What Companies Do After Data Breaches That’s Causing More Harm
Data breaches can happen to any company. No matter what industry you work in, there’s always a threat out there. While companies can be doing a lot to stop a breach before it happens, they sometimes have to learn the hard way that they’ve made an error somewhere along the line.
But, it’s not always what companies do before a breach happens that’s a problem. Sometimes, it’s what they do afterward that results in more serious problems long-term. However, if companies can be aware of what mistakes they can make following a data breach, then they can do a better job of cleaning up the mess and getting back on their feet.
Of course, if you ignore this advice, then you could be making things much worse:
Trying to Keep it Quiet
When a breach happens, there’s no doubt that it’s embarrassing. You’re well aware of what people will say about your company, and that some customers may decide to stop buying your products and services altogether. But, it’s always important to remember that honesty is the best policy. And, in today’s world, if you fail to be honest, people will eventually find out anyway, and wonder why you didn’t come forward in the first place.
We’ve seen it in the headlines with major companies. Equifax, Target, Yahoo…all of these companies waited quite some time before reporting the breach to the news. Uber failed to say anything at all. But, often times, the public beat them to it, leaving customers asking, “Why?”
If consumers know about the breach, they have time to call their banks, change their passwords, and secure their information. Most people are also understanding that breaches happen. What they can’t understand is why the company would waste any time in helping them their consumers protect their data.
If your company experiences a data breach, inform relevant parties ASAP. If you’re still waiting for information, you can let your customers know that you will give them more details as soon as possible. Of course, having a protocol in place to deal with this is very important.
Not Giving Correct Information
Perhaps what’s worse than trying to cover up a breach is giving the wrong information about it. While you should give a press release as soon as you can, it’s never okay to jump to conclusions and then report those conclusions to consumers. Instead, you can say “We’re waiting for more information at this time,” instead of flooding the media with information that isn’t necessarily true. Many major companies have done things like this on various occasions, leading to more confusion and questions that could have been avoided.
Trying to Protect Your Reputation and Taking it Too Far
In addition to keeping a breach “hush-hush,” companies also make the mistake about fretting over their reputation too much. And, as we’ve all learned, sometimes putting in too much effort in anything has the opposite effect.
For instance, back when the Yahoo breach happened, CEO Marissa Meyer did not inform users to reset their passwords. She was too concerned that this would “annoy” customers when instead, it could have protected them. Additionally, when the Equifax breach occurred, the company profited off of consumers by giving them the opportunity to freeze their report for a price. Before that, they told consumers that they’d get a year of free credit score reports if they waived their right to sue the company.
If you experience a breach, there are always going to be consumers who have something negative to say about it. But, as long as you follow protocol, the consumers that are loyal to you will appreciate your cooperation and not let the breach ruin the relationship they have with you.
Not Owning Up to Your Role in Causing the Breach
Although we know a breach can happen to anyone, the truth of the matter is that most companies can prevent a breach – or, at least minimize the magnitude of that breach – if they really wanted to. It’s also important to recognize that many breaches are a result of human error within the company and not external threats. Company leaders who fail to come clean and give a public apology for the breach, regardless of whether or not they actually had a role in the matter, are causing more damage long-term.
So, bite your tongue, apologize, and make sure whoever or whatever is responsible for the breach is held accountable, only after you’ve said your “sorry.”
If you can avoid these mistakes after a breach occurs, you will be better off.
Are you a C-level IT CHUMP or CHAMP?
Take our 2 minute, anonymous C-level IT Quiz to see where you rate as a steward of your IT people / department:
► Business continuity
Go here to take a 2 minute completely anonymous C-level IT Quiz: