In this century, life without the internet and mobile phone are nearly impossible to imagine. In fact, did you know that 
- Over half of the world’s population is online; that’s more than 5 billion users
- Over half of those browsed websites using mobile devices: 2%
- On average, mobile internet users spend nearly 3 hours online every day
Today’s digital world communicates on smartphones and social media, which widens the scope of cyberattacks. The control of communication among the public and media is a complicated task to cybersecurity experts. Having an incident management communication plan within an organization would be a great initiative to improvise security standards. The plan shall define the process of assessing and distributing communication via social media.
The purpose of social media communication has widened since its origin. Earlier, social media access was restricted to only adults and was meant to share informative pictures. The platform served as a responsive communicative tool. Any personal images shared were restricted to personal viewing only. A restricted platform like so would pose fewer chances of cyber threats. Today’s businesses that incorporate such platforms must enable shared experiences, validate observations, and provide valuable information.
An incident management plan must be developed with an element of a social media strategy. This widely evolved platform can be used as a strong source of proactive corporate visibility and timely communication during security incidents. To ensure a positive, productive, and profitable relationship with industry leaders, stakeholders, and communities, social media accounts should be decently maintained. Twitter feeds, Facebook posts, Instagram posts, LinkedIn articles, etc. can be used as sources of incident communications. It can be a single source of communication in times of incidents to employees, communities, press, media, legal enforcements, stakeholders, etc. By sharing accurate and detailed information, authorities have little to no chance to interpret the news.
Elements of an Incident Management Communication Plan
- Factual description of the incident
The incident management plan shall give scope to have a brief, factual, and focused description of the incident. Though the incident is ongoing, the facts should be disclosed, restricting only the information that may cause further harm.
- Initial response details
The initial step of response handling after the attack should explain “when, where, what, and who.” The “why” may be identified during the early stages of incident handling, and it should not be revealed unless all the facts are evaluated and confirmed.
3. Establish ongoing processes
The IR plan shall identify the processes that are not affected by the attack and restore the scene to ensure the business scenario as usual. Re-establishing the ongoing processes to the maximum extent would help in counteracting any emergency. This includes and not restricted to supply chain disruptions, ongoing security measures, employee directives, the requirement of volunteers, and safety mandates.
4. Communicate about returning to normality
Businesses must communicate their progress on bringing back the affected areas to their original or improved state. A delay in achieving normality in business processes should be communicated along with logistics and other details are confirmed.
5. Be empathetic towards affected
Express empathy towards those affected by the incident. If an incident had affected a stakeholder, community, employees or someone else, the IR should direct management to be human and show compassion towards them. Such empathic acts on social media speak louder than words.
6. Access to SMEs
Subject matter experts understand the details of the incident and its effect on business operations. When they are allowed to access the incident details, they can provide factual and specific information. SMEs are the ones who can trace out the possible answer for “why” an incident occurred. In the absence of factual information, the public, media and other outsiders on the social media may seek out alternative sources that may lack accuracy in information to the incident.
7. Refrain predicting response time
The incident response commanders may able to calculate the expected time required to contain an incident. But the companies should refrain from sharing predictive response time online. The IR team should provide employees, press and with the public the incremental time for situational updates. In the absence of factual information, the public information officer or a representative from IR team should engage people on social media to avoid havoc online.
Effectively managing the social media engagements is imperative for a public information officer. The larger companies should establish a communication team to monitor social media facets during incident response. Irrespective of this, the companies should learn to address the vast digital network of social chatter. The basic process of communication during every incident remain consistent except while defining a response strategy. A timely, factual and proactive incident management communication campaign can help in inhibiting viral rumors and antagonistic communications.
Want to be an incident handler?
EC-Council’s latest iteration of the E|CIH program is a comprehensive specialist-level program that imparts knowledge and skills to effectively handle post-breach consequences by reducing the impact of the incident. EC-Council Certified Incident Handler (E|CIH) is a method-driven holistic approach to address all the stages in incident handling and response process to enhance your skills as an incident handler and responder.