press they’ve been receiving, and this will undoubtedly affect perceptions about the company. I haven’t used Uber in quite some time, but knowing how they treat their drivers will make me second guess using their services in future.

I have never used Uber or Airbnb, but living in DC I have heard quite a bit of positive feedback regarding Uber. I think given their recent bad press it was a brilliant move to hire David Plouffe, former advisor to the president’s campaigns and overall genius on all things PR. That being said, the article’s author had an excellent point that a company needs more than a “branding strategy” – it needs to actually build a brand organically through consistently great service. It appears that Airbnb has accomplished this while Uber is still trying to find their way culturally. If you go to the Airbnb website you see catchphrases such as “belong anywhere” and “welcome home.” There seems to be a deliberate push to create an inclusive and relaxing culture. Uber, on the other hand, seems very fixated on expanding the company while treating bad press like a temporary problem that can be resolved with good PR. That being said, my opinions of a company do not usually affect my purchasing decisions – if the product is good, I will purchase it regardless of how I feel about the parent company. I think Uber and Airbnb are both good companies providing good services – hopefully Uber can pull through their current issues and continue to provide efficient and low-cost transportation services.

I actually wanted to check and I’ve used Uber 35 times in the last 12 months, in LA, Minneapolis, Chicago, Philadelphia, Dallas and San Francisco. I’d say this actually makes me a pretty regular user of Uber and i’ve used all the services from Taxi, UberBlack and UberXL. On very few occasions i’ve ever experienced an issue with Uber drivers and I will tell you that they look every single time you rate a driver, and they act on your opinions. I had started using Uber after my credit card was stolen by a taxi driver and thought this would be much safer, and the only two things that have ever occurred was a driver who took me for a ride, meaning he drove way out of the way to make sure the fare would be higher. Pretty incredible that he did that considering it emailed me a receipt with a picture of the route the driver took. Uber responded to my message within 1 hour, credited me back the additional fare that it would have charged and assured me that the driver will be investigated and removed if it has happened before. The other incident was where the driver picked me up but his phone malfunctioned and was unable to charge me for the ride. I contacted Uber and asked them to charge me and they made sure to compensate the driver for the ride.

I always feel the need to ask the Uber drivers of their opinion of the company as well, and i’ve seriously have not heard them complaining. They are always positive about the company and how this has given them an opportunity to make money when they were previously unemployed or out of work. I believe all the negative we see out there is from the Taxi companies trying to prevent this type of service out there and sadly the Taxi companies need to fix the issues the passengers have with them and just compete appropriately.

My opinion of a company does impact my likelihood of using their services or buying their products. There is a list of companies that I won’t purchase from such as chick fil a where I think their organization is bad for the greater good and I would not want to associate myself with them.

Uber was pushed heavily by my previous company in DC. Right before the annual holiday party in 2011, we were all given a discount code to use for a ride home, but when I checked out the fares, it was more expensive than a regular taxi. Regardless, most people there used Uber as their car service of choice. I’ve never used it, not only because I thought it was pricier, but because I was uncomfortable saving my credit card in an app of a relatively new company – they hadn’t yet earned my trust. Given the recent negative press and problematic comments by management, I probably won’t use them – if I’m in a location where Uber exists, it’s likely there’s also public transportation and taxis, and that’s more my style.

I have used AirBnB, but only because the host wasn’t a complete stranger – she was a friend of a friend. Even though it was a mostly good experience, I probably wouldn’t use it unless again unless someone I know recommended a specific host and property. Despite a culture that seems more inviting and inclusive than Uber and my generally positive view of the company, I just can’t bring myself to trust a complete stranger who is letting me into their home/apartment/condo. I like the idea behind AirBnB, and staying in a house was a much better and affordable experience than staying in a hotel in DC, but I just can’t get past that trust factor.

I have been using Uber for several years and the majority of my experiences have been very positive. I first read about Uber in 2010 shortly after it launched in San Francisco and signed up as soon as it debuted in Philly. At that time, I was living in Philadelphia but could not hail a cab due because I lived on a small quiet side street so my choice was to either call and wait or walk a few blocks to where I could get one. Uber was a game changer for me and has definitely succeeded in disrupting the market. I mostly used uber locally to go out at night. It is extremely convenient. When I traveled to San Francisco, NYC and DC for work, I used it there as well. I once left a cell phone in the car and was able to track down the driver pretty easily but the best customer service I ever had was when my wife and I went out to dinner. We had about a 15 min ride from Northern Liberties to Passyunk. We were dropped off and then about 15 minutes later, I recognized the driver in the same restaurant. It turns out that my keys fell out of my pocket in the car. My cell was on silent so after trying unsuccessfully to reach me, he came to where he dropped me off and hand delivered the keys to me and would not accept any tips for doing so. It is because of the great service that they consistently deliver that I continue to use them. My view of them is based on them offering me a service that I need that they can deliver on time and time again.

Living in Center City, I use Uber quite frequently. All of my experiences with drivers and their cars have been very positive. My only disappointment with Uber came when they charged me a 2x surge fare on a flat rate to the airport b/c of a light drizzle. The ride took 15 minutes and cost me $90. Customer service email responses were pathetic. I still use the service but absolutely refuse to take it in times of “surge” pricing. I recognize that the drivers are good, and regardless of how I fell about corporate I will continue to use the service.
Although Airbnb sounds like a nice service, I would be hesitant to use it. I like the security and experience of staying in a hotel or a managed property when I travel. From what I have read, my view of the company is good, the service has its place, its just not for me.

I have never used Airbnb or Uber before. Although I yet to have used them, I think positively of them which will probably mean I will use them at some point in the future. I am familiar with Ubers concept. In Malaysia we have what is called MyTeksi. We use this app regularly to ensure safe, metered taxis. Living in Kuala Lumpur, it is easy to be mistaken as a tourist and have taxi drivers want to take advantage of you. It is common for taxi drivers to refuse to run the meter or take the wrong roads and charge ridiculous rates. Myteksi and similarly Uber eliminate that nuisance. Below is an article about MyTeksi if you don’t know what it is. It has established a brand in Malaysia and advertises in every taxi I have seen. When I lived in the U.S., I never took taxis so I actually heard about MyTeksi before I heard about Uber.
As for Airbnb, I think that I would be more likely to rent a room out in my home that I would to rent one from someone else. However, I just spent some time looking through the website and I must admit, there were some pretty nice places for reasonable rates in the cities that I searched. I also appreciate the personal perspective of providing such a service. You are going into someone’s home, not just another random hotel room. I imagine this can in some cases be a culturally enriching experience, or you know, a complete nightmare.

http://www.digitalnewsasia.com/sizzle-fizzle/myteksi-launches-uber-like-service-pundits-laud-move

I’ve not used Airbnb before and I think I’m less likely to use it after reading this week’s case studies. While there are similarities to the Uber business case, the invasion of privacy and lack of supervision raise bigger concerns with Airbnb. While I applaud the efforts to bring travelers needing rooms and potential vacancies together, since it seems like it is reducing market inefficiencies, I think there is too much risk being taken on the part of the homeowner. Even without reading the EJ case study, I’d be unlikely to rent a room in my house to a random person. I wouldn’t want them to have access to my personal belongings and would be skeptical of allowing a stranger in my home. As a potential renter, I’d feel awkward for the same reasons, not wanting to disturb others’ property and trying to avoid making too much of a mess or commotion. It seems like most of us here have similar thoughts – though it’s important to note that we’re probably not a representative sample of potential users of the service.

I haven’t used either Airbnb or Uber. Following the reading about culture I will never use Uber. In addition to our reading I read that Uber drivers do not receive tips. http://www.businessinsider.com/uber-tipping-policy-2014-10 and on some other sites. Is this true? It really shows how desperate people are for a job and how far certain companies will go to exploit that desperation. Poor driver is sweating bullets wondering what rairing he or she will receive knowing full well a tip is not coming. That doesn’t sit well with me at all.

Have you used Airbnb or Uber before? Do you have a positive or a negative view of them as companies?
I have never used Airbnb but I have previously used Uber several times. I use Uber whenever I am staying at a hotel in any city I travel to and I have found it a much better experience then a city taxi. I have an overall positive view of Uber as a company although a majority of my experience has just been on the consumer level. I have found Uber to be a better experience because the rates are cheaper overall than a taxi. Also the vehicles that Uber drivers use are their own personal cars and vans so they are usually nicer and cleaner then taxis. One of my favorite features is the fact that you can do everything from booking to paying via the phone app and when you complete your route you get an email that shows exactly where you went. Additionally, the drivers are always upbeat and nice. Because of all the customer level pleasantries I have experience I do have a positive view of them as a company.
Does your view of them as a company impact your likelihood to use their service?
My view of them as a company greatly impacts whether I will use them or not and that’s why I am slightly troubled by this article. I have always thought Uber drivers were treated and paid very well but now it seems to be changing. I have been considering becoming an Uber driver during my time off work but this article has raised some concerns. I will still use them as a service for now but if my view of them degrades I will likely switch to another service.

Have you used Airbnb or Uber before? Do you have a positive or a negative view of them as companies? Does your view of them as a company impact your likelihood to use their service?

I have used Uber and while its a useful service I think their customer engagement model can be abrasive at times. Uber can extremely helpful in areas that it is difficult to hail down a taxi or at times when a normal taxi’s are scare. The whole model of using your phone to request service is quite innovative and transformational. I personally have a negative view of Uber based on their surge pricing model where they increase pricing during peak demand services times. The attached article explains the surge pricing issues: http://time.com/3633469/uber-surge-pricing/

I personally have experienced the surge pricing model a few times in New York during the rain and I find the model to be quite opportunistic and unfair at times. Normal Taxi’s do not increase rates when demand is high nor do they decrease rates when demand is low so Uber’s model can be viewed as predatory a times from my perspective.

While the customer service of Uber is on par with other providers, their behavior towards their suppliers and customers needs to change as they often act with an air of arrogance with these groups. Uber’s reputation has suffered in the marketplace which impacts customer demands of the service. The surge pricing issues I raised above, the dealings with the press regarding GodView, the relationship with the press overall and other issues point to how Uber has failed in my view to embrace its new found success in the right manner. My view of them does have an impact on my likelihood of reusing the service however there are competitors now in the marketplace like Lyft who offer a similar service so as a consumer I have choice of who I use. Lyft has been much more engaging from a customer perspective and provides better service in my view.

I have used Airbnb on several occasions and in several countries. Overall my experience has been very positive and I would use them again, as well as recommend others to do the same. I agree with the article that the hosts I have interacted with have good customer service and are very professional. The hosts are very prepared to handle questions before arrival and on-site support, usually offering some orientation type information about the property and/or area. They also place a high value on the comments they receive from visitors. Overall they do seem to feel like they are a part of the larger Airbnb community up hold high standards and best practices. I have not used Uber yet but they are now operating in Tokyo so I’ll have to give them a try.

In my response to Eric’s post about Airbnb I mentioned that I love using Airbnb, and am even considering offering my home for use when the Pope is in town. Yet, I have never used Uber. I’m turned off to the fact that my perception is that Uber is really more about discontents than people focused on providing an exceptional experience. It never occurred to me before reading the What Airbnb Gets About Culture article that my view is due to Airbnb’s and Uber’s company culture. Culture – the predominant them of the HR class I just completed. This class is my last formal class to complete before I start my capstone. The HR class was awesome and brought together so many themes that run through Fox’s OMBA curriculum. I was hoping this class would to the same, so was happy that the Airbnb article did in fact reference the class I just completed, along with material I learned in other classes. I love how our curriculum is coming together as my cohort approaches our capstone experience and we get ready to graduate!

I have never used Airbnb or Uber before. I have been aware of both over the last year but I have not had a neither. I am considering using Airbnb for a future Disney world trip but I do have my hesitations. My hesitation is in regards to certifications and licensing. Anyone can say what they want about their home or dwelling but without regulations I am not sure what I will be getting. I may be better off just paying a few dollars more for peace of mind. In regards to the question, my view of them as a company would not deter me from using their services. I have positive views of both companies. I applaud their innovation and the risks they are taking to provide a needed service. There are two sides to every story and without working for either company, I have to take the good or the bad with a grain of salt. I think the majority feel the same way. I look at Walmart as an example. Walmart has received a lot of bad publicity due to the way the company treats employees, yet it appears that the bad publicity didn’t impact much of their sales. I think if a consumer is getting a good deal or has a demand for a service, price will outweigh company values in most cases.

Edit – I have been aware of both over the last year but I have not had a need for either service. Sorry, looks like we can’t go back in and edit posts.

I have used UBER multiple times and I really enjoy the service provided. In the city of Philadelphia cabs are not generally clean and the drivers and not always friendly. Taxi driver, also, are not usually very respectful of the driving laws. All of the above makes the taxi riding experience, in Philadelphia, quite poor. Uber has changed this paradigm completely, and the experience offered to costumers is at a much higher level. I enjoyed reading about the culture of companies such as Uber that do not have a physical location and that do not have employees. In my opinion every culture comes with a set of rules. If there is transparency in the implementation of the rules, I do not see an issue with that. It should also be kept in mind that any organization: the traditional ones and the Uber’s kind is subjected to changes due to many variables affecting the business. Therefore, it should expected that some of the rules might change overtime.

I have never used Airbnb; however, I have used Uber on various occasions. My experience with Uber was very positive; the driver was on time, I was able to locate the whereabouts of the driver prior to his arrival, quick pay using my Uber App, and a clean vehicle to transport in. Therefore, my view about the company is definitely based on my personal experience. However, after reading the course article where Uber and Airbnb were compared and contrasted, I am more aware of the companies’ culture and their platforms. Both companies have a platform based on “firm-market hybrids, supplying branded service offerings without actually employing the providers or owning the assets used in provision.” Although the products are difference, the companies provide services using non-employee personnel which distance them from the end customer. I understand that each fosters a different culture for the service providers and the customers; however, sadly, as a consumer, I am more opting to base my decision on my personal experience. The way I see it, I am in an Uber car for less than a few minutes; whereas, I would be in an Airbnb house for a few days. I see less risk related to Uber than Airbnb. I truly believe that my view of the company impacts my likelihood to use their services and vice versa. Furthermore, the use of their services and my satisfaction of the product will result in my recommendation of the product.

I’ve used both Uber and Airbnb on multiple occasions. I also have a number of friends who rent their apartments in New York City and Florida through Airbnb. I have found both to be very easy and simple to use. My friends who rent their spaces through Airbnb have been very happy with the results and with the company. The black cars of Uber have been a far superior transportation system than the taxicabs in Philadelphia. Although I have not used UberX, I do believe that this cheaper version of Uber which allows people to use their normal vehicles, may weaken the brand and possibly due to lower corporate oversight allow for something significantly negative to occur. All drivers that I have come into contact with on Uber have been very helpful and enjoyable to ride with. I have found the experience overwhelmingly positive compared to the taxis in Philadelphia. I have used air B&B only a limited number of times and have found it to be quite a useful service specifically when locating a place to stay in a good location for a low price. I believe that both companies are a positive addition to their particular industries as well as a positive for society. In both cases they companies allow for further revenue streams for people and potentially improved service for customers. The issue going forward relates to whether the original sharing for monetary income for the small business man will be overtaken by large corporations using the opportunity to enhance profits through scale of either uber or Airbnb. If I viewed these companies negatively I wouldn’t use them.

http://www.forbes.com/sites/ciocentral/2013/10/09/how-capitalism-and-regulation-will-reshape-the-sharing-economy/

I have not used Airbnb and at present would be reluctant to rent someone’s home rather than stay at a hotel or rent my home out to a stranger. That being said, 12 months ago I never would have thought I would use an App on my iPhone to be driven from one location to another using UberX. From what I have read concerning Airbnb their business model is strikingly similar to UberX which allows individuals in ordinary cars to provide transportation services competing with taxis and limo services. Reviews are given and received by both parties and all communication is controlled so as to share personal information.

I have used Uber and UberX in several cities including Philadelphia, Chicago and Seattle and have a very positive view of them. I have found the service to be reliable, safe and the drivers are generally more courteous due to the fact that the rating system is a critical component of their culture. Additionally, the added convenience of not have to pay by cash or swiping a credit card is very helpful. While Uber makes every effort to mask the information of both the driver and the rider, the cell phone numbers are typically available up to 30 minutes after a ride ends. I left an article in an UberX vehicle recently and the driver returned the item quickly and without incident.

While Airbnb continues to make progress to alter the process to secure rooms most people still choose to book hotels and rental properties through more traditional means. However, as the industry continues to evolve, and Airbnb continues to tune their processes one could see a similar circumstance to that of Uber in the future with pressure from hotel chains and rental companies putting pressure on Airbnb to cease and desist due to unfair competition. Similar to Uber, the costs are much lower to rent for a night or more as compared to a hotel and as long as the experience is good, I would expect continued expansion and cold see myself using the service in the future.

I have used both Airbnb and Uber once in my life. I have good experiences from both, however, I felt that Airbnb had much more value added for me personally than Uber. The Uber experiences was predicated after lots of negative views of the company existed from a public perspective. Despite having taken me from point A to point B as I desired, I didn’t feel that the convenience weighed against the potential complications warranted the about 40-50% premium over a government regulated taxi industry that would accomplish the same goal. I am unlikely to re-use Uber as a result of the cost and less because of the reputation, though it certainly doesn’t give me warm feelings, however, nor does a taxi company. On the other hand, as an experienced traveler, I felt that there was personalized choice value, independence and a cost advantage to Airbnb. I rented a beautiful apartment in Le Marais in Paris was just over $100 per night whereas a simile 3 star hotel would have been closer to $200 and wouldn’t have given me the flexibility to cook a French dinner at home or give me the sense of privacy that I enjoy rather than having to venture through a hotel lobby. I feel as though Airbnb has the right mix of corporate culture and individual autonomy such that it is up to the host and renter to decide if the fit is appropriate, rather than being forced from corporate management. In the end, I am not makin a product choice based on the company in this circumstance, but more about the value proposition. If Airbnb had been more corporately similar to Uber, I might feel differently.

