Home Depot. Target. Sony. It seems like every other week, another company falls victim to hackers. While many companies are taking precautions–encrypting data, working with security firms, changing passwords often–they may be neglecting an important piece of the puzzle. In today’s environment, crisis preparation for cybersecurity issues is a necessity, and companies must consider internal communication implications.
Considering President Obama’s recent push for laws that will enable better communication between the government and companies about cyberthreats, now is the perfect time to take an inventory of your own company’s communications among your employees.
Evaluate if you’re adequately updating your staff and if the program supports your security and IT needs. To help with this inventory, here is a series of internal communications guidelines and questions that can help you to avoid unhappy employees, computer hacks, and, possibly, the wrath of North Korea.
If there has been a breach, let your employees know immediately, and be prepared with instructions on how they can help minimize the impact. They need to hear about the issue from management–preferably before they hear through the gossip mill or, worse yet, the media.
At the beginning, you might not know the full impact of the breach. Tell your employees what you do know, and do not hide important details from them. They will find out eventually, and it will be harder to regain their trust if you haven’t been open and honest.
Employees will be understandably nervous and upset if their private information is stolen from company computers. In the hours and days immediately following the hack, communicate frequently. Even if there isn’t new information, tell them you are working diligently to repair the issue.
Provide talking points to mid- and lower-level managers and leaders so that they can also communicate about the issue. Employees often trust their manager more than more senior executives and will appreciate having local communication.
While this might not be possible immediately following a security attack, make sure there is a venue for employees to voice their questions and concerns. If you provide an email address or phone number, there must be someone on the other end who is quickly responding and has up-to-date information to share.
For more preparation, ask yourself the following questions:
- What is the current state of affairs with your internal communications? What do you communicate? How often? Who is the signatory of communications sent internally?
- Do you have a crisis communication plan in place which outlines potential scenarios, draft internal and external statements, approval structures, and other guiding principles should something occur?
- How do you alert employees when something has happened? What will be the most effective way to reach the greatest numbers of employees quickly: Email? In-person meetings? Internal social media networks? Phone calls?
- Do you only send out official communications when there’s a problem, or do you have a robust program in place that shares positive and negative news?
In the end, keep in mind that employees are one of your biggest assets. Keeping them informed, especially during a time of change or crisis, is critical. Taking the steps outlined above will help your company emerge from a security breach and retain the loyalty of your employees.
—Shira Fine is a director of communications at Global Strategy Group and is based in Washington, D.C. She works on a range of legislative, reputational, and public relations issues for corporations and nonprofit organizations.