How to respond to a data security crisis?

Science fiction became a reality: we live in an era where hacking, information leakage, cyberterrorism, trojan viruses, cyber extortion, identity theft, etc. are common news and happen on a daily basis.

You can hear about data leaks of big companies around the world, that destabilize stock markets, alter investors and even put governments in check. This is our reality.

Due to all of the above, it is important for companies to consider a crisis response plan in case of a computer incident. Down below we will discuss how to handle a situation like this.

What do companies do wrong when they face a hacking crisis?

The main mistake companies make is trying to hide, which is usually the first thing they do. They normally take too long to face and recognize the wrong and its consequences.

It is imperative to be transparent on the matter because the image of the company could be compromised not only among customers and the general public but also among shareholders.

What can you do to turn a data leak crisis into an opportunity?

It is believed that crisis is a synonym of opportunity and that, when solving it, everything will improve immediately, but this is not necessarily the case (read about TAESA below). Remember that nothing speaks better about a company than the way it behaves during a crisis, so it is important to take the right steps to really turn a crisis into an opportunity:

1. To face it: recognize the situation.
2. To give a calming message for any affected party, where the solution, the compensation that will be given to those affected (if necessary), and the prevention plan for those attacks and/or mistakes are indicated.
3. To control the journalists: in that message, all possible questions that press might make in order to be the company who sets the agenda, and not the media, should be answer.
4. As you plan your message, remember the famous "C": consistency, clarity and consistency.

What to avoid in case of a data leak crisis?

1. To lie or hide relevant information.
2. Be illogical with the company values.
3. Do not have a representant: remember that the crisis spokesperson does not necessarily have to be the CEO or the communication director. A empathetic spokesperson should be chosen.

The public relations and communication agency role

When a public relations crisis is presented, the agency role is key to solve it, this is why a series of immediate activities will be carried out:

1. The most important thing is to understand that the past can not be erased. We must recognize the crisis.
2. Actions to reduce the impact.
3. "Start the healing process": delimit responsibilities, penalise the guilty, promise that nothing similar will happen again, communicate the actions that will help from happening again.