Cyber security is important for all businesses in these digital days – and most businesses will be on top of what they need to do.
Hacks can cause financial loss, lose you time, drop your productivity and affect your bottom line.
But they can also affect your reputation too which, as you will know, has taken a while to achieve but a cyber crisis could take it down overnight.
Unfortunately, it’s human error that’s most likely to cause you to fall victim to an attack. Email scams in particular are becoming more and more sophisticated.
Rather than posing as a contact in a far-flung country, willing to share their £65million inheritance with you if you could just help them out with the £5,000 transaction fee, scammers now use much more mundane, and therefore inconspicuous methods – it’s meant to trick you.
In fact, we at Izzy PR were recently targeted ourselves. An email which appeared to be from another member of the team requesting an online purchase was surprisingly convincing, using believable language and formatting. Fortunately, we spotted the sender’s email address was incorrect and the issue was swiftly dealt with by our IT team.
But it reminded us to continue to be alert at all times.
So how exactly could an attack affect your reputation?
Loss of trust
The biggest fallout is a loss of trust. If the contacts held on your system were compromised as the result of an attack, there is no hiding it – you would be duty-bound to inform your customers that their information could be at risk. Understandably, many could take their business elsewhere.
Even if an attack does not directly affect a customer database, such as a social media account hack, it still sends a message to the public that your systems are not secure enough.
It reflects on your company as not being up to scratch – and people may start to undervalue your products and services as a result.
It could affect your ability to pitch for new business. Within the public sector, organisations have strict rules and regulations about the suppliers and contractors they work with. A data breach or attack is something you would have to declare and unfortunately, would almost certainly result in your company being blacklisted.
No matter the size of your business, an attack can seriously affect your infrastructure. The worst case scenario is that all of your systems are affected and inaccessible, and data is lost. At the very least, you will need to reset passwords and accounts and put new secure measures in place, all of which takes time, particularly if you need to purchase and set up new software.
Meanwhile, you may have customers that you are holding up – and they may go elsewhere.
If you ever were to fall victim, the important thing is not to panic. The way you handle the aftermath of an attack can go a long way towards preserving your reputation and minimising the long-term effects.
Here are four must-dos:
- Tell any affected parties asap
It can be tempting to keep the incident a secret, to give you time to put it right. This is never advisable.
The sooner those affected know what has happened, the sooner they can take their own additional steps to protect their information. Leaving them in the dark for longer than necessary will only cause anger and potentially allow for further damage.
- Go above and beyond to help your customers
If possible, offer help directly to customers. Provide them with contact details and make your team available to them, offering extra services such as extended business hours or a dedicated webpage/phone number if necessary. If they can’t get hold of you when they need to, it’ll make things worse.
- Issue an honest public apology
Even if you don’t have all the details to hand, issue a response as soon as you can. Be transparent, explain what has happened and what you are doing to rectify it. Apologise for the distress and inconvenience caused, demonstrating genuine remorse for the situation. Use simple language and avoid jargon. Commit to providing further updates as soon as they are available. On a small scale, this could be sending out an email, letter, or making personal phone calls, At the larger end of the scale, it could be doing media interviews.
- Urgently review any scheduled marketing or PR activity
A full page ad in the vein of “You can trust us to look after your family’s assets!” is not a good look in the days following an attack. Either pull any immediate upcoming ads or replace them with your official response.
Similarly, check all social media accounts and remove or amend planned posts that would now be deemed inappropriate.
If you find yourself in this scenario or would just like some advice on how to be prepared in advance, should an incident ever take place, get in touch at firstname.lastname@example.org