After a Cyberattack: Communication Best Practices

Bill Stamats

Share On  


It’s a common refrain in the world of cybersecurity: There are only two types of organizations: those that have been hacked and those that don’t know it yet. While that thought is unsettling, there are steps everyone can take to both minimize the risk of cyberattack and mitigate the damage.

In my previous post, I interviewed Bill Barthel, Stamats Technical Integration Manager. Bill shared tactics schools can employ to increase data security and decrease risk of cyberattack. In this follow-up post, I’d like to dig a little deeper and explore how organizations of all types can communicate sincerely and succinctly when a data breach happens.

Though presented in the context of a cyberattack, the best practices outlined below can apply to any crisis communication strategy. Consider these tips a starting point for developing an effective communication plan that can protect your organization, clients, and brand.

Managing a Security Breach: Communication Best Practices

Follow State Notification Protocols

Firstly, each state has its own laws about who must be alerted in the event of a cyberattack (government agencies, individuals impacted, etc.). Know the data breach notification laws in your state and follow all protocols for the type of breach you’ve experienced.

Unite

In challenging moments, unity matters more than ever. Bring organizational leaders together and encourage everyone to echo the same message both internally and externally.

Additionally, funnel all information through a single point of contact (ideally, an experienced staff member who’s already serving as media liaison or communication lead). Remember: Messaging should be authentic, timely, and consistent.

Be as Transparent as Possible

Criminal activity thrives in darkness. Help demystify cyberattacks by shining a light on your experience.

Though some details may need to be withheld as part of an investigation, share what you can honestly and directly. Remember: Communication needs will vary for internal and external audiences. If you’re unsure about what you can/can’t communicate, consult a data security professional.

Offer Solutions

Data breaches can impact operations immediately and indefinitely. Offer solutions to those you serve. What short-term workarounds can you offer? What services can be provided while systems are offline?

If the breach has put personal data at risk, consider providing employees and clients with free credit monitoring or other identity protection services.

Educate

Turn the situation into an educational opportunity—for your own organization and for others. In general terms, explain how your teams are working to prevent future breaches and what others can do to minimize the threat of security incidents.

Start a Dialogue

Finally, cyberattacks are a universal threat. Use your organization’s experience as an opportunity to raise awareness and start a larger, solutions-focused conversation. Chiefly, engage clients, partners, security experts, and the media as you talk about the source of the breach and examine proven security strategies others can use.

From audience research to strategic messaging, Stamats can help you communicate clearly, intentionally, and far more successfully. Contact us to learn more about our wide range of communication services.

Read Next: The Importance of Ownership

About the Author