Communicating About a Cybersecurity Breach Online

This post is part of a series on Cybersecurity. 

In a year filled with constant reminders of significant cyber-attacks, cybersecurity is quickly becoming a principal risk for organizations across all industries, sectors and geographies. In 2014, cybersecurity breaches have increased by 48 percent, showing the growing risk around potential attacks.

One of the side effects of the increase in attention is that many organizations are moving beyond categorizing cyber-related risks as solely the responsibility of IT or security teams. CEOs, boards and communications teams are demanding greater levels of preparedness, training, response capabilities and protocols.

Unfortunately, you can’t plan how to communicate online for every cybersecurity scenario, but it is possible to prepare – and test – responses and processes.

Here are five key digital areas that organizations should keep in mind before, during and after a cybersecurity breach:

1. Create an online hub

All official information that a business publishes during and after a security breach needs to be easily located and visible online. Organizations should prepare an online hub that holds all necessary resources. This hub can take the shape of a “dark site” to use only in emergencies, a microsite or a designated section on a current website. Hubs typically need to serve as a repository for statements made by the organization, FAQs, information about credit monitoring and links to additional resources. The tricky part of these types of resources is that activation time is of the essence. The moment a breach is disclosed, organizations may only have a few hours to respond.

2. Determine social media engagement

Decide how to communicate (or not) on owned social media channels. Creating a streamlined approach with clear guidance on what information will be pushed through social channels will help align expectations for community managers. Social media channels are the closest point to your customers. Therefore, any official communication must be paired with a cohesive engagement strategy to answer questions, help alleviate concerned customers, address hostile critics or trolls and navigate potential litigation. One of the most important components to an engagement strategy are protocols on when NOT to post to social channels. Organizations can also just pick the most appropriate social channels to use.

3. Anticipate the message

The Internet will be flooded with third-party articles, opinions from experts and a spike in brand conversation through social media. This clutter of information can be easier to manage by anticipating stakeholders’ questions and concerns. This will help maintain the view that the organization is a victim of a crime and operating efficiently in its response. This preparation will also help with the overall search engine optimization (SEO) of the organization when stakeholders’ search for answers online.

4. Be mindful of content

Be mindful of new threats to stakeholders. While most stakeholders will be searching the Internet for answers to various concerns such as liability of fraudulent charges and credit monitoring, scammers may take advantage of potential vulnerabilities with email, harmful links and phishing scams. Organizations should be investigating, reporting and communicating about damaging content to all stakeholders, as appropriate – this starts with being mindful of links that the organization includes in its own email correspondence.

5. Analyze data and monitor online

As a business is addressing the concerns, questions and complaints of customers, be mindful of who exactly needs to be reached. It is critical to set benchmarking data in advance of a breach to determine spikes in traffic to any owned property online of a business. During a breach, a business can determine traffic sources to a website. That data will determine the proper monitoring strategy of traffic drivers to a website, and social channels to keep tabs on during a breach for any new information.

How does your organization prepare for a cybersecurity breach?

Written by Dan Webber and Tatiana Posada