How to Protect Your Brand’s Reputation After a Cyber Attack


It’s no surprise that cyber attacks can be hugely damaging for a business in various different ways, one particularly (and potentially fatal) strike being to a brand’s reputation.

With much of the way people interact with businesses now being online, strong cybersecurity has become an integral component in fostering trust amongst consumers. But what happens when that trust is broken?

With cyber-attacks on the rise amidst the global pandemic and this new era of hybrid working, how can businesses prepare for the worst and and preserve their brand’s reputation?

TechRound has gathered advice from a number of experienced PR professionals on how to do exactly that, and the importance of having a plan in place before an attack occurs…

 

Our PR Experts:

  • Pearl M. Kasirye – Head of Public Relations at Pearl Lemon Official
  • Rana Audah – PR, Content and Digital Marketing Consultant
  • Xanthe Vaughan Williams – Co-Founder of PR Agency Fourth Day
  • Mary Glazkova – Founder and CEO of This is Fine PR
  • David Clare – Head of PR at Fox Agency
  • Gareth Thomas – Managing Director, UK, of PAN Communications
  • Georgia Christley – Account Manager at Carnsight Communications
  • Simon Moss – Director of Element Communications
  • Alice Jiga – Account Manager at Moonlight IQ
  • Andrew Skinner-Shah – Co-Founder of Nara Communications
  • Nicola Finn – Head of PR at Oggadoon
  • Yvonne Eskenzi – Director of Ouvert Comms
  • Nick Braund – Founder of Words + Pixels
  • Jennifer Reid – Director at CommsCo
  • Jules Herd – Managing Director of Five in a Boat
  • Sarah Alonze – Head of Enterprise IT at Red Lorry Yellow Lorry
  • Martyn Gettings – Head of PR at Tank
  • Claire Simpson – Senior Communications Consultant at Hard Numbers
  • Francesca Baker – Communications Specialist, Copywriter, Marketer and PR
  • Carla Williams Johnson – Media Marketing Specialist at Carli Communications

 

For any questions, comments or features, please contact us directly.

techround

 

Pearl M. Kasirye, Head of Public Relations at Pearl Lemon Official

 

Pearl-Kasirye-Head-of-PR

 

“Reputation management is an essential element of public relations for all companies. This is especially true for tech agencies that hold sensitive data. If there is a cyber attack that compromises the privacy of your clients, it’s important to remedy the situation asap.”

1. Fix the cyber security issue, be transparent about what caused it and what is being done to ensure it never happens again.”

2. Have a customer service rep individually contact clients to fully understand their frustrations and the scope of their frustrations. (This is important because it shows that the brand isn’t just trying to protect its image but actually cares about the customers’ experiences).”

3. Write public statements to reassure people about the steps being taken to avoid future cyber attacks.”

“Notice that it’s not just about releasing statements, brand reputation is about what happens internally. When the clients are happy – then you don’t have to worry about your reputation going under.”

 

Rana Audah, PR, Content and Digital Marketing Consultant

 

Rana-Audah-PR-Consultant

 

“Cyber attacks and data breaches as a result of human error are increasingly commonplace. The current climate is arguably a perfect recipe for more frequent incidents. Following a breach, a speedy response from brands is key to regaining the public’s confidence. Accountability and transparency are critical at this stage.”

“Brands should explain openly what has happened and why, how much information has been leaked, and what the brand is proactively doing in terms of damage limitation for those affected.”

“Communicating directly with those impacted, and more widely through the media, and owned channels, demonstrates that the brand recognises that it has made a mistake – either in terms of inadequate cybersecurity or poor internal data protection processes – however, it cares and is taking swift steps to prevent a recurrence.”

“Openly communicating soon after an incident, and with an appropriate level of regularity thereafter, will help to limit reputational damage and should be considered an opportunity to deepen the relationship between the brand and its audience.”

