Communications expert Lynne Capie, of Soteria tells Emily Moore about the importance of planning for and managing a workplace crisis – including a cyber attack
FOR many professionals, managing a workplace crisis – something which could have the potential to bring the business to its knees – is a scenario likely to induce cold sweats and sleepless nights.
For communications expert Lynne Capie, though, crisis and incident management is something on which she thrives, so much so that she has recently launched her own business specialising in this area.
As the former head of global engagement and communications at RBS and global head of communications and business development at Appleby explains: ‘In both of these roles, I was often brought in to support with reputational matters and specifically crisis and incident management and I absolutely loved that element of the role.
‘I like to be able to understand the way forward. I think that, in a distressed situation, there is often a paralysis within the leadership team but being able to apply the right skills and behaviours, and being able to support both organisations and individuals to find the right way through that crisis, is incredibly rewarding.’
Having found her niche, Lynne established Soteria – named after the Greek goddess of protection and deliverance – last year. While helping organisations to respond to any type of crisis, cyber-related events tend to occupy a lot of her time.
‘No company is immune to the threat of a cyber attack,’ she said. ‘Such incidents are increasing in prevalence and the damage such attacks can cause is increasingly concerning, both commercially and reputationally. If you imagine a situation where your team cannot access emails or files and you cannot answer customers’ questions or conduct transactions, then you start to understand the impact that such an incident can have.’
With cyber crime having become ‘such a lucrative industry’ in recent years, Lynne says that it is vital that businesses prepare for an attack to take place.
‘You cannot assume that such an event will not happen,’ she said. ‘While there is still some inertia in the Island, cyber events are taking place all the time and every company is at risk. To put this into context, recently the Lockbit ransomware site had listed 14 global companies as victims of its cyber events.
‘This underlines how important it is for companies to think about prevention and planning and that they develop a range of detailed response options to a number of specific scenarios. It is also vital that all levels of the organisation are involved in these plans.’
Acknowledging that human error is often to blame for cyber breaches, Lynne adds that colleague engagement is essential for maintaining company defences.
‘Helping colleagues to understand how they can support an organisation’s defence is a key element of Soteria’s work,’ she said. ‘We focus on bringing together the right audiences, developing communication strategies that support that process and building a plan which engages those audiences and also recognises the way that people are likely to behave and how to mitigate the impact of that behaviour in the event of a cyber emergency.’
And while Lynne says that communication after an attack can often be ‘given less priority’ than the technical remediation side, she insists that this area is not a ‘nice to have’.
‘This applies to communication with colleagues, customers and the media,’ she elaborates. ‘Ideally, colleagues and clients should be told first, although that isn’t always possible, as attackers often post details of their activity on the dark web, where it is picked up by security-monitoring services and then publicised by the media.
‘This is another reason that it is so important to be prepared and to have a rehearsed response ready to roll out whenever it is needed.’
In addition to cyber, Lynne and Soteria’s crisis manager, Kezia Lightfoot, support businesses with other incidents, ranging from natural disasters to reputational damage caused by a staff member’s misuse of social media.
‘Whatever the nature of the incident, the fundamental questions come back to whether you understand the risks facing your business, whether you have the right people in place to help you identify, mitigate and manage those risks and whether you have a plan ready to implement should those risks become a reality,’ Lynne added.
‘You have to remember that the organisation’s initial response will both shape its actions and the way that it is perceived in the future, so that response must be measured and aligned with the company’s values. Critically, having a plan will prevent any of those reactionary behaviours which can be so detrimental and it will enable you to take control of your own narrative.’
As well as supporting individual businesses, Lynne and the Soteria team are focused on raising awareness of the importance of cybersecurity across the Island. Having chaired the Cyber Security Awareness Month steering group last October, Lynne is now organising another event on 27 April.
Facilitated by Soteria, the event will focus on geopolitical tensions and the changing role of communications in cyber defence and will include presentations from CERT director Matt Palmer, Nihon chief executive Dougie Grant and representatives from Vaiie.