Security incidents can quite seriously damage a business’s reputation and potentially create panic among key stakeholders. That’s why it’s so important to respond calmly and quickly when something goes wrong. The right approach to communication can keep fears at bay and help demonstrate control of the situation. Everything from the tone of a message to how it is deployed matters in a difficult moment.
In the article that follows, we will explore four incident response messages that organizations need to master. An effective messaging template enables businesses to stay on top of a security breach while offering clear communication to customers and employees. Keep reading to learn how to frame responses the right way.
1. An Early Acknowledgement Message
An organization’s first step is to acknowledge that there is an incident and show awareness of its significance. You don’t have to disclose an exact timeline or long list of details. But it is critical to take responsibility and indicate that you are developing an action plan.
The message should use simple, clear language to indicate what occurred. Identify when the incident is believed to have occurred and outline what the potential impacts most likely are. Explain what the initial steps toward resolving the issue mostly involve, and also provide a very realistic timeline for any future updates. Keep the tone pretty much neutral throughout in order to avoid making assumptions or sharing any claims that can’t yet be properly verified. It’s important not to place blame on anyone involved or overstate the overall scope and impact of the situation.
Whether you’re dealing with a cybersecurity breach or another type of threat, you need to remain calm in order to keep employees properly informed about the latest developments. Most organizations tend to use emails, website notices, and internal memos to share timely updates and relevant information.
2. Progress Updates
Don’t stop at one message when you’re dealing with a security incident. Commit to sending routine updates as you continue navigating the situation. Customers, employees, and other stakeholders will quite likely feel more confident knowing the issue is being addressed in a structured and effective way.
You can mostly keep these updates brief and straightforward. Share any important changes since the last communication, and update users on anything they may need to manage within their personal accounts. Reassure users whenever possible, but don’t try to mask uncertainties or present assumptions as confirmed facts. Save more specific details or concerns for internal leadership meetings. Outwardly, maintain consistent messaging from one platform to the next, and keep your language simple. You don’t want to add to confusion and stress by relying on technical jargon.
Know that communication skills can be honed over time. And good messaging abilities are essential for anyone working within an organization where data is central to the work. The skills gleaned from an online executive communication program can help you choose the right words in high-stress security situations. You’ll be able to keep your team, customers, and users informed and assured.
3. Confirmation of Resolution
Once you’ve resolved the issue, plan on sending another follow-up message. Clearly state what fixes were involved in order to secure the resolution. Additionally, you should actually indicate any steps that have been taken in order to potentially prevent similar problems in the future. Your users may need to reset their passwords or even pay comparatively closer attention to their accounts for a certain period of time. Be sure to communicate these requirements very clearly, along with proper contact information they can use if they require support or have questions.
Take accountability for what happened and also apologize for the inconvenience caused. Make sure you have records of all steps you’ve taken. You likely will need to work with insurance or other regulatory officials, so documentation is essential. Use the communication channels you’ve turned to for previous communications to close the loop on the security issue.
4. A Final Report
Even after the issue’s been resolved, you’ll need to be careful about following up with customers and stakeholders. After all, you don’t want to lose their business or trust. Use your last message to share what will change going forward. Outline what led to the incident and what you’ve learned from the experience. Your tone should be professional, careful, and honest. You don’t want to ignore the severity of the security issue or damage resulting from it. But you do want to look toward the future
It is wise to present a draft of your last communication with your legal or PR team. They can assess it for clarity and help you avoid confusing language. They can alert you to language that might be too revealing, as well. Ultimately, your goal is to help users see you as a capable, confident organization that can intervene swiftly and learn from security breaches.
The Value of Good Communication
Strong messaging is vital to your recovery as an organization when you’re working through a security incident. You’ll need to be clear and committed to providing ongoing updates. Don’t say too much, but reassure users that you’re working to prevent future problems. When you’re measured and consistent, you’ll be able to create trust during a difficult time.
