01 May Where PR And IT Collide: Cyber Security
Preventing Information Technology (IT) and cyber security attacks is on every business leader’s active agenda. We know IT vulnerabilities can lead to huge disruptions in business and extremely costly interruptions in productivity.
Ransomware, malware and other cyber attacks are on the rise, and do not discriminate by a company’s size or industry. (Apple users, you’re not invulnerable either! Symantec reports an 80% increase in new malware on Macs last year.) Employees of organizations with fewer than 250 employees receive malware in 1 out of 9 emails they receive. Think about how quickly your inbox fills up, and that number quickly becomes staggering.
Cyber Security Crises Are Communication Crises
If the communication about a data breach, hacking or privacy violation is managed poorly, the outcomes are devastating. When we teach crisis communications to MBA students, we always include recent cyber security case studies. An IT crisis can very quickly turn into a major PR crisis, impacting your business from many angles:
- Consumer confidence, trust and loyalty
- Privacy and information security
- Legal issues relating to client data security
- Insurance payouts
- Employee morale
To limit the impact on our clients’ business should an IT crisis arise, we urge all our clients to implement an IT triage plan – one that includes a PR response. Good planning includes both response strategies and risk mitigation.
Cyber Security Risk Mitigation
As with any PR crisis plan, prevention is key. Preventing a breach or network attack begins with proper training and a strong support team. Make sure your PR company is a part of the planning process – we help our clients educate their teams about new cyber security policies and precautions and why they are important. That way, if anything happens, you have a record of practices in place to protect your clients and their information.
- Keep good IT support on retainer, or in-house. Spend money on sound IT infrastructure and support. Have your IT support map out a strategy to prevent and, if necessary, recover your network.
- Train your employees on safe internet and email use. Can your employees identify a phishing attempt or unsafe website? Most breaches begin by an employee opening an unsafe attachment or link. If your employees are equipped to recognize and respond to potential threats, you could avoid a world of trouble.
- Keep your website up to date. Last year, more than 223 million web attacks were blocked. We update our clients’ website software several times a week to make sure they are protected against recognized threats. Some of the most prominent leaks, hacks and breaches of our time were caused by outdated website technology.
Responding to a Breach, Hack or Violation
There are always actors working hard to compromise companies’ security for their own personal gain. So, if your organization falls victim, having a plan in place takes the panic out of the situation and puts you in a much stronger position to recover from lost consumer trust and interrupted productivity.
Here are just some of the questions you should be ready to answer before the time comes:
- Who within your organization will be involved in responding to a cyber security issue after it occurs? Your response team should include your leadership, IT experts, public relations and legal counsel. Set up an internal chain of communication, and make sure everyone is fully informed.
- How soon should you notify clients and the public? You may have very little information early on, but it is critical that you respond proactively. We have seen many companies suffer in the public eye because they delayed notifying their stakeholders or were less than transparent about what happened. Uber’s consumer data breach in 2016 is still causing them trouble 2 years later – all because they covered it up.
- Which stakeholders need to be notified first? Construct your response plan to control the story by prioritizing your audiences – your stakeholders should always hear the message from you. Be aware, though: that once you tell one group, the word will get out. Make sure it’s your word that spreads, and not someone else’s.
- How will you contact your top clients when a breach shuts down your email system? Call your clients to let them know you are having IT issues, and make sure all account executives use a consistent message. Explain that emailing may not be possible for a certain time frame, but they should feel welcome to call if they need something. Your clients will welcome the timely personal alert and understand that some things are out of everyone’s control. Keep them up-to-date as the situation develops.
- How can you show your clients you are committed to protecting them? Share what measures you had in place beforehand, what happened and what you are doing differently in the future to protect consumers and improve security. You have an opportunity to build relationships with your consumers, become a leader and end up stronger than you were before.