I have used Uber, but not necessarily deliberately. I just happened to be part of a group of people using the service several times that night. Although my experience was very positive- the drivers were on time, friendly, the car was clean, and the price was fair, I highly doubt I would ever use the service by myself (especially, being a rather small and therefore vulnerable woman). Even after that experience, I made a mental note to try to it but still have skepticism about the concept in general. Generally, being an admittedly overly cautious person, I have reluctance in trying anything is isn’t deeply rooted in some kind of either historical foundation or integrated into some regulatory body. For instance, although I haven’t heard any awful press about Uber and certainly taxi drivers are not immune to being unpredictable and untrustworthy, I feel more comfortable taking a taxi because there’s at least a taxi company and a city regulatory panel tied to the service. The stakes for something awful happening in a city taxi are much higher than some singular moment of bad press that might never even surface for a company like Uber. The drivers themselves have much less to lose in an Uber-type scenario than they do in regulated city cabs. I feel similarly about Airbnb despite the overwhelmingly positive experiences people have reported. So for me, it is not necessarily the specific companies themselves, but the overall concept of a service being provided by people I personally cannot trust, especially in such isolated situations as being alone in a car or in a strange person’s house in a foreign place.

I have only used Uber once (in San Francisco) and I felt very uncomfortable with the driver. A co-worker ordered the Uber car from her phone (on my behalf), so I didn’t actually get to see how the app works. The driver shared his life story with me (on the way to the airport) and talked about being on pain meds. It could have just been that he’s young and hyperactive, but I definitely found his behavior bizarre and unprofessional. I wasn’t confident that I would make it to my destination in one piece. The article about Uber’s disjointed culture seems to indicate their underpaid drivers are likely to be disgruntled (i.e. nothing to lose attitude). On a different occasion I used the Flywheel app to order a taxi (also in San Francisco). This was a much better experience, possibly because I shared the cab with two co-workers. Before ‘hailing’ the cab, we were given the opportunity to see the driver’s photo, name, and GPS location. Similar to a dating website, we were under no obligation to choose this driver. Once inside the cab, there was a clearly visible camera and the driver disclosed that live images were being transmitted to the taxi company. This degree of accountability and oversight set my mind at ease, in spite of the bumpy ride. I have not tried Airbnb, but my alumnae association (Wellesley College) offers an international house-exchange & housesitting program. There’s already a shared connection, so it simplifies the vetting process. I even found a recent grad that works for Twitter in Singapore and her apartment is very close to Temple’s campus. I was supposed to take a class there, but I moved to Denver for a job promotion instead. Ultimately, I would rather stay with someone in my ‘global’ network than rent from a complete stranger. Also, on the flip side, I would never rent my apartment to a stranger. I have heard horror stories about needing to evict Airbnb squatters. I’m not sure how frequently this occurs, but not worth the risk or my sanity.

I have used both Airbnb and Uber when traveling to France to visit my sister, brother in law, and nephew. Although, we had one bad experience with an Airbnb property, most of our experiences have been positive. Uber has been an extremely pleasurable and enjoyable experience. Customer service of the chauffeurs is outstanding and better than any taxi service I have experienced. Their vehicles are always clean, the chauffeurs are pleasant, and they engage in conversation with you during your trip to ensure you have an enjoyable experience. I also like how they provide different car types based on how many people are in your party and the amount of luggage you have. The app also provides real time information on the location of driver and how long it will take until they pick you up, so you don’t have to wait outside to hail a taxi in inclement weather. Yes, the positive experiences that I had with both companies, definitely impacts the probability of me their service in the near future. Currently, there isn’t a more convenient car or lodging service. You can book your lodging or car via an app versus picking up the phone to dial a number to speak to a dispatcher or booking agent. Both services are usually more cost effective; therefore I find it difficult to go back and only use a taxi service for transportation or stay at hotels when traveling internationally for lodging.

While I have never used Airbnb to procure a night’s stay, I use Uber frequently for transportation around Philadelphia. I have experienced nothing less than a fine and convenient ride. Because my involvements have been pleasant, I maintain a very indifferent view of them as a company. I have always been impressed with their business model and their way of turning the common taxi service upside down, but never bothered investigating their “culture” or their brand. I believe, for most users, this indifference comes naturally from their very unique, short lived, ride that is almost always head and shoulders over a typical cab. Uber leaves riders little to complain about. Their mobile phone application saves users from dealing with live dispatchers and simplifies payment while the quality of car tends to exceed classic taxis. Hardly would an Uber user deliberately switch back to common cab, if avoidable. That said, a cab can easily provide the same service – a very forgettable ride from point A to point B, as quickly, safely and cheaply as possible. I personally cannot help but think that organizational culture and brand play a very insignificant role in whether or not I am happy with my ten minute Uber ride across the city. Of course, improvements can be made, but are they worth it? The hypothetical taxi bar is set very low. Uber instantly differentiates itself with their business model. Work dedicated to developing a lasting culture in their transient drivers may prove fruitless or unnecessary. I believe Uber quite possibly understands this, the market need they meet, their industry and its future. Unlike Airbnb, who they are compared to in our HBR article, “What Airbnb Gets About Culture that Uber Doesn’t”, Uber realizes their peer to peer service is short lived and more operational than emotional.

Admittedly, I have never used either Uber or Airbnb. I had never ever heard of Uber until our group project in the Marketing course this past fall. I chalk half of this up to living in Fairbanks, Alaska and rural Bavaria in Germany since 2006 and the other part to sheer ignorance. My family just never had a need for such services. That said, I can understand the need for additional regulation as well as the unique benefits each provides in its platform culture.

With Uber, I have a fairly negative view of the company based on recent press and the research I conducted during marketing. I primarily use mass transit to get into and around Boston. I can’t recall the last time I used a cab of any kind. Part of Uber’s strategy is to grow a market so rapidly that is it is near impossible to for local governments to boot them out. They are not subject to the same regulation as taxi companies for taxes and driver qualifications. Uber has failed to deliver on the promise of higher salaries for its drivers in many markets. Then, a senior VP implied that the company should use of gestapo tactics against a journalist who disparaged the company. Internationally, rape accusations surfaced in India. I think that it’s only a matter of time before Uber drivers unionize. The company has grown more rapidly that anyone could have predicted (valued over $40 billion!) and it may be time for management to take a step back, reflect on their business model and value proposition, and commit to something larger than getting clients somewhere quickly in a stylish ride.
http://www.cnbc.com/id/102256507#

On the other hand, with respect to Airbnb, I have a generally favorable view although I would still be a bit leery with either renting my house to a stranger. I have rented apartments and stayed in B&B’s in Europe using different companies with great results. The case study for Airbnb made me a bit skeptical of their ability to accurately screen both quests and hosts but it seemed to be isolated incidents and not the norm. I would consider using Airbnb’s services on future trips. News from NYC last week shows a different side of Airbnb hosts that use rent-stabilized apartments for profit against the terms of their lease. A judge ruled that “using a residential apartment as a hotel and profiteering off of it is grounds for conviction.” Just another consideration when deciding on a host.
http://nypost.com/2015/02/21/landlords-planning-more-evictions-after-airbnb-ruling/
http://nypost.com/2015/02/20/rent-stabilized-tenants-who-peddle-their-pads-may-be-evicted/

I haven’t used either service before primarily because I haven’t felt the need or urge to venture outside the normal modes of transportation and hotel stay.

I guess as both private companies, the lengths they both are taking to ensure favorable publicity to ensure a high valuation with investors is somewhat off putting for me. I also don’t really have any negative views of the companies, as both companies have had to work to get their services into the mainstream. But I feel that both companies are really pushing hard to get their services established in these areas without really educating renters or drivers on what it takes to use the services.

For example, a lady in NYC has been renting her subsidized apartment for years, earning as much as $61,000 in a year from Airbnb (http://www.cnet.com/news/nyc-judge-orders-woman-to-stop-profiteering-off-airbnb-rental/ ). If they worked with this lady more, they would have discovered that her apartment was subsidized and wouldn’t allow her to post the apartment. It’s in addition to the hotel and occupancy taxes that cities and states are now requiring Airbnb to pay.

Even a WSJ article today (http://www.wsj.com/articles/uber-and-lyft-force-investors-to-play-favorites-1424811518) went into detail on how both Uber and Lyft are requiring investors upfront to ensure that they aren’t investing in the other company. It just goes to show the great lengths the companies are taking to protect their high valuation.

I am definitely planning on using Uber in the next two weeks for my travel so I’m looking forward to using the service. I also have enough trial codes that I don’t expect to be paying for the service out of pocket. I don’t plan on using Airbnb anytime soon because I would like to stay at established hotels where I really know the type of service that I’m going to be getting.

I used Uber once, with their ‘first ride free’ promotion, before I heard all the negative press about the company. I have to say I was impressed, like Aldo, with the level of service. The shadier sides of its business culture make me less excited about using the service again. Once a company earns a reputation like that, it’s hard to shake, and it creates an opening for competitors (Lyft).

I have never used Airbnb or Uber in the past. Unfortunately after reading the case study and additional articles I do not hold a positive view of either company and don’t believe I will likely be using their services in the future. I think it is mostly because of the lack of regulation. Though after reading others posts on Uber, it seems most everyone has had a positive experience and have found them to provide better service over a taxi. My negative view of Uber is based on their non-employee drivers and the negative press the company has gotten. My negative view of Airbnb is based on their illusion of social trust when all they are is a commission-based booking company based solely on hosts making money and guests saving money. Their brand of community based sharing to me is just a way to hide the obvious for-profit business model in an attempt to prevent copycats.

I have not use both Airbib and Uber before, but did heard their existence from my friends and co-workers. After read those two article, even I think they are still good companies, I would be more careful if I need to use their service, and I will be a well educated customer for their service now. In both cases, I am more concerned about my safety as a traveler, renter and host.

I have never used Airbnb before and I strongly doubt I will ever use it. Not necessarily because of the EJ incident or online reviews, I just generally prefer hotels. No, I wouldn’t recommend a service I don’t trust mainly due to safety purposes to a friend or loved one.

Sunnylake’s EMR system was infiltrated by at least one internal or external hacker who subsequently locked all users including the system administrator from gaining access. Even after Sunnylake’s IT team restarted the EMR system twice, the hacker was able to regain control and was able to lock all users out each time.

The security breach occurred because of three main reasons. The first reason is that Jacob was too confident in how secure Sunnylake’s network and EMR system really were. The second reason is because Sunnylake’s network, servers, and personal computers did not have the most current security software. The last reason is Sunnylake did not have an emergency plan (Business Continuity / Disaster Recovery) in place.

In order to prevent the security breach, I would make sure that the latest security and malware software was installed to protect my network, servers, and personal computers. In addition, I would implement an emergency plan and perform a mock emergency drill every year to prepare and mitigate the damages in case a security breach did occur.

The security breach was an attack by hackers looking for a payday. The breach occurred because Jacob simply didn’t anticipate it. His first response was “What kind of slime hacks a hospital? Don’t they care…”, demonstrating that he simply didn’t believe that a hack was a possibility. Better planning for a “worst case scenario” could have anticipated this, as was the case with Target. Target’s problem was not taking it to the next step and responding to the very breach they had anticipated! Jacob should have been in “hand to hand combat” and “cyberwar” mode way before this hack occurred. It was simply too late at that point.
Towards that goal of preemptively warding off would be hackers, Olvarud makes some great points in his article. The users of the data are the weak link, and somehow businesses have to get their employees to see the value of data security. They have to be able to relate to it and have some buy-in to take those extra steps to avoid data breaches. I think he makes great practical tips about how to use a modular approach for training because who has time to sit through a one hour video or read a 10 page document on security??

I think Sunnylake should probably pay the ransom, then quickly dump their data onto a local server that is off-network from which paper medical charts can be printed out. The doctors and nurses could then have something to work with for reviewing patient history, medications, allergies, procedures done, etc. Things can still be documented on paper as well. In the meantime, the EMR would need to be secured as fast as possible so it can be used again, hopefully within days at the most. All those paper records will then need to be abstracted back into the EMR, so the longer they wait, the more abstraction is needed.

The security breach at Sunnyvale occurred because the system did not keep their security systems up to date and the staff, including administrators, Doctors and nurses, were not aware or adequately trained in contemporary IT security standards. Additionally the CEO did not provide adequate leadership in educating the hospital staff on the potential threats to an online medical record system. A similar intrusion occurred to our systems where I work at the RI. We were without certain patient and work related data for three days. This could have been prevented by mandatory employee training on safe guarding against improper computer usage and awareness of potential means that hackers access systems especially through unsafe passwords. All computer safeguard systems should be regularly updated and all data must be backed up with a secure system in case of an unforeseen attack. Every hospital should have a security consultant on standby in case the threat is beyond the capacity of the IT system and staff in place. I favor the response of the third commentator Peter Stephenson. I would never concede to the demands of the hackers but would open a dialogue to buy time and shut down all the systems and delete all programs assuming I had everything backed up. I would then scan all open terminals for the malicious spyware and update all systems with contemporary spyware and virus protection programs. Paying off the hackers more likely than not would lead to further offenses as evidenced by the hackers attempting to hurt defenseless patients at a hospital. These criminals are heartless and a ransom implies that they are to be trusted which is illogical especially in this situation.

The security breach at Sunnylake Hospital has resulted in doctors, nurses and hospital personnel not being able to access the computerized medical records of patients. Despite restoring the system twice, it has crashed and users are still getting “access denied” messages when trying to retrieve records. The breach appears to have occurred due to an employee inadvertently letting the perpetrator into their system when downloading anti-virus software or updating an existing application. To prevent this, I think Sunnylake should have had stronger IT controls and security measures in place so that employees do not have the ability to download or update software. If all updates were centralized through the IT department with the appropriate security tools, this would not have occurred.
I also think security training should have been mandated for all employees including password protection and other security measures around the access to systems and protection of data, raising awareness to help influence employee behavior to prevent security breaches. I would have had formal, tested disaster recovery plans in place including documented procedures, roles and responsibilities for various scenarios including this type of systems security breach.

Sunnylake Hospitals’ recently introduced EMR system has many weaknesses as it didn’t have the latest and robust security system. The entire hospital came to a shutdown due to the hackers. The breach occurred as there was some overconfidence by the IT personnel and lack of oversight. They did not act right away when they were first contacted by the hackers and had warned them. They also didn’t have any sort of contingency plans as in what if something should go wrong, how they work without any disruption.

I think we could have protected the hospital, by having the EMR system encrypted with the latest and robust security system out there available. I also would look into backing up data on a third party server on a regular basis, separate the transaction data/log from the main server vs archival server at a different location. As a contingency plan, I would look into options to store the data on the cloud. Cloud computing and storage has become so affordable to all, any incidents such as this, the hospital could have continued its operation without any disruption.

Additionally I would ask the hospital to implement no password authentication rather use a ID to access the system or even biometrics to access the data on the server, frequently perform the attack/entry and penetration points on the server to make sure there isn’t any malicious software that is installed without knowledge, use adequate firewalls and most up to data antivirus software. Protect and shred any confidential information so that it won’t get into any wrong hands.

What is most glaring in this case is not that the attack happened but rather that Jacob does not have, first and foremost, and Paul, for not enforcing/requiring, a contingency plan. A seasoned IT professional and hospital CEO should at least be aware of the possibility, even remote, that this was a real threat and an action plan should have been in place. Just in the same way a hospital prepares for disasters, fires, etc. At the very minimum, Jacob should have an third-party investigative response team on retainer. The fact that he and his team are trying to fight off the attack on their own demonstrates his inexperience. There are companies who specialize in helping other companies secure their network, regularly test for vulnerabilities, and have rapid response teams to assist in the instance of a breach. There a number of possible types of attacks, some include Distributed Denial of Service (DDoS) and Man in the Middle. Companies must also be prepared for breaches where malware or viruses are injected into their networks. Often the ‘bad guys’ are working faster and harder than the ‘good guys’ – corporations are usually playing catch up to thieves and attackers. Leveraging a reputable and reliable security firm to provide third-party expertise should be the norm for large businesses, enterprise, especially those, like hospitals, that have personal data stored in their systems. It’s worth questioning here if Jacob’s network design was meeting HIPPA (healthcare regulations for personal data) – it is not mentioned in the case.

Sunnylake’s IT staff has made a critical error in responding to this incident. Given the nature of the attack and the fact that ransom requests are involved, the IT staff should have escalated this immediately to the FBI’s cybercrimes division. The cybercrimes division has the right forensics skills, threat awareness and resources to help a company deal with this type of attack. They also serve as a non-biased third party that has vast experience in crisis negotiations. If it is determined that Sunnylake should pay the ransom, the FBI is capable of maintaining an ongoing investigation to ensure others are protected from this threat.

If you encounter a cyberattack as an individual or an enterprises, it is crucial to stay calm and involve the right people. For individuals using Microsoft software, the Microsoft Answer Desk (http://www.answerdesk.microsoftstore.com/Services/SoftwareSupport) is a good starting place. They are able to identify and mitigate threats to your system. For enterprises, Microsoft has a dedicated Incident Response division (engageIR@microsoft.com) that is experienced in all types of cyberattacks. They also have direct links to Microsoft’s Digital Crimes Unit which regularly interacts with the FBI and local law enforcement. Regardless of the situation, it is important to remember that you are not alone and there are highly trained resources available to help.

