Communicating Cyber Security
It’s one of the hottest topics in the communications world and also one of the most feared. So how does an organisation confront the reality that they could be next-up for a cyber-attack and what does best practice look like for communicators?
On a grey winter morning, our cyber gurus, Paula Keve and Gwilym Lewis delivered an impressive and engaging presentation to a packed house of communications leaders. I wanted to share with you some of the key learnings from our latest event.
Gwilym set the scene perfectly on his opening slide with a hooded hacker in the background and the below quote stretching across the screen:
Dr Ian Levy, Chief Technical Director, GCHQ's National Cyber Security Centre, speaking about some of the industry’s sales methods said…“you end up with a narrative that basically says ‘you lot are too stupid to understand this and only I can possibly help you.”
Gwilym went on to say that this is the rhetoric he continues to hear when speaking to businesses and that it’s creating an unnecessary fear towards cyber security. It feels overwhelming for people when really there are some quite straightforward steps to follow. He then took us through the most common myths of cyber security and how they’re simply not true.
Myth 1 - Cyber security is a new thing
Myth 2 - I am not a target
Myth 3 - Software and websites are built to be secure
“We believe cyber security is hard because we are told it is but the reality is that most of it is very straightforward” says Gwilym. “Technically it is not complex at all and solutions are well documented and freely available online.”
Top tips to deal with cyber security
The speakers shared their top 10 tips for dealing with cyber security, which are provided below.
- It’s just another business issue. Don’t focus on the technology that enables attacks to happen. Think about it in operational and commercial terms.
- Attacks affect more areas than you may think. List all the people that need to be communicated with if this were to happen to you, and work out what it will mean to each of them and you.
- It has to be an ongoing process. The frequency is ultimately for you to decide but staying on top of testing for security is crucial. The world is changing fast.
- Probe your executives in your catch-ups. Is there anything you need to know as the communications lead that they’re not sharing?
- Get to know your information security team and remember, the legal team are your friends. It’s imperative that you communicate with them all.
- Adapt your crisis communications plan; create a data breach version.
- Ensure facts are watertight; use holding statements to buy yourself time.
- Before you share your message externally make sure you have given your employees the same message prior. It is incredibly important that your internal audience don’t find out about this from anyone other than their organisation.
- Clear your calendar; dedicate yourself to the cause.
- Triage; delegate portions of your responses to your team.
For more information on cyber security, The Open Web Application Security Project (OWASP) is an online community which produces freely-available articles, methodologies, documentation, tools, and technologies in the field of web application security, which you can access here.
Jenni Field, Director at Redefining Communications has also very kindly pieced together a cyber security toolkit for communications professionals. If you would like to hear more about this please do get in contact.
If you are interested in speaking at one of our events, or would like to attend an event in the future then please do get in touch at firstname.lastname@example.org.
To discuss any of the issues raised in this blog, please contact Peter Bush.