4. Have a failover option
“If your cloud-based system has an outage, and you have set up the proper failover architecture, you can simply redirect your applications and/or data to an alternate cloud service provider,” says Liebl. “Having a multi-cloud architecture is very smart to prevent single points of failure. Alternatively, many cloud-based architects recommend a hybrid approach where critical data is synchronously mirrored between the cloud and on-premises storage. This way, you can failover between the cloud and an on-premises copy of your data.”
5. Involve the PR/media team – and legal (if necessary)
“The importance of involving [public or media relations professionals] early on when an issue arises and has the potential to become a crisis is imperative for mitigating damage to a company’s brand,” says Kimberly Nissen, president, Public Relations Society of America, Philadelphia Chapter. Your PR team “should be among the first to know of a potential incident or breach because the earlier [it] is aware of a situation, the more time [it has] to collect the facts and work with the legal department to prepare a public-facing statement.
“Having such a statement on standby should the incident become public is crucial,” she states. “In cases such as cybersecurity incidents, during which attackers may want to take credit for their work by broadcasting their own statements on social platforms, it is especially important that the [PR] team is ready to monitor what's being said about the company and the situation to respond effectively, if and when appropriate. This cross-silos collaboration is essential for mitigating damage to the company's reputation.”
6. Immediately notify customers
“If your email server gets hacked and your entire customer list is sent spam from your company email address, quickly send a global email to let your customers know,” says management consultant Amy Cooper Hakim. “Make sure that the subject line is clear and direct. Write something like: ‘Please do not open an email from us with [x] in the subject line.’ Then, in the body of the message, own up to the error. Apologize and take responsibility (even though it is not your fault). Customers expect mistakes to happen. It is your job to wow them on recovery.”
Similarly, post messages on your social media accounts (e.g., Twitter, Facebook, LinkedIn) letting people know you are experiencing a problem but are handling it – and will keep people posted.
7. Manage user/customer expectations
“Managing expectations is the key to ensuring that a problem isn’t compounded by users perpetually asking questions,” says Beckstead. So it’s important for companies to provide customers/users with “a brief explanation of the problem, in layman’s terms but specific enough to give them an idea of what’s wrong,” he says. “That way it doesn’t look like you aren’t trying to cover something up or avoid the problem and creates some empathy from people who may not understand completely, but know you’re working on something to fix it.”
It's also important to let people know “when a fix may be in place, overestimating (by 10 percent) to be safe. If the problem spans multiple days… update users every 24 hours or so to let them know that you’re working on it. This way you aren’t barraged.”
Finally, says Beckstead, “send an all-clear message when the problem is resolved.”
8. Conduct a postmortem
“Once an IT outage issue has been resolved, it's important to immediately conduct a blameless postmortem to analyze what happened,” says Rachel Obstler, vice president, product, PagerDuty. “Use this time to evaluate what worked well in your incident response process and what didn’t, as well as ways you can fire-proof your system for incidents of this nature in the future... [and] perfect and streamline your incident resolution process [going forward].”
This story, "8 ways to manage an internet or security crisis" was originally published by CIO.