Ashley Sawatsky, Senior Incident Response Advocate, Rootly: No matter how well-prepared you are, experiencing a security breach is a massive challenge for organizations of any size.
No matter what method you choose to share news - be it social media, your online newsroom, or elsewhere - these communications will be under an intense amount of scrutiny.
Based on my experience strategizing security communications for global tech companies, here are my tips for crafting expert communications during a security incident.
Bring in the Lawyers Your legal counsel is a precious resource during highly sensitive security incidents.
Data privacy is heavily regulated and deeply complex - your obligations around disclosure vary by geography, type of data exposed, and more.
Depending on the severity of the situation and the size of your company, you may want to seek additional counsel, such as specialized crisis management consultants who can coach your executive team through a communications strategy.
Get Ahead of It You don't want people finding out their data was compromised from a press outlet, social media, or other source.
Provide Quick, Frequent Updates As an incident unfolds, new information will be coming into light constantly.
Instead of trying to capture all the details of an incident in a single communication, share brief and clear updates on key points.
We have identified how the data was accessed and have taken action to re-secure the system.
We will be releasing a detailed report once our full and thorough investigation into this incident concludes.
The more information you include in an update, the more opportunity there is for statements to be taken out of context.
Don't Speculate While it can be tempting to speculate about unconfirmed details of the incident, especially when there's significant public pressure for information, avoid doing so.
We do not believe this data was accessed with malicious intent.
The security of our customers' data is our top priority, and we have taken this matter extremely seriously.
Conducting a full and thorough security audit via a neutral third-party auditor.
Don't Forget About Customer-Facing Teams If you have a customer support team, you can count on them receiving inquiries in the event of a publicized security breach.
Ashley Sawatsky is an expert in incident management and communication with a special focus on the SaaS world.
As a founding member of Shopify's incident response program for nearly seven years, she led incident communications and processes.
Currently, as Senior Incident Response Advocate at Rootly, she consults with tech giants like Canva, Cisco, Nvidia, and more on incident response strategies.
This Cyber News was published on www.darkreading.com. Publication date: Thu, 21 Dec 2023 01:00:26 +0000