Crisis Management during a Ransomware Attack
Crisis Management is critical when responding to a ransomware attack.
How an organisation communicates with stakeholders during and after an attack can have a significant impact on the organisation’s reputation and ability to recover.
In April 2023, Adoni Media’s Managing Director, Leisa Goddard, joined an expert panel of some of Australia’s leading cyber security experts to provide insights into how to respond to a ransomware attack.
Crisis Management PR Expert
Having been a journalist who reported on organisations in crisis and now having spent more than a decade in crisis management, helping them respond, here is some advice by Crisis Communication and Media Strategist, Adoni Media‘s Managing Director, Leisa Goddard.
1. Be transparent
Transparency is key when communicating with stakeholders during a ransomware attack.
It’s essential to be open and honest about the situation, including the impact of the attack and the steps being taken to resolve it. Avoid downplaying the severity of the attack or hiding information, as this can erode trust and make the situation worse.
2. Communicate regularly
During a ransomware attack, stakeholders will want to know what’s happening and what they can expect.
It’s important to communicate regularly, providing updates on the situation and any progress being made. This can help to reduce anxiety and uncertainty and demonstrate that the organisation is taking the situation seriously.
3. Choose your communication channels wisely
Depending on the situation, different channels may be more appropriate.
For example, social media can be an effective way to provide timely updates to a large audience, while email may be more appropriate for targeted communication with specific stakeholders. Having a spokesperson who has undergone media training and can confidently represent your organisation on television, radio, print and online is essential.
4. Provide guidance for stakeholders
Stakeholders will likely have questions about what they should do in response to the ransomware attack.
It’s important to provide clear guidance on what steps they should take to protect themselves, such as changing passwords, monitoring financial accounts, and reporting any suspicious activity. A Q&A on your website is a good strategy, as is setting up a call centre to answer questions.
5. Stay on message
When communicating during a ransomware attack, it’s essential to stay on message.
Ensure that all communication is consistent and aligned with the organisation’s overall response strategy. Avoid making contradictory statements or providing conflicting information, as this can erode trust and credibility.
6. Consider the impact on stakeholders
Through all communication it is important to consider the impact on stakeholders.
This includes employees, customers, suppliers, and partners. Be mindful of the potential consequences of the attack and provide support where necessary. For example, employees may need assistance with resetting passwords or securing their personal devices.
7. Plan for the aftermath
Once the ransomware attack has been resolved, it’s important to plan for the aftermath.
This includes communicating with stakeholders about the impact of the attack, any changes to policies or procedures, and the steps being taken to prevent future incidents. It’s also important to monitor the situation and address any ongoing concerns or questions.
Crisis communication must be a priority during a ransomware attack and organisations should have policies and procedures in place that are current and tested. Time is critical and what you are seen and heard to be doing in the minutes, hours, days and weeks during and after a crisis can define the future of your business and reputation.