 

For any questions, comments or features, please contact us directly.

techround

 

Xanthe Vaughan Williams, Co-Founder of PR Agency Fourth Day

 

Xanthe-Vaughan-Williams-PR-specialist

 

Don’t pretend it hasn’t happened

“You are probably panicking and confused, but it is important to put out a statement explaining that you are taking it seriously and finding out what has been breached so that you can fix the problem. Don’t speculate either!”

Once you do know what the problem is, say what you are doing to fix it

“At this point you can apologise if you need to and decide what remedial action needs to be taken. It’s really important to be clear about how you’re fixing it as the big questions being asked will be “how did this happen?” and “how do I know it won’t happen again?”

If you can, try and take control of the story

“If you’ve suffered a particular kind of attack, try and lead a campaign to protect other organisations – as well as your own – from it in future. If it’s completely your own fault, tell everyone how your company culture/security systems will change.”

And finally, throughout the crisis, don’t forget to keep your own teams in the loop

“It’s too easy to think only of your external audiences at a time like this. Your own people will need support and reassurance more than most – particularly if they are also being bombarded with queries.”

 

Mary Glazkova, Founder and CEO of This is Fine PR

 

Mary-Glazkova

 

“If a company collects and stores data, a data breach is always a distinct possibility. In other words, there is no “what if the crisis comes”, there is “when the crisis comes”. So you have to be prepared. The first step in expeditiously handling any threat or incident is to have an anti-crisis PR plan in place. It must include statements about:”

  • “what has happen;
  • what you’ve done to handle it;
  • what you’ve done or will do shortly to better protect and prevent situations like this.”

“The statements should correspond to your business activities and the truth. Do not over-declare. You reputation is already at stake.”

“The information should be communicated to all the parties inside – BOD, employees, and outside the company – customers, partners, investors, etc.”

 

For any questions, comments or features, please contact us directly.

techround

 

David Clare, Head of PR at Fox Agency

 

David-Clare-Head-of-PR

 

“Be open and honest. Tell your customers what happened, how you are fixing it (or have fixed it), and what processes you are putting in place to prevent future attacks.”

“I’d suggest you focus on communicating to customers first and foremost, but have your team reach out to a high profile media outlet in tandem. Give them an interview as soon as possible, informing your customers and providing a consistent explanation that remains open and transparent. You can be sure that a high profile exclusive interview with the right media will be reported on by other outlets, allowing you time to focus on what matters most – the security fix and your customers.”

 

Gareth Thomas, Managing Director, UK, of PAN Communications

 

Gareth-Thomas-PAN-Communications

 

“Firms are better prepared for attacks, but often overlook the recovery phase.”

“Not long ago, a cyberattack typically triggered a state of panic and confusion, followed by a scramble to pay hush money to the perpetrators, and then a (usually botched) attempt to bury the issue (‘Move along, there’s nothing to see here…’).”

“Thankfully, a combination of new regulatory requirements and better comms advice means most organisations now understand the need for transparency, honesty, and accuracy.”

“They have an issues response plan ready to activate, including a crisis classification system, stakeholder maps, decision trees, holding statements, and a defined Issues Response Group which allows the right experts to be assembled quickly.”

“Most know that taking ownership and apologising early is essential (yes, we know you didn’t do this on purpose, but who else takes responsibility, if not you?!).”

“This is progress. Many studies have shown people – especially younger demographics – are less likely to trust brands following a cyberattack, and this can directly impact sales. This trust usually recovers eventually, but how the incident is handled determines whether this takes weeks, months or even years.”

“But an area still mostly overlooked is how to talk about the attack once the immediate issue has been ‘resolved’.”

“This is perhaps understandable: after the shame/embarrassment/stress/long hours of a hack, you can see why it’s tempting to never want to speak of it again.”

“I’ve often seen companies make clumsy attempts to simply divert people’s attention by rushing through a new, big and shiny announcement.”

“This is counterproductive. To rebuild trust, it’s critical that you return to the issue proactively and show how you’ve learned and improved.”

