Effective Communication Strategies During A Cyberattack Crisis
These days, it’s become all too familiar to see headlines about companies falling victim to hacker attacks. When an attack hits your own company or organization, the entire landscape shifts suddenly. Then there is a great sense of excitement, as things often come to a halt from one moment to the next: production stops, product deliveries cannot be fulfilled, payment channels are cut off, and in many cases, even phone calls and mail services are no longer available. However, when the typical technical infrastructure is unavailable, it becomes crucial to determine how and with whom to effectively communicate. We summarised the tips below.
01 Be aware of the possibility
At some point, every communication manager will need to consider this question. It’s almost certain that their company will face the impact of a cyberattack. Attacks on businesses are now a regular occurrence, and ransomware attacks are on the rise, targeting small and medium-sized enterprises, local authorities, universities, and research institutions. Addressing this issue and having the appropriate structures, processes, and skills in place ahead of time is not only recommended, but can also be crucial for a company’s ability to weather a crisis.
02 Know your communication flow
Having well-defined structures and processes that have been thoroughly tested in advance is crucial for the effective functioning of the crisis team. There are different formats to choose from, ranging from a basic workshop to a thorough crisis simulation. As someone in charge of communication, it’s crucial to prioritise cross-departmental preparation for cyber attacks and consistently practise and improve the corresponding processes, particularly within your own department. This is because it is common for various departments within a company to have a designated person responsible for handling emergencies, but often the communication aspect is overlooked. However, this is precisely what is required because numerous stakeholders must be promptly informed.
Handling Crises: How Communication Professionals Mitigate Harm to Reputation
01 Delegate tasks
It is crucial to establish clear responsibilities for internal workstreams, as well as determine which tasks will be handled by external service providers and partners. This clarification should be made a top priority within the first few hours. It is important to consider both official regulations (such as reporting obligations to the data protection authority and reporting to the police) and seemingly trivial tasks like taking minutes or providing food. One of the key considerations for communication managers is determining the target audience, timing, and appropriate communication channels.
02 Outline a plan for effective communication.
Effective and strategic communication is invaluable, as it helps to build trust and garner support from stakeholders. Deciding whether to use active or reactive communication can vary depending on the specific circumstances. It is crucial to make intelligent decisions based on the impact on different work areas and stakeholders. It is important to plan ahead and address issues such as ransom payments, prioritisation of customer groups, and initial holding statements in a timely manner, without feeling rushed.
03 Provide updates
One of the key concerns raised by stakeholders following a ransomware attack is the timeline for restoring normal operations and enabling them to resume their work. When addressing this question, it’s important to communicate the progress made and the future plans in a clear and concise manner. It’s always better to err on the side of caution and be slightly more conservative in our projections rather than overly optimistic. Establish firm communication deadlines and adhere to them consistently, even if there is no new information to share. Additionally, it is important to convey any gaps in knowledge: It is more advisable to acknowledge uncertainties rather than making vague statements and promises.
04 Allow for flexibility
Having a clear understanding is crucial when faced with numerous tasks and tight deadlines, especially when there is a lot of uncertainty involved. Communicators in crisis teams should thoroughly enquire about the technical and organisational aspects until they have a complete understanding. Communicating the current situation, forecasts, restrictions, and progress clearly to the relevant target groups is crucial in order to avoid time-consuming enquiries. This not only ensures that your back is covered, but also provides peace of mind for both internal and external IT managers. You have the ability to minimise uncertainties and handle disappointments effectively.
05 Embrace unique circumstances.
During extraordinary circumstances, individuals often find solace in the belief that things will eventually go back to the way they were. However, when it comes to ransomware attacks, even under the most favourable circumstances, it can take several weeks for the technical infrastructure to regain stability. It would be advisable to promptly develop solutions (such as alternative communication channels, collaboration platforms, and manually managed contact lists) and think on your feet to make the most of the situation. In the end, the key is to demonstrate that you are taking the appropriate actions during a crisis: effectively communicating to minimise confusion.
Whatever your communication needs are, we are ready to help.
If you’re interested in working with our PR team, please get in touch. We are always delighted to discuss PR and communications plans via email, over the phone, or face-to-face.