HR Leaders play a crucial role in steering organizations through cybersecurity breaches, serving as the backbone of support for their most valuable asset, their people. Your ability to communicatee clearly and swiftly is vital in protecting, information and empowering your workforce, ensuring the organization perseveres.
Use This checklist as a guide to ensure effective and concise communication during and after a cybersecurity incident, helping to maintain clarity and control. Of course, this should be customized to fit the needs and structure of your organization.
| Initial Notification to Employees | Support Resources |
Action: Notify employees of the situation with confirmed information
|
Action: Offer assistance, such as IT support or identify protection services, especially if data is compromised.
|
| Employee Action Instructions | Legal & Compliance Information |
Action: Provide clear instruction for immediate employee action (e.g., password resets, system restrictions).
|
Action: Communicate and legal obligations or policy changes.
|
| Confidentiality Reminder | External Communications Policy |
Action: Reminder Employees to maintain confidentiality and not spread rumors.
|
Action: Clarify external communications protocol
|
| Regular Status Updates | Final Resolution & Next Steps |
Action: Keep employees informed with regular progress updates
|
Action: One resolved, communicate the outcome and next steps.
|
© Copyright CBIZ, Inc. All rights reserved. Use of the material contained herein without the express written consent of the firms is prohibited by law. This publication is distributed with the understanding that CBIZ is not rendering legal, accounting or other professional advice. The reader is advised to contact a tax professional prior to taking any action based upon this information. CBIZ assumes no liability whatsoever in connection with the use of this information and assumes no obligation to inform the reader of any changes in tax laws or other factors that could affect the information contained herein. Material contained in this publication is informational and promotional in nature and not intended to be specific financial, tax or consulting advice. Readers are advised to seek professional consultation regarding circumstances affecting their organization.
“CBIZ” is the brand name under which CBIZ CPAs P.C. and CBIZ, Inc. and its subsidiaries, including CBIZ Advisors, LLC, provide professional services. CBIZ CPAs P.C. and CBIZ, Inc. (and its subsidiaries) practice as an alternative practice structure in accordance with the AICPA Code of Professional Conduct and applicable law, regulations, and professional standards. CBIZ CPAs P.C. is a licensed independent CPA firm that provides attest services to its clients. CBIZ, Inc. and its subsidiary entities provide tax, advisory, and consulting services to their clients. CBIZ, Inc. and its subsidiary entities are not licensed CPA firms and, therefore, cannot provide attest services.