“That ‘urgent review of your security operations’ you promised the day of the attack: did it actually happen? The ‘steps you are putting in place to ensure your customers don’t suffer in future’ – what are they and are they working?”

“Managing the heat of the moment is important. Being brave enough to reopen the old wound and explain how you’ve actually improved will go a long way to rebuilding trust and loyalty in your brand more quickly.”

 

For any questions, comments or features, please contact us directly.

techround

 

Georgia Christley, Account Manager at Carnsight Communications

 

Georgia-Christley-Carnsight-Communications

 

“We can all try our hardest to aim to prevent a cyber-attack by following best practices in our business strategies, but we can’t always avoid these attacks, bad things can happen to even the most prepared businesses. But they aren’t necessarily the end of a business. In many cases, a data breach can be an inflection point, with companies learning from the experience and coming back even stronger.”

“To help manage and mitigate these risks, it is critical to formulate a plan and be prepared.”

1. Assess the risks and understand the risks to your brand and reputation from a cyber-attack.”

2. Put together a ‘data breach response plan’ for handling a cyber-attack, when writing this keep in mind any questions that you may be asked by your customers and make sure to include a breach response team. Be transparent and timely – It is important to ensure rapid communication and response to breaches – A good rule of thumb is having a 24-48 hour response plan – especially if personal data was breached.”

3. When building your ‘data breach response plan’ keep in mind the following…”

“If a cyber-attack does occur:

  • What steps will the company take?
  • Who will be available to handle the additional workload and provide the knowledge to get the situation resolved?
  • Who will you need to notify alongside authorities, media and customers?
  • What action is the business taking to help the affected people and how can you ensure information is sent to customers safely to reassure them all will be handled?”

4. Ensure to keep a note of which specific data was breached and what steps can be taken to ensure this doesn’t happen again.”

 

Simon Moss, Director of Element Communications

 

Simon-Moss-Element-Communications-Director

 

“The impact of a cyberattack cannot simply be measured in pounds or dollars, but in the reputational damage it inflicts upon an organisation.”

“We are proud to represent a number of cyber security firms and are well aware of the need to not only build the right defences but react in the right way too. The same is true of public relations.”

“Unfortunately, it’s now no longer a case of ‘if’ your company will be attacked, but ‘when.’ This inevitably leads to a tarnished brand image and a loss of trust in the brand, unless it’s properly handled.”

“Speed, transparency and honesty are your top three priorities when an attack happens. Immediately announce the attack to control the narrative (rather than letting the media run wild). Take full responsibility, be apologetic and sincere, and reassure stakeholders that you’re dealing with the problem.”

“Publicly disclose the strategy you have of dealing with the cyberattack and respond to all queries quickly and effectively.”

“If the attack has compromised consumer data or networks, offer help or compensation. You may be reluctant to spend money when the cyberattack itself may well cost a lot, but instead look at it as an essential cost; you will lose a lot more in the long term if the public decides you’re an unfair, untrustworthy company.”

“By putting an actionable plan in place and staying in control, your company can avoid a PR disaster, and potentially even profit from it. In a world where cyberattacks are inevitable, effectively handling them when they occur may cause your customers to trust you more than ever.”

 

For any questions, comments or features, please contact us directly.

techround

 

Alice Jiga, Account Manager at Moonlight IQ

 

Alice-Jiga-Moonlight-IQ

 

“Cyberattacks are one of the biggest threats businesses and individuals face. It’s estimated that cybercrime currently costs the global economy over $1 trillion; Ransomware attacks have increased dramatically. In an ideal world, every company already has a cyber risk and reputational management strategy in place that is evaluated continuously and adjusted to both internal and external developments, technological or otherwise. From a PR or brand value perspective the effects can be at least as costly as the initial attack, the cost of technical recovery and ongoing defences. The market and your customers in particular can be very fickle, and any loss of brand value hits the bottom-line hard.”

