Whenever the status of an incident changes, update your

tanjimajuha20 · Post by **tanjimajuha20** » Tue Jan 21, 2025 8:52 am

For each type of target audience and interaction method, develop templates for incident status messages that only require specific details — this will save a lot of time.
Assign a person responsible from the IT/IS department who will be able to report the status of work to the head of the PR incident support team and act as a "translator" between PR specialists and the IT/IS team. Call center employees and customer service managers should receive up-to-date brief information on lithuania whatsapp resource the incident status from the PR support team. Employees who may receive questions from outside about the state of affairs in the company should forward all requests to members of the PR team.
An incident status message can include a brief description of what happened and what impact it had, the probable causes of the incident, a short list of measures taken, and an estimated time frame for resolving the incident. It would also be appropriate to apologize in the message, as well as inform that the incident status will be updated and customer complaints will be considered. Use previously developed message templates and agreed communication channels, try to avoid complex technical terms and professional IT jargon in the text. Do not be afraid to admit the fact of a cyber attack - you should become the primary source of information, preventing the spread of rumors and speculation due to the lack of honest and prompt communication from the company.

messages to include a brief description of what work is being done and the estimated time frame for recovery. Even if there is no news, it still makes sense to periodically (every few hours) update the message to indicate that work is still being done to fix the issue.

The PR team must be prepared for the media to ask a variety of questions, so it is important to prepare for the most likely and pressing ones.

Once the investigation is complete and all services are restored, the IT/IS incident response team typically prepares a report on what happened. Excerpts from this report that do not contain confidential or technical information can be used for external communications: the final message on the investigation results should explain what happened and why, what consequences the attack may have for the target audience, what actions should be taken by the affected persons (e.g., change the password, enable two-factor authentication, scan the infrastructure for certain cyber threats, etc.). It would also be appropriate to apologize in the final message and describe what measures the company plans to implement to prevent similar events in the future.

Based on the investigation results, the correctness and efficiency of the actions of the IT/IS team and the PR support team are analyzed. Unfortunately, the incident is unlikely to be the last one, so it is advisable to take this experience into account and, if necessary, adjust the response work plan.