Cybersecurity Blogs

5 Tips for a strong cybersecurity communications plan

A cyber attack turns your whole world upside down. Just like that, you’ve lost access to important files or even see your entire business grinding to a halt. While you are trying to get a hold of what is happening and do your best to limit the damage, you must also communicate with staff and stakeholders. You probably know what is required to do by law, such as reporting a data breach to the authorities. But how do you handle your internal crisis communication during a cyber attack?

Internal communication is very important during any crisis, but even more so during a cyber attack. Cyber attacks cause a lot of uncertainty. It is often unclear where exactly the attack is coming from and what the extend of the threat is. It’s not an option to wait until things clear up, though, as rumors will spawn and cause unrest among your staff. Having to communicate clearly and openly with not much information to go on is what makes it so challenging to come up with a good internal communication strategy. That’s why we have collected the most important tips to help you prepare a good cybersecurity communication plan.

cybersecurity communications plan

1: Think about how you can reach everyone under any circumstance

The success of your cybersecurity communication plan depends on whether you can reach everyone in your organization. Trusty communication channels like email and intranet are particularly vulnerable during a cyber attack. You might need to take them offline for security reasons, or they can become compromised by the attack. Important employee information such as telephone numbers also might become inaccessible due to ransomware. That’s why you should consider a crisis-proof communication channel on which you can always rely, even when tensions are running high.

Netpresenter is developed to allow you to communicate through multiple channels, including large tv screens, an app and even SMS. This wide range of channels is crucial to be able to reach everyone immediately and effectively during a crisis, even if they are on the road, working from home, or when all PCs become inaccessible. You don’t even need to enter any contact information; one push of a button is all it takes to inform the entire organization.

2: Harness the power of push notifications

Even if email and intranet remain accessible, they are relatively slow ways of communication. While technology allows you to deliver your message quickly, there’s no guarantee that people will actually see and read your message right away, especially outside of office hours. For this reason, you should consider the possibility of actively bringing your message to your employees. A push notification or a text message stresses just how urgent your message is.

cybersecurity communications plan

Our notification functionality gives your messages that extra push. Push notifications are sent to mobile devices and PCs, and you can show them as full-screen notifications on digital signage screens. If you also send a text message at the same time, you can be sure that your message will appear on everyone’s screen – you’ll have everyone’s attention immediately.

3: Prepare different scenarios

Every minute counts during a crisis like a cyber attack. That’s why you need to prepare in advance. Consider the risks your organization most likely faces and the actions you need to take. Phishing emails flooding your coworker’s email boxes require a different approach than the imminent threat of a ransomware attack. Prepare these scenarios in advance and make them part of your CSIRP (Computer Security Incident Response Plan). When it comes down to it, all you have to do is execute your script.

Because speed is so important, we made it possible to prepare messages and alerts for different scenarios in the Netpresenter Alert Server. With a scenario, your message’s text, target group, selected channels, and many more settings are all prefilled. You can mobilize your IT department quickly via SMS and push notifications, while you’ll also warn the entire organization about the cyber attack with large notifications on every screen. 

4: Show reliability and authority

A cyber attack can cause a lot of turmoil and panic, and your internal communications greatly affect this. If communication is unclear or incoherent, you are only fanning the flames of unrest. Displaying reliability and authority, on the other hand, puts your employees at ease. That is why it is important to create a single source of truth, a central place where your employees can find all the latest information.

cybersecurity communications plan

Once again, email proves to be a very vulnerable medium. It is the foremost channel used to send phishing emails and fake invoices. Every communications expert knows: ‘The medium is the message.’ If people distrust email, it will affect all your other corporate communications send by email as well. The Netpresenter cloud platform is hosted in Microsoft Azure, which guarantees data security, minimizes the chance of a DDoS, and encrypts all of your communication. After all, during a crisis, you need a platform you can depend on!

5: Be open to questions

It is also important to create a central place where people can ask questions and leave comments. In an uncertain and perhaps ever-changing situation, employees are likely to have questions. By designating a central place for questions, comments, and answers, you avoid rumors from spreading and having to answer the same question multiple times. 

Netpresenter’s News & Safety App allows employees to ask questions and post comments directly below your message. With our Microsoft Teams integration, you can even move the conversation to Microsoft Teams. With the integration, your crisis communication will not just be visible on TVs, PCs, and cell phones but also immediately in a designated Teams channel.

cybersecurity communications plan

‘Failing to plan is planning to fail,’ Benjamin Franklin once said. This long-standing wisdom certainly applies to cyber attacks. It’s no longer a question of whether you will become a victim, but when. That’s why it is best to be well prepared so that you can act appropriately when necessary. Therefore, think about your cybersecurity (crisis) communication strategy before things go sideways. Keep these five points in mind and make your strategy part of your CSIRP to prepare your organization as best as possible.

Want to improve your organization’s digital security even more? Download our free Cybersecurity Checklist full of useful tips. If you like more tips on how to improve your crisis communication in case of a cyber attack, contact our consultants to find out how our software can help you.

Richard
Richard Renkens

IT-specialist Richard Renkens has been with Netpresenter for well over a decade. Besides solving IT-related mysteries, Richard likes to blow off steam on his mountain bike.