“Once a cyberattack happens, the company’s first step should be to address the issue, protect and recover the situation. A detailed investigation is obvious, but you need to retain the confidence of current and potential customers and your staff. If your clients have been affected in any way – even if they just think they might be affected – you must communicate with them, honestly and openly, reassuring them, if possible. While cyberattacks happen, trying to hide and hope the news goes away could do more damage to your reputation than the attack itself.”

“The second stage is to re-evaluate your company’s security and data practices. Be open about the transformation you are undergoing and your plans for future prevention and discuss these with stakeholders. The key is to be transparent in what you’re doing to mitigate this risk in the future.”

“This approach to managing your reputation is honest, transparent and has as final goal turning a critical incident into a success story. Learning from your mistakes and becoming a leader in managing cyber risk is a story most people would like to hear and learn from.”

 

 

Andrew Skinner-Shah, Co-Founder of Nara Communications

 

Andrew-Skinner-Shah-Nara-Communications

 

“To start with, any founder, regardless of how small their company is, should be aware that they could be the victim of a cyber attack. Ignorance isn’t bliss, it’s at best a future headache, at worst a potential death warrant for your company.”

“The reason this mindset is important is that if an attack does occur, you have a small window, during which it can feel like the world is burning, to make tricky decisions and act. By preparing in advance – for example deciding on the necessary, standard communications steps – you’ll not only save time if an attack does occur, you’ll also reduce the number of big decisions required in the stressful heat of the moment.”

“The most crucial communications principle is transparency. Don’t try and cover things up or mask details because, beyond the fact it’ll breach GDPR or state laws, the truth will eventually get out. Any subterfuge could end up being an even more damning press story. Your customers will appreciate and respect your honesty.”

“Take the time to understand what’s happened by consulting with your IT team or external specialists, because you won’t be able to explain accurately if you’re guessing. Then, communicate clearly internally (employees, PR agencies etc.) and externally (clients, customers etc.). For the latter, draft a very carefully written statement – lawyers are useful here, and also ask for input from your IT specialists. This should accept responsibility and explain, in layman’s terms, what’s happened, and what you have done/are doing. Send this to your customers, and issue on social channels.”

“Journalists may or may not start to reach out to you for further comment. If they do, point them in the direction of your statement, and if they have additional questions, answer these offline, again with inputs from lawyers and IT specialists, rather than on a Zoom or phone call. This isn’t stonewalling, rather a safer way to convey potentially very technical information accurately.”

 

For any questions, comments or features, please contact us directly.

techround

 

Nicola Finn, Head of PR at Oggadoon

 

Nicola-Finn-Head-of-PR-Oggadoon

 

Have a sense of urgency, but don’t panic!

“There has been an attack; don’t panic, think about the key crisis communication steps. As Sudhakar Ramakrishna, CEO SolarWinds stated from his experience of leading an organisation through a crisis, “It is one of those hair on fire situations where you don’t act like that, you don’t run down helter-skelter, you just kind of go step by step.”

Prioritise Your Stakeholders

“As news of your breach details hit the news platforms, expected or a surprise, your instant PR tactical reaction might be to drown out the bad press by trying to reset the misplaced perceptions, highlighting you’re the victim, trying to shift those negative brand mentions and coverage. However, customers, partners, employees and your supply chain are the priority. Your resources must be geared to your customers.”

Transparent Communications

“Transparency is the foundation of trust, as it creates empathy from employees, clients and partners. Ensure that you have a good understanding of the situation and share the facts as you know them – who, what, why, when and where. Create a continuous two-way conversation as you learn the details and the plan to resolve the situation. You can deal with the early breech press later in your wrap-up.”

Responsibility, Communication & Opportunity

“As any business can be the victim of a cyber attack, you will need to develop a PR strategy before your vulnerabilities become your downfall. There are three key actions in crisis management. Firstly, accept your responsibility and work to address the problem. Secondly, communicate with urgency and effectively with stakeholders, establishing a two-way dialogue. Finally, share what you learned during the different stages of the breach scenario. You can not only become a better individual and organisation but also share this with the cyber community, creating a collaborative community vigil to combat the threat actors. This is where you revisit the negative press at the start of the process.”

