Data security breaches are becoming regular headlines:
- The highly-publicized Target breach that involved sensitive information on more than 40 million credit and debit cards resulted in the resignation of the company’s CIO after it was revealed the hack was a relatively low-tech invasion.
- Apple recently divulged that it is investigating the loss of personal information on Apple devices.
- Neiman Marcus and Michael’s are among other firms hit by data breaches.
- Retailer Sears recently began an internal investigation to determine if it, too, has been hacked.
The problem is now much more than just an IT and security issue; it’s a reputation management and communications challenge of the highest order. Target’s stock and sales have dropped dramatically since the hacking became public. And it’s not just retailers that are being singled out by hackers – industries like banking, healthcare, ecommerce, and sectors such as academia are potential victims as well.
For any enterprise – and especially B2C businesses – communicating effectively with customers, investors, partners, employees, media and other stakeholders is more essential than ever to managing such a crisis:
- Make sure your business’s Crisis Response Plan has IT and Security functions closely aligned with C-Suite and Communications functions to ensure accurate assessment of damage from a data security breach, and rapid dissemination of reliable information to the public, the media and investigators.
- Have a specific data breach response strategy in place including proper training of spokespeople and technical experts, and prompt cooperation with legal counsel to minimize the chances of damaging public remarks in anticipation of lawsuits.
- Have social media monitoring and engagement strategies in place.
- Be prepared to provide immediate assistance to affected customers or stakeholders, including free credit monitoring and other tools as the University of Maryland did after its recent data breach of students’ personal records.
- In addition to procedures to thwart attacks on customer data, double check that employee data is equally protected.
- Develop training programs that teach employees about phishing and malware attacks.