Local: (805)-371-3680 | Toll Free: (800) 240-CHIV
Chief executives often find themselves in the role of chief communicator during a cyber crisis.
Todd McKinnon, co-founder and CEO of Okta Inc., a company that provides identity authentication and management services, recently found this to be true when Okta was caught up in a breach at a business partner early in the year, according to the Wall Street Journal. The hacker accessed some information about specific Okta clients.
“We were trying to be proactive and communicate to our customers everything we knew as fast as we knew it. In a situation where there are a lot of unknowns, it’s quite challenging,” McKinnon told WSJ.
Missteps during a cyber crisis can have lasting effects and worry employees, clients, and prospective customers. Something Kathleen Duffy, President and CEO of recruiting firm Duffy Group Inc., recently experienced.
During a cyber attack on Duffy Group last year, Duffy’s main concern was communicating with workers and customers and offering updates as more information became available.
“As soon as we knew what was going on, we let people know,” Duffy told WSJ.
She worked to reassure staff that their personal information, such as Social Security numbers and bank account information, had not been compromised. Duffy also reached out to clients, letting them know that none of their data had been leaked. And she led negotiations with the hackers, eventually bringing the ransom down to $2,800.
“It’s just like insurance,” Duffy said, “It’s something that you need and hope that you never have to use.”
In the case of Okta, investigators discovered that the business partner had been compromised and failed to inform Okta.
McKinnon stated, “This sequence of events was very hard to tabletop out.”
The company’s initial tweets and public pages ultimately conveyed wrong information, unsettling customers. Okta has since created a process to connect more personally with its client’s security and risk managers, through video calls and conferences.
“What the CEO has to do in these situations is push for transparency because I think it’s better for the industry. I think it’s better for customers,” said McKinnon.
Despite missteps, McKinnon believes that talking about a cyber crisis is critical in helping affected parties manage it. “We didn’t get all the information perfect,” he said. “But I think it’s better to push for transparency.”
Read more at WSJ.com (subscription may be required).
