web analytics

How to create an effective crisis communication plan – Source: www.csoonline.com

how-to-create-an-effective-crisis-communication-plan-–-source:-wwwcsoonline.com
Rate this post

Source: www.csoonline.com – Author:

The question is no longer whether, but when your organization will suffer a consequential cyber incident. A crisis communications plan is mandatory to protect your business.

Incident response isn’t the only challenge CISOs must face when confronted with a cyberattack. Corporate communications also plays a vital role in crisis management — and in ensuring the business fallout of a breach is also contained.

Just as CISOs need to develop and test their incident response plans, they also need to help develop, implement, and test-run a crisis communications plan, in conjunction with their business colleagues, especially in corporate communications.

From a communications perspective, effective crisis prevention has three elements and does not begin only when the crisis has occurred. The following measures should generally be part of corporate communications:

  • A crisis communications plan optimally prepares the company for all possible crisis scenarios. This includes clear rules of conduct and communication, prepared content, and secure communication channels and tools.
  • Internet monitoring shows how the crisis is perceived in social networks and the media. Reputation-damaging publications can be identified early, and countermeasures can be initiated.
  • Good communication in day-to-day business creates established contacts with opinion leaders. Good relationships and a strong reputation can be leveraged in times of crisis.

Getting crisis team structure right

To ensure consistent communication and a rapid response to all challenges in the event of a crisis, a clear communication responsibility structure is essential. While overall responsibility for correct corporate action in a crisis lies with management, responsibility for crisis communication must be assigned to the corporate communications department.

Only those responsible for actively participating in communication decisions should participate in the crisis communications emergency task force. This committee is not staffed according to hierarchical criteria.

One of the task force’s key objectives is to establish an expanded crisis communications emergency response team (CCERT), including members from all corporate divisions. The CCERT’s objective is to inform the entire organization about the current situation. And because this follows from concrete action taken on the part of cybersecurity and IT teams to resolve the underlying issues, a member of corporate communications and a member of cybersecurity or IT must jointly lead the CCERT.

In addition to rolling out communication measures, the CCERT also needs to monitoring external reporting of the incident — and decide on adapting communications measures and content.

Build emergency infrastructure early

Planning crisis communication involves many practical aspects. These include, for example, identifying the room in which live crisis management meetings can take place and how online meetings will be conducted.

In the event of a cyber crisis, it must always be taken into account that communication tools such as email, chat, landline, or IP telephony may not be available.

It must also be expected that the IT network will be inaccessible or will have to be shut down for security reasons. Therefore, all prepared documents and contact lists of the crisis team must be accessible even without access to the internal IT network.

Team members must use email accounts that operate independently of the company’s IT infrastructure. Management must pay close attention to data protection and security when creating this alternative communications infrastructure for crisis situations.

Create a crisis communication outlet

Where should companies begin with their initial emergency communication? Let’s assume corporate networks are no longer functioning and the company’s website is no longer accessible. An alternate site must then be launched.

This alternate site should be a prepared website containing the most important information for customers, partners, and the public in the event of a crisis. Much of this can be built in advance, with clear areas for specific communication around the incident and the company’s response ready to be filled with details as necessary. The company’s main website address should be redirected to this alternate site as soon as possible.

The alternate site can be used to continuously publish current information about the crisis and crisis management, as well as contact addresses for those affected, the media, and partners. It must be clarified in advance who within the CCERT is responsible for editing the alternate site.

Multi-level communication strategy

Crucial to effective external communications is that the media and social network users receive information from a single source. Therefore, it must be clarified that only designated corporate communications employees with experience in public relations will provide statements to the media.

All departments must be informed of their media contact details. Press relations during a crisis are generally conducted in multiple stages.

Immediately upon the outbreak of a crisis, a prepared statement must be made available and issued on request. This statement may not contain details about the incident itself, but must express a willingness to engage in open communication.

Since most cyber incidents follow a similar pattern, the documents can be well prepared. The more concretely the extent of the crisis is known internally, the more concrete the initial statement can be.

As soon as the cause and extent of the crisis are identified, an active information release with key messages will be issued. Again, because most common forms of cyberattacks are known, this press release can also be prepared in advance.

If necessary, additional statements can be added that are important for understanding the incident or that protect reputation or contain additional information for those affected.

