We always think that it will happen to someone else, but finally it happened to you, you are the victim of a cyber attack. You arrived at that moment where your company suffers not only financial damages, but also negative publicity. Rumors begin and social networks are activated as an unauthorized information dissemination center, all while employees frantically nervous about their future work. This is a cyber crisis, how can a reputational crisis caused by a cyberattack be managed?
During any crisis there are three stages: before, during and after. At all times, the important thing is that the company knows how to deal with them. In the particular case of cyber attacks, it would be advisable to do the following.
The before: better to prevent than to regret
In the past it is not just about being careless because you believe that nothing will happen, it is being aware that it has not happened yet, but at any moment it could. Cyber attacks are the priority of the day and consequently the crisis that entails, too. What can you do to prepare your company?
Know what you are exposed to: It is important that you know the risks to which your company is exposed to. To do so, you must determine what the most common attacks are, what hackers are looking for, and what damages they could cause. If you have clear answers to the following questions, it will make it easier for you to understand the possible scenarios of cyber attacks:
- What are my confidential files and how do I protect them? What would happen if these files came to light?
- What are the financial or legal risks that a cyber attack could cause the company?
Train employees on cybersecurity issues: If the company trains and educates its employees on cybersecurity issues, the risks will be reduced.
Have a crisis manual that includes management in the case of cyber attacks: Many companies manage this manual to handle possible crisis scenarios. With the rise of cyber attacks, it is essential today to talk about cyber crisis and act before they occur.
Carry out simulations of cyber crisis: This will allow you to familiarize yourself and the employees with this type of situation and thus take an approach with organization and calmness.
Have an insurance against cyber attacks: This type of insurance has coverage against cyber risks such as malware, DDos, ransomware, etc. It is important that the company evaluates the possibility of purchasing this type of insurance.
During the cyber crisis:
You have joined the list of companies that have suffered such attacks, now is the time to know how to act.
Convene a crisis committee: This committee must be made up of people with enough authority to make decisions, such as a CEO, board of directors, etc. In addition to the legal team, communication advisors and the computer team are necessary to track the attack.
Search qualified advisors: It is important to hire people who have experience in this type of field. Both legal and communication advisors must also work hand in hand in their strategies.
Inform all your employees and stakeholders: When a crisis occurs the media will seek, in any way, to obtain a source of information. In addition, employees often disseminate information on their social networks about what happened (even if it is not true). Therefore, employees can unwittingly become spokespersons for the company.
That is why it is essential that the company personally inform its employees of what has happened, before it arrives through others, this will prevent the dissemination of unofficial information.
All the stakeholders involved with the company and especially if they were affected must be properly informed of what is happening. This includes the media, to which they must prepare a respective communication, press conference, or any mode of information considered by the communication advisors more convenient to deal with the crisis.
It is best to recognize when the problem exists and not deny it, because in the end everything can be known in one way or another.
The after and the learning
After the storm comes the calm, after the cyber crisis is over, the company must:
Report how the situation was solved: Your audience should also know how the problem was solved. The more transparent and detailed the better.
Evaluate the situation: Analyze the situation and learn from mistakes, what should be done to improve the company’s security and how to channel it.
We can all be victims of a cyber attack, the important thing is to be aware that we are vulnerable and be prepared, as best we can, to deal with its possible consequences.