Your Business Suffered a Data Breach: Now What?
Nobody is immune to data breaches. Companies from department stores to social media giants have suffered staggering security breaches in recent years. The fallout can be costly and embarrassing for a business. Huge corporations like Yahoo, Facebook, and Target have a lot of resources at their disposal to help them bounce back after such a disaster, but what about smaller businesses? Do you have a plan of action in place should a breach occur at your company? You should. Here are some tips to help you recover if it happens to you.
Talking to Your Customers
If your clients or customers were affected by the breach, you have to let them know. It’s a matter of ethics and integrity (and it may even be a matter of law depending on which state you live in).
- Be open and honest. Tell them exactly what happened and how many people were affected. Don’t dance around the subject or minimize the severity of the breach. The best way to maintain your credibility is by being forthcoming.
- Be direct. Don’t dance around the subject or use a bunch of corporate speak, just get to the point. Be clear and concise. You’ll seem like you are more in control of the situation, and you won’t come across as aloof or out of touch.
- Offer solutions. Tell people what you’re doing to make sure this doesn’t happen again, and tell them how you’ll support them or make up for the damage the breach caused.
- Apologize. Don’t forget to say sorry. If there’s one thing the world has learned from the recent United Airlines debacle, it’s that people expect a swift and sincere apology after a major mess-up.
What Else Should You Do?
Aside from dealing with your customers and any PR issues related to the breach, you’ll want to take some serious action to prevent future security breakdowns.
- Bring in the big guns. Hire third-party IT experts to help you analyze the situation and find out as much as possible about how the breach happened. It’s best to have someone who does not already work for your company to ensure a thorough and objective investigation.
- Consult state laws. Your state may have specific laws that pertain to data breach situations. You may be required to not only inform any affected customers, but also to report the occurrence to a government agency.
- Change. Be prepared to make changes to the way you do things. Address the vulnerabilities that led to the attack, and anticipate places that may be future points of infiltration. Retrain your employees and draft new protocols for things such as dealing with sensitive information and using company email servers.
Make sure you’re working with competent partners when it comes to storing and securing your data. Your customers will probably understand that security breaches can happen, but they probably won’t be so understanding if you do nothing to keep it from happening again.