The data security breach won’t go away anytime soon. Unless you have the latest in encryption technology, it could still happen to you. If it ever does, here’s what you should do.
More and more enterprise companies these days store much (if not all) of their customer information electronically, either on-premises, through third-party cloud providers, or a combination of both. Ideally, those servers full of the personally identifiable information of consumers—and employees—are well-protected, safeguarded by encryption and other digital privacy safety best practices. If not, then those companies are susceptible to the dreaded data security breach.
Unfortunately, security breaches are an all-too-common occurrence these days. It’s well-established by now that 2017 was a record year for data breaches, and chances are it will happen to your company at some point unless your data security is ironclad. And even then, ransomware, a bad actor, or a poor password could spell disaster. In case a security breach does happen to you, here’s what to do:
Accept responsibility and swiftly alert customers and authorities.
Accidents such as data breaches are often a result of human error. If a security protocol or technology failed because of an untrained or overworked engineer, that means leadership failed to ensure that worker got what they needed so they could better do their job. Top executives need to take responsibility for their employees, their training, the security measures that are put in place—and they need to take responsibility for data breach incidents when they happen.
They also need to act quickly. Thanks to the General Data Protection Regulation (GDPR), any companies that handle the data of European Union citizens, must notify authorities within 72 hours or risk penalties. Punishment aside, the sooner you give consumers notice, the sooner they can act to protect their information, i.e. cancel credit cards, etc. Overall, the best thing to do is to have a response plan ready to go in the event of a security breach.
This goes hand-in-hand with accepting responsibility and alerting customers quickly. Since executives are leaders of their companies, they need to be in control of the narrative and transparent with customers and employees. Otherwise, it could result in further reputational and financial damage.
You may remember the Sony PlayStation Network hack that took down game servers in 2011, when Sony executives admitted the compromise of 77 million users’ personal details after a week of confusion and silence. That lack of transparency (and basic security) resulted in class-action lawsuits, loss of consumer trust, and a host of apologies and promises for better protection from Sony’s side.
Instead of obfuscating the details or covering things up, just be forthright and provide customers with what you know, to the best of your knowledge. That will inspire consumer confidence.
Offer protection services, identify protection, and customer service.
A security breach is going to cost money—probably lots of it. But think of it this way: What’s costlier? The amount it will take to offer as many protection services as you can, free-of-charge, to protect customers and employees? Or the massive reputational damage and loss of goodwill that could occur if you fail to provide credit freezes, password changes, or 24/7 customer assistance? By providing additional support to customers that have been affected, it builds brand trust and helps customers recover more quickly.
Increase security measures so a massive breach has a lower chance of happening again.
Customers and authorities have been alerted in time. You’ve been honest about the situation. You’ve directed everyone to where they can get free help. So far, so good. Now, the important part: Bolstering your cloud security so another security breach won’t happen again.
Some security measures you can take include: Installing new infrastructure, upgrading programs and protocols, and re-training your employees by instructing them to change passwords, use multifactor authentication, and only use authorized applications and devices with anti-malware installed.
And to really ensure private data stays private, implement encryption to render all that information illegible, so even if that data gets out it can no longer be read, sold, or tampered with.
Need help with encryption and security breach prevention? Contact eperi for a solution best for you.