Breached But Not Broken
J. Alex Greenwood
Higher Education | Public Relations | Founder | Podcast Host & Producer | Writer | Author
A computer hack transcends IT issues, posing a crisis that can tarnish your brand's reputation, erode customer trust, and, ultimately, affect your bottom line.
The recent (as in the last five or ten years) surge in cyberattacks underscores the importance of having a robust crisis management plan. When such an incident occurs, especially when it affects customers and attracts media attention, how you respond can either mitigate or exacerbate the situation.
Here's a brief look at navigating the choppy waters following a computer hack at your workplace. It’s by no means all you need to know, but it should get you thinking about what you need to do to prepare.
Immediate Response
Assemble Your Crisis Response Team (CRT):
The first step is to convene your crisis management team, which should include members from IT, public relations (PR), legal, customer service, and any other relevant departments. This team will be responsible for managing the situation from all angles – technical, communicational, operational, and legal.
Pro-Tip: This team should KNOW their role as part of the CRT and have some training and mock event practice under their belts. Nothing worse than getting the deer in headlights look from your team when something goes down.
Secure Your IT Infrastructure:
Work closely with your IT department or cybersecurity team to contain and assess the breach. The priority is to prevent further data loss by securing your systems. IT should immediately begin an investigation to understand the extent of the hack, the data compromised, and how the breach occurred.
Pro-Tip: Establish good relationships and a better-than-layman’s understanding of hackable IT processes ahead of time. You’ll thank yourself later—and it’s easier to put your IT-related holding statements together in advance as part of your planning operations.
Communicate Internally:
Ensure that all staff are informed about the situation with clear instructions not to communicate with outsiders about the breach. Misinformation can spread quickly, and employees should direct all inquiries to the designated spokesperson.
Pro-Tip: This should be trained in all staff. A lot. They must have an understanding of why they should not speak, and to know their role in the mitigation of the crisis.
Communicating with Affected Parties
Notify Affected Customers Promptly:
Transparency is key. Notify affected customers as soon as possible, detailing what happened, what information was compromised, and what steps you're taking to resolve the issue and prevent future breaches. Offer solutions like credit monitoring services if financial data is involved.
Pro-Tip: Remember, your legal team has what may be the last word on what you communicate. However, how you communicate is up to you—and you should be as transparent and empathetic as possible.
领英推荐
Prepare a Public Statement:
Craft a public statement that explains the situation without going into unnecessary technical detail. Highlight the steps your organization is taking to address the breach and ensure it doesn't happen again. Be sincere, avoid corporate jargon, and show empathy to those affected.
Pro-Tip: You should gameplan any potential data breach and cyberattack scenarios ahead of time so you can create templated responses that will save critical amounts of time and decrease risk of misstatement during a crisis.
Engage with the Media:
The media can be a powerful ally in disseminating your message. Provide a clear, concise, and factual statement to the press. Be prepared for media inquiries and designate a trained spokesperson to handle interviews. Avoid speculation and stick to the facts.
Pro-Tip: The media can also be an inadvertent destroyer of your brand if your messaging stinks. Having a good relationship with the media before a crisis is the best way to engage with the media.
Post-Crisis Actions
Review and Strengthen Security Measures:
Post-crisis, thoroughly review your cybersecurity posture. This includes auditing your current security infrastructure, updating policies, and implementing stronger security measures.
Pro-Tip: Employee training on security best practices is essential. Be a driver for this initiative.
Legal Compliance and Follow-up:
As I mentioned before, ensure you work with your legal department to comply with all legal requirements, including reporting the breach to the relevant authorities and adhering to any industry-specific regulations. Keep affected customers updated on the progress of your remediation efforts.
Pro-Tip: As a coms pro, it’s not your job to tell legal how to do their job, but it is your responsibility to follow up and stress the need for compliance—because if another breach happens, particularly in recent memory, your job just got ten times harder—and your brand could suffer irreparaple damage.
Analyze and Learn:
Once the dust has settled, conduct a post-mortem analysis. Identify what went wrong, what worked well in your response, and where there is room for improvement. Use these insights to strengthen your crisis management and cybersecurity strategies.
Pro-Tip: Real Talk: If you breathe a sigh of relief after an incident blows over and don’t apply learnings, you’ll deserve it when the next crisis response costs you your job.
A computer hack is a stark reminder of the vulnerabilities in our digital world. However, with prompt action, clear communication, and a commitment to making amends and improvements, organizations can navigate through the crisis and rebuild trust with their customers and the public.
Remember, it's not just about managing the hack; it's about managing the aftermath and committing to ensuring your organization emerges stronger and more resilient. This commitment can set you apart and fortify your reputation in the face of adversity.