5 Things You Must Do After a Data Breach

What is An Incident Response?
May 27, 2016
Prudential Associates Criminal Background Checks…Up Your Game
July 5, 2016
Show all

5 Things You Must Do After a Data Breach

data-breachData breaches are ever common these days. Recent examples such as Target, Anthem, and even Ashley Madison highlight just how rampant the exposure of customer data is in our society. These breaches leave important, confidential, and even embarrassing information unprotected. Furthermore, it puts those affected by the breach at risk for identity theft, fraud, etc.

Contrary to popular belief, you can bounce back after a data breach. Customers are looking for a reason and way to trust your company again. Reassure your customers and protect your reputation by taking these 5 steps after a data breach to mitigate its effects.

  1.    Prioritize Transparency

Your customers expect honesty from you after a data breach. Resist the urge to minimize the breach as it will come across as unapologetic and dishonest. Instead, be as transparent as possible. Failing to disclose any pertinent information can cause customers to lose even more trust. That’s certainly not something you want after a data breach.

Meet with your HR, PR, and Communications departments to determine the most appropriate response. If you have any company-wide policies set in place, be sure to follow them so that response matches your organization’s image and voice.

Remember: Time is of the essence. The quicker you respond, the quicker clients will know what to do. Explain what has happened, why it has happened (if the information is available to you), and provide next steps. Reassure your customers of their importance to your organization and keep any promises you make in the response.

  1.    Understand How This Breach Affects Your Company Legally

Different states have different laws regarding what companies must do after a data breach. Meet with a legal professional to determine what your legal next steps are and take time to review any applicable federal laws.

This is a step that must be prioritized to the maximum. Your organization’s reputation is future is on the line. Comply with the state and federal laws in every sense.

  1.    Provide Protection Services

Unfortunately, data breaches have become so common that customers almost expect companies to give a half-hearted apology and be on their merry way. Now is your chance to stand out from the rest. It’s your opportunity go above and beyond for your customers.

Build your organization’s credibility by providing protection services to all customers affected by the data breach. There are various providers of identity protection services available. Have a trusted third-party recommend the best choice for your situation; get the information regarding the service to your customers as soon as possible. You may also look at offering credit monitoring services. Be sure to assist customers who have questions regarding how to use these services as soon as you release them.

  1.    Develop New Policies

These days, it’s more a question of “when” than “if” when it comes to data breaches. It’s time to look at how you got here and what your company can learn from it. What caused the data breach? What could your organization have done to prevent it? Sure, these are tough questions but they must be asked and answered to learn from the experience.

Make data protection a number one priority at work. Create a BYOD (Bring Your Own Device) policy or consider restricting the use of personal devices altogether. Limit the use of social networking pages in the office. Always explain why and how these policies are implemented to employees so they’ll better understand the reason changes are being made. Policies will likely have to be revised and updated as you receive more information. That’s perfectly normal. Consider them to be living, breathing documents.

  1.    Be Responsive

Don’t go dark after apologizing to customers. Making your apology and retreating is not the way to go. Instead, address the concerns of customers and employees. You don’t have to share every detail on the investigation into the cause of the data breach but be forthcoming where you can. Customers will appreciate updates on the situation and begin to feel comfortable trusting your company again.

Prudential Associates provides high-quality security consulting and risk management solutions. Our total solution risk management solution highlights our mastery of the complex and interconnected nature of risk management program elements and corporate risk mitigation policies. To learn how to best protect your organization and customers, contact our team today.