I very much question Sunnylake IT’s immediate response. It’s alarming that Jacob didn’t seem to do his due diligence in instituting back up and recovery systems from the start, and left the security the way it was until proven otherwise that it didn’t work. I would think that an IT professional worth his salt would constantly upgrade security to protect against threats, especially considering that people’s actual well-being is on the line.

What should Sunnylake do now? I like what Nolan and Stephenson suggest. The whole system needs to be taken off the internet, and Paul needs to get out there working with the doctors and staff on contingency plans while IT is trying to fix it. This could involve coordinating with staff that remembers the old way of doing things to start back up on something similar, touching base with patients and their families to explain what’s going on and to plan how to best treat them in the meantime. If procedures can be postponed, they should be. Sunnylake should call in whichever law enforcement agency handles these cases and a security consultant. I can see Gullestrup’s points in regards to paying the ransom, but I don’t agree that it will ultimately get them their system back, so I wouldn’t pay the hackers. In dealing with the hackers, Sunnylake should defer to the authorities as anyone would in a domestic hostage situation. Once the situation is resolved, Sunnylake’s board should hold an investigation and determine exactly how this happened and who is responsible. I would say that Jacob would absolutely be fired for his failures, and that Paul should come under thorough review for his handling of the situation after the fact. The problem here stemmed from poor planning at the top, and if it is indeed ineptitude or negligence that got them into this mess, changes should likely be made.

Sunnylake implemented an electronic medical records system in order for the hospital to grow and improve the quality of care for its patients. However, the implementation did not feature two critical aspects. Viable data security was not established to protect patient information from external vulnerabilities, and a contingency plan was never created to ensure the hospital could maintain expected levels of care if a security breach or system failure ever occurred. The breach clearly happened due to complacent leadership. The two features I mentioned above would be the first two questions I asked when initially deciding to transfer medical records from paper copies to electronic records. I would need to ensure my hospital could run and that patient care could be sustained if anything was to happen to the electronic system. This was a complete lack of planning on the leaderships part that could have resulted in deaths and lawsuits.

Sunnylake’s data system containing important patient information had been hacked into and held for ransom. I found this article to be particularly interesting because IT at my company randomly sent emails to employees from fake accounts to test if we would open them. This was a real wake up call. I received what looked like a legitimate email telling me to change my email password. I knew I was due to change my password and clicked on the link only to be advised that I fell for a “phishing” email. I, like most of my colleagues that morning, was required to take a course on identifying phishing and other hacking attempts. Based on that course, I do not think it is easy to identify a fake from a real email but it can be done with proper training. With respect to the Sunnylake situation, I think this exemplifies why it is very important to keep secure backups in safe locations, train employees on email scams, and to plan for these types of attacks by running mock trials with the entire staff.

What was most interesting to me about this case was Jacobs why question. Sunnylake’s CEO Paul hired an IT director to help him develop a digital record system for the hospital. Electronic Medical Records (EMR) would replace the paper copies. Despite Paul’s worries about security Jacob continued to ensure him that the system was secure. After Paul received the first email threat which he ignored (instead of reporting it to the IT department for investigation/preparation) he received a second before the system was locked out. Jacob and his team tried were able to take the system back twice only to loose it again. Prior to this Jacob said something kind of interesting. He said “What kind of slime hacks a hospital?” he demanded of the screen. “Don’t they care about hurting sick people? You think you’ve seen the worst, but these people get lower all the time.” This is basically a why would they do this statement. The answer is it does not matter if it can happen it will. Why would Jacob not prepare for everything? Why would Paul not insist they prepare for everything? Even if they did prepare for everything why would they not have a back up plan (ie updated paper system, stand alone system that holds the backup records, etc.). Paul should have insisted Jacob have the most secure system they could afford. Jacobs belief that the system was not a target and the lack of oversight from Paul left them vulnerable. Paul also knew this system was new to his employees and should have conducted training for security. This is required by all government run agencies (very annoying to those of us whom have been with the government for many years). To help protect the employees from themselves the system should have been blocked from downloading programs or surfing the internet as Jacob suggested this may have been the avenue in. If he knew this was a possibility why not protect against it?

The breach at Sunnyvale opened the hospital up not just for paying the ransom of $100,000, but in potential lawsuits from patients and their families. When Paul received the initial email demanding payment of the ransom, he ignored it because of the spelling and audacity he thought that someone had targeting a hospital network. Once the hackers had access to the network, they had access to patient’s personal records and the ability to prevent anyone else within the hospital accessing. It’s incredible that throughout 3 years that the system was being created that no one thought of creating a back up system for not only a cyber attack but other areas such as power outages, flooding or damage to the servers etc. Paul placed a lot of faith in Jacob as a young man to be the IT director. Did Jacob have enough experience, Paul mentions that he was sharply dressed and an aggressive energy, but there was no plan in place for either retrieval of the records or how staff should handle a situation such as a lockout. It seems from the case study that the cause of the breach was a user downloading a virus or updating an existing application. There should be ongoing training from the IT department with firewalls in place to ensure that no downloading can take place without approval. The IT department should work with staff regarding password change etc. Many offices require a password change on a monthly basis as well as restricted access to the Internet. A secondary system needed to be in place within the 3 years that the initial system had gone live. Staff should be trained in both systems and how to handle such an attack. Many businesses keep additional records off-site an alternative location to ensure they are not left without records. Newer staff should also have been trained to use an alternative method to prevent what had happened at the hospital, as this caused even more confusion.

It is apparent that the security breach is a consequence of the CEO, Paul Layman, not taking appropriate steps to raise awareness of potential threats to the system after receiving several emails. In this type of environment where the risks are tremendous and can impact patient safety, every warning should be taken seriously and be investigated promptly.
To mitigate the possibility of security breaches in the future, the hospital needs to work on educating staff properly on how critical it is to maintain a strong IT infrastructure, making privacy a priority and not wavering on disclosing information. This can be accomplished through educating staff (including volunteers, students, visiting interns, etc.) on the importance of doing so. Staff should be expected to meet mandatory competencies regarding this subject routinely, as reinforcement is critical to proper training. Furthermore, a rapport should be built with staff so that they are confident in IT resources available to them and feel comfortable responding to warnings and addressing concerns with the IT department in a timely manner.

The question of whether to pay the hackers or not seems to be, in Sunnyvale’s case, clear cut. While its fine to say that they should take a stand, or that one should never give in to extortion, etc., when you are a hospital filled with patients whose medical well-being will be directly and negatively affected each hour that passes without access being restored, there is no choice… they must pay the ransom.
The reason they were in that position was due to several layers of failure in their IT protocols and responses. There had to be a contingency plan for access to their patient’s medical records, and there wasn’t. Had the hospital failed at everything else, but had a back up system with updated medical records, they might still have been hacked, but there would have been no life or death emergency arising as a direct result. I disagree with the comment that you would never concede to the demands of the hackers. Since the hospital’s first responsibility is to the safety and well being of its patients, if their medical well being is compromised to an extent that they may be endangered, not merely inconvenienced, the hospital would morally, legally and ethically be compelled to pay that ransom rather than take “a stand” against hacking.

Since the hospital is dealing with criminals, there is no guarantee that paying the ransom is actually going to get the system back under hospital control. The hospital could pay and the hackers could (and probably will) ask for more. The hospital should not pay the ransom. This has nothing to do with taking a stand against hackers – it’s a business decision. The money that the hospital can pay to the hackers – with no guarantees – could be better spent on hiring a company with expertise in cyber security/network breaches to help them take back control of their network from the criminals.

Many of us can agree that we have received spam email that prompted us to take action or face consequences. I know I am guilty of deleting these emails and paying them no mind. In this particular case Sunnylake Hospital’s CEO, Paul Layman, did as many of us have done and ignored an email that ultimately compromised privileged information and also the ability of his hospital doctors and nurses to perform their jobs effectively. This caused the potential of harm to patients not only with their health but the loss of personal information. It also opened up the door to numerous lawsuits. As painful as it is to say because it was an honest mistake, I would start with firing Paul for his negligence. While not intentional, it set the tone for the events of the day. Not only did he ignore the email, he had full confidence in Jacob with IT that his system was full proof without I think fully understanding the system himself. All he saw was its efficiencies with making everything paperless without recognizing its deficiencies with security. I would next re-evaluate my IT staff competencies and fire/hire based on response to the crisis and who helped carry the company out of this situation and into the future of better protecting the hospital. I would then be sure to train the remaining team and hire professionals who are seasoned in high risk cases similar to what Sunnylake has experienced. Before all of this, I would immediately be sure that all patient information is backed up once the system is accessible again so if a situation like this arose there would be a back-up file to access. I would then find ways back to make certain the system could not be compromised again. I would scan the system and locate similar threats and extinguish them immediately. My company does this often and sends us reports of questionable emails that we are required to review and report back to them. I would require password changes frequently (my company changes ours every 90 days for security purposes). Another good idea would have been to bring in an outside consultant who was better equipped to handle a situation of this nature to remedy the problem quicker since there IT staff was slow to resolve. What I would not do is pay the hacker. I think this sends a message to hackers that we will falter if pressured at any time.
I would absolutely make the same recommendations to my manager should our company experience a similar lock out of our computer systems. I think it is important to act quickly, have the right people in positions of authority that can lead and are cautious and diplomatic, and are able to handle the pressure when things do not go as planned. Some people are better than others in crisis.

It appears that Sunnylake Hospital did not have a strong enough information technology department to develop, implement, and maintain internal controls and measures to prevent breakdowns within the system. Even though they could restore the system, it continued to crash causing wasted employee time. The problems also indicate that a disaster relief plan should be put into place. With stronger controls and backup planning, the organization will have a better chance of avoiding a security breach.

Sunnylake should not give the hackers a ransom. As others have side before me, there is simply no way to know if these criminals would stay true to their end of the ‘bargain’. It’s also pointless, in that moment, to lament about not having a contingency plan or the appropriate training to offer any legitimate countermeasure. It might seem odd to say, but I would immediately go public with the crime. Given the amount of patients effected the story is going to end up in the media anyway. I believe it’s much better to get out in front of it with a clearly articulated message. This brings attention to the crime, allows Sunnylake to seek additional support (possibly from FBI or local authorities) to crack lockout, and removes some of the criminals leverage (hoping you’ll pay to get access and keep it from getting out).

Once they get through this problem significant steps would obviously need to be taken to update their security, implement a crisis management process, and create a backup plan.

The Wall Street Journal reported yesterday that Anthem health care disclosed that almost 80 million of its member’s personal healthcare information was hacked dating back to 2004 including also nonmembers that partner with Anthem in certain states. This is serious as it could potentially mean not only the embarrassing disclosure of personal medical information but the potential for blackmail. The FBI stated yesterday that a cybercriminal from Russia is on the 10 most wanted list for siphoning millions of dollars from throughout the world.
The new cold front has been here for a while and the playing field is more dangerous than once perceived. We the public are at risk anytime we turn on a connected device. I would expect the government will have to treat cybersecurity as seriously as it does traditional terrorism and continuously survey the net to detect and intervene on behalf of the unsuspecting. Every system that houses sensitive data including personal computers must have safeguards in place to protect against this form of terrorism

This intrusion to the network occurred through the public internet either via a virus downloaded in an e-mail or attached to a web site that someone was browsing. Clearly the Virus Protection Software implemented was not updated regularly or not comprehensive enough to catch the intrusion. I think the core reason is that IT was in a mode of comfort and celebration after implementing the EMR. The, after implementation, as happens too often, there was not enough hands to maintain the environment and look to he future. I would hold Jacob entirely responsible for that. All that aside, to ensure that this did not occur again, I would evaluate the means by which internet was delivered. I would consider providing a redundant plan implementing possibly a Private Network that cared for the EMR. Secondly, I would virtualize the environment so if an attack like this ever occurred again, I could take the system off the outside internet and switch to my backed up EMR and system. Obviously I would upgrade virus and spam filtering and review my web content filtering policies, potentially even hiring an out side Service Provider to do so. While avoidable in many ways, this event raised a high dose of reality to Sunnylake.

Sunnylake needs to act quickly to get the hospital IS/IT infrastructure back on line. The hospital should attempt to open a dialogue with the hackers, and use negotiation experts to broker the best deal to get the system up and running with minimal interruption in patient care. Part of the plan should be to understand the gaps in the IT security that allowed the breach in the first place. Sunnylake can use this as an opportunity to beef up security and prevent security breaches in the future. The hospital needs to be open with the media from the get go, to minimize a any bad press. The hospital’s stance should be that the main thing we care about is providing the very best care for their patients and protecting their private health information.

Sunny lake experienced a devastating network breach. Hackers targeted the hospital because they understood how much health providers relied on the network to treat patients. The hackers sent a threat on Friday before executing their attack on Monday. The hackers effectively shut the hospital down.
The breach occurred due to two reasons: 1. the network was obviously not secure enough. 2. the CEO did not take the threat seriously. To me, the second reason is the more egregious of the two. It’s unlikely that you could ever create a 100% secure network. The more security measures that are created, the more hackers will find a way to circumvent them. If the CEO had taken the threat seriously, he would have notified his IT director immediately. His IT director then may have been able to take preventative measures to limit the attack. At the very least, they could’ve taken their systems offline.
Without getting into technical specifications (of which I have no ability to speak), I would have at least called all the troops in to assess the threat. Since I have an IT director, I would have immediately asked for his assessment of the threat as soon as I received it. I would have acted on Friday, instead of waiting until Monday.

So, I posted what I thought about giving money to the attackers above in reply to jeheller’s post. I just couldn’t do it. But, I wanted to expand some more on the questions presented. The hackers introduced some form of malware to the hospital, likely from someone opening an attachment on an email or going to a webpage they shoudn’t have. (Lesson here- don’t open something when you don’t know where it came from. It’s not an Egyptian heir offering a million dollars emailing you- Just Stop!) This tells me that there system wasn’t as secure as IT Director Jacob Dale made it out to be. No secure system would let you open any type of crazy attachment or let you access their system with an infected computer. I work inside of a hospital and the system is secure to the extreme, not only to protect patient’s but to protect the IT infrastructure of the hospital. Even if something did slip by, it would be eradicated immediately, which is something the CEO of Sunnylake didn’t give his IT department time to do because he ignored the first email. The data they were using should of been synced to the cloud, too, as this would of allowed them to access their data despite the hacker’s intent. Now, I am no computer expert, but what I would do is take the whole system offline. No longer online=no longer accessible to an attack. Then, they need to go back to the days before there EMR system and actually write everything down on paper to buy some time so that the IT department can scrub every computer in the hospital or that might access their system, even contractors. Then, IT need to do some serious beefing up of security. Item 1- no more downloads allowed without administrator access, Item 2- backup systems, then item 3- some type of proactive anti-virus and anti-malware installed on their systems. Then, they should slowly turn there internet connection back on line, pieces at a time, starting with less essential computers and functions. As each piece passes without incident, more important and sensitive areas can be brought back up. Will this take time- Yes, but for me, it beats out negotiating and paying money. I know there are some people who are probably more computer advanced than I am. Would this work?

It’s a tough call to advise Sunnylake on what they should do now. I agree with Brandon in that they shouldn’t pay the ransom – it sets a dangerous precedent and there’s no guarantee the hackers wouldn’t strike again, demanding even more money. The only alternative then is to find the source of the breach and eliminate the malware from the systems. If they need to hire a specialty firm to help them do so, even if it costs more than $100,000, then that’s what they need to do. They should also learn from Target’s mistake and make the breach public. No good will come from allowing the press to leak the story first.

This makes me think of the Sony scandal, with the movie “The Interview” where Sony ended up shelving the film because of threats seemingly coming from North Korea. Obviously embarrassing emails about Hollywood starlets is in a different realm than the treatment and care of hospital patients but the elements of the story are strikingly similar. First an ominous warning and then all hell breaks loose. The studio gave into the demands at first, but after the public outcry, gave it a limited and online release.
http://www.bbc.com/news/entertainment-arts-30512032

My company has a security command center much like Target, but I work in the financial services industry where our client’s personal information is our business. A breach of the scope depicted in the case would be hugely damaging to our business and reputation, one reason we have ex-CIA on our security team. We have very strict security checks clients must pass through before getting to their account information and as employees are constantly tested on our ability to detect phishing emails. I hope this is enough to prevent any attacks on my company like that experienced by Sunnylake, but if not, I would have to recommend they not submit to demands either. It’s an incredibly tough decision, but hackers can’t be allowed to win.

Sunnylake experienced an unwanted disruption of their computer system which resulted in their entire network system being taken down. Several things contributed to the breach of the computer system. While it appeared from the reading that the system was not regularly maintained nor kept up-to-date with the latest versions of software and the most recent encryption. The lack of vigilance by Jacob Dale and the IT team was the main cause of the breach. They were not concerned about the risk that switching from paper records to EMR’s created for information sharing. In addition, after he received the menacing email Paul ignored the threat by dismissing the idea that the hospital could be a victim of an extortion threat.

Cyber security should not just be seen as a technology issue but also a governance and policy issue. I believe the best defense for Sunnylake was to be aware of the potential of cyber threats and create security policies to deal with these threats. After Jacob Dale and his team developed the system, Paul should have authorized a security audit of the new system. This would have helped to find potential holes that could have been addressed by more updated technology.

Jacob insisted that making records digital would also make them more secure. However, strengthening internal controls is more than just enhancing one process or the entire system. Rather it involves a comprehensive review of the risks faced, the existing internal controls already in place and their adequacy in preventing fraud from occurring. A solution to the problem would include; establishing a security policy, constant vigilance, and the use of sound practices and industry-recognized safeguard processes and technologies.

Describe the security breach experienced by Sunnylake. Why do you think this breach occurred? What would you have done to prevent it
What do you think Sunnylake should do now? Would you make the same recommendation to your manager if all of your office was locked out of its computer systems?

