Throughout the more than 15 years working in Southwest Airlines Communications Department, there have been a handful of issues that truly rally the troops and bring together various departments that work to protect our business, employees and customers. In recent years, Cybersecurity has topped our list of potential issues.
At Southwest Airlines, the risk was originally identified within our Technology department. Gradually, other teams became acutely aware of the need for Cybersecurity planning and the role their department would play in the event of an attack.
Several years ago, our Technology team recognized the importance of communications after a few minor events gained media traction. We were invited to join a cross-functional group formed to specifically focus on Cyber events.
As we continued to navigate through events, it became clear that a specialized skill was needed, and we quickly began our search for an experienced agency to help review processes, protect information, plan for a potential attack and coordinate communication across all stakeholders.
Search for the right agency.
When we began our search for an agency to partner with us on Cyber events, it was important that the agency employees had firsthand experience on this specific topic, either working alongside or directly for a company that had fallen victim to a Cyber attack.
We also wanted an agency that hired staff based on their Cyber credentials. We enlisted a group that not only handled several high profile Cyber events, but also had a lawyer-turned-PR executive on staff to provide counsel on regulatory requirements, as well as a journalist who covered Cyber for the Wall Street Journal before joining the firm.
We also looked for agencies we would feel comfortable working alongside and with people who were a natural extension of the “Southwest Family.”
We introduced the final agencies in the running to internal stakeholders throughout the company, such as legal, technology, insurance, emergency response, internal audit and marketing, to ensure that it was the right fit for all department members who would be working closely with representatives during an event. After careful consideration, we unanimously agreed to invite Brunswick to partner with our team.
Agency is onboard. Now what?
To get started, we asked PR firm Brunswick to assess the current state of our Cyber preparedness. We needed to identify our weaknesses and shortcomings, as well as build on our strengths. To do this, we asked that the senior executives at the agency sit through a tabletop exercise led by our Technology team. We also shared current communication plans and orchestrated interviews with key stakeholders throughout the company.
Based on these findings, the agency created a Cybersecurity Playbook to be used as a jumpstart and reference during an event. The Playbook, which includes checklists and various steps to take during an event, provides draft communication pieces to use with media, Employees and Customers.
The agency also provided risk assessments and recommendations that are currently being routed through top leadership in various departments such as internal audit, emergency response and technology. For example, one of their initial recommendations was to identify all key internal and external stakeholders now to avoid scrambling during an event.
In addition to preparing for a potential Cyber issue, our partners keep us informed on events throughout the world that are pertinent to Cybersecurity.
Agency representatives are available to assist and provide counsel for internal campaigns designed to keep our employees aware of online threats and educate them on responsible technology use. Finally, the agency is facilitating introductions to reporters throughout the country who cover Cybersecurity, assisting our team with the cultivation of those relationships.
In today’s world, Cyber threats are real and present. Companies should do all they can to safeguard their organizations against potential attackers by having the right teams ready and solid plans in place for a coordinated and swift response, if and when an online threat occurs.
It’s common for Cyber experts to go to the media about an event before a company is able to collect all of the facts, so being prepared is critical to a successful response. It’s a topic that will, most likely, play out publicly, and communication is essential in upholding the company’s reputation and maintaining trust within the communities it serves.
* * *