8 ways to manage a security crisis
There are any number of things that could happen to your business, a ransomware attack, server crash or a legacy system stops working, or a software release goes totally wrong. These are just some of the problems that your company could experience at one time or another.
There is no question of if something will happen, it is more when will something will happen, and at that point your plan of how to handle the situation needs to already be in place. Manage the problem poorly, you risk losing customers, or worse. Handle a crisis promptly and professionally, you can fend off a public relations disaster and might even gain new customers.
What steps can businesses take to mitigate and effectively manage crisis? Here are eight suggestions.
1. Stay calm, prioritize and don’t point fingers
During a crisis like a site outage, which has a high level of visibility, it is critical for senior IT leadership to remain calm and focused. Everyone on the team is under an extreme level of stress during an outage, and this can lead to mistakes. However, you need the team to perform their best at that very moment.
As a leader, by simply being a balanced, reassuring presence, you can calm nerves and make sure the team stays focused on resolving the issue. On the other hand, if you appear to be spinning out of control, you’ll take your team down with you and it will take more effort and time to resolve the issue. Also, micromanaging your team when the pressure is on will lead to disaster. A better approach is to hold a 10- or 15-minute meeting to discuss the problems and what needs to be done. Break up the work into sections, assign work to each team member and keep them focused on their tasks.”
Finally, don’t look for excuses. If you start making excuses about what caused the issue or pointing fingers this will erode confidence. Why it happened is not the important issue right now, that can be determined later.
2. Have both an incident response plan and a disaster recovery plan in place
Handling a security crisis can often come down to preparation. Even if you don’t have a security budget, you can still plan for what you will do if you encounter a security problem. Understand who needs to be notified, both internally and externally, as well as who will be involved in your response. Then practice it. Those first few minutes and hours will be critical to how you fare under duress. Also, when it comes to common network problems, like servers going down, it pays to have a recovery plan in place before it happens. The plan should be detailed enough to follow step by step, but broad enough to allow room for improvisation, because even a well-laid plan always needs changing in the moment, depending on the specific situation.
3. Take snapshots at least once a week, preferably Daily
If you are hit with viruses, ransomware or data corruption, rely on snapshots/backups to restore your data, rolling back to several minutes, hours or a day prior. With snapshots, your Recovery Time Objective (RTO) and Recover Point Objective (RPO) depends on how you have setup your automated snapshot process. Depending on how frequently you set snapshot levels, you may not be able to restore everything, but at least you’ll have a fast path to partial restoration.
4. Have a failover option
If your cloud-based system has an outage, and you have set up the proper failover architecture, you can simply redirect your applications and/or data to an alternate cloud service provider. Having a multi-cloud architecture is very smart to prevent single points of failure. Alternatively, many cloud-based architects recommend a hybrid approach where critical data is synchronously mirrored between the cloud and on-premises storage. This way, you can failover between the cloud and an on-premises copy of your data.
5. Involve the Public Relations team – and legal
Depending on the size of your company, if you are publicly held or a utility, you may need to address the public. The importance of involving public or media relations professionals early on when an issue arises and has the potential to become a crisis is imperative for mitigating damage to a company’s brand. Your PR team should be among the first to know of a potential incident or breach because the earlier they are aware of a situation, the more time they have to collect the facts and work with the legal department to prepare a public-facing statement.
Having such a statement on standby should the incident become public is crucial. In cases such as cybersecurity incidents, during which attackers may want to take credit for their work by broadcasting their own statements on social platforms, it is especially important that the Public Relations team is ready to monitor what’s being said about the company and the situation to respond effectively, if and when appropriate. This cross-silos collaboration is essential for mitigating damage to the company’s reputation.
6. Immediately notify customers
If your email server gets hacked and your entire customer list is sent spam from your company email address, quickly send a global email to let your customers know. Make sure that the subject line is clear and direct. Write something like: ‘Please do not open an email from us with [x] in the subject line.’ Then, in the body of the message, own up to the error. Apologize and take responsibility (even though it is not your fault). Customers expect mistakes to happen. It is your job to wow them on recovery. Also, post messages on your social media accounts (e.g., Twitter, Facebook, LinkedIn) letting people know you are experiencing a problem but are handling it – and will keep people posted. Then make sure you keep them posted.
7. Manage user/customer expectations
Managing expectations is the key to ensuring that a problem isn’t compounded by users perpetually asking questions. It is important for companies to provide customers and users with a brief explanation of the problem, in layman’s terms but specific enough to give them an idea of what is wrong. That way it will look like you are not trying to cover something up or avoid the problem and creates some empathy from people who may not understand completely, but know you’re working on something to fix it. It’s also important to let people know when a fix may be in place, overestimating, by 10 percent, to be safe. If the problem spans multiple days, update users every 24 hours or so to let them know that you’re working on it. This way you aren’t barraged. Then when it is all fixed, send an all-clear message when the problem is resolved.
8. Conduct a postmortem
Once an IT outage issue has been resolved, it’s important to immediately conduct a blameless postmortem to analyze what happened. Use this time to evaluate what worked well in your incident response process and what didn’t, as well as ways you can fire-proof your system for incidents of this nature in the future. You can then perfect and streamline your incident resolution process for future incidents.