October is National Cyber Security Awareness month, but what does that mean for you?
In today’s digital world, cyber-attacks are occurring more frequently. In fact, according to IBM, 1.5 million cyber-attacks occurred in the United States in 2013. That’s an average of over 4,100 attacks per day. Some cyber-attacks are designed to be detrimental to a person’s image, while others are an attack on an organization’s data, making it a public relations, communications and security issue.
Knowledge is power, but in crisis situations, most organizations have limited experience to leverage. It is critical for organizations to learn from the communications efforts of those who do have experience. Below are the top three communications “dos” and “don’ts” can we take from organizations who have had the unfortunate experience with a cyber-attack.
Don’t let someone else drive the message – When handling any crisis, especially one directly affecting your customers, it is important for the affected organization to lead the message. When Home Depot experienced a data breach this year they were not the first to release the information. In fact, instead of taking charge of the situation, Home Depot confirmed the news to a media outlet leaving their bad news to the interpretation of a third party.
Do have a communications plan in place – A solid communications plan will provide a framework for your key spokespeople, your employees and your communications team to ensure a united and strategic front. With your reputation on the line, it will be very important to address the situation in an organized fashion and convey a concise message showing your organization’s understanding of the issue at hand as well as your plan for resolution.
Don’t “sugar-coat” the facts – News spreads fast, but it is important to make sure that the news that is being released is as accurate as possible. When a cyber-attack occurs, and people are on high alert, it is easy to be tempted to try and lessen the blow a bit, but don’t fall into that trap. If an organization releases false data or tries to hide the full truth, both their reputation and their credibility will be in question.
Do offer transparency – In late 2013, Target, and upwards of 70 million shoppers, were victims of a data hack. Target’s corporate communications team was ready. In addition to announcing the news to the media and public through an official announcement, Target took it one step further and created a FAQ section on their website for customers and concerned parties. By providing an array of details about the breach, how it happened, what should be done by the customer and most importantly what the organization was doing to reduce the likelihood of a similar situation occurring in the future, Target slowly gained back the trust of their customers.
Don’t keep the situation a secret – Time is of the essence in crisis communications. In August 2014, it was announced that Community Health System had a security breach of their system affecting nearly 4.5 million. The organization also admitted that the breaches has occurred between three and five month previous leaving many people questioning why the announcement hadn’t been released earlier. In turn, the lag time directly affected the patient’s trust of the health system, a vital component in healthcare and in business.
Do put yourself in the customer’s shoes – Data breaches often involve information including names, birthdays, social security numbers and financials which, if put in the wrong hands, can be detrimental to a person’s future. This data is very personal and has a direct impact on those involved. It is important for organizations to take a delicate and considerate approach when addressing those involved. Organizations should quickly notify those affected with personal, direct messages that show that the organization understands the concern, cares about the impact this could have and are doing everything they can to remedy the situation.
Having a communication plan in place won’t change the past, but it may improve the extent of the damages to an organization’s reputation, client retention rates or bottom line.