Sunnylake’s CEO, Paul Layman, received an email threat and he ignored it. He ultimately set the hospital up for a system-wide shutdown to their recently implemented Electronic Medical Records (EMR). The breach occurred because Paul did not take the threat seriously for reasons that aren’t exactly clear, but it seemed like he thought the attack just wouldn’t happen. It would have been interesting to know how much he trusted the IT Department and if that factored into his decision.
To prevent this sort of act I would have made sure my IT Department installed the best cyber security money could buy. I would ask local hospitals what security protocols they implemented and who installed the security systems. I would research the most secure hospitals in the countries and see who is the gold standard for EMR security and copy them. There are times you want to be innovative and times you want to play it safe. This is one of those safe moments. I also would have put a plan in place to understand the necessary steps to take if and when a threatening email occurred. After going over everything and making absolutely certain that my cyber security was the best I would finally switched to EMR.
Sunnylake now has to pay the price in a bunch of ways. First, they have to pay the attackers. When patient lives are at risk everything you stand for goes out the door. It may not feel right, but you have to do it because now there are lives at risk. Second, they could face some serious HIPAA penalties, which could cost the organization well over $1 million.
If my firm was put in this situation I would recommend we not pay because lives are not at risk. However, since we are a healthcare consulting firm and we handle protected information we would face some HIPAA repercussions even though we are constantly updating our security.

It appeared from some of the side dialogue that IT wasn’t the priority that Paul hoped it would be or could be at his hospital. I’m sure this is common in most hospitals similar to Sunnylake due to budget constraints, resistance to change or simply lack of focus on IT security as a priority. It’s a common weakness for many businesses. In this situation, I don’t think paying the hackers provides Paul or the hospital with any more of a long term solution as did their IT group going head to head with the hackers trying to recover the system. Even if it wasn’t the same hackers coming after the hospital, I would think word would spread about the Sunnylake security systems (or lack of) and Paul would be forking out another payment before they had time to implement a new system.
The part I didn’t understand was, if the records were backed up and safe on the network, why wasn’t there more of an urgency to find ways to access those files versus debating on paying a ransom or not? I understand that the doctors had no immediate access to the records, but the timeline for this “hackathon” went from 8AM until at least 1:00AM when Paul was laying on the sofa in the staff lounge. I would think in a twelve plus hour time period, someone from IT would be able to retrieve records for some of the more serious patient needs at the least. At best, maybe all the current patient files could be found in that time frame. Instead of fighting the hackers, they could’ve shut the system down and regrouped. I can’t help but wondering if Paul, much like his doctors who were resistant to IT, was resistant to going back to the old way of doing things that his efforts might’ve dragged this problem along too far.

I know quite a few people who are certified ethical hackers who their job is to test the security of a network by attempting to hack it. They are also the ones that are usually put on projects like this to a) stop the intrusion from continuing b) prevent it from happening again.

I believe the breach and Sunnylake occurred not because of an elaborate attack on the network, but because someone was either lazy or careless. It’s important to have not just good security in place on your network to catch issues, but it’s critical to train your entire workforce on how to identify and prevent attacks. As someone who had worked as a network engineer many years ago I always was shocked at how many employees do things like download software or leave their computers when they are logged in. It’s these types of acts that make you most vulnerable.
.
I’m shocked a little that nobody has mentioned the hack that caused Anthem to lose Medical and Social security information for 80 MILLION participants. When you think about the cost of it if you estimate even a minimal $100 per incident that will cost the organization. That’s 8 Billion dollars… If I had a chance to prevent that type of devastation by paying off a ransom I’d have to think really hard as you will be setting a dangerous precedent, but is the risk worth it. It could buy you ample time to get a security firm in there to identify and close any gaps. There will always be a way in, but did you buy yourself enough time and protect your patients could be worth the cost.

Every single organization needs to keep active backups, disaster recovery plans and have good policies and controls in place to protect from this type of thing. Looks like sunnylake missed the boat and needs to do a really important post mortem/lessons learned to ensure it never happens again.

On a Friday afternoon, Sunnylake Hospital’s CEO received a threat from hackers warning him about the hospital’s bad network security, but he chose to ignore it and didn’t even mention it to his IT head, Jacob. On Monday morning, the hackers took control of the network, holding access to it for ransom. They knew the hospital would essentially come to a complete halt without access to the records or EMR readers.

This breach could have been caused by any number of actions: security patches not updated, poor security in the first place, ineffective training (or none at all) regarding network security, or lack of process to report network threats (like the one the CEO received). The breach could have been prevented by hiring an outside firm to audit the network on a regular basis and look for holes in its security. It also could have been prevented if there was a policy that all threats must be reported to IT for validation and if staff were properly trained and held accountable for maintaining good security practices (not leaving unattended computers logged in, not inserting random thumb drives, not opening strange attachments, etc.).

I also think the IT department needed to be better trained – it sounds like the focus was on getting all medical records into digital form rather than doing that and creating an up-to-date secure network where patient data would reside. The information presented in the case – Jacob’s insistence that digital records are more secure (without ever explaining how they were more secure) and his reaction to the intrusion that included plans to install a network-based infection detection system – makes me think that Jacob’s expertise was not in network security. Relying on random decrypters found online to get rid of the ransomware does not seem like the best solution to me, and the detection system should already have been in place.

It’s possible, however, that the poor security was partially caused by the CEO’s focus on digital records and EMRs – he may only have been deeply involved in that aspect of the transition rather than other equally important aspects, such as network security, leading the IT department to also leave security as an afterthought.

I think the CEO should have hired outside security experts immediately to get the network back. I’m sure that is a huge expense, but as Sunnylake’s legal counsel said, the cost of malpractice suits would be much larger. I’m not sure if I could counsel Sunnylake to pay the ransom fee – it sets a dangerous precedent – but, as Will points out, it may be necessary if lives are on the line. Once the crisis was over, Sunnylake needs to design and train everyone in contingency operating plans.

Rich and tuf33653:
Thanks for the response. I wasn’t sure if others would be on board when it comes to notifying other hospitals, but I quick question for the both of you: Let’s say the breach occurred at a bank. Would you recommend notifying other banks, or are you more inclined to notify hospitals because patient safety and health is at risk?
I have to be honest and say I would be torn on that one. And when you really break it down I don’t think I would notify competing banks.

Hi All, I’m joining in the chorus that Will’s information that the law requires report if 500 patient records are breeched to the media, is great info. I actually wonder if this should be lowered to 250, maybe a 100. If the requirement was lowered, maybe hospitals become more vigilant in assessing their system on a daily bases for flaws and potential hacker entry mechanisms. Damage to reputation and wanting to maintain patient trust, is always an immediate call to action. And if hospitals improve their own defenses, then their “lessons learned” can be shared like others have mentioned. I think lowering the reporting rate will definitely get and keep hospitals in a proactive mode, and sharing information ensures productivity in gaining an upper hand on decreasing attacks and presents to the public and hackers that hospitals are unified in protecting patient information.

Paying the ransom is a big question for Sunnylake and has been debated in our posts. My answer is – I would not do it. Peter Stephenson, the last case commentator, said a potential reason why Sunnylake’s system kept crashing after IT fixes was because the malware hackers installed relayed messages back. So the hackers knew of the potential fixes and could override them. Being already opportunistic, the hackers can ask for money in increasing amounts each time to restore the system. And if the ransom was paid the first time, why not the second time it is asked, and so on. It’s a potential trap – I couldn’t do it.

If I were in this situation, I would rely on my IT department and bring in consultants to aid in the crises. Like Stephenson advised perform a malware scan on every workstation in the hospital. Audit everything. Shut-down the servers. Overwrite random data. If IT can discover how the hackers got in the system in the first place, then they can delete this mode of entry. Also, IT needs engagement from staff on keeping the system secure. Have trainings and forward types of phishing emails hackers tend to use so employees know not to open them. This is the best course of response and prevention. Hopefully, Sunnylake uses these measures and is better prepared in the future.

What do you think Sunnylake should do now? Would you make the same recommendation to your manager if all of your office was locked out of its computer systems?
– I think Sunnylake should take their entire system off-line and limit it to internal communications only. The hospital can then function, in a limited capacity, while IT works to find the leak and correct the problem. Working to continually solve the problem while the hackers still have an unknown access point and could potentially be monitoring their activity is futile – even if IT ultimately knows their system better. By taking the system off-line, I mean all remote access should be blocked, all communications with the world wide web severed – wireless capabilities blocked – only devices that are hardwired to the system should be permitted to function.

The security breach experienced by Sunnylake was a direct result of CEO Paul Layman’s actions; he was reactive rather than proactive. Paul received an email warning of the attack, but took it upon himself to disregard the threat. If I received such an email I would immediately notify my IT department whether I believed the threat was creditable or not, as inaction has a far greater price than action. In addition, I would have ensured that all paper medical records were up to date in case the EMRs were inaccessible for whatever reason. It baffles me that Sunnylake did not have emergency protocol in place for a situation such as this one. We all know that technology can fail us at any time. There are many other reasons why fail-safes should have been implemented well before this disaster. What if the hospital lost power for an extended period of time? What if the system crashed on its own? When people’s lives are in your hands, you must be prepared for every possible situation.

In regards to how Sunnylake should handle this situation I would suggest paying the criminals. There is no logical reason why you should not pay the hackers. When patients’ lives are on the line your pride has to be put aside. From a moral standpoint you have an obligation to ensure that your doctors or staff do not harm your patients. Getting the systems back online is of the utmost importance. From a monetary perspective, the amount paid to the hackers pales in comparison to the malpractice suits your hospital would face. Lisa Mankins, Sunnylake’s head legal counsel, summed up this fact. If it were any other situation I would suggest a different approach, but with people’s lives being effected with every passing second the top priority must be getting the EMRs back on line.

I think this is a very difficult situation for the Sunnylake CEO, but as one of the HBR commentators reminded us, there are always paper records. I understand that the hospital “doesn’t have them anymore” but that should not stop them from handwriting new History/Physical Exams and “admitting orders” on all patients in the hospital, just like was done in “the old days” when a new patient was admitted to the hospital. This would at least provide a first step towards preventing medical errors like prescribing meds to a patient with an allergy, and documenting why all patients are actually there! As an “old timer” who worked as a medical student and resident in the era before any electronic records were kept, I will state for the record that it is quite simple, and may actually be safer for patients, since all information would be “up to date”.

The security breach experienced by Sunnylake came from an illiterate source that was looking to get money from the hospital in return for not penetrating their system and disrupting their processes. I think this breach occurred due to complacency. The hospital should have been proactive in revisiting their security measures as often as bi-annually to ensure that their measures are relevant and appropriate. I would have had testing take place by hiring an outside firm to rigorously try to break into the system annually. I think that it was negligent of Sunnylake to assume that the proper security measures were in place, especially when they were moving their entire records system to digital. If anything security should have been the focal point.
What I think that they should do now is to immediately outsource to get the problem fixed as quickly as possible. As the article mentioned, time is an enemy and clearly their current IT team is out of their league. In this case, I don’t think you can simply pay the money because it doesn’t make the problem go away and still leaves you vulnerable for future extortions. What I do think you do is pay the money to professionals that can eliminate the current threat and establish a system that eliminates future threats. I would make the same recommendation to my manager because there is always professional options, that while may be more costly, provide a moral and ethical approach to dealing with the issue. Once the issue is dealt with you can focus on preventive measures and reevaluating your IT team.
Below is a website I found that deals with negotiating training skills. The website made a key statement which was “extortionist functionaries are actively looking to establish long-term mutually-satisfying corrupt business relationships.” In this case you cannot pay the extortionist because the problem will never go away. I disagree with the legal explanation that paying the extortionist would be practical; this is a play by the extortionist to make the hospital feel that paying them is the best choice. I think the way the emails were written is evidence that the right outside source would put these punks in their place and prevent them from trying to make more organizations victims of their game.

http://negotiationsworkshop.com/negotiations_training_course_Handling-Extortion-Attempts-in-Negotiating.html

This was a very interesting (and scary) case. The security breach at Sunnylake involves some party accessing the accounts and blocking all user access. Also, the same attack seems to be happening over and over. It does not sound like the hacker is deleting or copying data; rather just blocking system access for a ransom. Going by the other readings for this week, the most likely source of the attack is related to “the human element” – some employee, either intentionally or otherwise through negligence, ignorance, or some accident, has permitted access. This would also explain why the hacker keeps regaining access – when the IT people gain control, the other accounts are also still able to access, and the villain just repeats a similar attack. This could even be an ex, disgruntled (or current) IT staff. The reason this is happening could be related to a disgruntled ex-employee seeking “vengeance” or it could simply involve a profit motive; we might never know for sure if the perpetrator is not brought to justice.
The best way to prevent such an attack involves following a rigorous security protocol and more thorough standards. Every user should be forced to change passwords every six months. Old accounts should be disabled if not deleted. Antivirus and anti-malware software should be installed on every computer in the hospital with the virus definitions and security updates kept standard. Sunnylake could even consider using FireEye. If the hospital does not have a firewall already, one should be implemented. Finally, the hospital should also hire a consulting firm to attempt to access the system and expose any potential vulnerabilities.

“What do you think Sunnylake should do now? Would you make the same recommendation to your manager if all of your office was locked out of its computer systems?”

I agreed mostly with Richard Nolan’s assessment of the situation. Layman first and foremost needs to communicate both with his team and the outside world. Obviously, his doctors are angry and frustrated about the breach and they need as much information as possible and ways to perform their jobs without their electronic equipment. Also, more reputational harm will be done to the hospital if the media is allowed to control the narrative, rather than Sunnylake being forthright and open. I also agree with Nolan that Sunnylake should absolutely not pay the ransom. By capitulating, Sunnylake risks further attempts at extortion.

At my job, we have a crisis management team in place for exactly such a situation. Our CEO and President will be responsible for all external communications with media. Meanwhile, our COO will actually be running the response, including when to tell clients and vendors. He will be responsible for communicating what happened to employees, letting them know how to do their jobs, and what to say and not say to other parties. There are crisis managers in each department responsible for communicating information back to the COO, so he can make better informed decisions. While we don’t have a specific protocol in place for responding to extortion threats, given the culture of our company, I doubt we would not negotiate with the people responsible for the breach.

I was discussing this case with my attending in dermatology clinic today – and he mentioned a very valid point I hadn’t considered. Why didn’t the hospital contact the FBI at the very beginning. The hackers are trying to extort the hospital, and clearly are extremely intelligent and capable. The situation almost necessitates the immediate involvement of specialized cybersecurity experts. Thoughts?

What do you think Sunnylake should do now? Would you make the same recommendation to your manager if all of your office was locked out of its computer systems?

Sunnylake needs to focus on getting their systems back online like they have been attempting to. Sunnylake should bring in experts who are skilled at securing a network and re-establishing control of the Sunnylake network, thru either disconnecting the connectivity the hackers have to the Sunnylake network or isolating the access. There are numerous speciality consulting firms which employ white hat hackers who are trained in dealing with these type of cyber hostage situations. The hackers are obviously coming in thru some malware or some back door exposed by connectivity to the internet. The most secure networks used by government agencies are private networks and are not connected in any fashion to the internet to prevent these type of breaches. Bringing in the FBI and local cybersecurity units of the police, state police would be wise to assist in tracing the attack. Agencies like the US CERT help coordinate responses for infrastructure deemed critical like power companies, hospitals etc. Under no circumstance should a payout be made to the blackmailers as it will only further their cause and bring up the potential for future attacks. Sunnylake needs to be focussed on getting their operations back in order to deal with patient safety and reestablish normal protocols.

Once the network is back up and under the control Sunnylake will need to establish a comprehensive cyber security program to ensure policies, processes and technology were in place to deal with situations like this.

Sunnylake was the victim of a monumental hack that crippled the IT infrastructure and left many patients at risk. Doctors were unable to properly care for patients because records were inaccessible, and old hard-copy records hadn’t been updated so they did not reflect accurate information about patients. The anonymous hackers had threatened an attack, which was not taken seriously, and after hacking into the hospital’s IT infrastructure, demanded a $100,000.00 ransom. I think this attack was able to happen because Sunnylake had not deployed an adequate security system for the IT infrastructure. Jacob prided himself on a great electronic system, and indeed it was highly successful, but after the attack happened, Paul realized the IT team was simply not properly staffed to deal with the threat. This demonstrates that security measures – and a proper IT security team – were not utilized to protect and safeguard the system.

I think responding to the threat would require a multi-faceted approach. First, transparency is a must; the hospital needs to let patients and the public know what has happened. Not only has the system gone offline, there is a huge possibility that patient records have been compromised. This needs to be announced as quickly as possible. Second, an external team of security experts should be brought in to deal with the crisis and fix the vulnerability. Third, doctors should work from the old hard-copy records and begin updating them as necessary while caring for patients. Finally, in conjunction with the three previous steps, the hospital should consider paying the ransom so as to minimize any risk to patients.

My hospital implemented and EMR system in February of 2010, and like Paul, I got a lot of resistance from staff. I chose to let my practice management software provided configure and supply my hardware, to avoid finger pointing and included in the configuration any security appliance or software they recommended. All was well until pornographic images began appearing on my hospital manager’s work station. After the fact, I learned that s work station had been left on and a member of the cleaning crew we hired likely had some fun with the computer. Even before we repaired the infected computer, I installed password protected internet user software and utilized parental control software to limit web access. We have not had another unfortunate experience with a security type breach, but I will never forget the experience. For us it did not mean we lost any productivity, and the experience actually educated me to a weakness in how our system was configured. My guess is something similar happened at Sunnylake, and that the attack penetrated due to something employees are tempted to do regularly while using technology. Links are often opened without any intention that opening the link can lead to disaster.

