As data breaches become more common, with malware and phishing scams happening at unprecedented rates, mitigating your organization’s risk while having an effective communication strategy in place, are measures every property manager should take seriously. Cyber breaches can result in financial losses, legal liabilities and reputational damage capable of crippling an otherwise successful organization. Sadly, these days, it’s not a matter of if, but when a data breach will occur.
Aside from working with an IT/Cybersecurity company to ensure measures are in place to limit risk and protect data, property managers should be cyber-ready with a cybersecurity communication plan developed in case of a data breach. Effective cybersecurity communication can be a powerful weapon to combat cybercrime, and it all starts with preparing for this unwanted incident.
3 steps for data breach readiness
To develop an effective data breach communication strategy, the first step is to prepare in advance by creating a crisis communication plan. This is a detailed document outlining the steps and responsibilities of the crisis communications team that must be adhered to during a cyber attack. The second step is to maintain consistent, timely communication during and after the attack. The third step is to maintain full transparency throughout the crisis.
Key communication points
Following any data breach, your tenants and suppliers will want to know the following three things:
- Was my data stolen?
- What is my potential risk?
- Do I need to take action with any regulatory bodies, financial institutions and credit check agencies?
Every cyber crisis communication plan should provide accurate and timely information for addressing these questions. The plan should be communicated to all affected stakeholders by a crisis management team. Every person in the communication chain must report their findings to senior leadership so that all aspects of the breach can be considered and responded to appropriately. It’s also imperative to work closely with your company’s legal counsel to ensure a full understanding of your responsibilities with regards to regulatory bodies, government and insurance agencies.
Remember, time is of the essence. It’s best to inform all affected parties as soon as possible to ensure you maintain your position as the primary source of information. This helps prevent any misinformation from spreading from outside sources while reinforcing that you have everyone’s best interests at heart and are doing everything you can.
Questions to ask your crisis communications team
In order to communicate to tenants and suppliers which data was compromised and when the incident occurred, you’ll need to gather the following information:
- What happened?
- When did it happen?
- What are the known facts?
- What is the scope of the incident?
- How can we help tenants and suppliers?
Remember that in the heat of the moment, it’s important for you to deal only in the facts and not wade into speculation about what may have led to the event and who is to blame. Transparency is key in any data breach. Impacted organizations should provide accurate and proactive information that is confirmed and approved by their legal counsel.
In today’s fast-paced digital world, it is likely that every organization will fall victim to a cyber attack at some point, even with risk mitigation strategies and best practices in place. Having a carefully crafted data breach communication plan that focuses on clear, concise and timely communication in the event of an incident is a critical measure that will go a long way to maintaining the trust of all your stakeholders and the public.
Nicole Harris is the founder and CEO of Solv Communications, a PR and Reputation Management agency specializing in property management, real estate, and property development reputation management.