Digital disruption is a very serious problem that can be potentially disastrous for an organization. How you report such a crisis is very important, and with that in mind, here are some tips for reporting a data breach.
- Be honest – When creating a statement, be sincere and honest, and if you don’t know the source of the violation, say so. People don’t expect you to get all the answers so soon, but they do expect to be informed, so don’t be tempted to postpone your initial statement.
- Create a crisis management plan “Put simply, it is much wiser to plan ahead for any form of crisis and, instead of waiting for it to happen, to develop a comprehensive action plan that includes all press releases and statements. There are professionals online who can help you with a cyber crisis communication plan … and once you’ve done that, you’re ready to give the right answer.
- Practice is perfect – The CEO can simply create an imaginary cyber threat and throw it away at any time, giving all players the opportunity to react as if it is a real threat. Meetings after the press release will reveal flaws, and if your rep has made mistakes, they are unlikely to be repeated in the future.
- Establish the facts … The very first thing to do is call out “what do we know so far?” meeting when the facts can be established. This should include the legal department as well as IT professionals who can shed more light on the data breach, the extent of the breach, and who is affected.
- Decide who to notify … If the customer’s data is violated, it will be necessary to inform the interested parties, and the sooner the better. There will likely be legal repercussions if you do not notify the people who have been adversely affected by the violation, so this should be dealt with as soon as possible.
- Use simple language – not all IT professionals, so try to use language the average person understands. If people don’t fully understand it, it opens the door to speculation, and before you know it a rumor is spreading that is far from the reality.
- Social media monitoring … Once you’ve made a statement, you need to rate the response, and social media is the perfect platform to rate the response. Have a member of your IT staff stay on all of your social media pages, but advise them not to post, just watch. These comments can really help you prepare for further press releases and it is imperative that you appoint someone to accomplish this task right out of the first version, and with constant reporting you can accurately gauge the reaction to any statement.
This is every business’s worst fear, and in the event of a data breach it is important that you are well prepared, so you should order a crisis management plan that includes all press releases and statements.