I also had our server’s hard drive crash, completely leading to a system failure. Fortunately, I had redundancies set in place, so though it was inconvenient and cost some money to purchase another server and reconfigure our server and network, were operational soon enough to keep staff and clients happy. My recommendation is for Sunnylake to make data and system security an absolute priority and to make sure that systems in place are evaluated on a regular basis to insure that whatever plan has been established is being followed. There can be no shortcuts, and adequate funds need to be allotted to this part of operations. What I see as the biggest challenge is how businesses maintain security without sacrificing employee productivity and initiative. I love when staff creatively problem solves, and often that is facilitated by internet searches and tools. I found that my internet safety software was really getting in the way of their efforts, because I had implemented a strong block to social media, and almost all sites have embedded social media. I’m presently searching for a better solution than what I am using. The hacking article has motivated me to revisit our technology safety plan to and make sure we are regularly checking to make sure our planning is being implemented. I bet it will motivate a lot of my classmates to do the same. Bottom line, it comes down to risk management, and in addition to identifying risks, contingency plans need to be designed and education and training needs to be provided to all staff so they feel empowered in a crisis,

As healthcare has become more and more EMR and computer driven the potential for hack attacks is more likely. Unlike the blackmail scenario at Sunnylake most hacks are done to get patient information. The US government has mandated that health care providers move from paper systems to an EMR system but sadly most healthcare providers have no understanding of programming and all the potential negative ramifications.

My group has instituted many safeguards to prevent a scenario like Sunnylake although as outpatient physicians the potential consequences would not be as severe. Setting up the system with proper firewalls and remote servers and security detection systems may have prevented the ability to get into the system. I cannot state that anything done would have necessarily prevented hackers from getting into the system since most of them are significantly advanced and getting better at what they do by the day.

The issue for everyone in healthcare isn’t so much the blackmail scenario, but more likely the theft of data that healthcare providers must take from their patients. As the FBI has stated, healthcare is woefully behind in its data security when compared to other industries so, of course, hackers will target healthcare institutions. Until healthcare can significantly improve data security, situations more like the Anthem Insurance leak will continue to occur.

http://thehill.com/policy/cybersecurity/232398-anthem-hack-could-your-insurer-be-next

In answering question 1, I think the security breach occurred for a number of reasons. For starters, I am stunned that the company did not have a risk plan in place to combat a hack or attack. Something as simple as setting up a second server with constant backups would have been cheaper than paying the $100,000. Obviously Sunnylake never took the necessary steps to replicate an attack or do enough security audits on their EMR system. I also think that Paul Layman’s ignorance in ignoring the initial warnings cost the company valuable time. Again as stated above, I would have put a risk management plan in place to combat a hack or cyber-attack. I would have organized regular “fire drills” with the IT team, replicating an attack and a response. I would have also ordered independent audits from cyber security firms to find any holes or reassure my team that our firewall was safe from such attacks.

The EMR at Sunnylake Hospital suffered from a cyber attack three years after its implementation. As a result of that the access to it was denied to the healthcare providers, as well as any other authorized users. The CEO of the hospital was warned a few days prior of the imminent attack and was asked to pay 100K to avoid or revoke the security breach. Doctors and nurses that were accustomed to the EMR become immediately unable to take care of their patients.

It appears that the IT department of this hospital was not the adequately prepared to handle a crisis of this magnitude. Even to my inexperienced eyes it appears that the system had not been backed up – this precaution alone could have avoided the end results of the hackers attack; the system had not been updated since its implementation: three years prior. It is known that technology evolves very rapidly as a consequence of that protecting an EMR is a process in continuous evolution that cannot be forgotten; malware scan (a software that prevents cyber attacks) was not available on every stations; the warning sent to the CEO was ignored.

The efficiency and the security of contemporary organizations are depending by the effectiveness of their IT departments. However, interestingly, IT specialists are, generally, not rewarded sufficiently enough to retain talents on a consistent bases. I would have invested more resources in developing a stronger IT department that would have followed the basic principles for preventing cyber attacks (please see previous paragraph for a brief description of the most important steps involved). Also, as a CEO of an organization I would have not simply ignored the warning email.

In my opinion there are short and long term recommendations for this CEO. In the short term, it is clear that Paul does not know what to do. Therefore, he should relay on a consultant that specializes in dealing with cyber attacks. I think he should not pay because that action will generate further, future, extortions. He should inform the authority and seek for help outside of his organization because it does not look like Paul’s IT department is going to be able to solve this issue any time soon. With regard to the immediate issue of patient’s care he should consider going back, temporarily, to the paper charts and written notes/orders until the EMR access is restored. I would also consider doing something completely opposite to what it has been suggested to him by his legal counsel. In fact, it is just a matter of time before a reporter will learn of the EMR attack at Sunnylake; therefore, I would hold a press conference notifying the media and presenting a corrective action plan with short and long term goal to improve security. I would be surprised if Paul will be able to keep his job; however, the long-term plan should consist in investing more resources in the IT department.

1.Describe the security breach experienced by Sunnylake. Why do you think this breach occurred? What would you have done to prevent it?

While how the extortionists obtained access to Sunnylake’s information technology systems is not entirely clear, the blatant disregard of the hackers’ warning certainly permitted the breach. Paul Layman, CEO of Sunnylake Hospital, had an entire weekend between receiving the initial threatening email and the system takeover to re-secure control of Sunnylake’s electronic medical record system. Instead, he chose to ignore the warning as spurious. Jacob Dale, Sunnylake’s Director of IT, likened their remediation effort to cyber warfare. Sunnydale would eventually win this battle but the process required an unknown amount of time, which the hospital could not afford. Had this cyber warfare commenced upon the initial Friday email, Sunnylake may have re-secured their system and protected it from breach prior to the hackers’ take-over. Paul’s decision, not particularly their software or IT support, deserves blame for this specific, possibly life-threatening, debacle.

As mentioned in our “How to Secure Data by Addressing the Human Element” reading this week, humans represent the most vulnerable component of an information system environment. Technology advances have increased security structures, but human interaction with these systems has remained relatively constant. Many have failed to increase interactive security awareness in tandem with techno-security advances. In our reading “Target Missed Warnings in Epic Hack of Credit Card Data“, we learned Target’s IT security department overlooked similar warnings before their credit card theft scandal. Like Paul Layman, Target’s IT security management team, decided not to react to detected malware disturbances. What causes this human ignorance? Is it overconfidence, fear, or distrust in infiltration warnings? It is hard to tell exactly what deters humans from properly reacting to security breach cautionary signs but refocusing IT security protocol on human interaction (password security, restricting website use, training, etc.) might help solve this dilemma.

Having worked in a medical office that was (painfully) rolling out EMR, I understand the apprehension of the community in trusting such precious information to technology. However, when it’s made to be so easy and life-simplifying, it’s easy to forget that technology is just a tool. Besides the obvious necessity of backing up this system, testing it regularly, and having multiple places where this information is stored, there should be a culture of understanding that any technology is means, not an end. If an entire business or practice collapses because of a hack, power outage, or server problems, it means that a. necessary precautions were not taken and not all possible scenarios have been (extensively) tested and b. that the business is build around the system and not the other way around. Ultimately, in this case, human interaction, biology, and physiological principles did not change. With proper team building and previous preparation, the practice should have been able to continue and adapt to the temporary crisis. Understandably, it wouldn’t be easy, but if ancient romans could practice medicine with a chisel and stone, it would not be impossible. However, because this attitude was not part of the culture, and the parties saw the EMR as an end-all, they were crippled when it was down.

One of my first jobs as a registered nurse was at a hospital that was in the midst of transitioning from paper documentation to EMRs. To this day, I remember the resistance, the continuous questioning, and security issues and concerns that arose from both nurses and physicians.The Sunnylake case study is a primary example of this same type of event. In addition, it elaborated on why it is pertinent for a hospital to have a well developed AIT security system in place. It appears as though AIT leadership at Sunnylake had numerous errors that ranged from simple neglect such as ignoring the initial first signs of a potential hacker to not having a standardized back up plan in place in the event a malware situation occurs. With that said, I found the lack of a formalized back up plan to ensure the continuation of proper paper patient documentation to be the most surprising. For legality reasons, any hospital on an electronic medical or health record, must have this plan in place and must communicate it with staff and leadership in the event something like this occurs. At Sunnylake, the “back up” plan appeared disorganized and to a certain extent, chaotic.

As a nurse administrator I have come across situations were our EMRs and telemedicine services have had downtime. As part of our initiation process of these services we also implemented a formal back up plan which staff can use as a guideline to go to so they have the proper information on how to continue proper patient care. This guideline is placed in paper binders in the units and can also be found on the hospital’s intranet portal.

In the case of Sunnylake, I do not agree with the recommendation of negotiating with the potential hackers. Although the point was made that it could be potentially cost effective in the long term due to saving the potential financial losses that could result from being locked out of the patient EMRs, this approach truly could open up a bigger mess. The recommendations of full disclosure to staff is obviously pertinent due to the fact that they must carry out the back up process. Lastly, shutting down the system and initiating proper malware scans at every workstation in the hospital is essential. I agree that although it is incredibly labor intensive, it is critical.

Sunnylake needs to hold a formal meeting with all the key stakeholders to evaluate and analyze the errors. At this point, it appears that they need to start from scratch. Hiring a security consultant and expert on how to prevent these situations and how to correct them in the rare event that they should occur is key. Maintenance and control is also crucial. Moving forward, the AIT department must run routine security scans and also drills for staff on how to handle these types of intrusions. I have worked for hospitals that have these “drills” as part of their annual education which is considered an essential work requirement that has to be completed each year. The education can be obtained on the hospital’s intranet and is readily available as a resource at any time during the year. Also, Sunnylake’s AIT department may want to look into additional FTEs whose sole purpose is related to security with a primary focus on prevention, control, and education. Overall, it appears as though Sunnylake was in no way full prepared when they went live with the EMR system which ultimately resulted in this detrimental event. Adequate preparation and a more in depth analysis and plan regarding security would have prevented this. I think this case study is a great example of a lesson learned.

As a result of Sunnylake not updating their information systems in three years with the latest security software, their EMS system has been hacked and shut down by a third party who is seeking $100k as ransom. Confidential information as it pertains to patient’s health has gone viral, violating patient privacy rights. The CEO unwillingly did not report the initial message from the hackers several days before. Therefore, if the CEO properly reported this earlier, IT could have mitigated the issue prior to the EMS failure.

In order to prevent this situation from occurring, I would have a CIO on my executive board to ensure that IT is a part of our corporate strategic goals. The pathway to building a safe IT culture would have been aligned with the overall vision of providing high quality care and service to our patients. Resources would have been utilized to invest in the latest security software, and I would ensure my IT staff is trained annually on the best practices to keep our information systems safe. In addition to the IT staff being trained, I would also require the hospital staff, which includes: doctors, nurses, administrators, and interns to receive training on how to use computers and software in a safe manner and how to identify unusual activity. A proper procedure that provides the steps on how to report unusual activity would be posted at doctors and nurse stations throughout the hospital.

It’s impossible to out myself in the shoes of Sunnylane, but as one of the editorial comments suggested, the CEO really messed up and got complacent with his trust in his technology officer. Yet, there is a hard moral line that needs to be drawn at this point. You must reveal the information to all constituents involved that you have had this awful situation occur to your hospital. You must also hire an outside security consulting firm to step in and assist your clearly inept IT staff. Lastly, you must also contact police immediately as this an extremely serious privacy crime to hack into access of this protected information and you should absolutely not consider paying the ransom unless your consultants and law enforcement and your legal counsel all agree that it is worth the potential lost lead. At this moment in time, you have absolutely no guarantee that the ransom beig asked for will lead to the safety of your patient’s private health information and you also have no certainty that it was allow you to regain access and resume business as usual. Even if it provided both of these, payment of the ransom would effectively make the hackers in charge of your security IT business, hardly a practice to be approved by most within the health care industry. I would feel the same way about my own practice, though I think more importantly than the technology officer losing his job, that my head as the CEO would be on the chopping block almost immediately. If I wasn’t prepared enough to prevent this type of security risk, why would I be prepared to see it through to its resolution?

The security breach at Sunnylake was very different than most electronic breaches in one major way, this breach wasn’t to steal information it was to hold it hostage. The hackers in this situation were not targeting the clients of the hospital in a direct way, they didn’t steal billing records or social security numbers to sell on the black market. They also weren’t looking for confidential information or scandal or they would have gone to the press. Instead they targeted the hospital itself, a commercial entity with the financial means to pay the ransom. These hackers were deliberate and strategic about their target. They knew that a small hospital would not have the same infrastructure to support extensive security and the switch to EMR was recent, leaving more room for vulnerability. In this case the only way Sunnylake could have tried to avoid this attack would have been with more sophisticated security measures and on going staff training (including for the CEO) and even then there’s no guarantee.

To immediately address the lock out the CEO will need to asses if patient health is at risk. If he finds sufficient evidence that patients will be harmed without having the system back on line he will immediately need to implement new processes for handling patient care. Paper files will need to be created for each patient to avoid errors. New patients or elective procedures should be postponed or redirected to other hospitals until the system is back. The hospital can function using an older form of records but it will take effort from the staff to make it succeed. The hospital should not consider paying the hackers in order to regain control of the system. Paying them would do nothing but set bad precedent and open them to future attacks.

Going forward Sunnylake needs to drastically increase it’s cyber security protocols and employee training program. Creating a back up system that can be accessed whenever the main system is down will be critical. After this incident the staff will be hesitant to rely on the EMR system even though it has provided streamlining and efficiency. Building staff support for the EMR system is essential to ensure the corporate culture is intact so that the hospital can thrive. Increasing security training will not only make the system safer but also help staff understand their role and responsibility to support a safe system. Through better understanding of the system staff will also be more willing to trust again.

Sunnylake is stuck in a very bad situation. Do they pay the ransom or do they keep trying to fix the problem, and the situation will effect innocent people who are in the hospital. In my opinion, if the healthcare professionals do not feel comfortable treating patients the patients they need to be extremely honest with their patients and do a manual screen through questions of what that patient may be allergic to and their past medical history. Sunnylake should require all of its staff to come in and have all hands on deck. Although, my first reaction was to just pay the ransom, after thinking about it, paying the ransom is not the answer. The hackers who have stopped the system from working cannot be trusted. Just because you pay the ransom does not mean that they will remove the malware. The IT department should bring in any consultants or anyone else that could help, and work on fixing the problem all day and night.
If a similar situation had with my company, I would require all employees to get off their computers and have IT go through each computer to ensure malware is not installed on anyone’s specific computer. I would also bring in extra IT support to help resolve the problem as fast as possible. Once the problem is resolved, there will be company wide IT training as well as policies put in place that if any sort of threat comes through, an employee is required to notify IT or else be faced with dismissal. I also think that the head of IT needs to be looked at, with a possibility of that person facing explosion.

For question # 2, it is crucial that Sunnylake regain control of their data as soon as possible. I hate the idea of paying the ransom for the data because this will only encourage other hackers to do the same thing. As Jacob states “If we pay once, we’ll be a target forever”. Because of the nature of the data, the hospital must get the information back so the staff can continue to administer the proper care for their patients. I would suggest that the IT department try to retrieve the data from the server as soon as possible so the hospital could resume care of their patients. They also need to find a way to cut off the access for the hackers so they can regain control of the system.

Sunnylake needs to evaluate the security they currently have in place and figure out how the hackers were able to get into the system. They need to have better security for their data. An independent consultant may be better able to find the loopholes in their security and offer advice to the IT department to avoid issues in the future. This type of security audit should be done periodically to avoid being hacked in the future.

Sunnylake clearly had a weakness in their security system which was exploited by the hackers. I believe the issue was caused by a combination of relaxed security policy and general complacency. As is mentioned several times throughout the article, the company had grown accustomed to the system and had reveled in 3 years of successful usage. I find it particularly alarming that a protocol was not established to react to this type of situation considering the critical nature of the data.

If I were consulting Sunnylake I would recommend immediately bringing in advisers to better address the issue as it is clear that the current complement of IT professionals is not effectively mitigating the threat. Bringing in IT consultants who specialize in addressing attacks would certainly accelerate the timing required to resolve the current issue. Once the current issue has been resolved, I would recommend a thorough review of the system security to avoid future attacks.

Additionally, I would recommend bringing in an expert in media relations. Currently, the strategy of working to resolve the issue without proactively alerting the media and authorities is not prudent. If the media is alerted to the situation, which is highly probable, by an employee or patient the aftermath will be much worse than if the hospital preemptively alerts the media.

This is an unfortunate scenario which could have likely been avoided or at a minimum dealt with more effectively and immediately as the threat was first brought to the CEO. A critical mistake was the CEO not taking the threat seriously when he first received the email message. The delay in the corporate reaction made the mitigation much more difficult.

The primary lessons learned from this case is vigilance in security configuration, immediate response to any threat and once a threat is detected, bring in experts in both security and media relations to expedite the development of a strategy to report the issue to the proper authorities and the public. The attached article, which delves into the recent Anthem security attack suggests that the company was quick to hire a consultant, advise the proper authorities and advise the public in an apologetic manor.

http://www.nytimes.com/2015/02/05/business/hackers-breached-data-of-millions-insurer-says.html?_r=0

Describe the security breach experienced by Sunnylake. Why do you think this breach occurred? What would you have done to prevent it?

I believe the IT development for the system did not provide adequate business continuity processes. All applications, particularly those that are business critical (which Sunnylakes certainly was!) must have a backup system and processes to avoid incidents such as the hijackers’. To be effective, it should have been in a stand-alone method where the system is not dependent on the live system used by the medical staff. The process is costly as a duplicative system will need to be developed, however it would provide assurance of a fully operational system in the event the technology was comprised.

