An uninvited guest crashing your video conference is a threat to your company's reputation. Here are the steps to take to mitigate damage and restore confidence.
If it can happen at the highest level of government it can happen to your company.
On April 3 of this year, a videoconference on women's rights in Afghanistan held by the House of Representatives' Oversight Committee was allegedly "zoom-bombed" three times. The incident raised serious concerns about the security of Zoom as a videoconferencing platform for use by government and private enterprise.
Ten months into the pandemic and the world of virtual meetings it has engendered, and we're all familiar with the term zoom-bombing. It's so familiar in fact, that the term itself has become a stand-in for cyber attacks on any video conference, no matter the platform. Characterized by an uninvited guest hacking into a meeting, zoom-bombing ranges from minor nuisances, such as teenagers infiltrating company meetings, to more disturbing and salacious virtual visits.
Even in its most innocuous form, a zoom-bombing and the digital violation it represents can unsettle employees and external stakeholders alike. A more heinous, high-profile attack can severely threaten your company's reputation, but it does not need to spell disaster. Below are four tips to navigate the aftermath of a zoom-bombing through cooperative internal and external communications.
Take Swift Action
Your meeting has just been zoom-bombed. What is your first move? Act decisively. Timing is vital to alleviating anxieties, as delays in acknowledging the incident can create the impression the attack is being ignored or swept under the rug. Your employees are looking to you for an explanation and reassurance in the immediate aftermath, so listen and respond swiftly to any significant concerns they raise.
The empathetic voice when delivering internal communications is just as crucial as the post-attack messaging itself. Identify the key company representatives who can spread the word and restore confidence internally (and externally). You understand your workforce best, so be sure your representatives empathize effectively with your designated audience's needs.
A charismatic digital expert, sympathetic HR lead or C-suite member known for transparency are all potential picks to lead a company's emotional and technological recovery; evaluate who best fits based on demeanor, level of expertise and understanding of company culture to resonate with a particular audience.
Prioritize Your People
Your employees are the principal audience to prioritize. A zoom-bombing touches the cyber-security anxieties people feel entering a virtual workplace. They may be thinking, "If my meeting can be hacked so easily, what else is at risk of being hijacked?"
Employees must receive transparent and supportive communication affirming the safety of their digital workplace. Start with a clear defining of the event as a zoom-bombing specifically. Doing so assuages potential fears that other aspects of your technological infrastructure - such as an employee's personal information - have been additionally compromised. Following an acknowledgement of the attack as an isolated incident, outline the future steps being taken to prevent its subsequent occurrence.
Zoom-bombing can also be a traumatic psychological violation for employees in the compromised meeting, and any digital intrusion can fracture trust in your company's cyber-security posture. Make sure to provide HR mental health resources and an open space for dialogue about the attack's ramifications. Firm, empathetic internal communications unify a company's workforce toward recovery, a valuable asset if a zoom-bombing requires external communication as well.
Face the Public
A zoom-bombed client or other external meeting can draw the attention of news networks, public shareholders and corporate partnerships. Identify the interests of your organization's stakeholders, and tailor messaging specific to their diverging concerns. It may be helpful to create a universal set of key messages based on principles like internal accountability, compassion and recovery. Though messages will be different based on the needs of each stakeholder, ensure that all external communications are thematically consistent and cohesive.
Like internal communication, clearly establish the nature of the attack and plans to prevent its future incidence. A unified front is a helpful foundation to ground external communications; if your employees visibly trust your recovery plan after a digital attack, it is likely that outside stakeholders will follow suit. Zoom-bombing incidents can threaten your company's carefully crafted reputation, but tailoring stakeholder-specific messages under a coherent, thematic set of key messages can significantly alleviate any outward mistrust.
A digital attack of any nature can be embarrassing, and you may be tempted to try to address it externally anytime it's referenced in public. Don't. Resist oversaturating your audience and trust your instincts: Gauge the success of initial internal and external communications before issuing follow-up messaging. If stakeholders seem to move on - a sign of a proactive, early response - avoid persistent reminders of what was a potentially traumatizing virtual violation.
You may want to announce significant milestones and answer lingering questions about your zoom-bombing response, but keep further messages concise and relevant to presented concerns. The goal of communication following digital disruptions is to instill confidence in a more secure virtual workplace and move on. If stakeholders and employees are conveying trust in your corrective measures following a zoom-bombing, listen to them.
The good news is, efforts are underway to reduce zoom-bombing within educational, governmental and workplace spaces. To that end, the FBI has cracked down on more egregious offenses, and many video conference platforms (including Zoom) have introduced new security features to deter outside disruptions.
In the meantime, collaborative external and internal communication efforts following digital attacks can preserve, if not strengthen, the resilience of your company's internal culture and outside reputation.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.