How You Should Respond Internally to IT Security Incidents

In a single day, websites experience, on average, nearly 60 cyberattacks. And for small businesses, successful attacks can have a lasting impact: 60% of small businesses will go out of business following a successful breach due to the costs of recovery.

In this article, we’ll talk about IT security incidents, which are events that indicate an organization’s systems or data have been compromised or that existing cybersecurity measures have failed. The key to staying afloat during an IT security incident is preparation — and effective communication is a major component in that. Knowing how to communicate transparently, both internally and externally, in the wake of an attack not only builds trust with your employees but also helps protect your reputation.

Achieving perfect security is never guaranteed, but if your small business finds itself responding to an IT security incident, your response time and communication can help mitigate unnecessary damages. To ensure every member of your business is on the same page, start internally.

Communicating with Your Internal Team in a Crisis

You’ll need to take several steps in response to IT security incidents, but the first thing to tackle is explaining the incident to internal staff members. The CEO or highest authority figure should first communicate the details of the incident to all involved internal parties to ensure factual accuracy, prevent undue panic, and provide guidance on how to handle any questions.

It will be up to the executive team to determine how much staff members need to know at this stage. Generally, however, it’s best to avoid sharing information that could cause companywide panic or that may be exploitable. Likewise, going into the specific technical details of the attack is probably unnecessary. Instead, disclose information that employees can easily digest and use during the incident response.

When communicating with your internal team after an attack, remember the following points:

1. Remain calm. In the wake of an attack, management must set the tone for the response. If you’re panicking, other employees will likely follow suit and assume the worst. Executives and managers need to remain calm and keep a clear head as they communicate the issues and outline next steps.

2. Be as transparent as possible. Though you shouldn’t disclose every piece of information about an attack to all internal parties, every employee should be aware of the situation. If employees feel you haven’t provided all the necessary information, they’ll likely fill in the blanks with assumptions — and potentially spread rumors and misinformation.

3. End on a positive note. Once the situation has been resolved, release an internal report summarizing your response to the cyberattack. There should be full disclosure regarding the compromised data, the exploited vulnerability, and the changes that have been made to patch the vulnerability and protect the company against future attacks.

Responding to IT security incidents can be intimidating, but taking the time now to put an incident response plan in place will save your company time and money down the road. Outline an internal communication strategy that prioritizes calm, clear actions and transparency to see the best outcomes. For more tips, check out our “Cybersecurity Checklist for the Modern Small Business.”

Monique Becenti is a product and channel marketing specialist at SiteLock, a cloud-based website security provider currently protecting more than 12 million websites globally. Monique is passionate about improving the customer experience for all. SiteLock’s combination of dedicated research and developmental efforts, aggressive product road maps, and access to a massive global data set make the company a leading innovator in web security.