Working for an insurance company in Florida, we ensure business continuity exists for the policy/claims operating system by having the systems in multiple cities throughout the state. For instance, the backup and storage systems are in Tampa while the operating system itself is in Jacksonville. Additionally, we have IT systems in Tallahassee. If the state is hit by a hurricane, the probability it hits these 3 cities at the same time is very minimal. If one system is impacted, the IT department will still be operational by using the system(s) in the other locations.

This case really hits home for me! I recently found myself in a similar position when I was locked out of a database system that I had designed for my job (Besides, I am an accountant not an IT professional). The process had been previously done manually for quite a while so I developed an exclusive application via Microsoft Access. The upgrade was met with chronic resistance by some end-users though the majority, including top management, eagerly embraced it. It worked perfectly for almost a year until one day last December when nobody in a department of about 100 people could access it. Thankfully I had diligently implemented regular backup of database system so I swiftly installed the backup. The system was mysteriously released the next day. Consequently, we moved the database to a more secured SharePoint site and is still under close monitoring. It was such a learning and nerve-racking experience.

The security breach at Sunnylake occurred due to several reasons. Paul Layman should never have disregarded the first email threat. From experience, no threat should be discarded immediately. The blunder was apparently due to his limited knowledge of cyber security. Although the hacker, or their “spokesperson,” seems like an amateur with unsophisticated writing skills, well, that may have been a stunt to lure Paul and his team farther away from detecting the source. Paul should have notified his director of IT, Jacob Dale, as well as other hospital staff immediately.

Personally, I suppose the IT director, Jacob Dale, was essentially responsible for the chaos. He is the IT expert here; he possesses the knowledge others don’t know about information security. He should have acted more responsibly by being proactive.

Since all attempts to fix the issue have been futile and the potential risk may be irrevocable, I would recommend providing the ransom. Perhaps it will also give a lead on the culprits. I would also recommend at least basic information management course for the hospital staff, followed by continuous updates and alerts. No form of threat should be taken for granted; an appropriate assessment, action, and documentation should proceed any threat. Therefore, I would recommend a standard emergency response procedure to deter probable future occurrences.

Sunnylake has fallen victim to extortionist who have hacked into Sunnylake’s network and have blocked system log-in and/or passwords. Sunnylake’s IT employees were able to restore the function but hackers quickly shut if off again. Not knowing much about network systems I can only guess that the breach occurred because Sunnylake is connected somewhere to an external network where the hackers gained access using their hacker code writing skills. To prevent this, Sunnylake could have had established their network without any external connections. No external connections may not be practical but Sunnylake should look to segregate their operations network from necessary external communications network.

It is important to consider immediately that the staff at Sunnylake, while well intention, are not equipped to address this type of attack. One of the first steps when deciding what to do in any crisis, is to determine if one has the internal resources at their immediate disposal to rectify the problem rapidly. Mr. Layman, as CEO, should have a clear understanding that Mr. Dale is not an expert in cyber-security, nor are he or his staff able to solve this project alone. My recommendation is that Sunnylake considers the following plan. First, the hospital should call all senior leaders and chiefs of staff into an emergency meeting. The first order of business is to establish immediate protocol for handling the patients and their care. Implementing paper based practices as necessary, and cancelling any non-emergency surgeries would be required. For any emergency procedures scheduled, these should be considered on a case by case basis; with the potential to move these to other local hospitals as necessary. Next, the senior leaders should immediately contact the FBI-Cybercrime unit and/or Secret Service to report this problem. They should indicate the critical nature of this problem and ask for support. There are also firms that specialize in supporting IT departments during a hack, in both stopping the bleeding and saving forensic evidence. A firm such as this should be retained immediately. Simultaneously, Public Relations should be working on an immediate statement to patients and families and possibly the media, to control the message and minimize damage. This is about limiting loss and reducing liability. And last and under no circumstances, would I suggest that the hospitals pays the ransom to the blackmailers. I would provide this same advice to my firm in a similar situation.

The breach at Sunnylake was unacceptable and could have been prevented. Initially, I began to wonder what type of intrusion detection system was installed, what kind of emergency preparedness plan had been developed prior to the hack, and what sort of end user guidance/training had been disseminated to all employees. I also questioned how often, if any, information assurance (IA) and intrusion prevention scans were being scheduled/completed and if previously identified vulnerabilities were being resolved. It seems that the hackers in this case could have potentially exploited a vulnerability on a employee’s machine located behind the company’s firewall. I would like to know what type of anti-virus/malware software was installed and how backups were allowed to be stored on network servers that are completely inaccessible in instances like these.

I believe that Paul Layman placed entirely too much faith in his IT director, Jacob Dale, and that his dismissal of the initial threat was inexcusable. Mr. Dale may have had “aggressive energy” but apparently he did not have an aggressive approach in ensuring and testing his network’s security. If there were an effective emergency preparedness plan that was rehearsed and practiced at regular intervals, Sunnylake would have been in a better position to deal with this threat. Hiring an external IA compliance firm to conduct regular scans as well as perform internal penetration testing would have helped tremendously. Better awareness training for the workforce is key. Also, the company could have employed a two factor authentication process (i.e. password and smartcard or another type of token).

As Mr. Stephenson suggested in the article’s commentary, Sunnylake should hire a security consultant to help determine where the threat originated and how to bolster its current IT operations to prevent a similar attack in the future. As I mentioned with regards to Mr. Dale’s tactics, the company needs to implement an aggressive IT strategy that is proactive in identifying vulnerabilities and threats. Overconfidence in how the system is currently performing is dangerous. The digital world is constantly transforming. IT folks cannot rest on their laurels based on past successes with the network. They must always look to professional forums that discuss new and emerging threats for guidance. I would recommend that Mr. Layman pay the hackers based on necessity for patient care and safety but only after another 24-48 hours of exhaustive IT work and constant consultation with legal and law enforcement. I know that the initial reaction is to not give into hacker demands but, from a CEO perspective, this situation cannot continue much longer as there is no end in sight. There is a real potential for unnecessary loss of life and irreversible damage to the hospital’s reputation to the point that it could realistically force the closure of the entire facility, costing everyone their jobs. As mentioned in the case, there is no way to check for drug interactions or allergies even if doctors and staff go back to paper scripts and charts.

This situation is not uncommon. Look at the recent Sony Pictures, Nokia, and celebrity photo scandals where hackers have blackmailed their targets for various reasons.

http://www.scmagazineuk.com/hackers-blackmail-sony-film-company/article/385140/
http://www.bbc.com/news/technology-27909096
http://www.consumeraffairs.com/news/hackers-break-into-apple-icloud-steal-nude-photos-and-blackmail-celebrities-090214.html

The security breach experienced by Sunnylake occurred due to a lack of threat intake protocol. The recipient of the email (Paul Layman) should not have been the person responsible for assessing the legitimacy of the potential security threat. Instead of arrogantly deleting the message, he should have been trained to escalate the email immediately to the Director of IT (Jacob Dale). Regardless of grammar, all threats should be taken seriously and escalated to the IT department for further investigation. This incident could have been prevented if the IT department were alerted upon receipt of the first email. If they were prepared for the attack, the hospital’s systems would not have been left vulnerable. Ultimately, the hospital should develop routing security procedures and train all of the employees on how to handle suspicious emails and phishing attempts. Also, to prevent malware from being installed on hospital workstations, the IT department should disable download/administrative rights on computers used by employees.

I think the security breach occurred at Sunnylake because they put the cart before the horse. I felt while reading the case that the EMR part of the project was the main focal point and the security aspect of it was an afterthought. Yes it was a hard sell for Paul Layman to get everyone on board, but all the focus was put on making the business case for having electronic medical records and very little if no effort was invested in educating the hospital on security protocol for all of that sensitive information. I think this is made evident when the CEO ignores the initial threats received. If the CEO doesn’t take it seriously why should the staff be so inclined. By not first creating a secure environment for the EMR to exist in, there was no prior planning on how to react in the event of a cyber-attack. With the focus on making sure the EMR was accessible for the apprehensive staff and appeased the naysayers, a risk plan was put on the back burner when ironically it was what would have ensured the EMR had been accessible to all who truly relied on it.

Before I dive into preventive measures Sunnylake could have taken to avoid their security breach, I want to discuss “risk management”. In any situation whether it involves IT or planning even there always needs to be a plan for the “worst case scenario”. This could be as simple as makings sure you have umbrellas for your guests at a wedding if it rains or backing up your servers nightly. In the case of Sunnylake, the first question that came to mind – What would they do if they lost power? Even if they had generators what if the internet was down? How would they have proceeded with their day to day operations? From the sounds of it they wouldn’t be able to!

Whenever any company receives a threat whether it is to their firewall or their actual building protocols need to be identified and followed. Layman should have sent the first warning email to head of IT when he first received it. Other preventative measure that should have been taken is having up-to-date security software – especially, when your entire medical records are completely digital (and have been for the past three years).

It’s quite unfortunate for Paul to face an EMR data breach at Sunnylake, when he fought to get it implemented. Since point of receiving the initial phishing email, he should have alerted his IT department to secure up their system to potentially prevent further damage. His lack of initial judgment may have cost hospital thousands of dollars in legal claims, in addition of a severe reputation hit against the company. As the events enfolded in the case, its quite evident that Sunnylake had not prepared themselves for such data breach. The hospital did not have appropriate business continuity plan in place (including training employees on the plan) to ensure the hospital operation continues in the event of such major failure. As reliance on the computer and Internet increases, all business shall ensure to develop a plan to prevent, manage and rebuttal cyber-attacks.

The critical step for Sunnylake is to resume operation while IT identifies to unlock system to release records. The company should identify a way to restore the backup data on a small close system (that does not access network) to provide health care professional start treating patients. Alongside, Sunnylake should be going above and beyond their local IT to seek help to secure its systems. Paying off the hackers does not guarantee the release of the data, since hackers already had concluded that they had control over Sunnylake’s system and their IT could not resolve it. Thus, better plan of attack would be to hire additional help to help regain control over the system. Once all the crises are resolved, Sunnylake needs to develop a business continuity plan, secure its IT system to add additional security, encrypt each patient file to prevent leaking even when hackers can gain control over system, and employ a proactive approach to actively invest to screen each external communication from their servers to outside world. In addition, Sunnylake should encrypt each of the mobile access points to only allow user access to EMR, block all other internet access to prevent staff from accessing harmful network sites or download message with malware. They also should place EMR on independent server apart from rest of the organization’s internet access point, which would minimize ability for hackers to infiltrate both networks at the same time.

As a healthcare provider, I am very concerned about the safety of our information that took from the patients. Based on HIPAA law, all personal information have to be extremely confidential. All health organization are in the transition from paper chart to electronic medical record. We definitely do not want to have any hackers that happened to Sunnylake hospital. All hospital that I’ve worked, everyone of them request any care provider have to change pass words every several weeks, sometimes, it is so annoy that we could not even remember the passwords anymore as we have to open so many software to obtain necessary information, not sure it is a better way to handle it, such as scan all finger printing or match ID card, etc. I wish I could know computer sciences better.

1. Sunnylake should have backup servers and be able to isolate some servers/records from outside its walls. There should be firewalls in place to prevent access, but if those fail, they should have the ability to produce records off-line from physically isolated back-ups.
2. Can’t fathom paying the ransom. Where are the authorities on this matter? Have they called the FBI? When mentioning insurance, can you really insure against something illegal like extortion? I guess there’s kidnapping insurance, right?

I would explain to the five year old that a lot of people are mad because they were trying to help people by telling them about places they visited but that Yelp was not sharing their stories like they promised. I would further explain that the people who were sharing spent a lot of time trying to help and were unhappy because it wasn’t fair that Yelp wouldn’t share. I would tell them that Yelp should help and share their stories because it’s important to help people and keep your promises.

I would say to my 5 year old that when we want to go to a fun movie or buy a toy that everyone likes I would like to ask someone who knows what is the best choice. We really depend on that person to tell us the truth so we can make the right decision and everyone will be happy. We expect the same information and truth from this person as we would if we asked Mom or Dad what was best for the kids. If for some reason the person who we want to get the truth from tells us something that may not be truthful because of a reason they have than we would make the wrong choice. We would not be getting the correct information we need to make the right decision to to buy the best toy or watch the most exciting movie. This is sort of the problem that Yelp is now being accused of. This company is being accused of placing reviews or advice that may not be accurate just to make money. We need to be very careful that we understand where we receive our information and if that information is correct so we can make the best choices for our family.

I would explain the controversy with Yelp’s reviews to a 5 year old by asking them a story. The story is about a company provides advice on which toys that parents should avoid or buy for their kids. Parents go to this company for advice on good toys to buy and bad toys to avoid based on information from provided by other parents. The problem is that sometimes the company keeps some of the good and bad advice from the parents so they end up buying the wrong toys which makes the parents and their kids very upset. And when those upset parents ask the company why they did not provide all the advice on the good and bad toys, the company tells the parents that it is a secret.

I have a 5 year old, so I gave this a shot with her sitting at the computer looking at the Yelp site with me. I asked “SpongeBob and his friends know that the Krusty Krab makes tasty Krabby Patties while the Chum Bucket makes yucky food, but how would a visitor to Bikini Bottom know which place has better food?” After she suggested that they taste each one to see which is better, I told her that instead, they could go to the Yelp website and see what other people said and how many stars they gave them. Easy enough for her to understand – so far so good. I then said “If Patrick wanted to rate the Krusty Krab 5 stars and Chum Bucket 1 star at the Yelp website, the Yelp company can decide if they want to show his reviews or not. They don’t show all the reviews from everyone because they aren’t sure if someone is lying or not.” This confused her a bit, and I had to try and explain it a few ways, and I don’t think she really got it. Eventually, she just said, “Why would they tell a lie? Why don’t they just tell the truth?” At that point, I just said, “There are some bad people out there, but they should all just tell the truth because its bad to lie.” So there is a 5 year old perspective on Yelp! review-filtering.

I would tell a 5 year old that, in reality the reviews must be written by customers who have used the services of the company and would be willing to share their honest experiences so that it helps other fellow customers in making a decision that is in the best interest. So often times, the reviews are not that reliable as some business owners would request the customers to post one. Even in this situations if a customer wrote a honest review, the chances of that getting posted by Yelp is slim to none as it may get filtered.

So I would tell my kid, that seeing is believing, experiencing yourself is the best course of action in any situation and always do the right thing, be ethical in what you do.

I would tell my kid, educating yourself by reading about the product or a company for example going on yelp’s website or googling or asking someone who you know has had a firsthand experience or bought a product is important prior to venturing out on your own. At the same time please be aware that you can’t rely on the experiences of others as your experience could be different than theirs.

So you be the judge of what you want to do in such situations. If you really are confused about anything, not sure what to do, then please ask around and if you don’t get any convincing answers then don’t it at all.
Always listen to your heart, do the right thing and go with it.

I would explain to a five year old that Yelp is a website that people use to write about their experience and what they liked or did not like about different places such as restaurants. If you want to go to a new restaurant, you go on Yelp website and you can read about other people’s experience and see if they liked the restaurant’s food or not and then you can decide if you want to eat there or not. Some people are upset with Yelp because they are not showing everyone’s writing on their website, they only show the ones they like and that is not fair to everyone who took their time to write.

I’d say something like this:

Yelp is a website that lets people say whether something somebody sells is good or bad so that others can make good decisions about what to buy based on what other people say. The problem, though, is that you don’t know if what the people are saying on the site is true or not for lots of reasons. The website tries to make sure they are true by using a secret formula to decide which people’s comments show up on the site. They worry that some business owners may be saying good things about themselves to look better, or bad things about other stores to make themselves look better in comparison. People that are really using the site for the right reasons, though, think that what they say isn’t being shown for bad reasons, and some businesses are saying that only bad things being said about them are being shown unless they pay for advertising on Yelp. When only the bad things are shown, it makes people not want to go to their business so it is hurtful to them. If fake things get shown, it makes the site unreliable because people can’t believe what they see.

My five year old hates socks. The first thing she does when she comes home is kicks off her shoes and rips off her socks so she can run around barefoot. Often times before leaving the house, I need to do a sock check to make sure that she did not actually put her boots on without socks. I decided to use this ongoing challenge to explain the yelp controversy to my 5 year old. In this case, I will serve as the review filter.

I say “Put your shoes and socks on, it’s time to go”. She runs upstairs with a pair of boots and comes down a minute later with her boots on and says “socks on”. I didn’t believe her, so I checked and sure enough, no socks. We went through the same exercise, but this time I sent her 7 year old sister with her. When they came downstairs, I checked and she had her socks on. They both asked why I checked, to which I responded, “I trust your sister a little more, but I still need to check”. At that point the oldest asked what if mommy was there. I said, I wouldn’t need to check because I trust mommy. I summed it all up for them by saying “I will trust you when you continually show me good behavior, but I’m not going to tell you what good behavior means”. They were understandable confused and their response as expected was “that’s not fair”, but that’s Yelp.

I don’t often speak to 5-year olds, but I would probably say something like this:
“You know that candy store you like? Some people have nice things to say about that candy store and others have not so nice things to say about it. When these people want to tell others about how they feel about the store, they go online to Yelp.com and write about their time at the store. If it’s someone’s first time on Yelp.com and they write something nice about the candy store, the people at Yelp.com hides the nice things that person said, which makes that person very mad. Yelp.com then gives a number of poor reasons (some might call them lies) to explain why they’ve hidden the nice things that person said, which makes that person even madder.”

I would try to explain to a five year old that there is a controversy regarding Yelp’s reviews because not everyone always tells the truth. Sometimes, people are dishonest to trick someone into believing something that is not true. For example, it would be like another five year old telling you that Frozen was not a good movie, even though they really enjoyed it, so that you would be less likely to want to see it. The same thing can happen when adults review things on Yelp. Yelp has claimed that it is trying to remove untruthful reviews but many people believe that truthful reviews are wrongly being removed that could help people and that Yelp is part of the problem when it removes truthful reviews.

