What PR Professionals Need to Know About Cybersecurity
Today's PR professionals handle crisis communications for businesses of all sizes and across all industries. These professionals must stay up to date regarding current and emerging business crises to help companies limit the impact of such incidents.
Cyberattacks are becoming increasingly common, and no business is immune to them. The FBI Cyber Division indicated it received up to 4,000 complaints about cyberattacks per day during the first few months of the coronavirus (COVID-19) pandemic, representing a 400% increase from before the crisis. You can also attribute the rise in cybercrime during the pandemic to a surge in the number of remote workers.
Research shows 71% of American workers were doing their job from home most or all of the time as of December 2020. Yet 90% of chief experience officers have reported an increase in cyberattacks "since the world stayed home" due to the pandemic.
Hackers use ransomware, malware, and other malicious software to attack remote workers. Businesses spend trillions of dollars annually to guard against cybersecurity incidents. However, their best efforts are sometimes not enough.
Businesses lose an estimated $2.9 billion per minute as a result of cybercrime. The longer it takes a company to respond to and mitigate a cybersecurity incident, the more damage the business suffers.
PR professionals cannot necessarily stop cybersecurity incidents. But they can partner with IT professionals to minimize a cybersecurity incident's impact on a business, its employees, and its customers. Let's look at cybersecurity in detail, along with ways PR professionals can help companies deal with cybersecurity incidents.
What Is Cybersecurity, and What Does It Mean for Today's PR Professionals?
Cybersecurity is a term used to describe the protection of networks, programs, and systems against digital attacks. Hackers initiate cyberattacks in the hopes of illegally accessing sensitive data, extorting money, or interrupting a company's everyday operations.
There is no such thing as a one-size-fits-all approach to cybersecurity. Businesses often use multiple cybersecurity tools, though doing so may inadvertently hamper their ability to combat cyberattacks.
Companies must look beyond cybersecurity tools to keep cybercriminals at bay. They must develop processes to identify and address cyberattacks. Businesses must also educate their employees about cybersecurity.
PR professionals are among the employees that must possess a clear understanding of the cyber threat landscape. These professionals can then use their knowledge to help a business avoid long-lasting damage after a cybersecurity incident.
How a Cybersecurity Incident Impacts a Business
A cybersecurity incident has immediate and long-term consequences that impact a business, its employees, and its customers. These consequences may be unavoidable. But PR professionals can help a company keep them under control.
Business disruptions are among the most common short-term ramifications of cyberattacks. A hacker can launch an attack that temporarily shuts down a company's systems. This can prevent employees from accessing these systems, which hinders their productivity. It can also affect customers, to the point where they cannot access a company's services or engage with the business.
There can be immediate financial losses due to a cybersecurity incident. These losses can vary based on how long it takes a business to identify the incident and initiate recovery processes.
Companies can face brand reputation damage following a cybersecurity incident as well. Consumer perception of a brand can change if a company fails to guard against cyberattacks properly. Those who no longer believe a brand can meet their expectations following a cyberattack will look elsewhere for products, services, and support.
How a company responds to a cyberattack can have far-flung effects on the incident's impact. A business with procedures in place to notify those affected by a cyberattack and respond to their concerns and questions about the incident is well-equipped to withstand long-term damage. But a business that tries to hide from a cyberattack can suffer severe damage, due to its failure to be upfront and honest regarding the incident.
A business that ignores cybersecurity measures and experiences a data breach may be subject to compliance penalties, too. Businesses in healthcare, financial services, and other highly regulated industries must comply with industry data security mandates. Failure to do so simultaneously exposes business data to cybercriminals and puts a company in danger of compliance violations and associated brand reputation damage.
PR professionals should know how a cybersecurity incident can impact a business. This knowledge ensures PR pros can develop procedures to ensure a company can effectively respond to a cybersecurity incident.
What PR Professionals Can Learn from the SolarWinds Data Breach
The SolarWinds data breach provides a good template for PR professionals to follow relative to cybersecurity incident response.
