Be ready for the cyber threat

One of the significant threats to any business and organisation is the possibility of some form of cyber attack. In recent weeks we have seen attacks targeting the BBC, Boots and others, and we now have the Electoral Commission added to that list. I spend a lot of time encouraging communicators to consider the risks and to be ready for the inevitable moment that something happens.

In addition, the management of data has for many years been an area of concern. There are many organisations that have faced fines because of the loss of personal data. The situation where the Police Service of Northern Ireland has released personal data of officers and staff in what has been labelled a ‘human error’ is of serious concern.

But in the middle of a world facing chaos and many crises preparing for a cyber attack and any damage from the loss of data is often not considered to be a priority. Yet, when these situations emerge they can undermine the trust and confidence that people have both in the management of personal information, and in the processes that are in place. It is not just customers and those outside the business but employees can also lose confidence in the business.

It is clearly a worrying time for many police officers in Northern Ireland and I am sure there will be lots of work underway to look at what can be done to try and minimise the damage. But once information is out on the internet it is almost impossible to retrieve it in any meaningful way. PR and communication professionals have to be ready to tackle this ever present threat. So, here are my five top tips for being ready for a cyber attack:

1. Have a bespoke cyber attack communication plan that will detail what you will say and how you communicate what has happened.
2. Ensure your plan focuses on communicating with and reassuring those who are directly affected by the attack or data loss. (I hope that there is a lot of internal communication and visible leadership taking place within PSNI to try and support those who are concerned about what has happened.)
3. Get to know your IT people. When a cyber attack happens you need to understand what they are doing and how you can support them. Spend some time to discuss your cyber attack communication plan with them before anything happens.
4. Test your approach before anything happens. This should include how the business will respond to the operational impact and importantly to the reputational damage. Make sure your communication approach will work and that those in senior positions understand what it means and what they need to do to support it.
5. Never assume that it won’t happen to you. There is an increasing threat and it was something that featured in the UK Government’s recently published National Risk Register. As with many situations, it is not a matter of if it happens but when it happens.

If you really don’t know where to start then you could ask someone for help. There is also some really helpful work from the University of Kent that provides a starting point for anyone considering cyber attack communication. (Find out more here.) We all not to protect ourselves and ensure our business and organisations are ready to effectively communicate when these crises occur.