Target, Kmart, Home Depot, Jimmy Johns, Michaels, Apple and Snapchat have all recently suffered malicious security breaches that have negatively impacted their business and reputations. As we analyze these breaches, what can be learned from a communications and preparation perspective?
Armies of hackers, poke into the fabric of our IT civilization with relentless zeal to enrich themselves and wreak havoc on industry.If they are successful it can wreak havoc on a company’s ability to commerce and negatively impact their reputation. What is your company’s plan in case of breach?
A company’s first impulse might be to downplay the severity of the problem, or maybe even ignore it and hope it will go away. This response is totally understandable and pure human nature, but a really, really bad idea.
Your parents were right- honesty is the best policy. The truth always tends to come out eventually. And if you’re worried about your customers getting mad at you because of a security breach, just wait until they find out you’ve been lying as well. Soft-pedaling your response or lying low will make things worse, not better.
Look at how Target responded last year to the news that as many as 40 million customers had their credit- or debit-card data stolen during the height of the holiday shopping season. The company was not the one to break the news to customers first, and it stumbled in its early communications and efforts to repair the problem.
Snapchat’s handling of a data breach shortly afterward was even more tone-deaf. While that lapse didn’t involve users’ financial information, it eventually came out that computer security researchers had warned the company months earlier about its potential vulnerability and Snapchat had done nothing. When the company did come out and acknowledge the problem, its first response wasn’t an apology. That didn’t make the problem “go away.” It led to people calling for CEO Evan Spiegel to be fired. (He remains with the company.)
Now Apple has become the latest tech company to feel the sting of a security breach, after private photos were stolen from celebrities’ Apple iCloud accounts and started showing up online. It’s done some things right since then, for example, taking steps to improve security. However, it turns out the Apple too, was warned of security holes months before the photos appeared.
Bad stuff can happen. But you can make it better or worse by how you respond after a problem is discovered.
1 ) Develop communications and disaster recovery plan on a sunny day;
2) Immediately act to contain, identify source or and limit the damage of a breach;
3) Publicly – and fully – acknowledge a problem as soon as you learn about it;
4) Communicate honestly with customers and offer ways to make things right;
5) Don’t make excuses. Apologize. As Benjamin Franklin said, “Never ruin an apology with an excuse.”
6) Learn from your mistakes to make your organization and customers’ information more protected and secure into the future.