“We're currently making security enhancements to our website, which should be back online soon.”
This is the message that you are greeted with on the website for one of the world’s biggest telecoms group, TalkTalk PLC. On Thursday 21 October the news broke that police had commenced a criminal investigation into the cyber-attack on TalkTalk, leaving 4.2million customers’ details including contact numbers and payment information exposed. However, the Company managed to disclose the news 24 hours after they had been made aware. The share price subsequently nosedived 10 per cent as further revelations were disclosed with regards to exactly what and who had been effected and statements from CEO Dido Harding claiming ”stolen customer data may not have been securely encrypted” did little to keep their head above water.
Would the graph look so similar if the company had developed a better, more stringent crisis communications strategy? Looking at Fig.1 the share price dipped during August. This depicts one of the two previous data breaches that the Company suffered and had this not been dismissed as a ‘blip’ then potentially the topography of this share graph would tell a different story.
Crisis communications, if not a desired consideration, should be ready and waiting in reserve to protect your company from any future bad news or operating faults, that you can respond in the most efficient, transparent and effective way to uphold your reputation as well as the safety of your customers and shareholders. Information security consultant Paul Moore rightly so states that ‘more worrying than the breach itself, had been TalkTalk's response to it’. There is a key to addressing the many communications issues related to crisis and disaster, of which TalkTalk have not handled correctly:
1. Anticipation of crisis:
Problem: TalkTalk had previously become exposed to data hacking and therefore should have placed measures to not only protect networks but individual data
It is not a matter of if it is a matter of when, cyber security especially is a must for companies storing the details of consumers, preparation is key.
2. Assessing the risks:
Problem: TalkTalk claim that they are unsure as to whether the data of customers bank details were encrypted, as confirmed by the broadband provider
With the level of technology available a company must have access to analogous detail, this is a good message to send to your shareholders if not your customers.
3. Communication and notification:
Problem: The lag time in notification from security breach to announcing this to their customers. People were left puzzled as to why the website was ‘closed for maintenance’ on Wednesday morning.
How will your news be shared with investors and/or the public, the quicker and more direct the better. Trust is based on communication and evidently leaving your investors and customers in the dark can break that trust.
4. Evaluation and analysis:
Problem: TalkTalk failed to learn from previous crisis: fail to plan - plan to fail
After the smoke clears revise the reaction and handling to secure your anticipation methods, think of the crisis as a vaccination, you come out stronger.
Hindsight is a beautiful thing however in the business world companies like TalkTalk cannot afford to simply tape up holes in the structure of their strategy of crises management.
Specifically cyber intelligence is advancing faster than some companies can develop their defenses, both systematically and managerially there is a drive to evolve rapidly to build resistance for the future and crisis. If a company can develop and format a clear and concise crisis management scheme then it should in theory be ahead of the game and ‘hacking’ can return to Horse and Hound.