People Management

Additionally, to what we mentioned in our previous article, it seems relevant not to forget the people management In situations of this nature, therefore, incorporating a profile for this purpose into the crisis management team generates an important contribution of value.

Specifically, in my opinion, it is advisable to cover at least the aspects of:

(1) Internal communication- A people management specialist is responsible for communicating with employees clearly and effectively about the security incident, providing up-to-date information and guidance on the measures to be taken. This helps keeps employees informed, reduces uncertainty and provides a sense of direction and control of the situation;

(2) Emotional Support: During a security incident, employees may experience stress, anxiety, or worry. A people management specialist can provide emotional support to employees, ensuring they feel heard and understood. This may include the provision of psychological support resources, as counseling sessions either wellness programs;

(3) Human resources management: A people management specialist must collaborate with the human resources team to address any impact on employee-related policies or procedures. This may include reviewing and adapting information security policies, implementing additional security measures to protect employees and ensuring that legal and regulatory requirements in terms of privacy and data protection are met; and

(4) Team coordination- During a security incident, additional equipment or assignment of specific tasks to different employees may be necessary, a people management specialist can help coordinate and allocate human resources effectively, ensuring adequate staff are available to respond to operational and incident management needs.

Therefore, the People Management during a security incident it is essential to ensure the well-being of employees and maintain effective operation of the organization. Having a people management specialist on the crisis committee helps address these needs and ensure that employees are properly cared for during the crisis situation.

What do the notorious cases of cyber incidents that companies such as, for example, have suffered in common? Equifax (2017), Yahoo (2016), Target (2013), Adobe (2013), Slack (2015), GitHub (2016), Telefónica (2017 and 2020), BBVA (2018), British Airways (2018), with what happened to Johnson & Johnson (1982)?

Specifically, and as an example, for the Equifax (2017) or Target (2013) cyber cases, if we delve deeper into the study of the public information of the cases, it can be concluded that one of the learned lessons would be, among others, that in the first case there would have to be appointed an official spokesperson to ensure consistency and clarity of the message and that there had to be provided resources and assistance to those affected to confront the crisis, while in the second case, despite being earlier in time and having praised the communication strategy of the incident, some activity related to empathy and concern for those affected, providing them with resources and assistance to help mitigate the impact. Both cases, considered well and poorly executed from a communication point of view, agree that they should have addressed the people management (mainly employees) as an important facet.

People Management Cyber Attacks Security Cybersecurity

Improvement processes

Improving the communication process during a cyber crisis can be done by, for example:

(1) Perform Periodic training drills and exercises to prepare the incident management team and improve their communication skills;

(2) Set clear protocols and workflows for communication internal and external during a crisis;

(3) Foster a culture of transparency and honesty in organizational communication at all times, not just during a crisis;

(4) Use multiple communication channels and diverse to reach different stakeholders effectively, and

(5) Evaluate and constantly review the communication plan of crisis to guarantee its effectiveness and adapt it to changes in the environment.

The Telefónica case and its incidents in 2017 and 2020 serve as an example, which although with different origins, a clear improvement can be observed in the aspect of communication towards stakeholders, informing, in 2020, immediately the affected users, providing them with details about the origin of the breach and the solutions they were applying to mitigate the impacts, adding, and this is also a differentiating factor, clear advice to their clients on the measures they could apply to protect their information.

Therefore, the communication professional in a crisis committee plays a central role in managing communication during a cyber crisis. His experience in public relations, crisis management and effective communication is crucial to transmit clear, precise and timely information to internal and external stakeholders.

Furthermore, and this is the most relevant thing in my opinion, it must Work closely with the people management team to address employee concerns and maintain effective internal communication, including incorporating such a profile into the committee.

People Management Cyber Attacks Security Cybersecurity Team

More important than it may seem

The People Management It plays a fundamental role during a crisis, also in those of cyber origin, precisely because of the halo of uncertainty that surrounds them. Facing the unknown, or with a lot of uncertainty, no matter how planned, is one of the worst situations a person can face. Employees can experience worry, uncertainty and stress during these events, which generally translates into negative factors when facing them.

It is essential, in my opinion, to adequately address these issues and have the support of a people management specialist in the crisis committee. Its presence guarantees a effective internal communication, provides emotional support resources to employees and coordinates human resources necessary to respond to the crisis.

In conclusion, the effective communication and the People Management are primary elements and closely linked in managing a cyber crisis to contribute to preserve business reputation and people's emotional health. The cases that have occurred of good and bad communication management provide us with valuable lessons about the importance of clear, timely and transparent communication.

Recognizing the relevance of communication and people management professionals, companies can be better prepared to face and overcome the challenges that arise at critical moments.

To learn everything you need to develop effective plans, consider our Professional Master in Cybersecurity Management, Ethical Hacking and Offensive Security.

Subscribe to our newsletter to stay up to date with all the news

Name and surname *

Email *

*I give my express consent and accept the Privacy Policy.

EIP International Business School informs you that the data in this form will be processed by Mainjobs Internacional Educativa y Tecnológica, SA as the person responsible for this website. The purpose of collecting and processing personal data is to respond to the query made as well as to send information about the services of the data controller. Legitimation is the consent of the interested party.
You can exercise your rights of access, rectification, limitation and deletion of data in compliance@grupomainjobs.com as well as the right to file a claim with the supervisory authority. You can consult additional and detailed information on Data Protection in the Privacy Policy that you will find in our Web page