According to a recent survey by USA Today, nearly a quarter of Americans have stopped buying online due to fear of security breaches. As the frequency of privacy-related issues escalates, consumer demand for transparency regarding how their information is being used has followed suit.
In honor of Cyber Security month, this newsletter is focusing on the firm’s data security and privacy practice, an integrated team of public affairs, corporate and crisis professionals throughout the network.
Here are some examples of both watch-outs and best practices in the wake of a data breach. No matter the company or organization, it is important that the following tips are kept in mind when preparing for, or experiencing, a security breach.
1. Be prepared
The speed and care with which a company addresses the interests and concerns of its customers will dramatically impact stakeholder and influencer perceptions, the tone of media coverage and the media lifecycle of the issue. Whether it’s preparing content and messaging for a dark site in advance, or planning the lines of communication internally in the case of emergency, thorough preparation will help to ensure the company can be the earliest and most accurate source of information for customers. In addition to preparing communications for reactive response, it is crucial that a company show proactive intent to resolve issues regarding data security, and show an effort to remain up to date and informed on the latest industry wide efforts and initiatives. Organizations such as the Responsible Information Management (RIM) Council and National Retail Federation are increasingly vocal on the issue and could be a key ally in the wake of a data breach.
2. Be forthcoming, but don’t say what you don’t know
Transparency and promptness are key in data breach communications. Oftentimes following a data breach, companies attempt to accommodate demands for more information – whether it’s the source of the compromise or the number of affected individuals – failing to recognize that data-security incidents inevitably have many twists and turns as malware and hackers become more sophisticated.
3. Demonstrate a Bias For Action
In the early stages of a data breach, it is crucial to reassure the consumer by focusing initial messages on the steps being taken to investigate and resolve the issue. Providing resources for consumers, such as offering free identity protection services or providing credit monitoring to any customers who used their cards at your store, helps to shape the overall story surrounding the issue.
4. Pay attention to where you communicate – and who you communicate with
The method of communication that companies use to share news of a breach are nearly as important as the message being delivered, and can impact the tone of media coverage. For example, at the onset, Target was criticized for using a too-small-to-see website banner to make customers aware of their data breach. However, after some particularly targeted gossip coverage attacked Target’s corporate culture following the breach, Target CMO Jeff Jones took a two-way engagement approach, speaking more directly to consumers through a transparent and thoughtful response on LinkedIn regarding the overarching tenor following the crisis. His openness and relatable message was met with praise.
5. Get a little outside perspective
The unfortunate reality of a data breach is that company leadership is going to share the blame. Regardless of the amount of control that was executed by leadership over the breach and its effects, bringing in external resources and introducing new leadership roles in the wake of a security breach is often necessary to restore trust in the organization. Whether it’s new roles in the company or third party counsel in the event of a payment-card breach, it is crucial to examine the potential reputation perceptions that can be affected by bringing in new perspective. In Target’s case, introducing outside leadership for the first time enabled the company to be perceived by media and other key stakeholders as being “on the road to brand recovery” and indicated the company recognized that change was required to correct past deficiencies.
Hackers are getting smarter. Is your brand prepared?
For more information on Edelman’s Data Security and Privacy capabilities, please visit http://www.edelman.com/expertise/data-security-privacy/