The secret to managing a cyber crisis


2.            Level Set with Each Stakeholder

When preparing for how to handle stakeholders, before landing in a breach situation it could be beneficial to ask, “What are the top three questions you’ll want to ask in the heat of a crisis?”

This helps in determining the stakeholders’ priorities and can manage them effectively.

3.            Be Honest

There is no doubt, eventually there will be some bad news to share during a cyber breach. Hence, honesty and transparency throughout the entire process is critical to maintaining trust with stakeholders. 

Another way to avoid unnecessary issues is to proactively prepare each of those stakeholders for what may happen in the speed and chaos of response, even if they seem far removed from your day to day security operation.

4.            Syntax Rules If You Want to Get Buy-In

When communicating about cyber prevention, awareness and hygiene, try to position policies and processes in a way that is “against the bad guy” as opposed to one that shows distrust in employees. The latter may raise privacy concerns amongst employees or make them feel as if they’re not trusted. Instead of instilling worry, encourage employees to follow guidelines in order to prevent a major attack.

5.            Be a straight-shooter

Be upfront with your third-party responder about what the real objective is.

The objective is the most important piece of information you can relate to the third party responder. Some companies will have an objective of getting back up and running as soon as possible, another will want their customers put first. Depending on the end objective third party vendors will tackle the incident differently.

In the end, it is important to not let what you know get mixed up with what you think. Don’t doubt yourself and when managing the emotional response to a breach, separate the facts and what you think. Define both and steer clear from acting on the latter. Once the facts are secured then it’s time to make choices about which of the alternative possibilities to select and how you’ll act on it.

Hopefully these tips will never have to be used, but as cyber security season is well and truly amongst us. These should help you weather the storm.

Jon Ramsey is chief technology officer at SecureWorks.