In this increasingly digital world, security hacks are no longer just a threat, but a reality. As we've witnessed with Target's big identity hack 2013, Heartbleed in 2015, and now Cloudbleed, companies and their leaders need to prepare for the unthinkable.
As a business owner, there are many things that keep you up at night. Profit margins, employee retention, human resource protocols, whether your product or service will remain competitive. When you own or manage a technology company that operates largely online, however, those worries multiply. You’re no longer solely focused on internal success and growth but the protection of proprietary assets and the safeguarding of client information.
Part of being a successful business owner is planning for both best—and worst—case scenarios. It sounds counter-intuitive to success, but awareness of risks and pitfalls helps companies remain agile. What if the market crumbles? (Don’t remind me.) What if there’s a worker’s strike? (It could happen.) What if the company is hacked?
In the event of a doomsday situation, it’s important to be prepared with a comprehensive, company-wide plan of attack. When the unthinkable happens, you cannot simply close your eyes and wish it away. Truth is, when you’re caught off guard, you’re already behind the curve. Your reaction as a leader is paramount to setting the tone for future stability.
As more information moves to cloud-based operations, consumers and companies alike face greater threats to data security. Penetrating firewalls, accessing accounts, stealing credentials, all these risks exist and they’re on the rise everyday. Sure, you take precaution and install security frameworks built for maximum protection. But even the best of these can fail.
If a hacking nightmare happens to your company, don’t panic. You need to remain calm as you lead your company, ushering in support for those in the trenches working to secure the gap while providing a face of comfort and trust for those whose identities or credentials may be at risk. It’s not easy, but it’s part of the package when you stand at the helm. Employees and consumers will look to you for answers.
Here’s how to lead with strength in the event of a hack.
Stop the Presses
It’s important to act fast. Shut down daily operations as soon as possible. Focus should be placed immediately on securing accounts and information until the breach is repaired. This may mean a loss in profit and a decline in production, but swift action is needed to prevent any further damage. While your business may be affected for a few days and it may take time to recoup your losses, this short-term blow will right itself eventually. Fail to quickly and effectively mitigate the problem and you may suffer more extensive, long-term losses, including consumer defection and negative reviews.
Navigate Crisis Communications
Crisis communications exist for a reason. Whether you have an in-house team of public relations whizzes or employ an external team on standby, this is what they train for. They’ll receive alerts when your company is mentioned in the news, and may even be some of the first to know that your company has been hacked.
Time is of the essence when it comes to successfully navigating bad press and it’s a crucial part of leading your company through the storm. Information about the hack is out there, there’s nothing you can do about that. How you respond, however, will speak volumes to consumers. And at this point, consumer impressions and trust should be a top concern.
Conduct an emergency meeting with your communications team and craft a response to the event. Your team is focused on securing data and has yet to discover a root cause, therefore your message to the press and any released statements need to focus on your plan of action. Outline your team’s preparedness and reaction plan—without conveying too many details. If your company has been hacked, the hacker is still out there, probably watching the news coverage to see how you respond. Approach press releases and statements strategically. Present a united front and focus on comforting consumers worried about the affects of this breach.
Thankfully, crisis communications teams step in and help you prepare. If you’re at a loss for words, they’ll be able to craft something appropriate for you to say. They can advise you on what to wear in press conferences and they can help you get through the scrutiny.
Assess the Damage and Install Deeper Processes
As a business owner, you’ve employed the best of the best; technically savvy individuals fill your halls, built to handle unforeseen situations. Protocols are likely already in place in the event of a security emergency. Teams will utilize all capable employees to troubleshoot access points in order to secure your company from ongoing or repeated attacks.
Once the threat is stopped and damage is repaired, it’s time to gather team leaders and experts to debrief the situation. How did the hacker invade your security measures? Were there any internal gaps or non-vetted access points that could have been better handled? This is not a time to point fingers—it’s a time to get to the bottom of the attack. The only way to make sure a similar situation never happens is for all those involved in company security to fully understand the situation. With this insight, your team can proceed to rebuild frameworks and install new protocols from an informed point of view.
Enlist Outside Help
For small companies, or companies with large infrastructures, internal manpower may not be enough to batten down the hatches, so to speak. In these instances, seek reputable companies to help you repair damage and safeguard against future attacks. It’s also a great idea to enlist outside help after a hack for random, sporadic testing of security. These internal audits will keep your team alert and on their toes. Hopefully security processes will be treated with more attention and care. It is, after all, better to know what’s failing before it actually fails.
The most important thing to keep in mind as you lead your company through a hack or compromised data situation is to remain calm and focused. This will help you become the kind of leader that coaches your company through the weeds and you'll come out on the other side wiser, experienced, and more capable than ever before.
If you found this article to be helpful, endorse it or share it with your followers. Please post any questions or comments below.
For a step-by-step guide on what your tech team should do when your company gets hacked, check out this great article by Phil Phillips.