Do you know what takes years to build and seconds to lose? Trust. A single click on a malicious link can trigger a whole cascade of events leading to a data breach, whose reputational cost may exceed its direct financial impact.
A survey by security company Security.org revealed that almost one in four Americans would stop doing business with any organization that had been hacked, and more than two in three people would trust an organization less after a data breach. That’s bad news because data breaches have become something all organizations have to worry about—regardless of their size and industry.
Knowing that data breaches are inevitable and cause severe reputation damage, organizations need to figure out the best way to regain trust after a breach. In 2021, just saying “sorry” and expecting customers to quickly move on just won’t cut it. What’s really needed is a comprehensive data breach response plan, such as the one described below.
Step #1: Notify All Affected Parties
As soon as you discover that a data breach has happened, the clock starts ticking. In fact, multiple clocks usually start ticking at the same time, each reflecting a different security breach notification law and giving you a certain amount of time to disclose the data breach. If you don’t act quickly enough, you can face hefty penalties and further loss of trust.
At the time of writing this article, all 50 states have enacted security breach notification laws, but there’s no data breach notification law at the federal level. If your customers are located outside the United States, then you need to follow their local regulations, like the European Union’s General Data Protection Regulation (GDPR).
Since it’s practically guaranteed that there will be a lot on your place following a data breach, we strongly advise you to hire an attorney to help you untangle security breach notification laws, instead of attempting to do so on your own.
Step #2: Be Honest and Transparent
Your customers trusted you with their personal data, and their trust is now broken. To fix the situation you’re in, you need to give your customers a good reason to trust you again, and openly explaining what exactly happened is a good start.
Even though you may feel that you’re as much of a victim as your customers because cybersecurity has always been your top priority, now is the right time to closely examine your controls and your role in the data breach with them.
Until you understand exactly how the breach happened, it’s okay to admit that you don’t have all the answers just yet. Your customers will value the fact that you’re not trying to hide anything from them and respect you for your honesty.
Step #3: Explain How You Intend to Fix the Problem
Customers affected by a data breach can appreciate honest communication, but what they’re really looking for are concrete actions your organization is taking to resolve the data breach.
More specifically, you should explain how you intend to prevent additional data from leaking, the steps you’re taking to restore your systems, and the controls you’re implementing to fix discovered security vulnerabilities. A provider of managed cybersecurity services can assist you with these activities, and your customers will be happy to know that you’ve partnered with experts.
Of course, you don’t have to explain minute technical details—your customers don’t care about them anyway. They just want to see you actually tighten up your security to better protect their data in the future.
Align Your Defenses with Current Threats
The real work begins after you’ve familiarized your customers with the controls you plan to implement in order to strengthen your defenses: their actual implementation.
Once again, you want to avoid spreading yourself too thin and losing focus on your core business. A continued partnership with a provider of managed cybersecurity services pays dividends in this regard, ensuring ongoing protection against the latest cyber threats.
At Aligned Technology Solutions, we’re ready to help organizations recover after a data breach and align their defenses so they can successfully deal with all current and future threats. Contact us to start regaining lost trust as soon as possible.