A data breach, outside of causing harm to someone physically through poor safety measures or product development, is arguably one of the nightmare scenarios for any business. In terms of issues that cause people to lose trust, it’s up there. While the specifics of what happened is a job for cybersecurity, network engineers and IT teams, managing the impact, limiting the damage and trying to restore trust as quickly as possible is important.
Some issues are inevitable. Your firm will likely have to pay a PCI DSS violation, or write a broader public report with details once you’ve figured out what happened. In the meantime, however, there are some measures you can try and resolve and fix. At the very least, a company that shows itself to be proactive, interested and willing to listen will no doubt curate better goodwill.
In this post, we’ll discuss what that might look like:
Public Statements
It’s natural to want to hide away especially when this is going to be your main messaging focus for a little while, but getting out in front of the narrative is usually the better play here. A simple, honest statement released as soon as the facts are known goes is pretty much the best you can expect of yourself, as the public generally just wants to know what’s going on with their information. It’s not required to have every single technical detail ready immediately and even then you don’t have to tell it all, but accepting and discussing the situation should limit rumors from spreading, which is usually where the reputational damage comes from anyway.
As ever, it’s widely accepted that silence is the worst response, so putting out a message that owns the mistake without making excuses is the standard to aim for. Most clients are willing to forgive errors more easily when they feel they are being treated with respect, and that’s part of it.
Direct Remedial Action
Generally, you should expect to give some form of help, offered to the people who are worried about their personal details. Offering credit monitoring services or a helpline is a solid gesture to make, as it shows the business is taking responsibility for the mess rather as opposed to only saying sorry and moving on. If they need to change their passwords tell them, or change information or transition to new accounts if it’s needed.
So, maybe a refund is in order if the breach related to a direct purchase, or perhaps setting up a specific email address for concerns is the way to manage your major accounts. Either way, it has to be thorough.
Point Out Fixes & Future Protections
Now, once the dust has settled, explaining how the security has been upgraded will be needed to close the chapter correctly, as it’s comforting for clients to know that the hole has been plugged, no matter if that that means new software was installed or a new practice and protocol set became adopted by the IT team. This can convince them to stay with you even during the tough times.
With this advice, we hope you can manage your reputation after a data breach, which needs time to regrow, but can do so if you’re diligent.