When it comes to active communication, it’s important to note that internal systems, such as lists of media contacts or tools for sending press releases, are likely no longer available. Alternate public cloud solutions can provide a work-around here. However, the most important data, such as private email addresses and mobile phone numbers of crisis team members and key external emergency partners, should always be stored on the most secure medium in the world: paper.

A second press release will follow shortly with additional information on the incident, an explanation of the crisis response strategy, and information for those affected. Further press releases will follow as the crisis develops.

The optional fourth phase can generally be used communicatively to build trust: Managing directors and members of the expert team can report together on the paths that led to the successful management of the crisis.

The crisis communications handbook

The crisis communications manual should be part of CISO’s incident response plan manual, as well as the company’s overall emergency manual for any type of crisis. The crisis communication manual should include, for example, the following elements:

  • Definition of a crisis
  • Definition of responsibilities
  • Member lists of the crisis teams with all contact details including private email addresses and private telephone numbers
  • Description of the tasks of the committees
  • Definition of processes
  • Definition of all communication channels used during the crisis (with target group assignment)
  • Definition of all communication tools in a crisis
  • Definition of speaker roles
  • Flowcharts (from the identification of the crisis to its resolution)
  • Description of the communication culture
  • Pre-written documents

Experience has shown that a crisis communications manual must always be developed in a process that involves management, the communications department, the IT department, security experts, and the relevant departments within a company. It is a vital facet of company survival in the event of a crisis, because customers and partners are at risk of breaking relationships with your company due to a lack of effective communication when crisis hits.

Like cybersecurity tabletop scenarios, crisis communication triggered by a cyberattack must also be practiced regularly. It begins with the declaration of the crisis and continues through the final report. This checks whether measures are working, committees are functioning, processes are running as intended, and templates are suitable.

See also:

SUBSCRIBE TO OUR NEWSLETTER

From our editors straight to your inbox

Get started by entering your email address below.

Original Post url: https://www.csoonline.com/article/3851840/prepared-for-cyberattacks-crisis-communication-according-to-plan.html

Category & Tags: Incident Response – Incident Response

Views: 2

LinkedIn
Twitter
Facebook
WhatsApp
Email

advisor pick´S post

CISO2CISO Notepad Series
How Can We Structure Cybersecurity Teams To Better Integrate Security In Agile At Scale?
How Can We Structure Cybersecurity...
OCCUPYTHEWEB
Linux Basics for Hackers by Occupytheweb
Linux Basics for Hackers by...
NIST
Digital Forensics and Incident Response (DFIR) Framework for Operational Technology (OT) by NIST – Eran Salfati and Michael Pease
Digital Forensics and Incident Response...
Think Big Blog
Top 10 TED Talks to Learn about Cyber Security
Top 10 TED Talks to...
NCSC
NCSC Cyber Security for Small Business “SMEs” Guide.
NCSC Cyber Security for Small...
Practical DevSecOps
API Security Fundamentals – Your Handy Guide to Building an Unhackable System by practical-devsecops.com
API Security Fundamentals – Your...
Vendict
The 2024 CISO Burnout Report by Vendict
The 2024 CISO Burnout Report...
Mohammad Alkhudari
Cybersecurity Strong Strategy step by step Guide collected by Mohammad Alkhudari 2024
Cybersecurity Strong Strategy step by...
Marcos Jaimovich
The Silent Spectre Haunting Your Network: QPhishing, the CISO’s Unspoken Nightmare.
The Silent Spectre Haunting Your...
Marcos Jaimovich
Goodbye to Traditional: Why Conventional Cybersecurity Tools are No Longer Sufficient for the Future of Digital Threats ?
Goodbye to Traditional: Why Conventional...
Marcos Jaimovich
Why do we compare a SOC (Security Operations Center) with the cockpit of a commercial airplane? by Marcos Jaimovich
Why do we compare a...
Joas Antonio
Security Operations Center (SOC) – Tools for Operations Development by Joas Antonio
Security Operations Center (SOC) –...

