Cyber attacks come in many forms and can seriously impact the operations and infrastructure of your business. Whilst it's important to have business continuity plans in place and team members allocated to deal with such attacks, it's also paramount to consider what to tell employees and how as a cyber attack emerges.
What is a Cyber Attack?
'A cyberattack is any type of offensive maneuver that targets computer information systems, infrastructures, computer networks, or personal computer devices. A cyberattack employed by nation-states, individuals, groups, society or organizations. A cyberattack may originate from an anonymous source. A cyberattack may steal, alters, or destroy a specified target by hacking into a susceptible system.'
Sometimes your IT response team will be aware of viruses that are circulating and have time to prepare for when a cyber attack reaches your systems. Other times, cyber attacks will come out of nowhere and can suddenly stop all of your online functions in their tracks. Cyber attacks are malicious and designed to harm or stop your normal business functions. Often leading to ransom demands, or breaches of sensitive information and security that can leave employees and customers worried about their personal data and how it is stored and used by your business.
Before we consider what to tell your employees when a cyber attack impacts your business, let's consider what your employees should already know about cyber security in the first place.
The following information may be drafted into an email and sent out to all employees so that they are pre-educated around cyber security before your business finds itself in the midst of a security breach.
- Awareness, Staff, and Management
Every so often, you should hold security meetings for your employees that emphasise the importance of network security and teach them how to keep all their data secure within the workplace. If all employees are trained on best practice online security, your network has added protection against cyber threats and attacks.
Make sure that your IT response team has high level security around critical data and customer information. These are the members of staff that are most likely to fall victim to a cyber attack, given their prestigious status within the company profile.
- Weak Links and Staying Alert
Send out regular emails to all employees stressing the importance of cyber security. Remind them to pick out strong passwords and change them regularly, remind them to allow software updates for antivirus software and to act with caution around suspicious emails and phone calls.
Ensure that all employees are alert and on their guard around sensitive information. Control all access to customer data and sensitive company information by restricting access to management and the IT response team to enhance security and keep the risk of threat low.
- Reporting, Training, and Testing
All employees should be trained on how to recognize a potential cyber attack. Train staff by running mock cyber attacks and testing them on their awareness and response to such tests.
Make sure all employees know who to report to if they suspect a potential cyber attack and who they should notify using the correct methods outlined in your business continuity plan.
Test employees from time to time on their response speed and how efficiently they follow company procedures. This could save serious amounts of time and money when a real cyber security breach happens.
What To Say In The Event of a Cyber Attack
- Be Proactive
Let your employees know immediately when a cyber attack has been identified. In the same message, let them know what they can do to minimise the impact of the cyber attack with clear and concise instructions.
- Be Honest
At the beginning of a cyber attack you may not have all the important details about the extent of the attack to hand. Be honest with your employees and tell them what you know so far and how you plan to handle it. It's important that you are transparent during these attacks. It's also important to show that you are in control and that you have an expert support team in place. Employees need to be kept calm, informed, and up to date.
- Be Frequent with Updates
Let your employees know of any new information regarding the security attack as soon as you do. They may be worried about their private information and data being stolen or shared. Reassure them, and even if there is no new information, remind them that you are working hard to get the situation under control and with as little damage as possible.
- Empower a Chain of Command
If your employees are managed at different levels, empower mid-level managers with information to disseminate to the staff that they work closely with. They will have built up levels of trust with their managers and will want to be updated by people that they feel as though they can rely on and trust in times of danger for the business.
- Open up a Two Way Conversation
This may not be easy to operate as soon as a cyber attack hits your business.However, It's crucial that employees are given an avenue by which to communicate, question, and inform management of their thoughts, doubts, and updates regarding a security breach. Even if you just set up an email address for this exact purpose, it's important that all employees feel worthwhile and listened to by management, especially in times of crisis.
Although cyber security attacks can often be fixed quickly and efficiently by I.T response teams and cyber security staff, communication is key throughout an attack to retain trust and support of employees and stakeholders. It's important to prepare employees of the pitfalls of cyber security, show them how they can do their bit to help your overall cyber security infrastructure, and let them communicate with you openly throughout any cyber security breach for your business.