Here are 8 best practices to help you overcome a cyberattack.
Cyber incidents occur frequently. We are a trusted public relations advisor to cybersecurity companies and organizations seeking helpful expert guidance on corporate communication before, during, and after a cyber attack.
We’ve already discussed how to communicate before and during a cyberattack. However, these are the eight best practices to help you communicate internally and externally after a cyberattack.
Audio: Listen to this article.
1. Be mindful of post-crisis communications .
There will likely be many employees feeling vulnerable after a large cyberattack on a company. Victims can still fall for additional scamming tactics, such as fraudulent phone calls, texts, or emails that request private personal information regarding the larger organization attack. Always provide information on fraudulent practices and give victims direct and clear information with steps to follow if such an incident occurred.
2. Follow state notification protocol.
After a cyberattack occurs, it’s important to know that each state has different laws and regulations for reporting a crime like this. Be sure to look up your state's protocol so you can notify the correct authorities and report the cyber crime to begin investigations.
3. Unite.
After a cyberattack occurs, people are likely to panic. However, it’s important to note that after an attack occurs, an organization, its employees, and its clients must unite together, especially to avoid losing trust. After all, it’s the company versus the attacker, not the organization versus the clients.
Uniting your company after a cyberattack involves good communication with your employees and clients. Also, never blame a specific person directly (unless it was criminal activity) for the cyber attack. Stick together and show your strength as a company by not segregating consumers and individuals within the company.
4. Start the dialogue.
It’s only a matter of time before news of your organization’s cyberattack gets leaked or announced by someone other than you. Word travels fast, and if you aren’t on top of the message, it’ll get out and you won’t be the narrator. To take control of the message that comes out after a cyberattack, you need to start the dialogue and give yourself the power of narrating the story.
5. Be transparent.
Cyberattacks occur because of lack of communication. So, why would you want there to be any lack of communication with the public after an attack? Always be honest, open, and direct about what happened, why it occurred, what employees and consumers must do, and what steps the company is taking to fix the incident and protect consumers from future attacks.
6. Offer solutions.
If the cyberattack has potential effects on customers’ or clients’ information, provide them with step-by-step instructions on how to protect their current and future information.
7. Educate.
Turn this incident into a lesson. Use this time to educate employees on protocols and the importance of cybersecurity training. Also, educate clients on the importance of protecting their online information and ways they can do so.
8. Learn and re-evaluate.
After these best practices have been implemented, reflect back on your company’s cyber incident. Discover how your crisis management plan could have been better, what protocols could have been described more in-depth, or how your employees could have reacted faster to the attack. Take the time to adjust and add to your plan and protocols. You may also add additional cybersecurity training for employees as needed. This cyberattack will help prepare you for the next one.
If you're currently experiencing a cybersecurity incident, book a crisis cybersecurity consultation. Not under duress but looking for help communicating about cybersecurity before a potential cyber attack? We can help you. Book a free cybersecurity consultation.
Photo by Alena Shekhovtcova
Topics: crisis communications, cybersecurity
Comment on This Article