I would explain to a 5 year old that Yelp! does not show the opinion of everyone, just that of a few people and the opinions that it does have are possibly not true. Too many people have filled Yelp! with false reviews for one reason or another. It has made the site totally unreliable. I would go on to explain that Yelp! is a poor example of a comment site and should not be used. Assuming that the 5-year old needs restaurant advice, I would suggest TripAdvisor.

I would tell a 5 year old that you can not always trust a stranger, and that sometimes strangers will tell lies for personal gain. Yelp! is a great example of this. They have a lot of opinions by strangers that are filtered sporadically and you will not always receive the data or information that you want from these strangers that post on the website.

One company thinks it knows how to decide what is true or not and only tells people what they think could help them. Some are upset because they don’t believe this is right and think it is fair to know everything.

I would tell a five year old that sometimes adults like to find out what other people think about what car is safe and fun, or what movie is good to see, or what new restaurant might be worth trying, or what a cool new toy is there for a five year old that would be fun to play with. So, we might ask friends, relatives, or neighbors what they think. However, sometimes our friends, etc., might not know, so there are places on the internet we can go to get other people’s opinions. (I think any five year old would follow that, so far) I would then tell him/her that the problem with Yelp is that there are people on there giving opinions that aren’t true… because they might want you to try their restaurant or their friend’s restaurant instead of the better one. Or they might want you to buy the toy that their store sells and not the one they don’t carry. And I would tell them that sometimes Yelp won’t put opinions on their site for a good reason, (they think its phony), but other times they let a phony opinion stay on because someone paid them money, (advertised) to keep it on. So, I would ask the five year old do you trust what Yelp says if they allow the opinions to be influenced by someone paying them money.

Yelp is a free online service that allows businesses to allow customers to tell others how good or bad that service was. In the case of a restaurant they may take pictures, tell others what they ate, how loud it was and if they liked or disliked it. Sometimes people tell lies and exaggerate just like kids in school tell you the got $20 for their first tooth! Sometimes people will tell bad stories about the restaurant if they own one across the street and they want to be mean to them. What Yelp does is sometimes get rid of the reviews both bad and good and you don’t always see them all. What you have to be careful in doing is read a lot of and then make a decision about where you should eat. Remember some people like to eat Brussels sprouts and will tell you it’s a great place, well remember those green things at Christmas you didn’t like them, so you know not to go there, even if someone does tell you it’s the best place ever. So read the reviews look a the pictures and know that there may well be some missing and that the are hiding all the facts, just like how did Santa Claus get down that chimney!

I would explain the controversy of the Yelp reviews to a 5 year old by saying to always tell the truth. Even if someone does not believe you are telling the truth, continue to tell the truth because it is the right thing to do. Also, in telling the truth, don’t say things to get attention, say things that have meaning.

I would explain to a 5 year old that Yelp’s review process is based solely on opinions and that each person’s opinion can vary for a number of reasons. Every person’s experience isn’t the same. You could get bad service or maybe a food prepared you didn’t like one night and that could set the tone of your attitude towards your review. Then the table next to you could have had a completely different experience with the same or different service. Everyone’s interpretation of what is good nad bad is just that-their prerogative. Also, that is sometimes it is hard to distinguish fact from fiction. And not to take everything literally without maybe trying something that might sound appetizing (in the case of a restaurant) yourself and to be your own judge. I think Yelp is great resource for reviews but when I see mixed reviews I take it upon myself to be my own judge. With regards to Yelp subjectively posting good reviews, it is likely because people rarely run to write something good especially as a first time. While I commend as much as I criticize things, I don’t think they can judge people’s integrity based on it being maybe their first time reviewing.

I would share with a 5 year old that not everything you see is the whole truth. I would explain that sometimes people say good things about others and sometimes people say bad things about others, but those people don’t hear all of the things said about them. And more importantly, there are people who make sure that their words get heard more than others. I would also say that perhaps Yelp doesn’t like it when people talk about the place where they work when they are saying things about another business, they just want people to talk about that business

The controversy should be something familiar to a 5-year-old. They are used to fighting over whether there way is right. Remember the whole “My daddy is cooler than yours” debate? This is what we have with the controversy over Yelp’s review.Yelp’s daddy is cooler than others, at least that is what they say. That is how I would explain it. To further explain, I would have to say, “Kiddo, Yelp tries to keep bad people from lying by not allowing some people to play on their playground, even if some good people don’t get to play too. When a person shows they are good, then Yelp says, lets play. This makes some good people angry because they want to play fair and square, but can not because yelp says no until they can show they are good.” I think this would be a good lesson for the kid that life is not fair.

I would explain the bias regarding Yelp’s reviews as follows:

Yelp! is like your classmate Johnny. Lets say Johnny gets a new toy truck. He only lets some of the kids in your class play with his truck because he knows some kids play rough, and he doesn’t want his truck to get broken. What if Johnny let Mike play with his truck, but when you tried to play with it he said you couldn’t because you would break it? You have never played rough with any toys, and Johnny doesn’t tell you why he thinks you will break it, he just says you can’t play with it. That’s not fair is it? That is the same thing Yelp! is doing to reviewers on their website. They are unfairly assuming that some people are bad, but give no reason for why they think that.

I live with twin 5 year olds so this one was pretty interesting for me. The exchange went a little something like this. (O = 5 year old) (D = Dad )

D – Do you want to help me with my homework
O – no
D – Please?
O –why?
D – I need your help.
O – ok, can we play soccer after?
D –Sure …… Have you ever heard of Yelp?
O – huh?
D – Yelp, like Help but with a Y.
O- No, what is that?
D – It is a website that stores information and reviews about stores and restaurants.
O – a website? what for?
D- So you can see what other people think about and to help you decide on whether you should visit
O – why do they need a website? why do you care what other people think?
D – Great point. I really don’t like the website anyway because it isn’t honest.
O- It lies? Why?
D- yes, so it can make money
O – can you buy me ice-cream?
D – it’s too cold, let’s go play soccer.

I was not a fan of Yelp before these readings and they have further cemented my thoughts on them. I was a bit biased in my conversation with my son but he was a good participant.

tuf33653 – I completely agree with their lack of transparency. While their intentions may have started off well with this site, it needs to make money and it does so in questionable ways. I have several friends in the restaurant business and 1 in particular who owns and runs 2 successful bar/restaurants and we have had many a conversation about yelp as it pertains to its reviews and also the sales tactics that it employs. He has gone as far as begging them not to call him anymore with their solicitations but their sales turnover is apparently quite high so he still gets their calls and uses the opportunity to have a little fun with them. But back to your point, unless they are transparent about their process, I won’t be visiting.

I don’t deal often with kids so explaining Yelp’s controversy to a 5 year old would be difficult. What I would say is that in life you should always try to be fair but sometimes things will simply not be fair. I would explain the golden rule of “treat people the way you want to be treated.” I would explain that no one wants to be feel manipulated or taken advantage of. Then I would explain how the yelps review system does exactly that by being secretive and vague. That’s bad business.
When reading Yelp’s review site, it seemed to me that they were peculiarly vague. They say that the reason they don’t want to reveal details is because it renders their technique ineffective. I think they don’t want to reveal details because their system benefits those users who become “established” by contributing more money. I would teach the 5 year old what the word integrity meant and its value of making it a part of who you are and what you do.

tuf33653, a key point that I took away from your post is “practice what you preach.” I am not surprised that companies such as a car dealership are giving out rewards for “positive” feedback. I also think Yelp knows that that sort of thing happens regularly. I just think that they don’t care because that is how they make more money. Like you said, it is one thing to do that but it is a completely another to do that and then try to say that you are not about that life. I think that in business, honesty and transparency are critical factors. I personally don’t use Yelp. I agree that they don’t claim it to be a perfect method but I think they word it as if the things they do are to protect the consumer, I think it’s the other way around.

I’ve been trying to think of a good way to explain this to a 5-year old, but being as I don’t have kids either, it’s been tough. Here’s my attempt:
Who wants ice cream? There are 3 flavors to choose from: chocolate, vanilla, and strawberry. Susie & Tommy told you they don’t like the strawberry but the vanilla is pretty good. Tommy thinks the chocolate is not as good as vanilla. Susie’s mom came to pick her up before she could tell you what she thought about the chocolate. Based on what you learned from Susie & Tommy about the flavors, which do you want?
I actually don’t find Yelp’s attempts at screening comments malicious. There is really no good way to tell the legitimate from the illegitimate and I understand that some legitimate reviews will get caught in the filter. It’s code, it’s not perfect. That doesn’t stop me from using it. A review is someone’s opinion, so I usually take it with a grain of salt anyway.

I’m going to take some license and explain Yelp to a 5 year with an older sibling. My brother is 2 years older than me, and as long as I can remember, he has held himself out as all-knowing, explaining the most insignificant of facts to me as if I were a complete moron. No hard feelings.

Back to the 5 year old – I would explain Yelp like this – You know how your brother acts like he knows everything just because he is older? And if you like something and he doesn’t, he says it’s because you don’t know what you’re talking about? Or even sometimes if you want to go eat at McDonald’s but he wants Wendy’s, and your parents take you to Wendy’s because he mowed the lawn and you didn’t? That’s Yelp.

Given most of the sentiments expressed here – Yelp ratings are not a viable resource and just aren’t trusted. The Forbes article is a real eye opener on their practices with the revelation that Yelp manipulates content in an attempt to “extort advertising revenues” from the companies on their site. In other words, “You got to Pay to Play.” So, explaining this element of the business to a five year old is:

Johnny and a group of boys were playing tag football. The big kid in the group – Ronald – told Johnny if he wanted to continue playing, he would have to give him $5.00. And if Johnny didn’t give him the $5.00 then he would tell all the others, “Johnny is dirty and he eats worms.” But if Johnny did give him $5.00, then Ronald would tell the others, “Johnny is cool and we should let him play with us all the time.” So now Johnny has to decide if he wants to pay to play and stay in the game.

What would you do if you were Johnny??

Now, I can imagine most kids would kick dirt at Ronald, take their $5.00 and buy some candy with it. I’m not giving him my hard earned $5.00 I begged mom and dad for. Beat it Ronald.

And a company in a similar situation with Yelp should say the same thing. I’m not giving you my hard earned money – I’ll take my chances with a more honorable site – Beat it Yelp. You big bully extortionist. Lol.

I disagree with some of the above posts because I like Yelp and feel that it provides a valuable service. I think the difference of opinion lies in the degree of trust we assign to one source. Believing Yelp unwaveringly is akin to getting your news from one channel. Then when that one source (Bryan Williams) is shown to have some slight misgivings, we denounce everything they’ve ever said. However that’s an extreme and emotive viewpoint. Does any among us trust Fox, CNN or NPR beyond doubt? Of course not. The wise news reviewer hears the story from a variety of sources and draws their own conclusions. That is the way I approach Yelp, and all other online reviews such as Amazon and Google for that matter. If I want to try out a new restaurant for instance, I look on Yelp and read the reviews. If a review is positive or negative with a long explanation (which I also quickly scan) then that is likely a legitimate reviewer and I take their opinion into consideration. The one sentence reviews are probably boloney and I ignore them. Then I also look at the Zagat ratings and the reviews on Google and decide if I want to go there. The Yelp and other online reviews are also valuable for another reason – providing ordering recommendations and other suggestions.
With that said, I do agree with the other posters that the filters are a concern as they introduce at least the potential for some degree of bias. However I also think that the filters are valuable, at least in theory, as they minimize the number of hogwash reviews that you, the user, would rather not see anyway. The main concern here is the way the filtering process is implemented and whether or not Yelp is coercing businesses into subscribing or businesses are twisting arms to get good reviews. While I cannot recall ever coming across a business or service where the overall Yelp evaluation differed from that of Google or similar, and before reading the article I had never heard of anyone being pressured into making a review or been asked to do so myself, although this certainly could happen. Who’s to say that the author of the article himself is not biased for other reasons. Nonetheless this potential for bias in the Yelp reviews raises some degree of doubt in the service. To overcome this issue, rather than filtering out the reviews that Yelp determines should be filtered, perhaps these reviews should still be displayed, only with a flag. The flag(s) could say something like “*This review likely came from a biased source” or “The source of this review has not yet been validated”, or whatever the reason for failing the filter. This would provide transparency in the Yelp filtering process and eliminate any confusion on the part of reviewers. That way, the user could evaluate whether or not they agree with the Yelp filter and draw their own conclusions. This would also help prevent Yelp from being “undermined by a competitor with a more honest approach” as Jim Handy so eloquently put it.
In summary this week’s readings raise some valid concerns regarding the Yelp service and their filtering process specifically. I will certainly keep these concerns in mind the next time I use Yelp, however I plan to continue using the service on the rare occasion I need to. Yelp could improve their customer image by introducing more transparency in their reviewing and filtering methodologies.

How would I explain this to a five year old? Wow. Awesome question.

I would put a bunch of toys in front of a child and tell him he can only pick one. Under each toy I would have colorful stickers and reviews from the boy’s friends and reviews from other people whom he doesn’t know. I would read the review of each toy, which wouldn’t be long. It would be something like, “This truck was not fun because the wheels are broken,” and there wouldn’t be any stickers connected to the review. And then another toy would have a review that says, “This is the bestest toy in the whole world,” and it would have a bunch of stickers.

I would then ask the child to get a toy. The trick here would be that every toy is broken. The child would hopefully pick a toy with a good review. After playing with it I would read the review back to him and ask if it really was fun to play with. If and when he said no I would ask why. I would probably get a short answer like, “Cause it was broken.”

Now I need to explain to him that sometimes people lie (Pretty sure at this point I’m damaging the innocent, blissful view most kids have, but it’s gotta happen at some point, right?). I would tell the child that adults do the same thing, but with more than just toys. Sometimes adults lie about their favorite food, clothes, and even places to visit. I would ask him if it’s nice to lie and he would probably shake his head. Then the point needs to be made that he really shouldn’t trust what people tell you about something. It’s best to try it out on your own and see if you actually like it or don’t like it because we each have different tastes. The sad part is that when we become adults we try to do the things that everyone else likes instead of doing the things that we like.

Pretty sure his head would explode or he would so traumatized by the lie that nothing would stick, but it would have been worth the old try.

Explaining the controversy regarding yelp reviews to a five year old would be really difficult. I happen to live with one, and she understands right and wrong, and what the internet is. She also is a bit of a foodie requesting her favorite brunch and dinner spots frequently.
I think I would explain that many people go on the internet to find good places to go eat. Yelp is a site on the internet that gives restaurants ratings (like stickers in her learning game) based on the opinions of real people. Sometimes, these opinions are ignored and thus the ratings can be either better or worse than they really are. That means when we look at a a rating on yelp it might not be trustworthy.
I think she would get it and likely ask why do we use it, which is a really valid question.

The first thing I would explain to a five year old is that Yelp allows people to review, search and share good experiences with great local businesses (like a pizza restaurant). For example, if we wanted to go buy pizza, I would search on Yelp and different pizza restaurants would come up. Different people who really like or dislike the pizza would write reviews that I could read in order to make the best choice. Then I would explain that businesses like the pizza restaurant are upset with Yelp because they do not allow all the good things people say about their pizza be viewed by others. Yelp may think that the pizza restaurant is not honest and post all the good comments about the pizza themselves and not real customers. It is almost like when you take your homework to school and your teacher don’t give you a gold star or give you a half of a star because she think one of your parents did your homework. ( a bit challenging-no experience dealing with small children)

How would you explain the controversy regarding Yelp’s reviews — to a 5 year old

Having been a restaurant owner in center city, I understand the benefits and the downsides of Yelp and in explaining the reviews to a 5 year old is simple as stating always be truthful and honest in what you say. Do not tell a lie. Yelp’s whole model is based on the reviewers providing honest, candid feedback for other users to review and process. The model breaks down when you have business owners, competitors, or others with a nefarious purpose in mind by posting overly negative or overly positive reviews without having any experience with the business. Their whole objective is to increase or decrease the number of stars yelp gives the review.

As a business owner, my job is to provide the best customer service to my customers and the product/service quality should speak for itself. If I am offering a quality product and my customers are happy they will post positive reviews. Receiving legitimate negative reviews is also a positive in my view as it provides an opportunity to improve and enhance your product or service. No owner can be with their business 100% of the time and negative review provide a customer perspective when the owner is not there or if something is off. Competition is a great thing and striving for 4 or 5 stars on Yelp drives healthy competition to improve which benefits the customer and the business.

In my time owning the restaurants in center city Yelp did call few times to discuss advertising options however at no time did they offer to improve my ratings on their site so I thinks its unfair people make the case that you can buy a good Yelp review. I think Yelp’s model is based on nonbiased reviews and if it came out that they were selling a service to improve ratings their business model would fold very quickly.

Tell the truth on the yelp site is the key to success for a customer and a business. Yelp in my view provides a 3rd party platform for both parties to engage to improve the product or service .

Remember when I took you to Toys R Us before Christmas so you could tell me which toys you wanted? Remember how you picked out some toys you said you would like and other ones you said you didn’t want? Imagine if Toys R Us had a website (I’m assuming that children of this generation will be familiar with the internet) where a whole bunch of little kids just like you talked about every toy. Wouldn’t that be a great site? Then we could just look at the list and figure out which toys most kids would want to play with.
The problem is some kids don’t always tell the truth. The website can’t tell which kids are good and tell the truth and which kids are bad and give a false review. Also, the toy companies want to make money, and sometimes they might be pushy and talk some kids into saying something they didn’t want to say. The folks at Toys R Us would have to try and figure out how to tell which of the reviews were realistic and they would put filters in to take the bad ones out. Now, their filters aren’t perfect, and they might end up taking some reviews out that good kids made. When that happens the good kids might get mad because they were honest and Toys R Us thought they weren’t.

