Businesses of all sizes are susceptible to having a breach in their data security. Whether your clients number in the hundreds, thousands, or millions, the way you respond to a security crisis will leave a lasting impression on your organization’s reputation. A good response to a security breach can help limit the fallout of the problem and maintain the good will of your customers. A poor response will just make an already bad situation worse.
Be ready to learn from others’ mistakes and misfortunes. Make sure your systems are not susceptible to the same attacks that allowed other companies’ data to be breached. Each data breach big enough to get press provides a good case study for how to deal with a breach. Not only does it typically reveal the technical vulnerabilities you need to make sure are secure in your system, but it also gives you a glimpse into how various companies respond to situations and how their customers accept or reject those responses.
Hopefully, you’ll never need to respond to a security breach. It’s the kind of skill that you need to be good at but hopefully will have very little experience implementing. It is smart to plan and practice your response to a breach long before you ever need to use it. Ideally, this is one plan you’ll have ready that you’ll never have to put into practice. However, proper planning can help you be confident in your ability to survive a data breach without actually having to suffer one first hand. Here are a few of the steps to take if you do face a data breach:
1. Take responsibility
This is the first thing your customers need to hear. They don’t want excuses or for you to pass blame. They want to know that you understand the scope of the problem and that you are doing everything in your power to make things right.
2. Communicate with your customers early and often
As the facts of the breach become clear, outline the details of what went wrong as well as the steps you are taking to repair the damage. Your customers need to know you understand what happened. Extended silence from a company that has undergone a security breach is very disconcerting to a customer.
3. Get outside help
Even if you have internal security and PR teams, this is a good time to call in outside help. Find experienced professionals who have dealt with these types of incidents before and who can help you craft your strategy.
4. Don’t waste time looking for a scapegoat
Your customers are looking to you to fix the problem. They are not looking for someone to blame. Neither should you. You too should be focused on solutions and not only mending the breach in security, but also mending the breach in trust.
5. Share what you are going to do about it
Your customers want to know how you are going to fix the breach. They’re interested in knowing both how you will prevent something like it from happening again as well as what you’re going to do to make things right for them. Depending on the scope and type of breach, it may be impossible to make full restitution to all those affected. In those cases, it is especially important to apologize and demonstrate that you have the ability to prevent it from happening again. Don’t expect your customers or the public to begin trusting you right away. It will take time to rebuild that trust and reestablish that relationship.
Take the time to prepare a strategy to respond to a data breach. Having a strategy in place will help you make the best possible decisions during the time of crisis. More importantly, take the steps to secure your system today with enterprise grade encryption and strong access controls. Preventing a data breach from happening in the first place is better than even the best response.
Download our free white paper Pardon Me, Your Data is Showing for strategies and best practices for preventing a security breach in the first place.