How important is choosing the words in a cyber incident response communication plan?
Take the case of Capita. The UK-based business and IT services, which has been awarded contracts worth millions of dollars by numerous UK government organizations, is currently facing a suspected ransomware attack.
In an update posted today, the company changed the cause of its systems failure from an “IT issue” to a “cyber incident”. This change of words alters the nature of the cyber incident response communication plan.
The threat of a cyber incident is something that every organization must take seriously. Having a cyber incident response communication plan in place can mean the difference between a quick recovery and a devastating impact on your organization.
The Cyber Express has charted the basic steps of an effective cyber incident response communication plan.
Step 1: Define your stakeholders
Before you can begin creating your cyber incident response communication plan, you need to identify your stakeholders.
This includes everyone who may be affected by a cyber incident, including employees, management, customers, partners, and regulatory bodies. It’s important to consider both internal and external stakeholders.
“Leveraging social media monitoring tools as well as existing relationships will allow companies to better understand their connections, expectations, risks and opportunities to mitigate potential issues,” says a report on stakeholder communication report by APCO Worldwide.
Stakeholders would want to receive the status report first hand, not through the general media after the crisis has erupted.
Step 2: Determine notification procedures
The next step in a cyber incident response communication plan is to determine how and when your stakeholders will be notified in the event of a cyber incident.
This includes identifying who will be responsible for notifying stakeholders and what channels of communication will be used. It’s important to have a clear process in place so that stakeholders are notified quickly and accurately.
“It’s important to make sure they are hearing from the right leaders within the organization. Organizations should understand the key stakeholders and the relationships that exist, so that they can be communicated with quickly and through the right voices,” the APCO report said.
Irrespective of your geography, the biggest stakeholder is the government. Be aware of the mandatory norms of cyber incident notification in your region.
Step 3: Establish response procedures
Once stakeholders have been identified and notification procedures have been established, you need to determine how your organization will respond to a cyber incident.
This includes activating your incident response team, containing the incident, and conducting an investigation. It’s important to have a clear process in place so that your organization can respond quickly and effectively.
According to an AT&T Cybersecurity guidebook on incident response, your team should contain a Team Leader, Lead Investigator, Communications Lead, and a Documentation & Timeline Lead. An HR/Legal Representative is also mandatory.
“Since an incident may or may not develop into criminal charges, it’s essential to have legal and HR guidance and participation,” the report said.
Step 4: Set up communication channels
In addition to notifying stakeholders, a cyber incident response communication plan should make sure that the stakeholders are updated throughout the incident response process.
This includes establishing communication channels such as email, text messages, phone calls, and social media. It’s important to have a communication plan in place so that stakeholders are informed in a timely and accurate manner.
“People will have questions. Be clear on the best way for them to reach you. You don’t have to be facing a flood of panicked inquiries,” said the Hootsuite guide on using social media for crisis communication.
“Just take the time to engage, answer questions, and provide reassurance.”
Step 5: Develop recovery procedures
The final step is to develop procedures for recovering from a cyber incident.
This includes restoring systems and data, conducting a post-incident review, and updating policies and procedures to prevent future incidents.
It’s important to have a clear process in place so that your organization can recover quickly and minimize the impact of the incident.
“Whatever you do: don’t attempt to “spin” a crisis,” said the Hootsuite guide.
“This can be a tough line to pin down. If a post seems showy or calculated, it can damage your relationship with your customers.”
Cyber incident response communication plan: In a nutshell
Implementing an incident response communication plan is essential for any organization that wants to be prepared for a cyber incident.
By taking account of these steps, learning more, and adapting them to your business and policy, you can create a plan that identifies your stakeholders, establishes notification and response procedures, sets up communication channels, and develops recovery procedures.
Remember to review and update your plan regularly to ensure its effectiveness.
With a solid cyber incident response communication plan in place, your organization can minimize the impact of a security incident and quickly return to business as usual.