Step 2: Investigate and Isolate DO: • Conduct a thorough forensic investigation to identify the origin of the attack, what systems were touched and whether any data was accessed or stolen. • Isolate affected systems from your broader network. • Engage with third-party specialists, if needed, to validate the integrity of your data and check for backdoors or lingering threats. DON’T: • Don’t rush to bring systems back online before a full assessment is complete. • Don’t ignore the importance of transparency with your leadership team and legal counsel during this phase. Step 3: Communicate Clearly (Internally First) DO: • Alert your internal teams quickly. Explain what’s happening in clear terms and provide guidelines for continuing operations manually, if necessary. • Centralize communications so that employees know where to turn for accurate updates. • Emphasize company culture and teamwork – disruptions are stressful, but how people rally makes a difference. DON’T: • Don’t allow rumors or fragmented communication to spread. In a crisis, misinformation can do more damage than the attack itself. Step 4: Notify Customers and Partners – With Grace DO: • Reach out to customers and key partners with honest, proactive communication, even if you’re still investigating. Let them know you’re aware of the issue and working on it. • Be transparent about delays and offer alternative solutions or updated timelines when possible. • Express gratitude for patience. Acknowledge inconvenience. These sentiments build longterm trust. DON’T: • Don’t remain silent. In the absence of updates, customers may assume the worst or feel abandoned. • Don’t assign blame or overpromise fixes. Step 5: Operate Manually If You Must DO: • Have a manual backup plan. Order taking, quote generation and fulfillment don’t need to stop. Your team just needs a way to do them without systems. • Cross-train staff so they can step into unfamiliar roles in a pinch. • Keep logs and records of manual activity to re-enter into your systems when restored. DON’T: • Don’t panic if your automation breaks down. Most clients will be understanding if you’re communicative and proactive. • Don’t wait to create a backup workflow until after a crisis. Plan ahead. Step 6: Restore, Reflect and Reinforce DO: • Once systems are secure, reintroduce them carefully. Test each part of the network as you go. • Conduct a post-mortem: What worked? What failed? What needs better preparation next time? • Use the event as an opportunity to invest in stronger security, better redundancies, and more employee training. DON’T: • Don’t assume it won’t happen again. Cyber attacks are increasing in frequency and sophistication. • Don’t treat a return to normal as the end of the process; true recovery includes planning for what’s next. A Final Thought In our industry, relationships are everything. How your company responds to a crisis – how you show up for your clients, partners and teams – will leave a longer impression than the disruption itself. If you build your systems, culture and communication strategy with resilience in mind, you won’t just survive a cyber attack. You’ll earn even more trust from the people who matter most. Dunbarger is the project management lead at PPAI. PPAI • JUNE 2025 • 29 Innovation | Voices
RkJQdWJsaXNoZXIy NzU4OQ==