“Yes, your share price may well take a dip immediately after the breach, but by keeping a cool head to understand the situation, including how to address the problem and communicate about it, then you will strengthen both your reputation and your brand. To discuss cyber security crisis management or general marketing and promotion please get in touch with OggaDoon.”

 

Yvonne Eskenzi, Director of Ouvert Comms

 

yvonne-eskenzi

 

“Today, cyber-attacks are the biggest threat businesses face and they are no longer just a technical nuisance. They affect jobs, impact share price, damage reputation and customer trust and can even affect the very survival of a business.”

“But, planning crisis communications before a data breach or cyber-attack actually happens can help restore a business much quicker, with minimal reputational and brand damage.”

“Left unmanaged, a cyber crisis can swiftly destroy an organisation’s brand and reputation with little chance of recovery. A hastily released statement that fails to provide stakeholders with the information they need, or comes across as self-serving and insincere, can destroy years of work already spent to build the trust of customers.”

“Having a prepared and well-practised incident response plan in place, so an organisation and its employees know how to respond to attacks, is essential. Preparing a communication response plan for the event of a cybersecurity incident is no longer an excess of zeal, but a necessity for any company that wishes to minimise the damage of such an occurrence.”

 

For any questions, comments or features, please contact us directly.

techround

 

Nick Braund, Founder of Words + Pixels

 

Nick-Braund

 

“The first step in protecting a brand and reputation after a cyberattack is to prepare. If your data is breached or your servers are hacked and you don’t have a reactive media plan, it’s too late.”

“Research has identified that a cyberattack occurs almost twice a minute, every minute. If your business utilises tech or data in any way, a robust plan based on your owned data and the implications of exposure is essential.”

“Vitally, communication needs to be clear, concise and quick. Information travels thousands of miles in a split second online. Waiting until you’ve fully assessed a situation will leave your stakeholders with countless difficult questions about your business’ security.”

“Pre-drafted statements from a single voice, typically the CEO or tech/security lead should be crafted in collaboration with the comms lead, key internal stakeholders and your legal counsel. As we’ve seen from hacks such as Ashley Maddison, the information which can be disseminated against your will may have a hugely significant impact on individuals, companies or society at large; whether financial, emotional or otherwise.”

“Taking ownership of the narrative, instead of others filling your void is a must. Any spokesperson must strike a key balance of compassionate, firm and accountable. Depending on the situation, a response needs to be swift outlining how the business is in control of the current situation and share needed information for affected parties.”

 

Jennifer Reid, Director at CommsCo

 

Jennifer-Reid-CommsCo-Director

 

“For a long time, the stigma associated with cyber attacks put many organisations off reporting them, but with the rules introduced surrounding GDPR regulation, organisations are now under obligation to make breaches public. In a way, it’s done the world a favour in removing the stigma – attacks are no longer a matter of ‘if’ but ‘when.’”

“Preparation is paramount: organisations must ensure they have in place good network recording devices in order to get their hands on the definitive evidence they need to understand what happened. After that, it’s a classic case of disaster recovery PR: admit the breach or attack, report it under GDPR regulations, and then explain, with 100% transparency to all key stakeholders what was compromised and what will happen to solve the compromise and ensure adequate procedures are in place to prevent it from happening again.”

“It’s also essential to ensure you’ve got the right PR engine in place to deliver the news in the most meaningful and least detrimental way possible, and according to regulation: the moment businesses realise they’ve succumbed to a cyber attack is not the time you want to be going out to agencies to ask them to pitch.”

 

For any questions, comments or features, please contact us directly.

techround

 

Jules Herd, Managing Director of Five in a Boat

 

Jules-Herd-MD

 

“Avoiding a cyber-attack is impossible, at some point it will happen to every organisation. The key is in preparing for it, ensuring that you have a robust crisis management plan in place before the attack happens which you can then execute once it happens.”

