Four Tips for Companies to Safeguard their Reputation and Reassure Customers After a Security Breach
New York, December 3, 2014 — 2014 has been riddled with highly publicized data security breaches of all shapes and sizes, affecting notable brands such as Target, Neiman Marcus, Home Depot, HealthCare.gov and JP Morgan. In light of these incidents, Affect, a public relations and social media firm specializing in technology, healthcare and professional services, shares four recommendations to guide companies in protecting their brand reputation in the event of a security breach.
1) Develop a Fully Locked and Loaded Response Plan
In the digital age, it is essential to have a cyber attack plan in place as part of an organization’s crisis management strategy. Companies can get ahead of a crisis by leveraging social media to diffuse damaging situations. In order to prepare, be sure to anticipate and understand the kinds of threats that could influence your business and your industry.
“There are four phases of crisis communications: readiness, response, reassurance and recovery,” says Sandra Fathi, president of Affect. “In order to properly respond to a crisis, each stage must be ready to go at a moment’s notice – develop materials such as messages and prepared statements, prepare delivery channels like hotlines and social media platforms and train employees regarding awareness and organizational procedures.”
2) The Customer is Top Priority
Arguably the most important step in maintaining a brand’s image amid a breach is to be honest with customers and inform them about what has occurred – the sooner the better, especially if their personal information is at stake. In fact, 47 states have Security Breach Notification Laws that govern communication with customers in the face of a security breach including the timeline for those communications. Several weeks elapsed before Target released an official statement to their customers and as a result, experienced massive backlash from customers, other organizations and the media alike.
Adam Levin, chairman and founder of IDT911, a provider of data risk and identity management services, believes every company needs to demonstrate three things in the wake of a data breach. “Urgency, transparency, and empathy are all critical. I don’t think they [Target] showed enough of those three,” said Levin in an interview with ABCNews.com. Not being upfront with customers can result in a loss of confidence in the brand that can hinder not only the company’s reputation, but could lead to a loss in revenue.
3) Monitor the Situation in Real-Time
Social media can be a powerful tool but ‘with great power comes great responsibility.’ While positive engagements boost a brand’s respect, companies must always monitor for negative interactions in real-time and be even more stringent during a security breach, as customers will turn to social media to respond to situations, regardless of their allegiance to the brand. Develop a Social Media Response Map that outlines anticipated situations and correlated standard responses to avoid any last minute shuffle. Don’t shy away from angry customers that continuously post adverse comments. Depending on the situation, it may be worthwhile to engage with these individuals in a private forum and resolve their concerns, taking the negative sentiments offline.
4) Don’t Repeat the Same Mistakes
For brands, it is especially important to not make the same mistakes twice. Customers may or may not forgive a first offense, so a second go-around is even harder to rebound from. Companies must carefully document and analyze each breach to identify how it happened, why it happened and how to prevent such an event in the future. Consider changing security vendors, deploying new software, re-training staff and amending company policies. It is also important to communicate these changes to customer to reassure them that a similar breach will not reoccur.
According to Radware, a global provider of application delivery and application security solutions, “Cyber breaches, specifically Distributed Denial of Service (DDoS) attacks, will continue to be a serious issue as attackers become more agile and their tools become more sophisticated.” More information on trends in security are detailed in the company’s 2013 Global Application and Network Security Report.
As cyber attacks continue to get more and more sophisticated, it is only a question of when, not if, a company will experience some type of security breach. Most communicators do not have control over the systems and procedures that govern security in their own organizations. However, preparing a crisis communications plan prior to a breach can help ensure that, companies protect their reputations, customer relationships and revenue in the long term.
Affect is a public relations and social media firm located in New York. Established in 2002, the company specializes in technology, healthcare and professional services. Affect employs a results-driven approach to communications, crafting one-of-a-kind programs to help clients achieve their business goals. As year-round strategic counsel, or a single project resource, Affect leverages its creative talent, unique experience and forward thinking insights to achieve the precise results that its clients seek. For more information, web: www.affect.com; blog: www.techaffect.com; Twitter: @teamaffect.