Cybercrime: How to limit the damage with communication
First aid for cybercrime
In light of the recent global MS Exchange vulnerabilities and the associated increase in hacker attacks on IT systems, as well as our own experience of this issue, you will find below our ‘self-help guide’ for cyberattacks from last year. All recommendations remain valid.
Every day, attackers hack into the IT systems of government agencies, public institutions or businesses. They paralyse operations, steal data, install malware or demand ransoms. In our increasingly digitalised world, this is where we are most vulnerable.
What should you do when everything comes to a standstill?
Drawing on our day-to-day experience, we have summarised the 10 most important tips for containing digital crises in an emergency. Communication here complements the emergency measures taken by your IT department.
Communication in an emergency/crisis:
- Contact your local data protection authority immediately by telephone and report the incident (file a report!)
www.datenschutzkonferenz-online.de/datenschutzaufsichtsbehoerden.html - You should also contact the national “Central Contact Point for Cybercrime” (ZAC)
www.polizei.de/Polizei/DE/Einrichtungen/ZAC/zac_node.html - Consult the guidelines issued by both authorities and assess whether the recommended actions are feasible and applicable to your organisation.
- Appoint an internal project team that will meet regularly from now on and allocate the necessary tasks. Appoint a project manager for your team and give the project a name. Important: avoid the term “crisis team” (stay calm!)
- Exchange mobile phone numbers and agree on a suitable communication channel (WhatsApp group, Teams channel, external email programmes, etc.). In particular, check whether your channel is working properly or is secure in light of your interests.
- Assess the situation: What exactly has happened? Get an overview of what you know – and what you do not (yet) know. Try, as far as possible, to constantly update and validate your knowledge.
- Establish control over information: Draw up a set of talking points with key messages based on your verified findings. This will serve as the basis for internal communication, press releases, customer communications and as a talking point for potential TV/media enquiries.
- Note: “Internal BEFORE external”! Communicate the situation to your staff first. As a general rule: only pass on verified information and instructions.
- Information cascade: After your employees, you should inform customers and business partners. Then other stakeholders such as service providers, banks, authorities, the media, etc.
- Channels and tone should remain the same as in “normal mode”.
Dealing with the media: Respond positively to media enquiries. Here, too, there is a need for information and clarification. Handle this confidently and appropriately.
This crisis communication first-aid kit helps you to get your bearings, organise yourself and set initial priorities in an emergency. Our advice on how to proceed: Consult an expert! You are welcome to contact our Crisis
Communications Team at any time for further information.
You can reach us at the email address help[@]kaltwasser.de and via the mobile numbers of our crisis on-call service.
