If the person you knew the least in your organisation could do the most damage to its reputation, would you treat them differently? If the answer is yes, then maybe this year is the time to think about how you communicate with them – particularly around the issue of cyber security.
We’re all only one click away from ransomware, a data breach or a computer virus. It only takes one staff member, freelance, intern, temp to respond to a phishing request, click on a dodgy link, leave their mobile device unprotected and there it is.
Data breaches such as the attack on the credit reference agency Equifax https://www.bbc.co.uk/news/business-41575188 and the Uber breach https://www.bbc.co.uk/news/technology-42079937 are bad for business.
Journalists know a finely tuned and prepared PR machine may prevent them from getting the jump on senior executives and the CEO when chasing these stories. But it won’t stop them finding customers who have been affected from talking to the press.
Now it is damaging your reputation. After all, how could you ever again be trusted with someone’s private and personal information? It is this point that many organisations seem to miss. Yes, the media love a bad news story (actually they also like a good one too but that is another blog) and sometimes **** happens. But what steps did you actually take to try to prevent it? What will you tell your customers – as well as the Information Commissioner?
If your reputation is to survive a cyber attack, you have to prepare for one. This means how you deal with the media post event and how you dealt with it pre-event. Your IT department do the best job they can. But this is not about IT any more. Whether it is in house or outsourced, it is the senior team who has to take the lead because if you don’t you may well find yourself making the news rather than reading it.
This goes back to communication. If you have a siloed organisation there is every likelihood your staff will take the attitude “it’s not my job.” Actually it is. If a staff member knows from day one you, as the senior team, are taking cyber security seriously, there is every chance they will too. PR is not there to mop after the incident. It should be there to advise beforehand too. It is all about communication and that means those you know the least as well as those you know best.