December 20, 2023 at 08:05PM
Organizations facing security incidents should prioritize clear and strategic communication. Ashley Sawatsky, a Senior Incident Response Advocate at Rootly, uses her expertise to offer essential tips. These include involving legal counsel, being proactive in notifying affected parties, providing regular updates, avoiding speculation, using cautious language, and preparing customer-facing teams. Ashley’s experience comes from working with tech giants in incident response strategies.
Based on the meeting notes provided by Ashley Sawatsky, it is clear that effective communication with users and external stakeholders during a security incident is essential and comes with its own set of challenges. Here are the key takeaways from the meeting:
1. Involvement of Legal Counsel: Consulting with legal counsel is critical to ensure that communications regarding the security incident comply with regulations and do not lead to potential legal issues.
2. Proactive Communication: It is important to inform affected parties directly and provide quick, frequent updates to maintain control over the narrative in the face of external scrutiny.
3. Avoid Speculation: Communications should refrain from speculating about unconfirmed details of the incident, as this can create confusion and necessitate backtracking later.
4. Careful Word Choice: Using specific, actionable language rather than sweeping definitives helps to manage expectations and mitigate the risk of appearing insincere or overpromising.
5. Support for Customer-Facing Teams: Providing clear guidance and support to customer-facing teams is essential to ensure they can handle inquiries and interactions effectively and confidently.
These takeaways offer a comprehensive understanding of the strategies and considerations for effectively communicating with users and external stakeholders during a security incident.