Does Your Disaster Recovery Plan Include Crisis Communications? Here’s Why It Needs To

Does Your Disaster Recovery Plan Include Crisis Communications? Here’s Why It Needs To

alarm-629777_640You’ve probably spent a fair amount of time thinking about how you might safeguard your business against a crisis. You’ve got a plan in place for how you’ll keep your data safe, and keep your services operational. Maybe you’ve even got some infrastructure in place to ensure failover and business continuity.

But have you thought much about your most important asset?

I’m not talking about infrastructure or intellectual property. I’m talking about people. Whether a cyber attack, a natural disaster, or a simple service outage, the first thing you need to do in an emergency is alert your colleagues, clients, and shareholders – and the faster you do that, the better.

This message (or preferably, series of messages) should be short and easily-digestible, but should also include the following information:

  • What happened.
  • When it happened.
  • Where it happened
  • What services have been interrupted?
  • Who is impacted by these services?
  • How long until services resume
  • Who to contact for more information

In addition, if there’s an incident that could cause physical harm or loss of life, there needs to be a system in place to allow your management team to communicate with an account for all employees. This system should include established muster points, clear responsibilities and teams, and next steps during an emergency. Even if you have members of your team working from home, you need to make sure they’re accounted for.

Because at the end of the day, you have a duty of care towards your workers. So long as they’re employed by you, you’re responsible for keeping them safe. And even if that wasn’t technically true, do you really want grievous injuries or deaths on your conscience?

In addition to establishing clear lines of contact, your crisis communications plan should also include provisions for how to deal with media and customer inquiries. It should designate a clear spokesperson (or spokespeople), a list of pre-approved social media posts, and guidelines for answering questions posed by journalists.

Finally, you need structures in place for disclosing data breaches or data loss. This last one is extremely important – and as regulations like GDPR pass will be required by law in many locations. These disclosures should include the following details:

  • What specific information was compromised – especially if financial or personally identifiable data has been compromised
  • Who has been impacted – including clients, stakeholders, prospective clients, etc?
  • How the incident occurred
  • What measures are being taken to prevent a similar incident from taking place

During an emergency, communication might be the last thing on your mind. Unfortunately, if your business is to effectively weather a disaster, it needs to be first. The better-equipped you are to keep employees and customers alike apprised of what’s going on, the better you’ll look in the aftermath of any disaster – no matter how serious.

Follow Liberty Center One:

Subscribe with Feedly