While the COVID-19 pandemic has resulted in unprecedented health and economic crises, it has also caused an additional problem: Cybercriminals are exploiting the current work-from-home practice adopted by many companies during the pandemic, to target vulnerable organizations that may not have reviewed their existing cybersecurity procedures and policies to suit the current scenario. Global organizations have reported a 148% spike in ransomware attacks, with the finance and healthcare industry taking the most hit. The cyberattacks are further expected to grow – in frequency as well as intensity – during the ongoing pandemic, bringing about huge data, money and time losses around the world.
A company’s reputation is deeply linked with cyber resilience, and now more than ever, companies need to be prepared for a potential cyberattack with a robust crisis communications plan, in order to protect their businesses and brands.
In our latest Twitter poll, W7Worldwide asked PR and communications professionals in Saudi Arabia: What is your crisis communications strategy to protect your company’s reputation amid the ongoing cybersecurity challenges posed by #COVID19?
Out of 716 participants, 18.6% of people polled in English and 21.8% in Arabic said they would take part in a “Crisis Simulation” exercise, while 21.4% of English voters and 13.6% of Arabic voters said they would “Review Crisis Communications Plans.” Moreover, 31.4% of English voters and 13.3% of Arabic voters stressed on the need to “Control the Narrative” while 28.6% of English voters and 51.2% of Arabic voters said they would do “All of the Above.”
The poll emphasizes the need to use a combination of all steps as part of the companies’ preemptive measures as well as the broader cyber resilience planning in the face of a cyberattack amid the COVID-19.
Crisis Simulation
The practice of simulating a crisis i.e. creating a fake crisis, is the best way to test and improve your crisis management plan and team. When done right, crisis simulation can offer an unrivalled learning opportunity and uncover any system vulnerabilities or gaps in your plan that may need to be addressed immediately. It is important to educate all employees on how to report any suspicious activity, prevent the spread of malware, regularly update computers and protect passwords. Companies should be able to simulate different types of cyberattacks on a safe and secure platform so as to test all parts of the team and examine varied responses.
Review Crisis Communications Plan
In case of a cyberattack, do employees know who they should contact and what they should immediately do? These are the aspects that can be planned beforehand. Your crisis communications plan should include all information such as, team member contact details, a list of all stakeholders you will need to reach out to, what channels should be used for communication, and so on. Crisis communications planning is a tool that helps organizations to deal with an emergency in an organized and stress-free manner. The plan should be clear and concise, prepared with the inputs of the CEO, COO, CSO and managers from the HR, legal and technical departments. The idea is to get all perspectives of a potential crisis and its impact. The plan should be in a place that can be accessed by all relevant employees and should be regularly updated. More importantly, employees should be asked to immediately report a cyberthreat or any suspicious activity immediately, as part of the plan.
Control the Narrative
In the digital age when fake news and rumors spread on social media in a matter of a few seconds, the challenge for most businesses is to convey their side of the story and help the audience to sift the truth from lies. Controlling the narrative is a careful, well-thought out method used by organizations to convince all stakeholders and the audience that everything is fine and the situation is under control in the face of a crisis, such as a cyberattack. When crisis strikes, it is paramount for organizations to be the first to break the news and communicate all developments proactively, demonstrating transparency and trust between them and their stakeholders. It is okay to acknowledge that there is a problem and that it is being taken care of. Companies should release an initial holding statement setting out the facts you know so far, what your next steps are and key messages you want to convey. Managing the communications around a cyberattack is just as important as managing the breach itself.