If you happen to be Sir Elton John, Barbra Streisand or Andrew Lloyd Webber you’re probably feeling rather nervous this week. That’s because the business details of these celebrities and many others were reported to have been the subject of a ransomware attack.
New York based Grubman Shire Meiselas & Sacks is the latest law firm to fall victim to cyber criminals who are threatening to release stolen data unless they receive a considerable sum of money. We’re providing an increasing amount of crisis communications management for law firms and cyber breaches is the number one concern among the magic circle, silver circle and other law firms that we advise on handling communications and messaging following a crisis. This is a growing part of our work alongside general media training for law firms.
The other likely crisis scenarios that we advise the comms teams and senior partners of law firms how to handle include allegations of #MeToo incidents or accusations of racism. We’ve also created scenarios around fires at a law firm’s offices or problems with a high profile client. Essentially, if it can go wrong for a law firm – whatever it might be – we’ll help you to handle the conventional media and social media fall out with realistic role play interviews followed by advice and recommendations. We also provide advice on the whole crisis strategy that frames your communications and messaging.
“I’m so glad that we’ve rehearsed this – I just hope we never have to put it into practice,” one managing partner told us recently. Better to do the practice before the crisis, rather than afterwards, we pointed out.
Known as REvil or Sodinokibi the hackers, it’s reported, previously attacked foreign exchange company Travelex with ransomware in January. In this most recent case, they stole some 756 gigabytes of documents. If these were to end up on the dark web some very wealthy and influential clients could find themselves not just embarrassed but facing the risk of a further attack on their privacy and financial dealings.
How well are Grubman Shire Meiselas & Sacks handling this crisis? The firm has said in a press statement:
“We can confirm that we’ve been victimised by a cyber-attack. We have notified our clients and our staff. We have hired the world’s experts who specialise in this area, and we are working around the clock to address these matters.”
It’s short, punchy and factual, which is something that we always recommend. It was also issued quickly. In crisis communications people used to talk about the “golden hour”. This was the time you had to issue a statement and take action so that you were clearly in control of events. Fumble it and you’ll find yourself constantly on the back foot, defending yourself and firefighting. Now, in these days of smartphones and social media, it’s really a case of a “golden ten minutes.”
The statement is honest in that it doesn’t try to obfuscate or downplay the event. It also demonstrates action. The word “victimised” is interesting. It emphasises that the company has been the subject of crime. Stressing that a crisis has happened in spite of your procedures and activities rather than because of them, is important.
The second sentence is particularly strong. Mentioning independent experts, the emergency services or statutory bodies adds to your authority – we might not have heard of your organisation or trust you completely in this instance but we’re more likely to have confidence in these independent, third parties.
The one thing that is missing from this statement is an element of care or concern. Grubman Shire Meiselas & Sacks doesn’t have to admit liability for the attack, of course, so they don’t need to apologise for any wrongdoing. However, a sentence about this being a worrying time for their clients or a reference some understanding that there might be concerns among the people they work for would be good to hear. In crisis communications more than any other situation we want competence and authority but we also want a sympathetic, human element too.
We’ll watch the story with interest. So, indeed, will Lady Gaga, U2 and Sony Corp, as clients of the firm. It might have suffered a severe embarrassment but so far Grubman Shire Meiselas & Sacks has handled the situation well.
Here’s a point that we make during in crisis communications training for law firms – if it continues to stay ahead of events and be consistent in its messaging, giving the impression of being caring, responsible and competent, the firm can even improve its corporate image and pick up more celebrity clients.