Most companies are going to be staring down a cybercriminal. In fact, many have already been victimized, knowingly or unknowingly. C-SPAN’s series “The Communicators” recently aired an interview with iSight Partners CEO John Watters, who (with a few technical meanderings) has the talent for setting the landscape in plain English. As he puts it, “There’s a way to get ahead of the threat if you’re forward leaning from an intelligence perspective.”
Watters cites three types of cybercrime:
- Cyber criminals looking to steal financial data.
- “Hacktivists” aiming to cause reputational damage.
- Espionage, either corporate or governmental.
Your organization is a target for one of more of these types of invasions. Smart companies work to prepare as best as possible to confront them. To be sure, IT teams are vital in combating cyber attacks. But those who emerge with a better public image realize there’s more to be done.
Communication is key, and if your communication efforts begin when you discover you’ve been hacked, it’s too late. You lose.
The CEO goes on to break down addressing threats in three ways:
- The reactive, such as antivirus software that tries to bat away threats at your doorstep.
- Where the threat came from.
- Who’s behind it all.
Start in the threat environment, build playbooks on how the bad folks plan to execute the attack, then provide the “plays” to defeat their evil intent.
The parallel with communicating during an attack is striking. Start by assessing your vulnerabilities. Game out how your rivals can get at you. Decide how best to address such attacks.
That’s why it’s important for your communications executives to be part of the planning process. For instance, they must be aware of what type of financial data you retain and how it can be used against you and your customers. They should be the keepers of your reputation, working diligently to protect and enhance it even before a hacktivist tries to ruin it. And they should be alert to what types of corporate secrets might be compromised.
Armed with that knowledge, the communications team bears responsibility for taking the lead in devising the crisis communications plan. And they should insist upon media training for all spokespeople who may be called upon to serve as the face of your company when crisis strikes. True, you won’t know the exact nature of the future cyberattack. However, with proper anticipation, simulation, and preparation, they can shape a plan capable of mirroring the real thing.
From a technical point of view, Watters explains that companies may face thousands of cyber threats daily. The challenge becomes one of prioritization. Here, too, it’s similar to preparing to communicate during a cyber crisis — which scenarios should you simulate, since they are the problems you are most likely to encounter? That’s where an experienced communications team — bolstered by consultants with background in communicating effectively and precisely — earns its keep.
How has your company been affected by cybercrime? What steps did you take to prepare yourself before it happened, and how did that help you ride out the storm?