June 7, 2021
Company responses to cyberattacks dictate public perception.
With Colonial Pipeline recovering from a cyberattack organized by a cybercriminal gang, the encounter has left the industry a number of lessons regarding cybersecurity. Here are some tips for crisis communication management in the event of a cyberattack:
1. Delay is dangerous
Time is a crucial element in crisis communication management. Decisions should be made swiftly and implemented efficiently.
The attack on Colonial Pipeline was uncovered around 5:30 a.m. Consequently, an alarm was triggered through the company’s rankings. The CEO got the information before 6 a.m. This helped the company preserve significant parts of its operational systems, even as the degree of the damage was being investigated.
2. Don’t neglect the public
Companies are responsible for prioritizing their customers and the general public during sensitive matters like cybersecurity and data breaches. Informing the public of the situation as soon as possible is a cornerstone of crisis management.
During the early stages of the crisis, Colonial Pipeline could have quickly informed the public of the situation. However, there was no statement made on their site for almost 30 hours. This is unimpressive considering the dangers that the breach posed.
3. Prioritize awareness
The Colonial Pipeline cybersecurity saga showed that organizations need to up the ante on educating their employees about the vulnerabilities of their operating model.
Corporations can do better by teaching employees about emails. They need to unlearn the habit of trusting the method of communication since email threads and accounts are prone to hijacking. The corporations’ assumption of trust serves these unscrupulous cybercriminals, allowing them to wreak havoc on businesses.
Blind trust is a thing of the past in today’s digital world.
4. Changes matter
While it was Colonial Pipeline’s security system that was breached, it wasn’t the only entity involved. Following the announcement of the data breach, notable figures made remarkable changes.
President Biden went ahead to sign an executive order to consolidate the country’s cybersecurity. Also, the Department of Homeland Security made public its plans of issuing cybersecurity regulations for all pipeline companies.
5. Take advantage of available help
In the event of a crisis, the company should contact relevant entities and individuals for help. This is because the required capacity to handle the situation may be beyond the corporation. Also, its systems might be too compromised to salvage the situation from within.
FireEye, a cybersecurity company, came to Colonial Pipeline’s aid, helping the company investigate and recover from the cyberattack.
6. Communicate your motives
In the bid to restore order, odd decisions may need to be made. When this is the case, it is imperative to announce your actions, as well as the reasons behind them.
In light of the attack, Colonial Pipeline CEO Joseph Blount endorsed the payment of $4.4 million in ransom to the hackers. While this is an admittedly controversial decision, the business leader stood by his decision: “It was the right thing to do for the country.”
He placed America’s infrastructure first and was unabashed about it. Empathy and maintaining relationships are fundamental to any company’s public relations endeavors.
Blount emphasized that it wasn’t an easy decision for him to make; losing money is never fun. However, the decision was in all parties’ best interests.
The frequency of cyberattacks is a growing concern. It is imperative for companies to include a cybersecurity response in their PR strategies. There is a possibility that it will come in handy one day. If a cyberattack does occur, Axia PR specializes in crisis communication management. We’re at your service. You’re welcome to contact us.