Cybercrime: How to limit the damage with communication

First aid in case of cybercrime

In view of the current worldwide MS Exchange gaps and the associated increase in hacker attacks on IT systems, as well as our own concern in this matter, you will find our "Help for self-help" in the event of cyberattacks from last year here once again. All recommendations are still valid.

Every day attackers hack into IT systems of authorities, public institutions or companies. They shut down operations, steal data, install malware or extort ransom money. In our increasingly digitalised world, this is where we are most vulnerable.

What do you do when nothing works anymore?

In the following, we have summarised the most important recommendations from our daily experience in order to contain digital crises in case of emergency. Here, communication  accompanies the emergency measures of your IT department.

Communication in an emergency/ in a crisis:

  1. Immediately contact the state data protection authority which is responsible for you by telephone and report the incident (report it!
    https://www.datenschutzkonferenz-online.de/datenschutzaufsichtsbehoerden.html
  2. Contact also the nationwide Central Office for Cybercrime ZAC (Zentrale Anlaufstelle für Cybercrime)
    www.polizei.de/Polizei/DE/Einrichtungen/ZAC/zac_node.html
  3. Consult the guidelines of the two authorities and check the recommendations for action contained therein for their manageability/transferability to your company
  4. Appoint an internal project team, which will meet regularly and distribute the necessary tasks from now on. Appoint a project manager for your team and give the project a name. Important: avoid the word "crisis team" (keep calm!)
  5. Exchange mobile phone numbers and agree on a suitable communication channel (WhatsApp group, a team in Teams, external mail programs, etc.) In particular, check whether your channel is working properly or is secure in terms of your interests.
  6. Check the facts: What exactly happened? Get an overview of what you know – and what you do not know (yet). Try to constantly update and validate your knowledge as far as possible.
  7. Establish information sovereignty: Create a language regulation with core messages based on your established knowledge. This serves as a basis for internal communication, for press releases, for addressing customers and as a speaking note for possible TV/media enquiries.
  8. Note: "Internal BEFORE external". First communicate the state of affairs to your employees. In general: Only pass on secured information and instructions. 
  9. Information cascade: After informing your employees, you should inform customers and business partners about the incident. Other stakeholders such as service providers, banks, authorities, media, etc. will be addressed afterwards.
    Channels and style should be the same as in "normal mode".
  10. Dealing with the media: Respond positively to media enquiries. Here, there is a need for information and clarification too. Handle this in a confident and appropriate manner..

This first-aid kit for crisis communication will help you to sort yourself out, line up and set initial priorities in case of an emergency. Our advice for further action: Call in an expert
For further information, please contact our Crisis Communications Team.
You can reach us at the e-mail address help[at]kaltwasser.de or by calling the mobile numbers of our Crisis Standby Service.

Your contact person

Brigitte Kaltwasser

Brigitte Kaltwasser
+49-89-2441 774-105
bka[at]kaltwasser.de