For many small/medium enterprises there is a belief that cybercrime is not really an issue. Cyberattacks and cyber criminals are only interested in the big guys. Not so. In 2015 alone, Symantec reported that 63% of spear-phishing attacks were focused on small/medium enterprises. Are you prepared to handle the communications onslaught that can come with an attack?
According to Ernst and Young’s annual global information security survey for 2016, only 42% of respondents stated that they have a communications strategy or plan in place to address a “significant” attack. While “significant” isn’t defined, an attack could impact your business in several ways. Some of the most obvious are:
- Systems and hardware are rendered useless after ransomware being initiated;
- Viruses being unknowingly delivered to your supply chain and/or customers;
- The potential embarrassment of clients, media, etc. being the ones to inform you that you have an issue; and
- Customers losing faith and taking their business elsewhere.
These are just some examples of what “could” happen. On top of these, add the fact that you could incur legal costs, IT costs and lost productivity, etc.
But How & When Will You Communicate?
How and when you will communicate is as important as what you say and to whom. Each scenario can involve a different set of communication plans. Additionally, ensuring that you have a proper distribution list is critical as well as having the right channel to deliver your message. If your systems have been compromised and you can’t use email, do you have a plan?
Here are some things to consider:
- How will you communicate with your employees?
- If you have advisors or shareholders, how will you communicate with them?
- Do you know when and when not to communicate?
- If your supply chain has been compromised, how will you communicate with them?
- What do you need to tell your customers with respect to their data? Do you have a plan in place to share with them what steps you have taken to mitigate the issue and to further protect them? If not, what do you recommend they do and when?
- Do you have backup contact lists and relationship priorities established to ensure the right people are contacted at the right times?
- Do you have messaging ready should the media call or show up at your office?
- Do you have people trained and ready to speak to the media?
- Do you have a backup plan for your website if it is taken over?
A solid communications strategy will include information and plans to address all of these factors.
If you would like to explore options to have a plan of action, contact us.
We specialize in communication plans and deployment tactics.