A data breach can severely impact every area of your business. Besides the obvious financial costs associated with compromised data, businesses may also lose customers and see their reputation suffer after a data breach. But, it’s important for businesses to realize that many of the consequences that they suffer are not a result of the data breach itself, but rather the way they chose to handle the data breach. To minimize the damage, businesses should follow these do’s and don’ts to handling data breaches:
Do: Own Your Mistakes
At some point, businesses that have been affected by data breaches must make a statement about what happened to the public. Businesses must decide whether they want to own their mistakes or make a general statement about the incident without going into too much detail. If you want to minimize the damage caused by the data breach, it’s best to be transparent and own your mistakes. Even though customers and other stakeholders may not be happy with the information they receive, they will respond better to the truth than they would to a blatant lie. Businesses should address the situation as openly and honestly as possible with everyone involved.
Don’t: Wait Too Long to Take Action
People need to know whether their information has been compromised as soon as possible. Why? Let’s say a customer’s credit card information has been stolen. If this customer isn’t notified right away, the hacker could use their information to make unauthorized purchases. If the customer is notified right away, they can immediately call their credit card company and ask them to issue a new card. Therefore, it’s in a business’s best interest to notify anyone who has been affected by the breach as soon as possible. If a business waits too long, they may be liable for any damage that was done between the time the breach occurred and the time they informed the affected parties.
Do: Explain How Future Breaches Will Be Prevented
Customers may not feel comfortable doing business with a company again after a data breach. After all, how do they know that this won’t happen again in the future? Keep your customers from jumping ship by explaining exactly how the breach occurred and what the company is doing to prevent similar attacks in the future. Be sure to explain this in terms that are easy for customers to understand—don’t use industry jargon or go into too much detail about complicated IT matters. Give them a basic overview so they know how their data will be protected if they choose to do business with you again.
Don’t: Ignore Customers
There is no doubt that people will have questions following a data breach, regardless of how much information they are given about the incident. Even if you’ve been completely transparent, customers will still have questions about how they were personally affected. There may be a lot going on within an organization immediately following a data breach, but it’s important to allocate resources to handling these questions and concerns. If you ignore customers, this will only generate additional bad press and damage your reputation even more.
In the statement released to the public, make it clear how customers can get in touch with your team about the data breach. Then, make sure that all customer questions and concerns are addressed in a timely manner. Help customers understand whether or not their data was compromised and what they should do next. Customers won’t be happy that their data was hacked, but they will be satisfied with the way that you are handling it if you choose to engage with them instead of ignore them.
Do: Gather All of the Facts First
Businesses may feel an enormous amount of pressure to make a statement or address the data breach right away. It’s true that addressing the data breach as soon as possible is best for everyone involved, but you should never make a statement before gathering all of the facts first. If you release a statement that is not entirely accurate, you will have to issue another statement to correct these errors. Customers may get the feeling that you’re not being entirely honest about what happened if your story keeps changing. For this reason, it’s important to get to the bottom of what happened before speaking about it. Who was involved? How was the data compromised? Has all other data been secured? All of these questions—and many more—need to be answered so you can communicate the details of what happened to your customers.
Don’t: Ignore the Data Breach Response Plan
Every business should have a data breach response plan put in place so they know exactly how they will respond in the event that data is compromised. If your business has one of these plans, follow it closely instead of making decisions on the fly. These plans should be written by cybersecurity experts who dedicate their careers to handling these situations. Therefore, going against the well-thought out recommendations in the plan doesn’t make sense. Companies invest a lot of money creating these plans for a reason—so they can be used in emergency data breach situations.
Make sure your data is safe once the IT assets it is stored on are no longer in use by trusting ERI, the largest recycler of electronic waste in the world. ERI has electronic recycling facilities in California, North Carolina, Washington, Colorado, Indiana, Massachusetts, and Texas. Every year, our facilities process over 250 million pounds of electronic waste for clients in a variety of different industries. For more information on how recycling your electronics can prevent a data breach, or to request a quote for your company, contact us today.