This is a test of your emergency preparedness system. Today, in part one of this five-part series, we are going to discuss two scenarios: (1) what happens if your website has been hacked, ie: someone has gained access to your website and inserted malicious code; and (2) your customers’ account information was obtained by a third party. This is more common today than website hacking. Three key principles in crisis communication and planning are to be prompt, transparent and available. It is imperative that organizations have someone available to answer questions and deal with situations 24/7, 365 day a year because a crisis can arise any time of day or night. There are six “R’s” (stages) of crisis management:
RECOGNIZE: identify the incident and mobilize the crisis management plan (CMP)
RESTRICT: limit the magnitude of the impact and contain the situation
REMOVE: evaluate, monitor and eradicate the root cause of the issue
RECOVER: restore systems to normal status
RESOLVE: investigate, communicate and update quality controls
REFINE: perform a post-mortem and refine the plan
Communicating to key internal and/or external audiences is critical at every stage of crisis management.