Cybersecurity breaches are a real threat. In fact, any business at some point will get breached, regardless of how good your cyber defense is, how big your company is or who you use for an IT provider. What matters is having a good defense plan, knowing what you are going to do to get your business back up and running, and especially how are you will communicate this news to your different stakeholders.
A cyber breach makes everyone nervous, from the CEO to the MSP that’s trying to get your business back. With this guide, you’ll be able to create a communications plan for when this happens. Remember, the idea is for you to have this in place, test it, and be ready to use when the time comes.
Your people found a cybersecurity breach. They’ve implemented incident response protocol, isolated the systems affected by the attack, and they believe they’ve stopped it. The cross-functional team has been assembled according to plan, and now it’s time to find out what happened. What do you need to know right now?
More than likely, not all the facts will be immediately available, but there needs to be urgency in gathering information. Leveraging security services from an outside firm such as Connecticut-based NSI can help accelerate the discovery and fact-finding mission when every minute matter.
The urgency used in addressing a cyberattack is critical to successful remediation, and the actions taken in the hours and days following a breach can make or break a company. By now you should have already gathered the team identified in your incident response plan. The next step is to create a “war room” for the cross-functional members of the response team to work together in real-time. Since there is always a chance of internal threat actors, the environment should be treated as private and confidential, limiting access to the response team and specific individuals (internal and external experts). The last thing you want is news of the incident getting out before you’re ready to share.
There are two primary groups to address following a breach:
Be conscious of who gets included in the internal groups. Someone not bound by NDA could quickly make your internal message an external one.
Messages should be tailored by target audience and strike a careful balance between being transparent and sharing too much. Customers and the public need to know that something happened, how it affected them, and what the company is doing to remediate the issue. Sharing the gory details will not help the situation. Internal audiences should receive enough information to dispell any rumors that might arise from being too vague.
The most important component of the communication is to ensure it’s crafted in such a way as to retain the trust of those affected and let them know the company will do the right thing when faced with difficult situations like this one. In situations where large numbers of customers are impacted, many companies will retain the help of a PR firm to support them throughout the process.
Appoint one or more people to represent the company for communication of information about the breach and corresponding response. This person should be comfortable dealing with the public and under less than ideal circumstances. Common appointees are PR and legal, but this person could also be a COO. They should be ready to invest some time into this activity and be available to provide status updates as they become available.
Many companies will immediately consider the CEO as the spokesperson in dealing with a breach. While this may seem like a logical choice to represent the company, there can be logistical challenges especially when a CEO is already busy. Putting forward someone more accessible and available will pay off in the long run.
Now that the messaging has been carefully crafted, and the spokespeople assigned, it’s time to communicate to the audiences. These are the most important things to know:
The message is out and there’s no taking it back. Existing and prospective customers, business partners, and the rest of the world will all have an opinion on the situation and how it was handled. Some may be more vocal, while others may just have further questions. It’s normal for people to be upset when their trust has been broken. Answering questions for those affected, or the public in general, will help rebuild that trust. If you’re not already staffed with social media expertise, now might be a good time to explore contracting with a firm or a few key experts to help handle the load.
Security breaches are inevitable. Recovering from the impact to IT systems is just a part of it. Being ready with the right response to internal and external audiences is the difference between restoring trust after it’s broken, or losing it forever. Get ahead of it and use this guide to build out your communication plan now so you’re not trying to catch up to it later.