October is Cybersecurity Awareness Month. It’s also the awareness month for Breast Cancer, National Economic Awareness, Diversity Awareness and several other worthy issues and causes.
Being one of many is not an excuse for putting off the need to take stock of digital assets, revisit your plan and insurance policies, and improve defenses. Cyber criminals don’t restrict their attacks to designated days or months.
As a reminder, cyber crisis planning is a bit more intricate than other crisis preparation, since it requires greater involvement with IT and Federal law enforcement.
Here are several preparation suggestions:
- Take another look at your Cyber Crisis Communication Team: This team should include members from IT, legal, a breach coach, PR, HR, and executive leadership.
- Create Messaging Templates: Develop templates for various scenarios, such as ransomware, phishing, malware and insider threats. Templates should address initial notifications, updates, and resolution announcements. This saves time.
- Conduct Training and Simulations: Regularly train the crisis communication team and conduct simulations to practice your response. This will identify gaps and build teamwork.
- Decide on Channels and tone for Communications: Every organization is different. Publicly traded companies in the U.S. have SEC mandated obligations if a breach is deemed material. Healthcare organizations have mandatory notification requirements. Some organizations issue press releases and reactively respond to media. Others use websites and social media. The way cyber breach communications are written and distributed can have an impact on stakeholders, including employees, customers, and partners.
While we’re a bit jaded about using designated days and months, don’t miss the opportunity to let employees, vendors and customers know about the importance of cyber security and awareness. The National Park Service posts signs to let us know the forest fires risk. For cyber, it’s unfortunately always high risk season.
Are you able to communicate effectively with stakeholders in the “Golden Hour” after you discover your data, assets, or business operations have been compromised?
- Do you have an updated cyber attack response plan to immediately inform customers, investors, employees, boards of directors, law enforcement, regulators, and the media?
- Do your C-Suite, breach coach, and legal counsel collaborate to ensure that executive communications don’t harm your legal and financial positions?
- Do you have a cyber attack response plan in place to repair and restore your brand’s reputation?
Yes& CommCore helps organizations plan for the public relations and reputation management impacts of cyber attacks. Failure to create a cyber security communications plan and manage customer concerns around data privacy can impact even the most respected brands and reputations. We work with Legal, IT, HR, and forensic teams to implement cyber-attack response communications with key stakeholders.
We can help you create and implement your cyber security communications plan, as well as run simulations so your team is ready when crisis strikes. Learn more on our website, or contact us today to get started.
To schedule a PressureTest™ Demo or get your team trained, call us at (202) 659-4177 or email info@CommCoreConsulting.com to contact our crisis communications firm today.
Additional Resources
· CEO Andy Gilman in Forbes: “No One Is Immune From a Reputation Crisis“
· Business Insider Lists CommCore Among “Top DC Crisis Communications Firms to Call”
· Crisis Communication Examples
· CommCore Crisis Communications Advice Featured in CNN Money
· Crisis Communications Case Study: CommCore Advises J&J During Tylenol Tampering Crisis
· Social Media & Crisis Communications
· Industry Focus: Discover CommCore’s Expertise in Your Vertical