Data breaches may not be rare, but they’re still among the most serious reputational threats facing companies today. And while the public may not be shocked when a breach occurs, they will judge how a company responds to it.
Communication is a huge part of that response. It directly influences the trust of customers, partners, investors and other key audiences, and managing those relationships has affects how smoothly a company can recover and return to normal operations. Advance preparation and disciplined execution are critical to a successful response.
To ensure they’re not caught flat footed during a data breach, companies can take three crucial steps:
Conduct a risk audit and vulnerabilities audit that identifies your biggest vulnerabilities — both on the technical side and on the comms side. Where are you most vulnerable to a cybersecurity attack? Where is the weakest link in your response plan? Do new procedures need to be put into place to better prepare for a data breach?
Using what you learn from your audits, create plans for how you’ll respond to multiple kinds of threats. A malicious attack through viruses or malware is different from an act of employee negligence (like misplacing a company laptop or falling for a phishing attempt), and each event requires a different response. Does everyone know their role in the event of a data breach? Are there clear escalation processes in place? Have communications been drafted for each major scenario (including dark sites)?
Yes, there is such a thing as a fire drill for data breaches. And it’s a very good idea. Just like sports teams prepare for competition by scrimmaging, companies should prepare for breaches by simulating them and kicking their plan into action. How effective can your team be if, during a crisis, they’re making every move for the first time? Now imagine going into a crisis with a team that’s already taken the plan for a test drive and knows exactly where to be and what to do. That’s the team you want.
Tools like firebell, Weber Shandwick’s award-winning interactive crisis readiness exercise, allow companies to practice their response to a data breach and other crises in a secure, controlled environment. Acting out the whole scenario — from learning about the incident to dealing with news and social media reactions in real time — goes a very long way is exposing any gaps in your current processes, messaging, team structure, etc. You’ll learn which parts of your data breach response plan need to be augmented or revised in order to be on point and efficient when — not if — a crisis comes up in real life.
What’s the status of your response plan? What can you do to ensure your company is prepared in the event of a data breach?