How Marketers Can Prepare for a Cyber Security Crisis
Do you have a cyber security plan? What happens when a corporate social media account is hijacked for mischief or political gain? Or when sexually explicit Tweets are accidentally published because corporate account access was mismanaged?
In an ever-evolving cyber security climate where we hear about a new corporate breach almost every day, brands are not only fighting to stay relevant but to protect the integrity of their customer promise.
Despite the very real threat that a cyber attack could happen to a company at any given moment, marketers are largely failing to realize that IT security is a critical component of their overall brand security. Reputation management falls on a company’s marketing communications department, and it’s their responsibility to both work with their IT teams to prevent these breaches from happening and put in place a brand recovery plan, should a breach occur.
Does your company’s CMO regularly meet with your CIO or chief information security officer (CISO) to discuss important initiatives? If marketing understands what IT security is implementing for access control best practices, and security understands the critical tools marketing uses, your organization will likely close much needed internal gaps and reduce the risk of a breach.
Take the US Airways Twitter flub. A US Airways staff member had direct access to the corporate Twitter account, an account that’s regularly shared among internal staff and agency partners. An explicit Tweet was sent out on that account without permission, causing a whirlwind of bad press and tarnishing the airline’s online reputation. How could this have been prevented?
If marketing had a better understanding of ways to control access for shared credentials to brand assets (social media accounts, content management systems, social monitoring tools), then the access to the corporate Twitter account would have been better regulated and audited, mitigating the risk of personal or explicit Tweets.
5 Components of a Brand Recovery Plan
Is your marketing organization prepared to deal with a security breach or a hack to social media accounts? What is the process to recover access and mitigate any damage that resulted?
These are questions you should be asking yourself as either a marketing or security leader in your organization. By collaborating with brand and security teams, you can develop a comprehensive plan to deal with a cybersecurity crisis if and when it occurs. That plan should include the following steps:
1.) Put preventative measures in place. Mimic access control procedures, governance, and policies that your CIO imposes on their IT teams. Because of the rise of digital communications, marketing teams are sharing more brand credentials and account access than ever before. By replicating IT security standards for account access, marketing reduces the risk of losing control of the brand voice online.
2.) Train all of your marketing staff on basic information security practices. Something as simple as watching a webinar on better password practices or understanding how an attack occurs can help your brand team become more agile in a sensitive situation. If you work with agency partners, make sure they experience the same basic training so everyone controlling your brand’s voice is on the same page.
3.) Change your passwords regularly. This is a no brainer. Rotate marketing’s shared account passwords on a regular basis. Create long, complex passwords, and strictly control who has access to these credentials. Poor password practices leave your branded accounts ripe for the taking.
4.) Make your creative teams aware. If you incur a breach, a savvy move might be to launch an immediate campaign on improving security across the organization as a whole. Communicating those efforts in a creative, honest, and approachable way is the key to earning back the trust of your customers and stakeholders. Have your marketing team prepared and ready to spin up such a campaign and launch it strategically post-breach.
5.) Get PR involved. Make sure that your internal and external PR teams are involved in making a brand recovery plan. They have direct access to the media and can readily draft press releases or setup press conferences to address the problem directly if and when it occurs. This can give relief to your stakeholders and put customer minds at ease that you’re admitting to the issue and working to resolve it.
The best way to survive a crisis is strategic communications, not only among your stakeholders, but internally among the leaders of various business units. When the collaboration between brand and security begins from the C-level down, you have the opportunity to set new (and much needed) standards where IT security and brand management can drive real business value as a result of working together.
Nick Lagalante is marketing communications strategist at Thycotic