National Cybersecurity Awareness Month Tip #25: Establish a communications protocol.
Do you know who needs to be notified when you have a cybersecurity incident?
Figuring out a process during a crisis is never a good idea. Knowing who to notify and whom to escalate issues to could help minimize your risks by involving the right stakeholders at the right time.
Ultimately, cybersecurity breaches require effective coordination between executives, IT leadership, public relegations/corporate communications, legal counsel and potentially regulators and the FBI.
In addition, how you handle a communication that involves customer data can determine whether your weather the storm or go out of business. And the associates you need to keep your operations running need clear, targeted information so they know what to stop doing and what to start doing.
Steps you can take
Develop a communications protocol and communicate it with everyone on your team. To get started, you should:
- Identify internal and external stakeholders that need to be informed of cybersecurity incidents and data breaches.
- Build a communication plan in advance of an incident; if you don’t have a corporate communications team, consider engaging a PR firm to help in the development of a plan.
- Identify a single source of truth for who is going to speak to employees, media and clients so there are not multiple or conflicting messages.
- Engage with counsel and understand your legal requirements for notification and communication to customers. This will vary by jurisdiction and the types of data you maintain.
- Understand in advance of a breach what law enforcement agencies you would work with in a criminal cybersecurity investigation
- Consider all of the above and develop a communication plan that considers likely breach scenarios for your organization.