February 24, 2017
Cybersecurity, part 2: How to react to a website breach
An online data breach is a nightmare for any public company, across all sectors. A breach can mean that hackers release private information about your company or, sometimes worse, your customers. Cybersecurity is as much a communications issue as it is a technical one, and it’s important to know what and how to communicate with investors in the event of an attack.
In a previous blog post we discussed ways to strengthen cybersecurity and protect your company’s online information. But no system is 100 percent foolproof; as soon as information lives online, it’s vulnerable to a breach. There are, however, some best practices that can help your company cope with a data breach if one takes place.
First: don’t assume the attack is new.
A common misconception about cyberattacks is that they are large events that make themselves known immediately after they happen. According to the MIT Technology Review, “The median amount of time adversaries of Mandiant clients spent inside the perimeter before detection in 2015 was 146 days.”
Oftentimes a small breach may occur and an employee — any employee — may be notified by an external source, including “customers, partners, law-enforcement officials, journalists, or the attackers themselves.” Many employees, however, are often ill-equipped to recognize a serious warning or may be unaware of the appropriate next steps, especially if their role does not require knowledge of IT best practices. As a result, cyberattacks may remain undetected for long periods of time — and become more difficult to explain to shareholders when they are finally discovered.
When an attack has been revealed, it’s crucial to notify shareholders ASAP. Quick response time is directly related to restoring trust within your shareholder base after an attack has occurred.
Gather the facts of the event: when did it occur? What kinds of information have been compromised? Do you have a timeline for when your information will be secure again? Do you know how much the attack has cost your company?
After you have gathered the facts, work with your management team quickly to craft messaging and communicate to shareholders. A quick response ensures your shareholder base will hear the message from your company rather than other sources.
Remember: your website provider should always be focused on vulnerability response. This means they should be releasing security fixes and improvements according to vulnerability, not according to a product schedule. Always make sure to keep your CMS updated with the latest updates that contain patches to vulnerabilities.
Be transparent and clear.
Shareholders will be, first and foremost, concerned with the cost of the breach, both to repair it and any lost revenue associated with the attack. Work with your CFO during the crisis to determine these answers and communicate them to your shareholder base without attempting to hide any relevant information.
The most important thing you can do is commit to action, and follow through. Ensure you have built in more touchpoints with your shareholder base to keep them updated on the steps your company has taken to repair the breach and prevent future cyberattacks.
Finally, assure your management team that you have a long-term plan to restore any trust that was lost as a result of the attack. It can take time to restore trust, and it will be important to have a step-by-step plan that your management team can review and provide feedback on.
Post-mortem: review your stock’s position with surveillance tools.
After the crisis is over, conduct a post-mortem of the incident with your management team. Review what went well and what didn’t with your shareholder base: were certain messages not received as intended? How did the media react to the event? Was your management team aligned and consistent with message delivery? Make sure to adjust your communications strategy according to the post-mortem with your management team, to ensure events are smoothed out if an attack occurs in the future.
Use surveillance to assess your stock’s current position amongst your peers, and determine how your targeting efforts need to change based on your position post-attack.
While cyberattacks are a reality of our interconnected world, there are also ways to prevent them. Read part 1 of this series on cybersecurity to find out how you can prevent an information breach — so that your crisis communications plan can hopefully remain unused for years to come.