Page 52 - Cyber Warnings
P. 52
Top 10 Best Practices for Cyberbreach Post-Crisis
Communication
By Rishi Bhargava
According to an article appearing in AT&T Cybersecurity Insights, 62 percent of all organizations
surveyed admitted that they had suffered a breach in 2015. Furthermore, although 42 percent
reported that the breach had a "significant negative impact" on their company, only 34 percent
felt that they had an effective plan for responding to the incident. One critical element that is
often lacking in an incident response plan is a clear strategy for communicating the cyberbreach
with all parties requiring notification.
After a cyberattack, the following Top 10 best practices for managing your post-crisis
communications can prove beneficial.
1. Silence is not golden after a cyberbreach. Organizations need to communicate quickly,
but be wary of over-communicating. If necessary, issue a "hold statement" that conveys
that the team is aware of the issue, is investigating the cyberbreach, and will provide
more information as it becomes available.
2. Ad lib statements are not advisable. An effective incident response plan should include
boilerplate prepared statements that have already been approved by stakeholders for
use following a breach. Rely on these statements rather than off-the-cuff comments.
3. Deliver communications in clear terms that avoid overly technical terms or industry
jargon. If the message lacks clarity, people might think the organization is hiding
something. For similar reasons, avoid responding to questions with a terse "no
comment".
4. All communications should maintain the same voice. This does not mean that only one
person needs to handle all communications. It simply means that communications
should deliver a consistent message and use a consistent tone.
5. Focus on the people affected by the cyberbreach rather than the breached organization.
Breach notification should simply be a part of a customer relationship strategy, as well
as a part of an incident response plan. Customers need to feel that the organization
cares about the impact that the breach might have on them and that the organization will
take care of their problems. Express concern for their inconvenience in a sincere manner
without acknowledging any wrongdoing by the company.
6. Do not overlook employees. They need to be kept in the loop and provided with any
guidance that they might need.
7. Have an effective means of communication. Consider dedicating a section on the
existing website or creating a separate website where customers and the media can find
52 Cyber Warnings E-Magazine October 2016 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
