Did you know October is National Cyber Security Awareness Month?
October ends on Halloween, one of America's favorite holidays. The timing is interesting, if probably unintentional. Goblins and monsters walk the night, people put on clever costumes and everyone's on tenterhooks about the next big scare. That sounds a lot like the internet these days, doesn't it?
Why not let it inspire information technology to start or strengthen a partnership with corporate communications and public relations teams to help them maintain and enhance goodwill with all your organization's important audiences during future cyberattacks?
Here's a three-part strategy to engage your internal and external communications specialists that underscores preparation as saving time, resources and ultimately your company's reputation and allows for the busy schedules everyone faces, day in and day out.
1. Aim for specificity right from the start
Nothing brings out the inner procrastinator better than vagueness.
Which of these two openings is more likely to prompt a meeting date instead of a tepid, polite brush-off:
"We would like to share thoughts soon on how IT may be able to lend a hand with your workload when some kind of cyberattack happens to us again/one day. I've made a list of a few initial ideas.
"I think you'll like them, and it will be nice to know you and your staff better."
"After a DDoS hit competitor XYZ, its spokesman fumbled key details when talking to the tech press. The company hasn't recovered from looking so clueless. I read today it laid off half its Northeast division.
"I believe we can avoid a similar bad outcome with professional interview training for IT. The time is right to request funding, but we won't succeed without your participation. What do you recommend as a first step?"
2. Study online crisis communications resources to shape your discussions
Access one or more of the numerous excellent reference guides maintained by crisis management experts online.
Any guide worth its salt emphasizes careful planning before disaster hits, and regular safety drills to ensure all employees have the confidence and the means to act wisely when it does. Refer to the guide's concrete tasks to craft practical and relevant input.
For example, are there "holding statements" already developed and approved with IT's counsel that address the top three or four kinds of cyberassaults for your organization or industry? These confirm the trouble, express genuine compassion for all those adversely affected, and repeat a commitment to provide the facts as they emerge.
Another version of prepared material that has formed many a sturdy bridge over troubled water is the FAQ. How might corporate communications and IT formulate or polish a standard cyberattack FAQ template, appropriate for the media and customers alike?
3. Set in motion regular updates designed for PR and corporate communications on IT security news
Conduct regular joint reviews of security trends and news and how well internal awareness campaigns tackle the evolving threat to valuable databases and operating systems. Talk about how you interact with your security vendor or vendors, if you have them. Are these vendors a dependable source of tactics for protecting the enterprise against sneak attacks?
Before you sit down together, listen carefully to what they say their current priorities are. Timing is everything: The PR department may be up to its neck on another big project about which you didn't know.
A timely, straightforward, informative and reassuring series of announcements and press conferences about a security breach delivers essential breathing room to fix the problem. That spells the difference between getting back to normal with minimal damage or suffering years of expensive, even crushing, distractions.
You'll have friends for life in corporate communications, too, and as an added bonus, you'll sharpen your own communication skills.