A digital data breach is a very serious issue and one that could be potentially disastrous for the organisation. How you communicate such a crisis is critical, and with that in mind, here are a few tips on how to communicate a data breach.
- Be Honest – When making a statement, be truthful and honest, and if you do not know the origin of the breach, say so. People don’t expect you to have all the answers at such an early stage, but they do expect to be informed, so resist the temptation to delay an initial statement.
- Create A Crisis Management Plan– Simply put, it is much wiser to plan ahead regarding any form of crisis, and rather than waiting until it happens, put together a comprehensive plan of action that includes all press releases and statements. There are online specialists that can help you with a cyber crisis communication plan and once in place, you are ready with the right response.
- Practice Makes Perfect – The CEO could simply create an imaginary cyber threat and throw it out at a minute’s notice, which gives all the players a chance to respond as if it were a genuine threat. Post press release meetings would reveal any shortcomings, and if your spokesman made any errors, they would be unlikely to be repeated in the future.
- Establish The Facts– The very first thing to do is call a “what do we know thus far?” meeting, when the facts can be established. This must include the legal department, as well as IT personnel who can shed more light on the data breach; the extent of the breach, plus who it will affect.
- Decide Who Needs To Be Notified– If customer data was breached, then those involved will have to be told, and the sooner, the better. There would likely be legal repercussions if you failed to notify people who were negatively impacted through the breach, so this must be sorted out as soon as possible.
- Use Simple Language – Not everyone is an IT expert, so try to use language that the average person would understand. If people do not fully understand, then that opens the door for speculation, and before you know it, a rumour is being spread that is far removed from the reality.
- Monitor Social Media– Once you have made a statement, you should be gauging the response, and social media is the ideal platform to evaluate the response. Have one of your IT staff stay on all your social media pages, but inform them they are not to post, but merely observe. This feedback can really help you to prepare further press releases, and it is vital you assign someone to this task as soon as the first release goes out, and with constant reports to you, you can accurately gauge the response to any statement.
It is every company’s worst fear, and should a data breach occur, it is essential that you are well-prepared, which is why you should commission a crisis management plan that includes all press releases and statements.