In terms of cybersecurity, the crisis management is often tricky in terms of communication. 😁 It requires composure, organization, method and a certain form of rigor. Here are some ideas that should guide any business faced with a cyberattack, whether minor or large. 💪 Putting these principles in place should avoid miscommunication and prevent giving the feeling of unprofessionalism.
⏳ Cybersecurity: Above all, get ready!
Preparation is obviously the best defense. A security breach is possible regardless of the skill level of your IT team.
The worst thing you can do for your brand once news of a breach occurs is to scramble to figure out who to work with to understand the problem, who is communicating to which audience, and who needs to be put in the loop. .
A good communication plan must therefore identify the roles of each person, the procedures to be followed and the essential steps to be followed. In addition, a communication plan should be a shared document, revised at least once a year. It is important that teams can practice using it in fictitious situations. Finally, teams must be trained in all cybersecurity tools and all mandatory communication rules. Internet safely. LA solution, for example, of a corporate VPN will be essential. Un VPN free trial will allow you to determine if the tool is suitable for your needs and can be easily deployed.
🔎 Establish the facts
When a data breach occurs, the first step is to organize a meeting whose theme should be "What do we know?" ". It includes the managers of the legal department, public relations, security, IT and any other service concerned. The goal will be to collect the facts, verifiable information, in order to be able to communicate in a concrete way and cut the rug from under the always inevitable rumors.
This will require trying to determine how the data breach occurred. What data has been compromised? How many people were affected? Has the security breach been corrected or the data leak stopped?
👉 Designate a single person or entity for external communication
As soon as the rumor of an IT security incident begins to spread, expect a lot of solicitations. external (partners, press, customers, consumer associations, law enforcement, regulators, etc.).
It is impossible for the communication to be carried out in a disorderly manner and by any interlocutor. A communication team must be set up with a single point of contact with the press and institutional parties. A customer or consumer response team must also be set up. It must have an answer guide as well as a precise questionnaire to collect information from these interlocutors. Among other things, it is vital to ensure that the company presents a consistent message across all communication channels.
✅ Check the criteria for involving legal or regulatory authorities
A company that is affected by a cyber attack quickly faces the question of the involvement of law enforcement or various regulatory authorities (CNIL, federation or professional order, prefecture). This may depend on the nature of the risks, the extent of the damage or the sensitivity in thepublic opinion such attacks. These are often tough decisions in terms of negative publicity, but this assessment should never be overlooked. In many cases, failing to involve these authorities can be seen as a cover-up and be characterized as a breach of a legal obligation.
The cybersecurity plan established upstream must also include an assessment grid for the severity of the computer breach. He must propose criteria to help the decision.
👀 Monitor social networks
The Social Media are of course an extremely important communication channel in the event of a crisis. The Internet users They will come to try to find information, but also to share their disappointments or their concerns. It is therefore essential to dedicate a community manager, or even an ad hoc team, to manage these messages. It will be a question of taking them into account and sending them a courteous public response showing your interest and your involvement. Tout by inviting them to confidentially and privately contact the team dedicated to this problem.
Social media monitoring can also serve as a quick analysis of customer sentiment. Finally, all of the company's official communication on social networks about the crisis will also have to go through the team provided for this purpose. In the event of a serious situation, it is even advisable to freeze all other ongoing campaigns on social networks and not only (promotions, advertisements, etc.).