According to an article appearing in AT&T Cybersecurity Insights, 62 percent of all organizations surveyed admitted that they had suffered a breach in 2015. Furthermore, although 42 percent reported that the breach had a "significant negative impact" on their company, only 34 percent felt that they had an effective plan for responding to the incident. One critical element that is often lacking in an incident response plan is a clear strategy for communicating the cyberbreach with all parties requiring notification.
After a cyberattack, the following Top 10 best practices for managing your post-crisis communications can prove beneficial:
- Silence is not golden after a cyberbreach. Organizations need to communicate quickly, but be wary of over-communicating. If necessary, issue a "hold statement" that conveys that the team is aware of the issue, is investigating the cyberbreach, and will provide more information as it becomes available.
- Ad lib statements are not advisable. An effective incident response plan should include boilerplate prepared statements that have already been approved by stakeholders for use following a breach. Rely on these statements rather than off-the-cuff comments.
- Deliver communications in clear terms that avoid overly technical terms or industry jargon. If the message lacks clarity, people might think the organization is hiding something. For similar reasons, avoid responding to questions with a terse "no comment".
- All communications should maintain the same voice. This does not mean that only one person needs to handle all communications. It simply means that communications should deliver a consistent message and use a consistent tone.
- Focus on the people affected by the cyberbreach rather than the breached organization. Breach notification should simply be a part of a customer relationship strategy, as well as a part of an incident response plan. Customers need to feel that the organization cares about the impact that the breach might have on them and that the organization will take care of their problems. Express concern for their inconvenience in a sincere manner without acknowledging any wrongdoing by the company.
- Do not overlook employees. They need to be kept in the loop and provided with any guidance that they might need.
- Have an effective means of communication. Consider dedicating a section on the existing website or creating a separate website where customers and the media can find current information. Organizations might consider using an intranet site for employees, vendors or others who already have access to the intranet.
- Take a proactive approach to communicating the positive steps that the organization is taking to respond to the cyberbreach. Report on the recovery or corrective measures, as well as the progress of your investigation.
- Keep promises. If an organization has promised employees that they will be provided with statements that they can use to respond to calls from customers, make sure to follow through. If a press conference has been promised at a specific time, ensure that the spokesperson is there. If customers have been promised additional information as soon as it is known, deliver it in a timely manner. Avoiding the press or your customers will only contribute to the suspicion that the company has something to hide.
- Maintain a comprehensive communication plan. Last but not the least, the above points should be captured in a comprehensive communication plan which is available to all the stake holders inside the organization.
Cyberbreaches continue to occur at an ever-increasing rate. How a company handles communications after a breach can have a significant impact on public perception as well as customer relations. These communication best practices are critical for creating a positive perception about the company in time of crisis. It is also a must to have these processed documented and tracked to see if they are followed appropriately. Conducting mock exercise and analyzing the responses from different teams for these can help in being better prepared for when the real attack occurs.
This article was originally published on the Cyber Defense Magazine: http://www.cyberdefensemagazine.com/newsletters/october-2016/index.html#p=52