Over the past few months, there has been a host of high-profile cyberattacks against major Canadian retailers, municipalities, essential infrastructure systems and even the Toronto Zoo. Recently, London Drugs, a well-known retail chain across Western Canda, felt the sting of a major cyberattack. This breach not only resulted in the shutdown of their operations but also shone a spotlight on the critical need for a reputation management plan.
How you manage the crisis and communicate with your target audience can make or break your reputation. Crisis management not only limits reputational harm, but it also buffers you from financial loss, and liability. Implementing an effective crisis management plan and media training are one of the most important investments to make in managing and mitigating a cyber breach or any critical incident.
In this blog post, we’ll examine the London Drugs cyberattack and other high-profile cyber threats to uncover what every business should know and do about mitigating the risk of cyber threats. We’ll explore effective strategies, examine the specific of the attack, and discuss how implementing a crisis communication plan can significantly reduce your reputational risk.
A tale of two cyber attacks Lessons learnt from the London Drugs attack and the Target cyber breach
London Drugs suffered a massive cybersecurity incident on Sunday, April 28, 2024. Â that led to the immediate shutdown of its 79 stores across four provinces. In response, the company swiftly enacted its incident response plan, bringing in third-party cybersecurity experts to manage the situation.
They also maintained open lines of communication, reassuring customers that there was no evidence of compromised data. Credit to London Drugs, they continued to offer essential pharmacy services. This dedication and commitment to managing to offer this vital service in the face of an entire store shutdown demonstrated their commitment to customer care. London Drugs was transparent and proactive in their communication with customers and employees. The retail chain also ensured that all its employees received a paycheck during this turbulent cyber breach. This steadfast care to customers and employees helped preserve and protect their trust and brand reputation.
In addition, the retail chain communicated on the appropriate social media channels with timely posts on X, formerly known as Twitter, Facebook and Instagram.
Compare London Drugs communications response to that of the Target data breach in late 2013. That hack exposed the personal data of up to 110 million customers. Target issued a statement the following day and posted a video with further details on its website. Target apologized for the break, explained how the hack happened, and offered free credit monitoring for affected customers.
Unfortunately, there were a few key flaws with Target’s response.
First, it responded before its management were fully aware of the scope and source of the breach. This forced Target to later walk back some of its statements, including the number of customers whose information was hacked. This made Target management appear unprepared and flatfooted about the true scope of the hack.
Then, Target posted a message from its CEO on its website. This led to them later reposting the same video to its social media page since their video was not garnering many views. If they had only understood where their customers were engaging about the hack, they would have known to post to social media instead. Social media was the prime source where their customers were gathering information, airing complains, and interacting with the company.
The important lesson here is that it’s vital to understand and use the appropriate channels to reach impacted stakeholders; communicate proactively with all stakeholders; and keep lines of communication open during and after the incident.
A successful response to a crisis can be guided by the following principles:
- Consistency is key in messaging – Align all communication and messaging across all channels.
- Establish yourself as the key source of credible information by communicating proactively on the right platforms where your target audience will receive your message.
- Communicate frequently so your audience turns to you as the main source of information. This also sets the tone that you are aware of the situation, taking the matter seriously and are working to resolve the issue.
- Activate your website as the information hub and drive people to it with posts to X (Twitter), Facebook, Instagram and your other online channels.
- Communicate directly with your people – Ensure that your employees hear the latest updates directly from you rather than relying on social media for their information
- Remind employees of your social media and media policy. Only those approved to release information to the public and the media should be delivering the message, no one else. This limits further harm to the company’s reputation.
- Tone of voice is important! Be empathetic, human, and authentic. Remember you are dealing with people, and they need to know that they are being heard, understood, and acknowledged in the situation.
- Be true to your brand and values in what you say and do.
If you’re looking to enhance your cybersecurity communication response and protect your business, reach out to Solv Communications. We’re here to help you navigate the challenges of any incident while ensuring your business’s reputation is secure.