It’s an old adage but it’s surprising how few organisations take Benjamin Franklin’s quote seriously enough to put his advice into practise.
‘By failing to prepare you are preparing to fail’ he said. Of course it is tough for organisations like smaller businesses and charities who don’t feel they have the time or money to spend on training. Unfortunately though, when it comes to dealing with a crisis of any sort, it is the preparation for that possibility which will save both in the long run.
It is particularly true of the new European Union GDPR (General Data Protection Regulations) which are aimed at protecting our personal data.They require organisations to report a data breach within 72 hours of becoming aware of the breach. But even before GDPR how many companies have put in place some sort of training for their staff to deal with one of the biggest dangers of this online age – cyber crime? How many of you have a robust plan to manage this risk? I suspect the answer is very few.
Yet cyber crime can destroy an organisation. It’s not just the financial loss. Over time that can be recovered. It’s about reputation and that depends on how you handle the situation. And with the risk of fines from the Information Commissioners Office a reality from 25th May 2018, never before has this been more important.
Firstly you need to make sure you genuinely have done everything possible to ensure your clients’ data is protected. Accreditations, certifications, training with reputable risk management companies will all help. These will set up the sort of system you need to prove you take GDPR seriously.
Secondly work with your Communications or PR team to understand the type of cyber event you are most likely to be exposed to and how you will deal with it in terms of communicating that to your clients. If your email system has been hacked, how will you reach your clients to tell them. What will that email say? Will it make matters worse or better?
Thirdly if you don’t have an internal Communications or PR team then bring in an external specialist. However don’t wait until the crisis to do this. They can work with the board and senior management team to put a system in place so you are prepared to deal with whatever happens. Rehearsal is key. A dry run will help you to understand who will need to be involved should something go wrong.
Finally do some training with media and crisis communications specialists. It will help you understand how the media will react should your cyber attack become public and what you can do about it. It will also give you a better idea of what is good communication should you have to let your clients’ know.
Preparation is everything…
Gail Downey,
Media and Crisis Communications Specialist and Guest Blogger
