There are a lot of opinions about what companies should never do in terms of data breach prevention and response. Equally important, however, are the things you should do in the wake of a breach.
Here are our top five tips to help you with your breach response. Some may seem obvious, yet a shocking number of companies – especially midsize and smaller – neglect these vital points. If you don’t have a solid data breach response plan in place, your company could easily miss doing one of these things and your response could falter.
5. Seize the opportunity to shore up your defenses.
No matter how well you’ve planned and what preventive steps you’ve taken, when a data breach occurs it will reveal the chinks in your armor. Use that information to identify opportunities for improving your defenses. Knowing what went wrong can help you take steps to ensure any weaknesses are corrected before the next cyber-attack occurs.
4. Get help.
No matter how prepared you think you are, responding to a data breach is not your primary job, and you can’t be as good at it as people who do nothing but handle breach responses every day. Data breach response is our primary job, and working with Experian Data Breach Resolution can ease your burden during a high-stress, volatile time.
3. Improve honest communication.
When you send out data breach notification letters, be as honest, transparent and compassionate as possible. It’s essential to mitigate the reputational damage of the data breach, and an informative and caring letter may help repair some of that damage in the minds of the consumers who receive the notice.
2. Compensate consumer victims.
The Ponemon Institute survey, “The Aftermath of a Mega Data Breach: Consumer Sentiment,” conducted on behalf of Experian, found that 63% of people who’d received a breach notification letter felt the company should have offered them identity protection. In addition, 58% wanted credit monitoring and 67% wanted other compensation such as cash, products or services. Yet only a quarter of respondents were offered identity theft protection. Aside from the ethical and legal obligations a company has to consumers during the wake of a breach, helping consumers protect their identities can also help guard their financial well-being. A financially fit consumer is more likely to remain a good customer.
1. Go the Extra Mile.
To our minds, doing nothing isn’t an option at all. Still, many companies do virtually nothing – or the bare minimum they’re required to do by law. If ever there were a time when going above and beyond has value for both an organization and its customers, it’s following a data breach. Committing all available resources to data breach response and recovery can help mitigate current and future damages, help improve a company’s cyber security and go a long way toward repairing a damaged reputation.