How To Prepare for a Data Incident
The prospect of experiencing a data incident of some kind has transitioned from being an “if” to a “when” for most companies. For critical industries like healthcare and energy, recent news like that of the Colonial Pipeline hack proves this to be true. In fact, 2020 saw a 150 percent increase in ransomware attacks, and 2021 is on pace to see an even bigger increase.
Many companies have invested in the technical components needed to address such issues. But the best responses - the ones that mitigate collateral impact while maintaining an organization’s reputation - are accomplished by interdisciplinary teams. Here are five tips to get the most out of these teams.
Have a Plan in Place
There are reasons first responders frequently train for crisis situations: having a plan and building muscle memory for your response increases your chances for success when the stakes are high. Organizations should learn from this lesson. A data incident can impact your infrastructure, payroll, revenue operations, and corporate reputation for years to come. According to IBM/Ponemon the average cost of a data breach is $3.86 million, and the costs of some incidents, particularly ransomware attacks, continue to rise.
With so much at stake, why leave your response to chance?
Creating an interdisciplinary crisis response plan ensures that management has general consensus in its response, key players know their roles, and there is alignment on the types of things an organization will say, who will say them, and when. From a communications perspective, plans should include strategic items like holding statements and mapped-out scenarios, as well as tactical items like meeting attendees and dedicated conference lines. The fewer decisions that need to be made in the moment, the better-off your team will be.
Be Prepared to Be Transparent
According to recent research, firms that proactively disclose data breaches to key stakeholders are likely to decrease the financial impact of these events by 40% over companies that had news of their incidents leaked to the press. Moreover, proactively communicating these incidents allows companies to control the message around an issue, instead of having to respond to a crisis.
In the planning process, it is particularly important for communicators and the company’s legal team to align on the types and timings of disclosures that a company will make. This is about more than complying with statutes in a particular jurisdiction. It’s about maintaining trust with the key stakeholders on whom your organization depends for business.
Know the Key Players and Make Sure They Know Each Other
This may sound obvious, but having a defined cross-functional crisis response team that knows how to work together is paramount during a data incident. In one study on team dynamics, researchers found that most senior teams think that they have a clear structure in place but, when asked, only 10 percent actually agreed about who was on their team. In a crisis, ambiguity on roles and responsibilities is fodder for chaos and risks worsening already tense situations.
It’s important to think through who needs to be in the room and who should be at the ready as a subject matter expert. Oftentimes, these rosters will evolve as teams pressure test their crisis plans.
Engage Employees
It’s true that a data incident is likely to be caused by employee error, likely someone falling victim to a phishing attempt or failing to follow security protocols. That’s why companies frequently send “all staff” communications warnings about such threats. But while there is often ample communication on prevention, many organizations are inclined to be tight-lipped when it comes to communicating with employees on crisis response.
Employees aren’t shy about sharing issues that arise at work on social media. Proactively communicating your company’s data incident response accomplishes two things. First, it demonstrates to employees that management is on top of the issue and takes data security seriously. Second, it provides companies the opportunity to proactively seed their messaging for when employees inevitably share what’s happening publicly.
Update your Plans Based on Emerging Threats
Crisis response plans that sit collecting dust become useless pretty quickly, particularly as hackers increasingly employ evolving tactics like double extortion ransomware and follow-up denial-of-service attacks. A well-defined, cross-functional data incident response team should meet regularly to assess emerging threats, discuss new security improvements or concerns, and determine if existing plans still address threats in the current environment.