“Trying to manage a cyber attack without a plan in place is like shutting stable the door after the horse has bolted. Unfortunately, many companies are not prepared which is when the sh*t really hits the fan. In this instance these are the measures that companies need to take:”

1. Don’t panic either internally or externally – the last thing you want is an employee or a customer recognising your panic as it will inevitably have a knock on effect.”

2. Get all teams internally on the same page as quickly as possible in regarding agreeing the right approach in addressing the issue.”

3. Follow the correct protocols in terms of who needs to be informed. Depending on the type of organisation, this could range from governments to individuals to partners.”

4. Be as transparent as possible and don’t leave it days before any communication takes place.”

5. Provide solutions – this could be as simple as ensuring that customers change their passwords and sharing information regarding future preventative measures in case it happens again.”

“Finally, hire a good PR agency which can help you build out that all important crisis comms plan. Trust me, regardless of the size of the company, it will be money worth spending.”

 

Sarah Alonze, Head of Enterprise IT at Red Lorry Yellow Lorry

 

Sarah-Alonze-Red-Lorry-Yellow-Lorry

 

“There are three cardinal rules brands should remember when responding to a cyber-attack. These rules will be your saving grace when the pitchforks are out, and stakeholders are demanding explanations.”

Cardinal rule #1: Know and understand what happened before you communicate with anyone. It sounds basic, but any brands are guilty of rushing responses following a breach or leak, because speed is seen as paramount. Knee-jerk reactions and a lack of information on the incident will only make things worse. Balance haste with diligence – gather as much information as possible and then respond.”

Cardinal rule #2: Beware the pecking order. Certain stakeholders should be notified before others. Inform the relevant authorities initially, and work with them to stem the impact of the breach/leak. Next, notify key internal stakeholders and any affected parties, preferably with one-to-one communication where possible. External, public-facing statements come after. This is critical to containing the issue in the most appropriate and sensitive way. And remember to always speak factually and sincerely – don’t patronise or use smoke and mirrors to deflect from the issue at hand.”

Cardinal rule #3: Don’t repeat the same mistakes. You need to have an action plan of how to mitigate and prevent a similar incident from happening again, so that internal and external stakeholders know you’re taking the incident – and their relationship with you – seriously. This is why cardinal rule #1 is so important – without knowing what happened, you won’t know how to prevent a similar attack.”

“Unfortunately, cyber-attacks aren’t usually just a flash in a pan – there are often unanticipated or unforeseen, long-term ripple effects. So, even if you’ve abided by those three cardinal rules, ongoing vigilance and communication are critical. Provide regular updates to relevant parties as more information is unearthed – whether through a live blog, email communications or otherwise.”

 

For any questions, comments or features, please contact us directly.

techround

 

Martyn Gettings, Head of PR at Tank

 

Martyn-Gettings-Head-of-PR

 

“Cyber attacks are becoming increasingly challenging for businesses and pose a significant risk of reputational damage if customer data is stolen or your product or service is forced offline.”

“When dealing with a crisis, it’s important to have plans in place to deal with all eventualities. It is always easier to respond if you have a clear crisis comms strategy, with all active participants and stakeholders briefed so the team can quickly spring into action. After an incident has taken place, it is vital that the organisation communicates clearly as quickly as possible.”

“The company should follow all GDPR compliance and communicate with the ICO, notifiable incidents must be disclosed within 72 hours. When communicating publicly, take responsibility for finding out what has happened and then fixing the issue – as well as apologising to customers for any inconvenience. However, don’t acknowledge culpability until a complete investigation is carried out. Communicate directly with customers that have fallen victim quickly and advise them what they should do to protect themselves.”

“Be clear once you’ve identified the problem, how you will fix it and how you will make sure it won’t happen again in the future. Make it clear what measures were in place to defend against cyber attacks and how the measures were overcome.”

