Keep posted, keep informed.
When a company experiences a data breach, there’s a right way and a wrong way to handle it. Uber demonstrated the wrong way in 2016 when they covered up the cyber attack that compromised personal data for 57 million customers and drivers. Once the cover-up was exposed, the company experienced a far worse PR nightmare than the data hack itself would have been. When customers entrust their private information to a business, they expect it to be protected. It’s a matter of trust, and handling the situation incorrectly is a serious violation of that trust. Companies should be prepared for computer crime by obtaining cyber liability insurance and developing a clear contingency plan. Here is how to handle a data breach the right way.
When to Notify Customers
Once a business becomes aware that their data has been compromised, they should conduct an assessment of the stolen information. If the breach involves no more than a customer’s name or presents no additional risk, then notification is not needed. However, if the cybercrime results in destruction, loss, modification, or unauthorized access to personal data, informing customers of data breach is critical.
What Customers Want to Know
Customers will want to know the specifics about the information that was stolen. There is a big difference between a data hack that steals email addresses and a cyber attack that accesses credit card numbers. They will be concerned about the level of loss that they are now subject to and what their next steps should be, such as changing passwords, setting up new profiles, or notifying banks or credit card companies. The key is clarity and accessibility, remembering that not all customers are educated on cyber-security.
How to Announce a Breach
Cyber attacks should be formally announced to the press. This can occur through trade magazines or a larger publication, depending on the size of the business and severity of the issue. The company should also use a method of direct notification to those affected, either through direct mail, emails, or mass phone callout. An excellent practice is to offer affected customers free access to an identity theft service that will detect inappropriate use of their personal data. Going to these extra lengths to protect customers results in positive PR and can actually turn into a benefit for the company.
Who Should Make the Announcement
Depending on the size and structure of the business, announcements can come from the CEO, data security officer, or PR department. The important thing is to choose someone with authority and an understanding of the situation. To avoid the potential for costly and embarrassing customer service errors, best practice is to internally coordinate the reporting strategy throughout the company.
With increasing reliance on computers, cyber security will continue to be a concern for businesses. It’s important to be prepared with cyber liability insurance and a concrete plan for handling a data breach in case an attack occurs.
About Mavon Insurance
At Mavon Insurance, we pride ourselves on our unique approach to insurance. We focus on integrity, communication, professionalism, respect and gratitude to help our clients succeed and place business in specialized markets. For more information about our products, or to become an agent, contact us today at (855) 248-1480.
Social Title: Best Practices for Notifying Customers of a Cyber Security Attack
Social Description: When a cyber attack occurs, it’s critical for the business to handle it properly. Read for tips on notifying customers of a data breach.