LASTEST PUBLISHED POSTS

Cyberint
Retail Threat Landscape Report Q1-Q3 – November 2024 Summary by Cyberint a Check Point Company
Retail Threat Landscape Report Q1-Q3...
NCSC
Protecting Critical Supply Chains – A Guide to Securing your Supply Chain Ecosystem
Protecting Critical Supply Chains –...
Culture AI
Time to Adapt – The State of Human Risk Management in 2024 by Culture AI.
Time to Adapt – The...
National Cyber Security Centre
Engaging with Boards to improve the management of cyber security risk.
Engaging with Boards to improve...
Microsoft Security
2024 State of Multicloud Security Report by Microsoft Security
2024 State of Multicloud Security...
bugcrowd
Inside the Mind of a CISO 2024 The Evolving Roles of Security Leaders 2024 by bugcrowd
Inside the Mind of a...
Mohammad Alkhudari
Cybersecurity Strong Strategy step by step Guide collected by Mohammad Alkhudari 2024
Cybersecurity Strong Strategy step by...
Lacework
CISO’s Playbookto Cloud Security by Lacework
CISO’s Playbookto Cloud Security by...
MITRE - Carson Zimmerman
Ten Strategies of a World-Class Cybersecurity Operations Center by MITRE
Ten Strategies of a World-Class...
SILVERFRONT - AIG
Identity Has Become the Prime Target of Threat Actors by Silverfort AIG.
Identity Has Become the Prime...
CYZEA.IO
Enterprise Information Security
Enterprise Information Security
IGNITE Technologies
ENCRYPTED REVERSE
ENCRYPTED REVERSE

More Latest Published Posts

WORLD BANK GROUP
Global Cybersecurity Capacity Program
Global Cybersecurity Capacity Program
Gary Hinson
Getting started withsecurity metrics
Getting started withsecurity metrics
EDPS
Generative AI and the EUDPR.
Generative AI and the EUDPR.
Bright
2024 Guide to Application Security Testing Tools
2024 Guide to Application Security Testing Tools
HADESS
Hacker Culture
Hacker Culture
Quuensland Govermment
RISK ASSESSMENT PROCESS HANDBOOK
RISK ASSESSMENT PROCESS HANDBOOK
Ministry of MOS Security
HIPAA SIMPLIFIED
HIPAA SIMPLIFIED
Hacker Combat
How Are Passwords Cracked?
How Are Passwords Cracked?
CIS - Center for Internet Security
How to Plan a Cybersecurity Roadmap in Four Steps
How to Plan a Cybersecurity Roadmap in Four Steps
ACSC Australia
Information Security Manual
Information Security Manual
Kaspersky
Incident Response Playbook: Dark Web Breaches
Incident Response Playbook: Dark Web Breaches
ninjaOne
Endpoint Hardening Checklist
Endpoint Hardening Checklist
HADESS
Important Active Directory Attribute
Important Active Directory Attribute
ISA GLOBAL CYBERSECURITY ALLIANCE
IIoT System Implementation and Certification Based on ISA/IEC 62443 Standards
IIoT System Implementation and Certification Based on ISA/IEC 62443 Standards
Rajneesh Gupta
IAM Security CHECKLIST
IAM Security CHECKLIST
sqrrl
Hunt Evil
Hunt Evil
Searchinform
How to protect personal data and comply with regulations
How to protect personal data and comply with regulations
Giuseppe Manco
Threat Intelligence Platforms
Threat Intelligence Platforms
CSA Cloud Security Alliance
Hardware Security Module(HSM) as a Service
Hardware Security Module(HSM) as a Service
IGNITE Technologies
CREDENTIAL DUMPING FAKE SERVICES
CREDENTIAL DUMPING FAKE SERVICES
IGNITE Technologies
A Detailed Guide on Covenant
A Detailed Guide on Covenant
NIST
Computer Security Incident Handling Guide
Computer Security Incident Handling Guide
IGNITE Technologies
DIGITAL FORENSIC FTK IMAGER
DIGITAL FORENSIC FTK IMAGER
Accedere
Cloud Security Assessment
Cloud Security Assessment
YL VENTURES
CISO Reporting Landscape 2024
CISO Reporting Landscape 2024
CISO Edition
Reporting Cyber Risk to Boards
Reporting Cyber Risk to Boards
CIOB
CIOB Artificial Intelligence (AI) Playbook 2024
CIOB Artificial Intelligence (AI) Playbook 2024
INCIBE & SPAIN GOVERNMENT
Nuevas normativas de 2024 de ciberseguridad para vehículos
Nuevas normativas de 2024 de ciberseguridad para vehículos