It is hard to describe how I would explain Yelp’s rating service since I do not have a 5 year old but it would be relatively simple. Yelp will approve only a select number of comments for each business. Several businesses advertise through yelp, (I have dealt for a few in the past) and I can attest that only Positive and select negative feedback makes it onto the platform. It could be that certain reviews are derogatory or include personal information but there are ways to block those select words. In a way you can relate to a 5 year olds point of view. The truth doesn’t always come out and sometimes if it does, it is a meh kind of truth. A 5 year old would like sometime today and hate it tomorrow. I would say that Yelp’s rating system is almost the same. Judging by what comments are allowed, blocked, or removed at the businesses request to keep the business happy. So if a 5 year old cries that he hates a certain thing, you get rid of it to make them happy.

I have a four year old at home and it is very hard to imagine trying to communicate to him the Yelp controversy. Granted he’s only four, but even a year from now I think it would be a significant challenge. That being said, if I had the time and had to get the message across to him, I would go out and purchase take out from about four different restaurants. Let’s say we wanted burgers for dinner – I would buy a burger from Wendy’s, McDonalds, Chili’s, and Burger King. I would then line up the burgers on the table and ask my youngster which one he wants, and tell him he can only pick one. After the all-but-certain hesitancy caused by being unable to choose, I would explain to him that there’s an app on my iPad that will tell us which burger tastes the best, and the app is called Yelp. He would undoubtedly be excited about this. I would explain that whichever burger has the most stars, that one will be the best tasting burger. We would go through Yelp and find the one with the best ratings, but then I would explain that there’s a problem with Yelp; sometimes, when people enter stars we can’t see them because their feedback doesn’t show up in the app. My youngster would then probably start to get pretty confused, at which point I would tell him that since we can’t see everyone’s reviews, we probably shouldn’t put too much stock in the star system. Then we’d toss all the other burgers and eat Chili’s.

My daughter is now 13 so its been a while. But I remember always pointing out to her how important it is for her to be nice and tell the truth so here goes.

Yelp is kinda like that kid in school who tells the best stories on the playground and all the kids like to gather around and listen to them telling these stories. They started out helping other kids by saying real nice things about them and helping them to make friends and getting others to like them and so on. But then Yelp got real popular and everything changed. Kids started to complain that Yelp was starting to behave mean. Some kids even said that Yelp asked them to give up their lunch or snack if they wanted Yelp to continue to say nice things about them. Yelp said it wasn’t true but it was really hard to prove if they were telling the truth and now the kids are not sure who to believe. That’s real sad, because Yelp use to be cool but then they became like the mean kid who had the ball so they decided who to play with and who to leave out of the game.

I am very biased when it comes to Yelp! after some very bad experiences. The worst was when a client who didn’t follow my recommendations to schedule an appointment with a specialist went on Yelp! to slam me for the resulting loss of her cat’s eye. I shared with Yelp! to no avail the result of a veterinary medicine board inquiry that showed that the client was baseless when she complained. They refused to take down her negative review. Classmates might find this link interesting http://www.aaha.org/blog/NewStat/post/2014/09/03/290548/Small-businesses-face-another-defeat-in-extortion-claim-against-Yelp.aspx. It supports one of our reading assignments.

Explaining Yelp! reviews to a five year old would launch me into a short discussion of how when you read online reviews you need to recognize that your are reading someone else’s opinion. Someone who you don’t really know. Keeping it simple, I would advise reading many reviews, eliminating the ones at either end of the spectrum and to do my best to find reviewers who seem to be looking for what I look for, Might still be too much for a five year old, but that’s how I would begin.

I don’t necessarily trust Yelp’s reviews, however I will use Yelp as a resource when deciding between two or three restaurants. That said, I wouldn’t trust an establishment that only had a handful of reviews. I like to see a restaurant with at least a dozen reviews to get a better idea of what to expect. I never realized that Yelp filtered reviews and after reading these pieces, I think that is troubling. As for explaining it to a five-year old I would tell him or her that Yelp allows you to publish and research reviews of businesses and establishments. Use it as a guide but don’t rely on it. You are better off asking your friends and people you trust for reviews as opposed to strangers and those with different expectations.

I have definitely used Yelp in the past, and have posted both positive and negative reviews. I, however, had no idea that my reviews would be filtered or removed. That is very discouraging to hear as I spend my personal time to write concise reviews. I have also relied on Yelp reviews as well. Sadly, I have passed up on restaurants, salons, and other services based on the negative feedbacks that I read. After reading the two articles, I am beyond disappointed. I have missed out on probably getting great services just because I relied on the negative reviews that I read. If I were to explain Yelp reviews to a 5 year old, I would advise him/her to not believe everything he/she reads. One should always do his/her own research using various sources and come up with your own conclusion. It is also a fact that people tend to write/talk about negative experiences more often than positive ones. Therefore, always consider that when reading/hearing another person’s scathing review.

To my five year old son,

You know how when we go to the toy store you can never decide what toy to get? Well what if you could see what other kids have to say about the toys and then decide? Imagine you go to the toy store and buy a new lego set. You get it home and put it together and have hours of fun playing with it. The next time you go to the toy store you can write a note to other kids telling them how much fun you had playing with the toy. The store will take your note and keep it for other kids to read.

Now imagine you buy another lego set because you saw a note from another little boy saying he loved it. When you get home you put it together but its really not as fun as the other set you bought. The next time you go to the store and leave a note saying you didn’t really like the toy. The store will take that note and keep it for kids to read.

Then you go back to the first toy and see that your note isn’t there. When you ask the manager about it they tell you it’s not there because you haven’t given enough notes for them to “trust you.” I know, that sounds crazy but then the manager says, “if you keep writing notes and keep buying toys then we’ll put your notes up for others to see.”

This gets you thinking so you go back to the toy you bought because the other little boy liked it and start looking for other toys he liked or didn’t like. Now you have to decide if you trust him, like the store does, and take a chance to buy another toy based on his recommendation or pick one because you think it’ll be cool.

It’s up to you!!

I personally have gone on Yelp when trying to figure out where to go to dinner and I am in the mood for something different. Although I typically listen to what the majority of reviewers say, I can see how a few bad reviews would have a serious impact on any business. I personally have never written a review on Yelp, I am glad they are available. Just in case anyone is interested see the attached article about when a business owner replies back to a negative post – it’s amusing and got a lot of media attention. http://www.liberalamerica.org/2014/10/11/entitled-customer-slams-restaurant-on-yelp-what-happens-next-is-sheer-badassery/

If I were to have to explain the controversy to a five year old, I would make try to make it be relatable to what is important in their live.

Me: You know the park that you like going to
5 year old: The one with a cool slide
Me: Yes, although you think the slide is really cool, some other kids tell their moms that they do not like swings and the sand box is dirty. Mom’s are telling other mom’s that the playground is not that fun and not to take their kids there.
5 year old: But I really really like it, I hope my friends go to the park.
Me: I hope so too, but unfortunately they might not go anymore because no one believes us mom’s who think the playground is great. They said they will only start going to the park if we buy some new toys for the sandbox.

I personally do not use Yelp in making any decisions. As an owner of multiple nightlife businesses in Philadelphia I have seen first hand the biased reviews that are accepted and possibly promoted by Yelp. Much like in the Forbes article my business partners and I have been told by Yelp representatives that our reviews may improve if we were to advertise on Yelp. My business partners and I have wondered how exactly the improvement in reviews would occur but Yelp provided no answers. Also, even with proof of biased commenting Yelp has been unwilling to change reviews. I truly wonder if those biased reviews would suddenly disappear if we begin to advertise on Yelp. Initially, like most people, I thought Yelp may have value, but as my experiences have demonstrated the service is very flawed if not criminal. As a physician, I worry about the trend in health care of patients reviewing doctors with no knowledge base regarding their diagnoses. Sadly, I do not believe the Yelpification of America will be a good thing.

Whether it is right or wrong, Yelp controls which reviews their visitors see on their website. It benefits their users to know that first-time user’s positive reviews are often filtered and removed. So, reviews that viewers read might not accurately describe the vendor. It appears Yelp wants the public to think these first-time users provide biased reviews that lack relevancy and validity. Do they really filter and remove these opinions to protect the website’s users or do they manipulate reviewers into earning credibility while surrendering themselves to their advertising revenue tactics? To eventually post a review that will stay, users need to actively participate on the website. This increases site traffic and advertising visibility. A direct connection exists between revenue generation and their website utility.

My experience explaining anything to a five year old is somewhat limited to football with my nephew or cooking with my niece, but if I had to describe Yelp’s controversial review system to one of them, I think I would use the classic parental manipulation strategy used to coerce children into eating foods they refuse. “If you eat your vegetables, you can have dessert”. The parent has the upper hand in this situation, like Yelp does with its users. If the child values desert highly, they might sacrifice their aversion to what they have been served. Likewise, users of Yelp must succumb to the management schemes if they want their feedback to last or users’ feedback of their business to remain posted. Both these children and Yelp users find themselves weighing the values of their sacrifice against their reward during their decision making.

I personally was not aware that Yelp filtered reviews through an algorithmic process in order to prevent the site from being considered a “laissez-faire” website that lacks interference or oversight. Yelp claims that they never delete the reviews, but rather they use an automated process that moves the users’ reviews from the user page to the business page. Yelp claims that this process ultimately creates a public display of unbiased reviews and protects businesses from reviews which may not be credible or validated thus promoting fair competition. They state both negative and positive reviews can be affected and the goal is to not have consumers fall into a trap that leads them to highly unreliable ratings. I found it interesting that Yelp doesn’t elaborate on all the factors that play into defining an established user and what variables are used to determine the filtering process. I have been searching additional articles to see if this information is public. On the other head, some Yelp users find this filtering process to be controversial and unjust.

As far as how I would explain it to a five year old, I would relate it back to the basic lesson about being “fair”. This is a common theme that is taught in Kindergarten as children are taught to “treat others as you want to be treated”. I think Yelp is ultimately trying to create a fair platform of reviews that is regulated. This regulation will ensure that Business A does not suffer a business loss secondary to a malicious review written by a competitor or to prevent a patient from being enticed to go to a poorly managed medical practice due to a high amount of false 5 star ratings that were written by the practice itself. I would tell the 5 year old that it is important to be fair and honest when voicing their opinion on something such as their favorite toy, hobby, or even fellow classmates. I would remind them that people are always going to have differences in how they feel about certain things, but that does not always mean that one opinion is right and the other is wrong. I think this is the most basic way to explain this concept to a child that is so young.

To a 5 year old: Yelp is like a blackboard where your teacher writes a list of the good and bad things you do in school. Wouldn’t it be bad if someone you do not know, and your teacher does not know would cancel some of the good things you did?

I never trusted Yelp. I actually think there more reliable ways to know which one is a good restaurant or a bad business. Rather than basing my choice on the opinion of someone I don’t know, whose taste for food might be completely different from mine, I would look at the history of the chef: where did she work before? What is on the menu et. Another inquinating factor are the comments a business owner can post on his/her favor. Similarly, unfriendly people can bad mouth business owners via posting on Yelp for personal reasons rather than objective data. In Yelp’s defense, somehow the organization has to raise capital to survive, and the easiest way to do so for an online company that post comments generated by volunteers is advertisement. However, that alone in my opinion is a big conflict of interests. One thing that strikes me is that no one has ever asked Yelp, not even in a Court Room, to disclose the way the internal algorithm that decides who is going online and who is not, works. As a consumer, I would be willing to reconsider my position if I had a clear understanding on how the filter works.

When traveling for business or personal, I usually use Yelp to find local eateries and trusted the reviews to some degree. I ate at some restaurants who received at least 4 stars; however the food was average at best. Now, I understand why it was rated so high after reading this week’s article explaining Yelps filtration system. As consumers we have been deceived and withheld from the truth. I would explain this incident to a five year old, in this context. If you show a sign of loyalty by continuing to buy a specific merchandise or service even if you do not like what is being offered, you will receive a prize. The only thing that matters is you how much you continue to buy the service or merchandise. In Yelp’s case, people were rewarded by having their reviews filtrated through and posted on Yelp’s website if they were continuous users. Continuous users were viewed as being trustworthy. This is counterintuitive of what we should be teaching our youth. They were rewarded for the frequency of their service, rather than quality and truth. We should be teaching our children that telling truth and quality are more important than quantity.

I tend to agree with the way Cataldo explains Yelp. If you have to say it to a 5 year old, you say that there are certain people who are trustworthy and others who are not. Yelp says it is doing its best to cut out information from those that are less trustworthy, but sometimes they may even exclude information that is trustworthy. It’s impossible to know exactly what process they are using so you have to use your own judgement when you read their information. It’s another news source and may be biased as well.

Well, just as stated on Yelp’s blog, the whole filtering system is a “Catch-22” – a dilemma, so vague enough to set an adult at sea. I wouldn’t necessarily affirm that I’ve ever made any decision solely based on Yelp reviews. Depending on the purpose, I usually utilize multiple review websites, then my instinct, before making a decision.
Most online reviews these days aren’t reliable, especially since there are “professional reviewers” with some reward to look forward to. The Forbes article clearly shows how faulty and undependable Yelp is. I would simple say to my 5-year old nephew: “Yelp reviews are unreliable; reviews sometimes disappear without any specific explanation to it.”

The Yelp information contained in the article is disappointing, as others have mentioned throughout this thread. The video provides a carefully veiled view of their rating system, touting the fairness and objectivity it provides. The mysterious algorithm is made to appear much like the Wizard of Oz, mysterious and too complex for the “average” person to understand. But trust Yelp and pay no attention to the man behind the curtain. When you consider the motivations of Yelp, they are a “for-profit” enterprise and have determined that rewarding those who pay advertising dollars to them, will have the ability to manipulate the system within their rules. Recently, I provided an endorsement to a local HVAC company on Yelp at their request, but also because they did a great job. I was not a big Yelp contributor previously, and wondered why my comment did not show up in the filtered reviews…it was a good one. I looked today and this company has 42 “not currently recommended” reviews, which I assume is where mine is hiding. I will definitely be more way of Yelp going forward. And to my daughter who is actually 6, I would tell her not to take any one source at face value. Every firm has a motive and it is not always in your best interest. Gather as much information as possible to diversity your information, and make the best decision you can.

How I would explain the controversy regarding Yelp to my five year old daughter: Yelp has become the bully on the playground at school. Kids once believed Yelp was good and helpful, but now there is a dark cloud hanging over Yelp everywhere it goes. There is a lot of name calling and mean things being said about other people and no one really knows who is telling the truth anymore. Kids used to have fun playing together and making new friends. Most of the kids are complaining that the teachers aren’t stopping Yelp from bullying other students. Some kids have even sided with Yelp and handed over their lunch money just so they could enjoy the playground and stop the name calling. Most of the kids say they aren’t having any fun because they don’t know who to play with during recess. They don’t understand why other students are calling their friends mean even though they know they aren’t and why new friends that seemed nice and wanted to play with them turned out to be mean. My five year old would then follow-up my explanation with an hour of questions.

How would you explain the controversy regarding Yelp’s reviews — to a 5 year old?

There are good and bad people in this world. Companies like Yelp must use tools to remove what it believes to be a review from a bad person. The tool they use isn’t perfect but it is a way to help get rid of the bad guy reviews. Sometimes, it goofs and gets rid of the good people reviews – this makes people very angry as they rely on good ratings to get other people to go to their business. This is similar to a situation when your kindergarten teacher accuses you of talking but you weren’t, it was your friend sitting next to you. You get in trouble and your friend who was talking doesn’t. It isn’t fair is it? What if you were talking and the teacher gets onto your friend, thinking he/she was and your friend gets in trouble? Sometimes, teachers make mistakes when determining who the trouble maker really is but on average, it usually balances out. That’s similar to the Yelp filter. It isn’t perfect, but just like your teacher, you can’t get rid of it for making mistakes, you simply need to recognize improvements are necessary and work on it.

How would you explain the controversy regarding Yelp’s reviews — to a 5 year old?

I am so called ‘Yelper.’ As posted on other discussion post, I occasionally refer to the app to gain feedback on local businesses around the world. 99 out of 100 times, the overlook provided on the Yelp page is accurate (in my experience thus far from reader perspective). I have also reviewed numerous businesses without having much dissatisfaction; although in my defense, I never went back to check my review was still up or not. However, I see Yelp’s ‘secret’ review sorting tool quite effective. As they mention in the blog post (and video), the tool may have some inaccuracy in terms of deleting right review. Yet, the tool works at high accuracy to prevent businesses from overinflating their rating by fake reviews. If yelp did not filter out fraudulent reviews, then majority of the businesses would have 5 star rating preventing customers from knowing differences. Additionally, there are many marketing companies flash up that claim to help increase reputation of the companies over the internet by inflating with positive reviews. Thus, Yelp’s tool would be great filter module to help minimize those scams colluding the review sites. Yelp also recently has taken public stands to prevent such companies to overtake Yelp’s reviews. Business Insider blogged about a recent claim that Yelp field against company claiming to increase business’s reputation for a Fee.
Fundamental learning here is that Yelp’s tool isn’t 100% accurate, yet it does a great job in filtering to be perhaps 90 or 95% accurate. I am not certain if 100% accurate review system exists out there that may be free for user to use and provide feedback on (Angie’s list may come close, yet its paid service – I have no experience with it).
http://www.businessinsider.com/yelp-is-suing-two-companies-who-claim-they-can-help-businesses-get-more-positive-reviews-2015-2

Here is an example of a comment.