Crisis Communications Planning for a Data Breach
网络安全专家同意，不可能防止data breachfrom ever impacting your company. Since the cyber threat landscape and emerging technologies are constantly evolving, businesses of any size or industry are vulnerable. One thing you do have control over is how well your公司准备并做出回应if a breach exposes your customers’ private data.
“Crisis communications companies are becoming a really crucial component in handling a data breach,” says Greisiger, noting that cyber insurance may cover retaining a public relations firm to manage post-breach communications. “It’s absolutely a second line of defense once a breach occurs, in terms of protecting your company’s brand and reputation.”
One of the keys to weathering a data breach is building a plan before you need it, according to Melanie Dougherty, a crisis PR professional at Inform, a global communications firm. She works with companies to get a handle on what others in their industry are doing to prepare for and respond to attacks. She helps develop messaging for specific scenarios and trains company spokespeople to respond on-camera.
Dougherty指出，对于刚刚被抢劫数据的公司来说，数据泄露有一个情感组成部分。Dougherty说：“这就是人们通常不会谈论的部分。”她补充说，媒体的关注可能是压倒性的。有一个计划和响应团队ahead of time can help take some of the emotion out of the situation so companies can respond effectively.
“A well-planned data breach response can convey that you are in control of the situation, concerned about your customers’ privacy and committed to tightening security procedures to help prevent future attacks,” says Tim Francis, Travelers Enterprise Cyber Lead.
Here are some key elements to consider:
- 一个ssemble the team.提前选择公司发言人。Dougherty说，理想情况下，它应该是公司的首席执行官或另一位高级领导人。培训备份，以防该人不可用，例如首席财务官。在摄像头上记录您的发言人，以查看与团队的消息如何降落。
- 了解法律。Companies are sometimes unaware that their public statements, including media appearances and communication with customers, may be admissible in court if a lawsuit is filed. Consulting with a privacy attorney can help guide language while also helping companies meet regulatory and fiduciary responsibilities.
- Notify customers.对于需要通知客户的违规行为，通信计划可以包括指南和建立呼叫中心的培训。培训可能包括响应呼叫的音调和消息，以及如何将任何常见问题解答脚本脚本。
- 记住员工通讯。与员工进行沟通，以便他们在媒体上听到有关此事之前就知道违规行为。“他们可以为您提供横幅，” Dougherty解释说。“您需要他们对您的公司有信心。”
一个data breachcan be a real test to a brand’s resiliency, but customers are increasingly aware that all companies are at risk. To the extent that you can, share what your company is doing to shore up privacy protections. Companies who meet the crisis head on may even be able to emerge stronger, with a closer connection to their customers.
More Prepare & Prevent
11 Steps to Help Protect Your Business from Cyber Extortion
Extortion as a result of a cyber attack is becoming more and more common for all business types and sizes.