The risk of a cyber-attack can never be 100% eliminated in a digital world, but it can be minimised and planned for. The recent cyberattack on Ireland’s Health Service Executive (HSE) has destroyed the IT systems exposing the public stakeholders and government to a higher degree of cyber threats. The fact is, both big and small businesses are at a risk, and business leaders have a responsibility to plan for the inevitable.
But what comes after the hack?
As one of Ireland’s leading tech PR agencies here are our top six crisis PR tips if your company has been hacked.
1. Understand first
Before you do anything, you need to understand the situation, the impacted people and stakeholders and ensure that you have informed all relevant authorities in a timely manner. Put a communications plan in place and get ready to communicate. Knowing your key spokespeople is critical.
It’s true that if the breach has the potential of being severe, you’ll need to post a message to your corporate website but the first thing on your to-do list is to communicate directly with those who may have been impacted.
The communications team shouldn’t just be brought in just when the breach occurs - that might be too late. Organisations should ensure that their internal communication teams are aligned with the PR agency to have a clear crisis communications plan in place and strong relationships are forged with the relevant media. It might be worth reviewing the crisis communication plan every six to 12 months and update it with newer data and information as your organisation evolves and grows, and newer threats emerge.
An experienced PR agency, especially one that understands technology and the cyber-space can help with drafting a clear statement to publish and also train your spokesperson to speak on camera or radio and address the issue. Remember - do not sugar-coat anything, try and be honest and to the point.
3. Draft and publish an official PR statement
Don’t assume that having addressed relevant authorities over broadcast or television will do the job. Follow-it up with an official statement on your website and social media channels. If there are any journalists who directly reached out to you or published a story about the data breach, make sure you send this statement to them over an email.
We are living in a digital world and that comes with its own set of challenges. Bad news travels faster than good news, so ensure you populate your social media with the same consistent messaging. If the cyber-attack is as serious as the one on the HSE, it might be useful to even host an informative webinar where you invite the key stakeholders from the media and have an open discussion about the steps, you’re taking to salvage the situation.
4. Let the PR spokesperson take charge
When crisis strikes, you will want someone who is calm, media-trained, and familiar with the company while talking to stakeholders and media. It is important that your spokesperson understands the severity of the attack and does not make uninformed comments in the media. PR agencies are well equipped to help with media training and are always the right people to lean on during a crisis.
5. Use social media
It might be hard to constantly update the website and send out an email blast each time you have some new information to share. Social media platforms are a great way to quickly summarise and keep your followers informed.
If the hack has garnered enough media attention, then the media and bloggers will be reporting on it. These articles might end up getting indexed on Google. To avoid a bad online reputation, you might want to take some help from your social media team in shaping a positive narrative that shows you are quick to think on your feet and you really care.
Bear in mind, you might be in a bad place now, but you’ll be appreciated and remembered if you have a good crisis communication plan.
6. Learn from your mistakes
In a hyper connected world like ours mistakes end up getting more attention that we would like them to. But it is not unusual to go wrong sometimes. However, learning from what went wrong is important. It might be helpful to sit down with the IT leadership team and figure out the gaps in the organisation and ways in which you can upgrade your security solutions. A complete audit of the IT infrastructure could prevent future hacks.
Why not contact a tech focussed PR agency like Comit today to help you with your crisis communications plan and discover how we can support your business goals.