The past two years have accelerated the transition to a work-from-home culture for the vast majority of businesses. As employees embrace remote work, our data travels more and the scope of our digital environment grows dramatically, but this can attract unwanted actors.
This is one of the factors that make businesses more vulnerable than ever to attempted attacks on their computer networks. Cyberattacks are becoming more common, which raises many questions about the best practices for communications before, during and after the incident.
For Cybersecurity Awareness Month, the crisis communications experts at PAA Advisory | Conseils offers some advice to help manage these situations.
Identify and train spokespersons
The old adage of “building a plane in mid-air” makes perfect sense in crisis management, especially following a cybersecurity incident. In this context, it’s best to get ahead of the curve and try to prepare in advance – saving valuable time and giving yourself all the tools to respond in the best possible way.
The identification and training of spokespersons must be a priority. During a crisis, these spokespersons will be called upon to represent your organization, and the way they communicate will have a major impact on your reputation. Choose them carefully, and make sure they are well trained – because when the crisis hits, it’s already too late.
How to reach your audience
A cyberattack can paralyze your computer systems for several days or even weeks. If your intranet system becomes dysfunctional, for example, it would be very helpful to have a backed-up database of emergency contact information for critical internal and external stakeholders. How and when you communicate with your employees and customers can have a significant impact on their perception of how you are managing the crisis.
Do not underestimate the required work
As cyberattacks are becoming more and more common, your response to these events will have a significant impact on your organization’s image and reputation – and its perceived liability. Therefore, your organization should never underestimate the time and workload involved in implementing a crisis response plan.
Regardless of the severity of the incident, your communications team will need to be on top of the situation from the very beginning to ensure that they are prepared for any unforeseen events. Taking the time to develop and agree on targeted messages will allow your organization to communicate directly and accurately afterwards. Those who devote the most resources and time to preparing for crisis management are usually the ones that achieve the best results.
The speed at which the situation evolves in the wake of an incident means that we are not always able to communicate as much as we – or the general public – would like. While communicating quickly is essential, transparent and truthful communication has to take precedence over speed.
Key facts, including the nature of the data seized or the people affected by the incident, may take several weeks or even months to be confirmed. Nevertheless, it is critical to avoid speculation that can quickly lead to the slippery slope of misrepresentation. There will always be those who, from the peanut gallery will try to use the crisis for their own publicity, but in the medium and long term, your organization will benefit from responsible and diligent communication, rather than talking too fast and regretting it later.
The importance of public relations
Cybersecurity incidents expose the vulnerabilities of an organization, and once one happens, it is unfortunately impossible to go back and change the past. However, it is possible to put in place effective crisis management plans that will act quickly to limit the impact. An external public relations team can help you save time (which will be sorely lacking) and will be able to draw on experience to avoid making a challenging situation even worse.
If you have any questions or want to learn more, PAA Advisory’s team of crisis communications experts is at your disposal. Please do not hesitate to contact us.