A few years back, a zero-day hit WordPress. Bad one. Real bad. Every unpatched site—millions of them—started redirecting to Chinese gambling pages overnight.
Guess what our site ran on?
We were just a cybersecurity vendor with a modest landing page. No login, no client portal. But by 9AM, inboxes were full, phones ringing, and one investor had already texted “what the hell happened?”
People assumed our core infra was breached. Clients were spooked. The front end was broken, so the back end must be too—right?
Totally wrong. But perception doesn’t wait for forensics.
We scrambled. No PR agency. No crisis comms lead. Just five people in a group chat debating who should post on LinkedIn first.
We didn’t do it by the book. But you can.
Here’s what I’d do now, if it happened again:
1. Own the narrative early. Even if it’s just “We’re aware, we’re investigating, we’ll update you soon.” Don’t let silence get filled by speculation.
2. Centralise the message. Pick one channel—site banner, pinned tweet, email—and update it regularly. Avoid five different versions of the truth in five places.
3. Separate incident from identity. Make it clear: this is a vendor’s issue, not a breach of your systems. Spell it out in plain English.
4. Pre-write the boring stuff. Status templates, blog copy, support replies—have them ready. Edit the details, ship fast.
5. Brief your frontline. If support, sales, or even interns get asked, they need to know what to say and where to point people.
Back then, we got through it. But we were lucky. You don’t want to rely on luck during a crisis.
You don’t need a PR agency to stay ahead of panic. You just need a plan, written before the alarms go off.
Leave a Reply