Don’t do a Reddit: how wargaming exercises can help you prep for an inevitable data breach

Berta Papp-Silva is the co-founder and CEO of The CyberFish: a new Plexal member that incorporates insights from psychology and behavioural science when developing cybersecurity solutions. Here, Papp-Silva teases an event the company is hosting later this month: a wargaming exercise that will test your ability to respond to a data breach.

Organisations of all sizes are starting to realise that when it comes to a cyber attack, it’s a matter of when rather than if. But if your company’s data was breached today, how prepared would you be?

The criticism of Reddit’s response to its data breach is the latest example of how the wrong response can damage an organisation’s reputation and potentially erode people’s trust in you in the long run.

That’s why we’ve designed a series of events that offer a safe environment to experiment and test your responses among cybersecurity, legal, PR and behavioural science experts. Our event at Plexal on 17 August (the first of a series) will simulate hypothetical incidents, which should help you think about how you might be able to boost your incident response plans.

In the meantime, here are a few tips to give you a head start.

1. Form your crisis team.

Sit down with your team and think about who would be involved in the decision-making process in the event of a breach. For startups, this usually means the whole team but bigger companies often form a crisis team that involves decision makers from a range of departments, including IT, legal, communications, operations, customer services, compliance and HR. Some also invite major suppliers, partners and even clients.

2. Scenario planning: learn from other data breaches 

This team should get together regularly to discuss potential scenarios and analyse recent cyber attacks on competitors or organisations similar to you. Let the cyber experts explain what happened from the technical perspective but be sure to also discuss:

  • how they dealt with the breach as a team
  • the reaction from media and the public to the communications strategy
  • the impact on share prices and any other consequences

By picking apart what they did well and what could have been handled better, you can then reflect on your own incident response plans.

3. Empower everyone to be cybersecurity-aware

Organisations tend to think that responding to a data breach is the sole responsibility of the IT security department. In fact, every single person in an organisation, whether they work in HR or customer service, needs to be able to pick up on suspicious signs and understand their personal responsibility when it comes to flagging inconsistencies and dealing with the aftermath.

Give staff a personalised incident response plan that details the signs to watch for, how to escalate the problem internally and what to expect in the hours, days and months after a confirmed breach. Make keep the language jargon-free: people need to be able to understand the message.

4. Understand the psychology of your team when responding to a crisis

We all have different habits and ways doing things, so any policies you put in place need to take account of the way people actually behave in real life.

For example, some people prefer to make decisions fast, alone and based on instinct while others tend to share information and work through the options as a team first. People also respond to stressful situations in different ways, so it’s important that you’re able to read your crisis team and make sure everyone is contributing equally. 

5. And then practice more.

The more scenarios you rehearse and discuss with your team, the less stressful an actual incident is likely to be. You want to get to the stage where emotions are kept out of the picture, allowing you to work together as a calm, well-oiled machine.