“Rebuilding trust after an incident will take time, and any recurrence of a cyber attack could be critical for brand reputation. Although the desire to reassure customers is natural, rushing to announce that the situation is resolved prematurely could do far more damage. Communicating clearly and as transparently as possible, while working closely with the legal department to ensure messaging is correct, will help to build trust at an unnerving time for your customers.”

 

Claire Simpson, Senior Communications Consultant at Hard Numbers

 

Claire-Simpson-Senior-Communications-Consultant

 

“As in any crisis, transparency in key. If you fall victim to a cyber attack, make sure your customers hear about it from you first, through a direct communication channel such as email. The last thing you want is for them to find out via a third-party or word of mouth. This is not only important to retaining the trust of those affected but also reassuring your wider customer base that their data is safe.”

“In a digital world, we know that our information is never 100% secure, but poor communication around a leak can quickly exacerbate customer concerns and frustrations. So, it’s vital that a public response is forthcoming as soon as possible. On the most basic level, this should follow the CARE model of crisis response, expressing Concern for those affected by the attack, clarifying what Action is being taken to address the causes of the breach and, finally, seeking to Reassure stakeholders by demonstrating that such an attack is rare or won’t happen again.”

“If your business processes large volumes of data, it’s critical that you map out worst case scenarios relating to cybersecurity and how you would respond as part of your crisis planning – regularly stress testing these protocols to ensure their efficacy. Key to this is the creation of a crisis response team to lead the implementation of these protocols in the event of a cyber attack. This group should be well versed in fraud tactics and made up of relevant stakeholders from leadership, communications and legal teams to ensure a unified approach. However, not all attacks are created equal. While it’s important to agree roles and responsibilities in advance, be willing to adjust your approach if something isn’t working and adapt to the evolving situation in real time.”

 

For any questions, comments or features, please contact us directly.

techround

 

Francesca Baker, Communications Specialist, Copywriter, Marketer and PR

 

Francesca-Baker

 

“Cyber attacks are something the public are increasingly aware of. When they trust you with their information and data, they want to know that you can protect it. If a breach happens, it’s best to be open and honest about it. Cover ups cause long term reputational damage, whereas a clear and quick response makes everyone feel more comfortable.”

“I’d also recommend getting people on the phones or in the customer services branch with a brief and corporate lines. One of the the areas that businesses fail on is not having enough people to answer consumer questions, which is frustrating and leaves people more unsettled. Like everything with PR and corporate affairs, communication is key.”

 

Carla Williams Johnson, Media Marketing Specialist at Carli Communications

 

Carla-Williams-Johnson-PR

 

“Reputation management is the name of the game when it comes to business. Being a victim of a cyber attack myself, I have a unique understanding of the devastation that it can wreak upon a business, though I may not be ‘tech savvy’ I do understand how to handle a crisis. Here is my four step framework or what I call the ‘ABCDs of Crisis Response’”

A – Act immediately

“Once you’ve been made aware, move swiftly so as not to incur any further damage to your brand. Communicate facts to those affected and apologise where necessary. Contact the necessary parties to help you manage the crisis such as your tech team or even customer service.”

B – Be visible

“Pay special attention to how the brand is seen in public. Use the media to convey your decisions, thoughts and emotions and how you intend to remain in service to your customers.”

“Use the media to feature your brand in a positive light.”

C – Change strategy

“As in, create a new plan. Your business has taken a major blow and you need to now factor this in.”

  • “What can you do to recover or rebuild trust?
  • What is the lesson learned from this crisis?
  • What can it be implemented now to help you overcome this?
  • What action is the business taking to help affected people?”

“Create a timeline and include any associated costs (people, processes or systems) to ensure things get done.”

D – Don’t give up

“I’m throwing this in to say that sometimes things happen you believe that all is lost and that may not necessarily be the case. You can recover from it once it’s handled well so do damage control and get yourself back out there.”

 

For any questions, comments or features, please contact us directly.

techround

 

 





Source link