Most Australian businesses will face a crisis at one point or another. Whether it’s an unexpected hardware failure, natural disaster, cyber threat, or employee sabotage; a negative incident of some sort is bound to affect their company’s reputation and bottom line. They should therefore do everything they can to minimise the impact of these issues before and during a disaster.
But not everyone rises to the occasion when things go wrong. Time and time again, employees panic and overreact to situations in ways that make things worse. Others, left out of the loop during the planning phase, simply don’t know what to do.
So if you intend to keep your business safe, you’ll want to make sure you avoid those two situations; plus a few other major crisis management mistakes at all costs.
Failing to prepare
When a crisis, big or small, hits a company, the first question usually asked is, “What am I supposed to do?” But therein lies the first mistake businesses make during a crisis. Not having a detailed plan in place almost guarantees your response will be delayed, rushed, and only worsen the situation. As the saying goes, “If you fail to plan, you plan to fail.”
You should create an incident response plan that includes; a mandatory internal notification system and telephone contact list so employees and clients know whom to call during a crisis. If your workplace is in an area susceptible to fires and floods; you also need to write a detailed evacuation plan and a disaster recovery strategy that prioritises the recovery of mission-critical systems; like email servers and customer information databases.
As for cybersecurity-related crises, you need a network monitoring system that detects threats as soon as they occur; and backup solutions that can quickly restore apps and data to a point in time prior to when the incident occurred. Most companies maintain cloud backups so if a natural disaster or cyberattack should result in hardware failure; employees can continue working on files remotely, as long as they have an internet connection.
These sorts of plans must also include training and tabletop exercises to test the plan regularly so employees know how to report the issue; whether they should work remotely, and what to tell customers when certain services are offline.
Letting the crisis fester
Probably the worst thing you can do during a disaster is to wilfully delay your response to it. News of your company’s lax attitude to a crisis could leak and reach authorities and the media; putting your business in a much larger spotlight than if you had just resolved the issue promptly.
What’s more, ignoring issues as serious as data breaches can actually be catastrophic. The Equifax data breach in 2017, for instance, was caused by staff failing to promptly install security updates. Crises such as this are becoming more common given the increasing sophistication of cyberattacks; and if you don’t respond to them on time, you won’t just suffer media backlash, but you’ll also face huge financial damages, lawsuits, and loss of customers.
Whatever the case may be, it’s important to be proactive. Intrusion prevention tools that detect unusual network behaviour and regular vulnerability assessments will help you identify and mitigate problems early. Meanwhile, training your employees to respond to specific situations as a unit; whether it’s a security breach or natural disaster, ensures faster recoveries.
Hiding the problem
The third mistake companies make in a crisis is trying to hide it. For example, in an attempt to save their image; Uber paid cybercriminals to hide a massive data breach which affected 57 million users for over a year. When the public eventually found out about the incident; the ride-sharing company was flooded with complaints, lawsuits, and negative reviews from the press. If Uber were based in Australia; they would also be liable for noncompliance with data breach notification laws and would likely lose even more customers as a result.
It’s prudent to report crisis situations quickly and honestly. This way, you have more control over what is actually being reported; are able to give updates on the issue, and can manage customer complaints early. Even if you’re still trying to get a grasp of the situation; a quick statement along the lines of “We are aware of the issue and are currently trying to resolve it” gives your customers peace of mind from knowing that your company owns up to its mistakes and respects customers enough to tell them.
Although quickly reacting to problems is ideal, this doesn’t mean you should rush and make hasty decisions. In a crisis situation, your instincts may be to micromanage your staff and cut corners in order to recover faster, but this can actually do more harm than good.
Breaking protocols and going outside your crisis management best practices can hamper other employees’ ability to do their jobs right, causing communication breakdowns and slowing down your recovery time.
When dealing with a crisis, you should be both fast and methodical. If you’ve set up the plan, established policies, and trained your employees, have faith in them. And if there are unexpected cases; make sure you notify everyone involved that you’re deviating from the plan so your team is in sync.
Managing it alone
Dealing with crises alone sets you up for failure. In fact, without the help of experts, your incident response plans and training seminars won’t be effective. That’s because you need an outsider who can look at things objectively, challenge the feasibility of your plans, and offer better alternatives.
Crisis management consultants can provide other forms of expertise that your company needs, including data compliance, cybersecurity, and disaster recovery. But perhaps the biggest reason why you need to team up with a professional is they’ve probably handled similar issues in the past and can put that experience to work for you.
There are many managed services providers dedicated to keeping your business alive and well; and Empower IT is definitely one of them. As specialists in cybersecurity, disaster recovery, and managed IT; we can provide you the expertise you need to make sure your response strategy is effective and your employees know what they’re supposed to do. We even provide you top-class solutions that protect you from a variety of crisis situations. Call us today to learn more about what we can do for you.