With the increase in ransomware attacks and data leaks posing a reputational threat to organizations of all sizes, here’s how communicators can help their team prepare.
It’s not a question of “if,” but rather “when.” That’s the mindset for most organizations when it comes to preparing for a cyberattack or data leak.
As hackers have become more sophisticated, in some cases state-sponsored, and as work-from-home has rendered organizations more vulnerable to attack, the focus on cyber crisis response has grown. Companies generally didn’t have cyber-specific crisis response plans in the past.
That’s changed.
“There are specific aspects of a cyberattack that requires a much more detailed and specific approach to how you manage communication during that type of crisis,” explains Ted Birkhahn, co-founder and president for Hot Paper Lantern.
Ted Birkhahn
“Communicators are starting to realize: ‘I need a plan in place that I can use that’s specifically tailored to dealing with a cyberattack and how those typically unfold.’”
What’s unique about cyber crises
What makes a cyberattack so different from another crisis that a brand or organization might face? Birkhahn offers a few suggestions that are generally shared by cyberattack situations, even though no two events are exactly the same.
1. Compliance. “There’s a whole compliance aspect to communicating during a cyberattack that isn’t necessarily present during other types of crises,” Birkhahn says. The level of compliance concern will vary by organization and industry, of course, but there are some general principles that should be considered.
“Generally speaking, there are reporting requirements that companies are mandated by state and federal entities to report,” says Birkhahn. Rules require companies to keep those authorities updated about the nature of the attack and how your organization is responding to try and rectify the situation. That means that you might be mandated to provide an update (which will become public) before you would have normally have a crisis response statement ready to share.
To be prepared, Birkhahn says you must know what your compliance and reporting requirements are ahead of time.
2. Disrupted communication. What happens if a cyberattack takes down your email server? Will you be able to reach the necessary members of your crisis response team and communicate effectively to rectify the situation?
“If there’s an attack that’s happening, your primary mode of communication that you have used or would use to communicate with your key stakeholders might not be available to you,” warns Birkhahn.
3. Communications’ impact on ransom negotiations. The most unique part of responding to a cyber crisis comes when dealing with the ransom attack, such as the one that took down Colonial Pipeline earlier this year. “What you say publicly to any stakeholder, whether it’s internally or external audiences, what you say could impact the outcome of the attack,” warns Birkhahn.
He explains: “If you think about a ransomware attack, a threat actor has control of your information and has control of the data, and they are trying to negotiate with you for ransom payments to give you that data back.” How you respond publicly as you negotiate behind the scenes can dictate their behavior and decisions that they make throughout the course of the crisis, BIrkhahn says.
“The last thing you obviously want to do is say something publicly that is going to tip them off or fuel the fire and instigate them to take additional steps.”
Birkhahn sees this as a crucial point for communicators to collaborate with legal teams to develop a satisfactory response. “We want to communicate and we need to communicate, but we can’t put ourselves at additional risk with the threat actors as we try to shore up our defenses,” he says.
Explaining a ransom payment
Another unique element of the cyber crisis has been when organizations have had to explain the ransom payments they made to hackers to try and regain control of their data and systems. Colonial Pipeline’s CEO Joseph Blount had to explain why he paid hackers $4.4 million.
“Some companies are embarrassed or shameful over admitting that they’ve paid the ransom,” says Birkhahn. “And you also have the federal government saying: ‘You know, paying the ransom actually perpetuates the whole problem.’”
The incentives to avoid coming clean about paying a ransom could indicate that many more companies have paid a ransom in recent years, opting to stay silent rather than admit to paying up.
Essential elements of cyber crisis response
So, what are the main steps of your crisis response plan for a cyberattack? It starts by doing as much as you can in advance.
Birkhahn recommends starting with creating an incident response team made up of key stakeholders across functions, including legal, IT and operations. “Make sure that the team understands who is on the team and what their roles are,” Birkhahn adds.
The next step is developing the content you will need to respond to a cyberattack event, from holding statements to crisis guide plans. “What materials can you have for employees in advance of an attack taking place that assures a speedy and effective response?” Birkhahn asks.
Then you should double-check back-up communications channels. If your email server is compromised, how will you coordinate across your organization with essential functions? “How do I move information mostly into a cloud-based environment where it wouldn’t necessarily be affected by an attack?”
The final step comes from crisis communications 101: practice.
“You really can’t go through this for the first time when it’s a real live attack,” says Birkhahn. “That’s not going to bode well for most companies.”
The role of the communicator
What role should communicators take in planning for a cyberattack and executing an appropriate crisis response? Birkhahn advises that they play the role of the “convener.”
“They should be the ones that are helping the incident response come together and make sure that each one of those individuals or functions is doing their bit to help the company respond,” he says.
They should also be an important source of knowledge about the various functions of the organization, and a defender of the interests each type of stakeholder. “The role of the communicator is making sure that the incident response team, the C-suite and the board understand the impact that this event is having on each stakeholder and how that should drive when you communicate and how you communicate,” Birkhahn says. He advises that communicators push the crisis team to really respond to the concerns that each group of stakeholders has.
“It doesn’t matter what industry you work in,” he says to sum up his argument for a unique crisis response plan for cyberattacks. “It affects you across the board.”
- Home page
- Content Marketing
- Digital Marketing Strategy
- Digital Marketing Strategy
- Digital Marketing Strategy
- PPC
- SEO
- Social maketing
- WordPress web development
