Businesses deal with crises from time to time-whether it's an incident that barely warrants attention or a major event that makes headlines across the country. When something really bad happens, such as a natural disaster that forces a company to evacuate headquarters or a security breach that results in lost or stolen data, the media will come calling. How organizations deal with the blitz could affect the long-term impact of the crisis. An effective and constructive response might help put the company in a positive light during a tough time. An ineffective or antagonistic reaction might make a disastrous situation even worse.

Here are some things organizations should and shouldn't do when dealing with the media after a security incident or business-interrupting event.

Do...

Be truthful. When it comes to dealing with the media, honesty really is the best policy. "One of the most important things is to try to understand what the media is interested in. The media is interested in accurate, truthful information-something that will be of interest to their readership [or viewers]," says Brit Weber, program director at the School of Criminal Justice at Michigan State University in East Lansing, Mich.

"If you don't know the answer, indicate that it's information you don't know at this point and hope to [provide] later," says Weber, who has worked in various fields of crisis management since 1972.

At IT services provider EDS in Plano, Texas, "our whole approach to any kind of thing like a crisis is to have open transparency; be forthcoming and tell as much of the story as you can within the limits of the law and good common sense," says Dave Morrow, chief security and privacy officer, responsible for corporate crisis management.

"Be as open and communicative as possible," Morrow says. "I've seen some instances where good or bad external communications really made the difference between a crisis being handled really well or being handled really poorly." He cites the oft-mentioned Tylenol product-tampering case of 1982 as an example of a good practice in dealing with the media.

"They were very forthcoming and got ahead of the curve," Morrow says. "Tell the truth and don't try to lie because a lie will come back to bite you." He says EDS in the summer of 2006 had to deal with a case of a stolen laptop that contained sensitive data. The company told clients and the media exactly what happened, Morrow says.

Provide useful information. Going into a shell during a crisis isn't wise, experts say. "We hear people repeatedly say 'no comment.' That's not going to make the incident go away nor the media," Weber says.