Preparing for the worst: an approach to Cyber Security Crisis Management & Mitigation
In the last of the ARA’s Cyber Security Awareness Month series, we talk with Sally Branson, a Crisis Management professional who has worked in corporate, diplomatic and government roles, offering insights into managing crises and public affairs strategy.
Emphasising the ‘when’ not ‘if’
Sally began by reemphasising the point made by other interviewees in this series, that cyber-attacks are not a matter of “if” but “when,” and being prepared is key. With her background in advising senior officials and politicians, Sally stresses that preparedness is a fundamental aspect of cyber security.
The digital landscape is constantly evolving, and cyber criminals are becoming increasingly sophisticated in their methods. Therefore, understanding the importance of cyber security is essential for any business, regardless of its size. A proactive approach to cyber security is crucial for mitigating risks.
The Human Factor in Cybersecurity
We’ve heard in the series, how employees can unwittingly become the gateway for cyber threats due to human error. This aspect of cyber security is particularly relevant to small businesses, which may lack the resources to invest in extensive cyber security training.
Acknowledging that small business owners often find themselves stretched thin, balancing multiple responsibilities, staying informed through sources like podcasts can be an effective way to raise awareness, without over-committing time. By engaging in ongoing learning and awareness-building, business owners can better protect their organisations and stay informed about emerging cyber threats.
Preparing Small Businesses for Cyber Threats
Sally understands that small businesses face unique challenges due to their limited resources. She advocates for creating a straightforward crisis plan, outlining clear steps to take in case of a breach. This document can serve as a vital reference point during a crisis, ensuring a swift and organised response.
There was emphasis on the importance of values and customer service in building trust with clients. Small businesses often rely on their reputation and customer relationships. Therefore, being transparent and demonstrating commitment to cyber security can strengthen the bond between businesses and their customers.
Further to building a crisis plan, Sally recommends that small businesses surround themselves with a support network of trusted advisors. This network can include peers, mentors, and industry professionals who can offer guidance and assistance during a cyber security incident.
Responding to a Cyber Crisis
In the aftermath of a cyber crisis, it’s key to communicate and keep all stakeholders informed. Clear, timely, and honest communication is essential for rebuilding trust and minimising reputational damage.
Sally suggests that being authentic in addressing the issue is crucial. Businesses should provide a detailed account of what happened, why it happened, and the steps being taken to prevent a recurrence. Transparency helps reassure customers and partners that the business is taking cyber security seriously.
To illustrate her point, Sally provides a practical example of how businesses can communicate with their customers after a data breach. In addition to providing a clear explanation, she suggests offering incentives, such as discounts or promotions, to maintain customer loyalty during challenging times.
Building Resilience and Relationships
For a large or small retailer, business resilience can be determined by the quality of their relationships with employees, customers, and other stakeholders. Building and maintaining these relationships should be an ongoing priority for businesses, even outside of crisis situations.
It might not be something that jumps into our strategic planning, but Sally references how engagement with local Members of Parliament (MPs) and journalists, can provide valuable support during a crisis. MPs often have resources and connections that can assist businesses in navigating the aftermath of an incident. Likewise, maintaining good relationships with journalists can ensure that the narrative surrounding an incident is helpful to the business and stakeholders alike.
Customer reviews and champions can help protect a brand from reputational damage. Positive reviews and loyal customers can serve as strong allies in countering the negative impact of a cyber breach. Engaging with customers, addressing their concerns, and showcasing testimonials can help businesses regain trust.
Sally Branson’s insight provides valuable considerations for retailers and businesses in any industry looking to enhance their reputational risk management. From proactive preparation to effective crisis management and relationship-building, Sally’s advice gives us plenty to reflect on with the escalating threats facing the industry, and acknowledging ‘not if, but when’.