Web Analytics

FireOak Strategies Blog

Insights and articles related to knowledge management, information security, technology, data and analytics, business process automation, platform management, and other related topics, from our experienced team of consultants.

How to Mitigate a PR Nightmare if You Experience a Data Breach

Data breaches can happen to any organization. Incorporate these components into your Information Security Incident Response Plan to be prepared for a potential data breach.
Picture of Abby Clobridge

Abby Clobridge

Abby Clobridge is the founder of FireOak Strategies. She works with clients around the world to enhance how organizations manage, secure, and share their knowledge. You can reach Abby at [email protected].

Even with the strongest technical controls and solid governance plans in place, data breaches happen. At FireOak, we work with clients on strategic crisis communications planning to help mitigate a PR nightmare and potentially devastating hit to your reputation in case the unthinkable does happen.  

Every organization, no matter the size or sector, must have a Information Security Incident Response Plan in place well in advance of an incident occurring. This plan should be refreshed frequently and everyone in leadership and on your communications team must be well-versed in its contents.

The critical components of this plan must include:

  • A clear timeline. Remember that in today’s news cycle, a rapid response is crucial. However, you must not wing it. What you say and do, or don’t say and do, in the first few hours of the news breaking will dictate how the story unfolds in the long term.
  • Modifications for a number of different situations. While you can’t predict every scenario, you can make some educated guesses and have mapped out plans for every situation.
  • Clearly defined Information Security Incident Response Team. A small group of your most trusted and senior people from the executive office and communications team will be assigned and responsible for every action item on the Information Security Incident Response Plan.
  • An internal communications plan. No employee wants to feel like they are in the dark. This is especially true for something as important and scary as a data breach. Additionally, they need to know what to do if a journalist, friend, or family member asks them about the news. Your employees are your best allies. Give them the tools to help you.

In addition, it’s important that your organization practices what to do. There is a reason that we don’t stop participating in fire/emergency drills after leaving school. When a crisis happens, our brains react completely different than they do under normal circumstances. Run through your crisis communications plan frequently so it becomes completely familiar to you.

Hopefully you will never need to use this Information Security Incident Response Plan, but being prepared for a worst-case scenario will ensure that you can immediately respond to anything.  

Share the Post: