How can your business respond when under attack?

How can your business respond when under attack?

woman screaming into microphone and phone

Chris Butler, Principal Consultant, Cyber Resilience and Security, Sungard Availability Services 

To quote Warren Buffet, it takes 20 years to build a reputation and five minutes to ruin it. Years later, in our “always on” world, I would wager it can take less than five minutes to incur damage to your image. We are unable to open the newspapers or turn on the television without bearing witness to the latest victim of a cyber-attack.

In a world overwhelmed by social media, news of such a disaster can go international in the time it takes to say ‘cyber-breach.’ And the potential fall-out of a crisis? Damage to your businesses’ reputation, negative effects on share price and a detrimental impact on staff morale.

If a data breach takes place, organisations must be in the position to communicate information instantaneously and precisely to all parties affected – customers, partners, vendors and staff. However, crises are unique and unpredictable, and can go beyond what you’ve planned for. How can organisations be best placed to respond accordingly?

There are two types of communication that are needed to support a crisis management programme. Both require sufficient preparation to ensure a swift and appropriate response in times of crisis, and that those impacted are kept in the loop by business leaders – not a random social media post.

Also of interest: Phishing – what’s next?

1. Pre-defined messages:

These should be the cornerstone of any good crisis management programme and are crucial to avoid wasting time deliberating on what to say as the crisis unfolds. But how do you go about developing them? Organisations need to dedicate time to identifying potential scenarios, developing the appropriate messaging templates and selecting appropriate communications channels for each situation. It is recommended to carry out a comprehensive stakeholder analysis to identify the parties who will need to be informed as a priority, and what they need to know. Constructing and clearing provisional statements in advance will place your business in a much stronger position to respond quickly and accurately.

Also of interest: Cryptocurrency hacks, hacking the unhackable 

2. Tailored Response:

Tailored responses are unique to a particular crisis. While it is not possible to prepare for every single crisis outcome, this does not justify neglecting foresight, groundwork or planning. As the saying goes, an ounce of preparation is worth a pound of cure. Carrying out simulation exercises to educate and train crisis teams, familiarise them with possible outcomes, and uncover opportunities and gaps in their programme(s) will help them develop a readiness mentality. This then places them in a much stronger position to manage threats to their organisation.

It’s crucial to enlist a crisis communications team, led from the board, embedded at the heart of your business and possessing a sound understanding of the risks and threats posed to the organisation. However, in a crisis the onus is not just on the defined crisis communications team. Senior management will need to be media trained to respond to untoward situations to reduce damage to business brand, to keep staff feeling focused and motivated and to engender confidence amongst stakeholders.  They will be a vital conduit to creating market goodwill while the business establishes the nature and scope of the threat; re-instates or bolsters systems or operational integrity and redresses any customer impacts.

Weathering a crisis will depend entirely on your organisation’s ability to arm itself and remain level-headed when the time comes. Businesses who deliver well-considered communications in the event of a cyber-attack will be the ones to demonstrate foresight and agility; re-positioning themselves as a stronger and more resilient force.

Also of interest: Biometrics – security through personality 

Copyright Lyonsdown Limited 2021

Top Articles

COO of network security firm indicted for hacking into hospital network

A 45-year-old Chief Operating Officer of network security company in Atlanta, Georgia was indicted this week for launching a cyber attack on Gwinnett Medical Center.

McDonald's data breach: Employee and customer data stolen by hackers

McDonald's suffered a data breach that compromised the personal information of customers in South Korea and Taiwan and business contact information of some US employees.

RockYou2021 data leak: 8.4 billion passwords compromised

A report shows that 100GB of data which includes 8.4 billion passwords have been recently leaked on the internet, people are being encouraged to secure their accounts.

Related Articles

[s2Member-Login login_redirect=”” /]