𝗧𝗵𝗿𝗲𝗲 𝗧𝗵𝗶𝗻𝗴𝘀 𝘁𝗼 𝗖𝗼𝗻𝘀𝗶𝗱𝗲𝗿 𝗗𝘂𝗿𝗶𝗻𝗴 𝗮 𝗖𝗿𝗶𝘀𝗶𝘀:
𝟭) 𝗛𝘂𝗺𝗮𝗻 𝗘𝗺𝗼𝘁𝗶𝗼𝗻
Imagine a CEO worried about his organization’s reputation. A CISO worried about being blamed for the event. An I.T. department who worked all weekend. Oh, and it all happened over Christmas.
When you walk into a situation like that – the best thing you can do is bring a sense of calm confidence. Get everyone on the same team ready to execute against a playbook. No blame, no ego, just a focus on the mission.
𝗔𝗰𝘁𝗶𝗼𝗻 𝗜𝘁𝗲𝗺: Coach your crisis management team to manage the power of human emotion in a crisis. Add a “ground rules for behavior” section to any tabletop or crisis management drills.
𝟮) 𝗧𝗿𝗮𝗻𝘀𝗽𝗮𝗿𝗲𝗻𝗰𝘆
Companies are often tempted to keep cybersecurity incidents a secret. They are afraid that having a breach will ruin their reputation and cost them, customers. The concern has merit. But in the long run, there are no secrets, and the truth gets out. The best course of action is measured transparency. Long-term outcomes prove that companies do better when they consistently do the right thing in the face of a crisis.
𝗔𝗰𝘁𝗶𝗼𝗻 𝗜𝘁𝗲𝗺: Part of your crisis management planning should be ways and means to communicate quickly and effectively to impacted parties.
𝟯) 𝗥𝗲𝗺𝗲𝗱𝗶𝗮𝘁𝗶𝗼𝗻
If you have had a security breach that involves the compromise of core systems – the reality is that the bad guys have probably been in your system a long time. Maybe months – maybe even years. They have probably installed back doors, fake accounts, and half a dozen other ways to regain access to your systems. Deep breath — Remediation doesn’t happen overnight. The reality is that in the wake of a breach, it could take months/years to identify the root cause and take corrective action. That’s not fun. It takes patience.
𝗔𝗰𝘁𝗶𝗼𝗻 𝗜𝘁𝗲𝗺: Have the leadership and patience to finish the mission. Use the breach as an opportunity to improve the long-term sustainability of your company. When doing tabletop exercises – prepare your leadership team and the board for this potential outcome. This understanding will help avoid surprises if a breach ever happens.