User:Shawndouglas/sandbox/sublevel3

From LIMSWiki
Jump to navigationJump to search

As discussed earlier, fostering an environment of transparency in regards to cybersecurity matters is beneficial to the business. By extension, this includes properly disseminating notice of cybersecurity risks, breaches, and associated responses. Steve McGaw, the chief marketing officer for AT&T Business Solutions, had this to say about it in 2017[1]

When a breach is revealed, the attacked company is portrayed not as a victim, but as negligent and, in a subtle way, complicit in the event that ultimately exposed partners and customers. In short, it’s clearer than ever that cyberattacks can have an existential impact on companies. If customers don’t trust a company, then they simply won’t do business with them. These types of brand implications are indelible, and a communication strategy is invaluable.

This is where you decide how to communicate cybersecurity incidents and respond to them. McGaw and others offer the following advice in that regard[1][2][3][4]:

  • Organize an incident response team of IT professionals, writers, leaders, and legal advisers and together develop protocols for how revelation of a cybersecurity incident should be handled, from the start.
  • Ensure that upon an identified breach that the issue and it's likely impact are eventually clearly understood before communicating it to stakeholders. Communicating a hastily written, vague message creates more problems than solutions.
  • Provide messaging on the solution (corrective action), not just the problem. Sometimes the solution is complex and difficult, but it's still beneficial to at least let stakeholders know action is being taken to correct the issue and limit its impact.
  • Consider the use of playbooks, report templates, and training drills as part of your communication plan. Practice resolving security incidents with your assembled incident response team, and seek outside help when needed.
  • When crafting your message, avoid jargon, use clear and simple language, be transparent (avoid "may" and "might"; be up-front), and keep your business values in context with the message.
  • Don't forget to extend transparent messaging to internal stakeholders.

References

  1. 1.0 1.1 McGaw, S. (2017). "Breaching the secret to cybersecurity communications". The Public Relations Strategist (Spring 2017). https://apps.prsa.org/Intelligence/TheStrategist/Articles/view/11873/1152/Breaching_the_Secret_to_Cybersecurity_Communicatio. Retrieved 23 July 2020. 
  2. Cadmus Group, LLC (30 October 2018). "Cybersecurity Strategy Development Guide" (PDF). National Association of Regulatory Utility Commissioners. https://pubs.naruc.org/pub/8C1D5CDD-A2C8-DA11-6DF8-FCC89B5A3204. Retrieved 23 July 2020. 
  3. Lago, C. (10 July 2019). "How to implement a successful cybersecurity plan". CIO. IDG Communications, Inc. https://www.cio.com/article/3295578/how-to-implement-a-successful-security-plan.html. Retrieved 23 July 2020. 
  4. Hamburg, I.; Grosch, K.R (2018). "Chapter 4: Aligning a Cybersecurity Strategy with Communication Management in Organizations". In Peña-Acuña, B.. Digital Communication Management. IntechOpen. doi:10.5772/intechopen.75952. ISBN 9781838814908. 
Retrieved from "https://www.limswiki.org/index.php?title=User:Shawndouglas/sandbox/sublevel3&oldid=46460"