In today’s global, digital world, safeguarding personally identifiable information (PII), valuable intellectual property, private financial information, and a company’s hard-earned reputation are all a crucial part of business strategy. Yet, with the number of threats and the sophistication of cyber-attacks increasing, this has become a formidable challenge. Conducting business as usual without an appropriate rapid response plan is no longer responsible.
Companies are often quick to focus on the technical aspects of a cyber-breach but learning and preparing how to publicly respond to a data breach isn’t something that gets enough executive attention. “It’s the CIO’s job” is a common response to the threat—that is until there is an actual incident. Then a company must swiftly and successfully go into damage-control mode as it tries to deal with stolen customer data, disclosure of confidential financial information, a disabled Web storefront, or worse, the loss of public trust and immediately subsequent and irreversible reputational harm. Brands that have taken years if not decades to build can and have been destroyed in seconds, and executives lose their jobs–all because one employee simply clicked on a web link that they shouldn’t have.
Companies need to become better prepared for cyber crises. This preparation includes establishing the capability to publicly respond to a significant cyber event with a cyber-crisis management solution. As a result, more and more corporate clients need unique and proactive cyber-specific crisis communication response and risk management strategies that are developed by specialized professionals with a firm grasp and seasoned understanding of the complex world of cyber security as well as an understanding of the current data privacy debate raging from Washington to Silicon Valley.
HOW WE’LL DO THIS
DEVENEY and our cyber security communication expert will lead your top executives through a three-part program designed to prepare the brand to effectively respond to a data breach, mitigate potential losses and possibly even turn crisis into opportunity.
First, we will conduct a comprehensive audit through a real-world exercise designed to test the credit union’s current response to a hypothetical cyber-attack and identify their public response weaknesses.
Second, we will build a tailored data breach response plan that addresses those weaknesses, removes the identified obstacles, and enables you to effectively respond.
Third, we will put your key executives/spokespeople through cyber security/data privacy media training.
#1: Table Top Exercise: We will work with your leadership to develop a unique and specific table-top exercise (TTE) designed to walk the brand through a hypothetical cyber-attack and resulting data breach. The TTE will tee up the immediate decisions that the company’s senior leadership team will have to make to respond and will identify weaknesses and obstacles that impede their response.
#2: Vulnerability Audit: After completing this TTE, DEVENEY will deliver a detailed After-Action Report that will identify what went well, areas that need improvement, and finally (and most importantly), the obstacles and barriers that hinder a current response.
#3: Cyber Security Communication Response Strategy: As a follow-on service to the TTE, we will work to address newly identified needs. This Cyber Security Communication Response Strategy might include, but is not limited to:
- Internal and comprehensive-employee communication plan to better educate team members about their cyber security responsibilities and engage them to help prevent a data breach
- External notification protocol- identification of federal/state and local law enforcement notification needs, method, and necessary timings
- Messages and materials for eventual dissemination such as draft emails, talking points, speeches, media releases, and vetted notifications to shareholders, the workforce, regulators, government and law enforcement
- Sample question and answer documents for designated spokespeople
- Standing contingency staffing plan, who does what, where, and when
- Impacted consumer outreach- identification of appropriate vendors and development of pre-approved material like call center scripts, digital communication, and social media strategies
- A system to monitor how members are reacting
#4: Cyber Security/Data Privacy Media Training: The final part of the program will entail working with credit union leadership on Cyber Security/Data Privacy Media Training. Upon completing the training session, participants will practice in-person interviews with an experienced journalist to learn:
- Who are the media and how should you treat them
- The importance of preparation
- Interviewing the media before they interview you
- Maximizing control in any interview situation
- Message-driven interviews
- Recognizing different interview styles
- Responding to summary questions, multiple and loaded questions, and other common traps
- Rephrasing techniques
With the number of cyberattacks and ransomware attacks growing by the day, spending time preparing your team for handling a cyber-related crisis is time well spent. Even organizations with extensive security software can – and have been – targeted. If you’d like to talk with us about how we can help you, drop us an email at firstname.lastname@example.org or 504-949-3999.