Effective communication, especially during a time of change, requires frequent touchpoints. Having a communicator or a communication team specifically aligned with your cybersecurity team can provide immense benefits.
There is a delicate balance associated with the frequency and content that is communicated to stakeholders. The fundamental goal is to tell the cybersecurity story throughout the organization through clear, concise, targeted communications through the most effective dissemination channels. Some will want more frequent communications, whereas others will desire less communication. Some will prefer “pull” communications and others will want the information pushed to them. Cultural appetite, tone from the top, and organizational commitment help drive the various required communication delivery techniques to ensure stakeholders are aware. Some examples include the following:
- Publish monthly newsletters to various stakeholders
- Create a robust intranet presence with tools and communications
- Celebrate success stories of collaborative achievements
- Provide platforms for cyber champion recognition
- Track, measure, and report the effectiveness of the communications through a cyber communication dashboard
Having a venue into the corporate communications team provides cybersecurity the opportunity to align, influence, and enable the influx of cybersecurity into normal business communications. It is critical that the corporate crisis communication team be part of the cybersecurity incident response team because of the potential reputational impact associated with a significant cyber incident. During a time of crisis, concise and timely communications to key stakeholders and customers can often be the difference between an incident being managed and an incident being exaggerated. Tactically positioning the cybersecurity story within the organization through effective education and awareness while addressing the latest trends in cybersecurity can help build collaboration by demonstrating how individuals can partner with cybersecurity to address customer needs.
Regardless of the industry, customers want to know their information is safe and the organization that has their data has a clear plan to achieve that goal. Adding cybersecurity reminders in existing individual customer communications begins to demonstrate that commitment to the customer. It takes a long time to earn trust, but it only takes a second to lose it.
This also holds true for internal stakeholders. Often the information and measurement of results reported by the cybersecurity team may not be perceived as positive news. For example, the cybersecurity team may implement new technology that provides an enhanced visibility into the health and hygiene of various technology assets. If these assets have never had this improved visibility, it is possible that the results may provide awareness of critical vulnerabilities or weakness associated with the platform.
Consequently, when reporting these results, others may take offense to these perceived negative results. However, this is a great opportunity to educate leadership by explaining that it is far better to find these opportunities internally rather than be told about these vulnerability gaps from a law enforcement representative. Don’t pass up the opportunity to build a champion; one champion can quickly lead to two, which, in turn, can often grow to thousands.