[BreachExchange] 4 Tips to Keep Key Stakeholders Happy in the Event of a Cyberattack

[Audrey McNeil]

https://www.commpro.biz/4-tips-to-keep-key-stakeholders-
happy-in-the-event-of-a-cyberattack/

Cyberattacks are becoming more and more common, with advertising agency
WPP, pharmaceutical company Merck & Co and Russian oil giant Rosneft, the
most recent to fall victim to a global ransomware attack in June. It’s an
increasingly common crisis, and brands need to be properly prepared.

Cyberattacks impact a range of key stakeholders—including customers,
investors and employees—all of which require a unique plan of action. The
potential damage of an attack and the diversity in stakeholder needs means
that businesses must have a detailed and executable plan of action in order
to survive amidst today’s volatility.

Devising and following through on a crisis plan is no easy feat, so here
are a few tips for keeping customers, employees and investors calm in the
wake of an attack.

1. Communication is vital –– Though businesses often look to satisfy
customer demands first, the initial task is to communicate internally, and
to do it quickly. As the crisis evolves and the business’s course of action
adapts, ensure that all employees are kept up-to-date so they can properly
communicate with external stakeholders. Once employees are aligned on
strategy, you’ll need to deliver a transparent explanation and course of
action, explaining to investors and customers exactly what has transpired
and how it impacts them. It’s important to have this information readily
available across channels—including social, email and your company
website—to ensure that it reaches everyone.

2. Plan to automate tasks –– Workflow during a crisis changes drastically,
as employees are needed for a range of duties. Creating a crisis plan that
lifts certain responsibilities from employees and automatically sets them
in motion allows for more efficient troubleshooting. Especially in the
event of a cyberattack where a business might lose the ability to complete
online or network based tasks, it is important to have pre-assigned tasks.

3. Take ownership –– Transferring the blame almost guarantees that
customers, employees and investors will lose confidence in a company to
which they are otherwise loyal. Though the business might not always be
responsible for the crisis, especially a cyber attack where hackers are
often difficult to track down, it is definitely responsible for how it
manages that crisis. Delivering an effective response, with empathy and
understanding can go a long way in putting key stakeholders at ease.

4. Think about the future –– It isn’t enough to deal with the immediate
impact of a global cyberattack. Businesses must consider how and why the
attack occurred –– does the business need to increase security provisions
to protect itself against another attack? Make sure to communicate your
strategy for preventing another attack in the future. Mitigating the
immediate effects of a global cyber attack is important, but with the
inevitability of these attacks, businesses must project future strategy as
well.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20170911/6289b358/attachment.html>