Officials from the U.S Department of Homeland Security (DHS) and other federal agencies have been meeting with election service providers to ensure the integrity of the voting process for months. As a result of those the meetings, the Sector Coordinating Council was created in partnership with the Election Association Commission to ensure the integrity of the machines we use to vote. The National Association of Secretaries of State also have made cybersecurity a priority.
But have you? We know we are all vulnerable to attack. Our passwords, credit card numbers and even our social security numbers have all been compromised. Just last year, more than 147 million Americans were affected following the data breach at Equifax Inc. in 2017.
When you are attacked, (1) what is your communications protocol; (2) when will you respond; (3) what will be your message; (4) do you have the right contacts with reporters to help you get the word out; (5) are your executives trained to respond and deal with the crises?
To prepare for any crisis, no matter how big or small your company is, you need to monitor your reputation so you know when an issue becomes a crisis. You also need a field guide to help you respond. Then you need to prepare and practice that response, by having simulations or table top exercises with your CEO, CISO, CSO, CMO, and CLO. The experience will show you were you are vulnerable and how to properly plan for the next data breach, #METOO moment or other crisis.
The election systems in twenty-one states were compromised by Russian-backed hackers, which led DHS to designate election infrastructure as "critical infrastructure." Earlier this year, a bipartisan coalition introduced the "Secure Elections Act," (SAFE ACT) which not only includes language for additional funding for voting machines, it includes language facilitating communication among the federal, state and local levels of government on cyber threats to elections.
You cannot wait for Congress to act in protecting your industry or for handing you the communications protocols in dealing with the next crisis. You cannot wait for the moment you are attacked and caught off guard without having a blueprint in place to monitor your company and respond when necessary.
Corporate boards, chief executives and cybersecurity specialists should be reassessing how they handle sensitive information and respond to potential cybersecurity incidents. With the widespread hardware vulnerabilities, such as Spectre and Meltdown, companies should also re-evaluate their relationships with vendors and add that to its crisis planning.
At times there will be circumstances beyond your control that have the potential to damage your reputation. A crisis is a specific, unexpected, and non-routine event or series of events that create high levels of uncertainty and simultaneously present a company with both opportunities for and threats to its’ reputation. Every company in every industry faces its own set of risks. However, the crisis itself doesn’t always do the most damage— The handling of the crisis however often does. Preparing for a crisis instead of planning for one can help mitigate the damage. The midterm elections and our nation's vulnerabilities should remind us all the time to prepare is now!