Russian hackers allegedly launched their attack against SolarWinds, an IT monitoring and management software company, in early 2020. They gained access to SolarWinds's Orion infrastructure monitoring and management platform system and added malicious code to it. When SolarWinds sent software updates to Orion users, it unknowingly included the malicious code.
The Orion malicious code created a backdoor for hackers to access customers' information systems. It, therefore, gave cybercriminals additional opportunities to attack Orion customers around the world.
SolarWinds's data breach may have affected up to 33,000 Orion users. It led SolarWinds to issue a public statement regarding the attack and take steps to correct the security vulnerability. But SolarWinds has remained persistent in its efforts to limit the breach's impact, and PR pros can learn a lot from the company's response thus far.
Although the data breach puts SolarWinds in a poor light, the company has provided regular updates since the incident. SolarWinds has released an FAQ regarding the data breach. It has even set up an RSS feed that lets Orion users receive notifications any time the FAQ is updated.
Several notable organizations affected by the SolarWinds data breach have spread the word about the incident as well. The incident impacted at least nine federal agencies and 100 companies. Some have issued statements to their stakeholders about the incident, and SolarWinds has remained accessible to provide them with additional support.
The U.S. Cybersecurity and Infrastructure Agency (CISA) has also been involved in SolarWinds's efforts to help organizations respond to and recover from its cyberattack. It encouraged those the incident may have impacted to read SolarWinds's security advisory and provided access to a GitHub page for detection countermeasures.
How PR Professionals Can Partner with IT Teams to Prepare for and Respond to Cybersecurity Incidents
There is no telling when a cybersecurity incident will occur, and PR professionals must plan for the worst-case scenario. This requires PR pros to work closely with IT teams to ensure a company can manage all aspects of cybersecurity incident response.
PR professionals and IT teams can together craft a cybersecurity incident response checklist. This can encompass the steps both parties can take to ensure a company is handling incident response as efficiently as possible. It can also include online project management software and other tools that can be used to streamline incident response.
Having cybersecurity experts on staff can make a world of difference in terms of preparing for or responding to cyberattacks and similar security incidents. PR professionals and IT teams can work in lockstep to identify skilled cybersecurity professionals to fill internal roles.
It is important to note that there is a shortage of talented cybersecurity professionals globally. Many companies are actively pursuing experts who can help them keep pace with cybercriminals. So businesses must offer exceptional perks to stir up interest from top cybersecurity pros.
The perks provided to cybersecurity pros should be unique. A company that offers cybersecurity pros the opportunity to work from home, for instance, must account for the challenges of remote work. This allows a business to ensure any cybersecurity pros it hires receive the support they need to perform everyday tasks to the best of their ability.
PR professionals and IT teams may seek out cybersecurity talent, as well as upskilling current personnel. This requires PR pros and IT teams to consider how to educate employees across a business about cybersecurity topics.
Myriad training programs can be used to educate a workforce about cybersecurity. An awareness program can provide an entry point to teach workers about basic cybersecurity terms and definitions. Employees can use Bootcamps and other advanced training programs to ensure they can identify a cyberattack before it causes a data breach.
A company-wide effort to handle cybersecurity incidents requires ongoing communication and collaboration. PR professionals and IT teams can keep one another in the loop regarding any cybersecurity concerns or questions. They can even collaborate on digital marketing campaigns.
Companies that prioritize cybersecurity can incorporate their efforts into their digital marketing. They can share details about how they are doing everything in their power to protect their employees and customers against cyberattacks. And PR professionals can disseminate this information to media outlets, helping their respective companies broaden their reach.
PR pros should consult with IT teams before they launch a digital marketing initiative that involves cybersecurity. This ensures PR pros can deliver accurate information about their companies' efforts to ward off cyberattacks. It can help PR pros to determine the best course of action to deliver the right information, to the right audience, too.
Make Cybersecurity Incident Planning and Response a Top Priority
PR professionals should devote time, energy, and resources to learn about cybersecurity. Those who do so can help companies avoid cybersecurity incidents. And if a cybersecurity incident happens, these professionals can address the issue before it gets out of hand.