Plan, Respond, Advocate: How You Can Command the Narrative in a Cybersecurity Crisis

Call it glass half empty, pessimistic or perhaps valuable advice that good journalists live by: Trust no one. Question everything. Verify.

That journalism training – ingrained and reinforced through my years of covering all kinds of beats – had me smiling as I sat listening to a tech expert talk about hacking his own clients to show just how “good” their cybersecurity defenses were. They weren’t.

Christophe Reglat, president and CEO of Coaxis International, Inc., recently presented practical and spot-on advice to the Orlando chapter of the Public Relations Society of America.

Reglat talked about the simple things almost every company – unless it does business under a rock – is likely doing to protect its data, including firewalls, antivirus programs, two-factor authentication and offsite data backup. Still, when testing those systems, he nearly always succeeds in breaking through. Why? Humans.

He discussed how our defenses are only as good as the door we hold open for a stranger (being polite of course), or the technician there to repair the server. Trust no one. Question everything. Verify.

One tactic he kept hammering: prevention. You can say the same for how you will communicate in a cybersecurity breach.

At Poston Communications, we prepare clients for the unexpected. With any communication challenge, we help our clients plan, respond and advocate.

[ MORE: 4 Steps to Take Before Developing a Crisis Plan ]

Statistics show a crisis shouldn’t be unexpected. According to a 2019 survey by PwC, 80 percent of U.S. respondents – senior executives in organizations of all sizes – reported experiencing a crisis in the last five years. Law360 predicts cybersecurity and data privacy will be one of the “4 Hottest Practice Areas for 2020.”

Poston’s Crisis and Litigation PR team is a well-oiled machine when it comes to responding to cybersecurity issues with our clients. But we prefer to talk with our clients before a crisis becomes an issue.

• Planning means establishing things like an incident response manager, a communications cascade, internal and external stakeholders and a spokesperson. It’s all about who will do what when the crisis arises. When a breach happens – you have no choice but to get into response mode. Don’t be left without a plan.
• Responding to any matter – especially those involving cybersecurity issues – is all about doing it quickly, succinctly and correctly. Holding off on communicating is never a good choice, even if you think you’re legally and ethically in the clear. In the absence of information, misinformation reigns. If you don’t have the answer, it’s okay to acknowledge that, and explain how you’re working to get it. How you respond and how often you communicate helps you control the mayhem internally and externally.
• Advocating means proactively mitigating negative client, internal and media sentiment. It includes taking a hard-look assessment on lessons learned and having a productive and honest conversation about deterring future incidents as well as making good on providing consistent, timely updates on the response. This goes a long way with rebuilding trust and your brand.

We highly recommend having tabletop exercises with your company and walking through a crisis scenario, ensuring your communications plan will work if and when you need to roll it out.

We love to help clients on the front end, but of course, are always here with our crisis division ready to respond 24 hours a day, 365 days a year.

And a final reminder of that sage journalism advice: Trust no one. Question everything. Verify.