Why you Need a Cyberattack Preparedness Package

30 Sep Why you Need a Cyberattack Preparedness Package

It’s not a matter of if but when your business will be hacked, considering there are around 2,200 cyberattacks a day, according to Norton. As the acts of stealing, exposing, altering, disabling or destroying information through unauthorized access to computer systems become more sophisticated, cyberattacks are becoming more costly for businesses. Law firms, large corporations, healthcare institutions, government agencies, and higher education facilities tend to be more vulnerable than other businesses because they collect confidential information. One of the worst outcomes of a cyberattack is the publicity nightmare that can follow and the irreparable harm a data breach can do to a company’s reputation. 

That’s why it’s so important to have a crisis communications plan in place NOW! At Top of Mind, we prepare our clients for the worst by offering customizable crisis communications packages that can be implemented either in-house or by a third party. Here are some questions you need to think about before an attack happens.

Setting up your crisis response team 

Who will be on the crisis response team? You need to think about who will be on the crisis response team long before the crisis arises. The team will be responsible for communicating the right messaging to combat any leaked misinformation. That team will also be responsible for getting as many details as possible on the attack and informing on next steps. The team will also be responsible for determining if or how to communicate the situation internally and to the media. 

How to communicate with employees and clients

Not all breaches are created equal, so it may not be necessary for you to communicate what happened with your employees or clients. After all, they could leak the information to the media and create a bigger problem for the company.  However, if you do need to communicate with your clients and staff, you will need to explain what happened, how you fixed the situation and what measures you are taking to prevent attacks in the future. 

How you communicate with your clients, stakeholders and employees will all depend on the breach and the size of your client roster. In some instances, you may need to call your clients and have a substantial conversation. Our package would include messaging for that call and emails you may need to send to give clients peace of mind.

We also recommend having a trusted third party contact clients and employees if you’re hacked, in case the hacker is still in your system. You can include the name of the third party in your client contracts or employee handbook.  

What if the media finds out? 

If it bleeds, it leads, and the media finding out that your company has been hacked makes a good news story. If the media finds out, your crisis response team should already have a designated spokesperson. You should already have prepared statements and a press release that can be tweaked at a moments notice. Having prepared statements will help eliminate panic should you receive a call from a reporter. You may also want to consider preparing social media posts if and when the story does run. These posts should reassure your followers that you are taking the necessary steps to safeguard your clients’ sensitive information and explain what measures you’re taking, so it doesn’t happen again.

How we can help

• Working with leadership on creating the crisis response team. 
• Drafting a press release that your team can tweak for different media outlets should you need it.
• Drafting social media posts you can use if necessary.
• Drafting messaging and communications to your clients, stakeholders as well as employees that you may or may not need to use based on the magnitude of the crisis.
• Media training for the spokespeople.