Keeping Customer Trust Despite Data Breaches
Many major companies operate under the philosophy that it’s not if but when they will be breached. And consumers are becoming so accustomed to breaches that they care just as much about how companies handle a breach as they do about how they prevent breaches.
J.J. Thompson, CEO at Rook Security, uses the Target breach as an example of consumers being more upset about the company’s reaction than the breach itself. “It’s pretty interesting, but the reason for the mistrust wasn’t because they [Target] got hacked,” Thompson told Forbes, “It’s about trust. People know that people get hacked. Everyone has been part of a hacking incident.”
Organizations should understand it is more than possible to come back from a data breach if it is handled correctly. Here are a few ways how companies can maintain customer trust despite a data breach.
Promote internal communication between departments. Not only is this helpful for everyday business, it is also crucial to ensure a breach is reported accurately. Barry Shteiman, Director of Security Strategy at Imperva,told Forbes that communication between the CEO and CMO is critical to ensure things are said “in the right way with the right tone.” Thompson added that IT usually becomes the center of attention after a breach, which can be damaging when they do not have the human relations experience to handle the situation appropriately. Marketing should be made a part of the security conversations early on so all public communications are both accurate and helpful.
Apologize quickly and from a high level. If there is one thing Target did correctly following their breach, it was the apology. The day following the breach, CEO Gregg Steinhafel issued a statement and posted an apology video. Responding to the news of the breach in a timely manner shows you are acknowledging the mistake and doing everything you can to fix it. Target also offered credit monitoring and refunds for fraudulent charges to reassure their customers. Including preventive security measures in your apology is another way to reassure the public that you are taking every step necessary to ensure the incident does not happen again.
Do not leave anything up to the customers’ imagination. Inform customers in a timely manner of what data was stolen and when. A data governance solution will allow your company to keep track of where your data lives, where it is going, and where it is coming from. Make sure all communications to customers are on brand to avoid further suspicion. After the Target breach, the emails sent looked like spam emails because they came from a suspicious looking domain name like “target.b0fio.com” instead of “firstname.lastname@example.org.” Most consumers know that a large data breach gives cyber criminals the opportunity to send out phishing emails with a higher success rate. Be sure to alert customers of imposters.
Keep open lines of communication for customer complaints and questions. Expect to be swarmed by phone calls and emails. Opening up or extending the hours of an existing call center shows that your organization cares about the issue and is available to assist its customers through the crisis. The worst thing you can do after a breach is not be available to those affected.
Learn how the government shutdown affected business and the countermeasures needed to address the risk to remedy the situation.
Let’s continue helping the millions impacted by Hurricanes Harvey and Irma. Let’s also help business prepare for the next disaster with better BC/DR plans.
In case you missed the news story, Delta experienced a systems outage on Sunday, January 29. As a result, around 150 flights were canceled with many more delayed.