The most common type of data breach, which accounts for 44% of cyber attacks, is the theft of customer data, such as credit card information, emails, and passwords. When data is stolen, businesses are required by law to notify the impacted individuals quickly in order to help prevent further damage.
Whether hackers took personal information from a corporate server, an insider stole customer information, or information was inadvertently exposed on the company’s website, it’s critical to have a plan that outlines what to do next.
What steps should be taken and who should be contacted if personal information may have been exposed? Although the answers vary from case to case, the following guidance from the Federal Trade Commission (FTC) can help businesses make smart, sound decisions.
Secure Operations First
Before reaching out to customers, take steps to remediate the attack because “the only thing that’s worse than a data breach is multiple data breaches”, according to the FTC. Take these immediate steps so it doesn’t happen again ––
- Secure systems by changing passwords, limiting user access, contacting law enforcement, and bringing in experts to understand exactly where systems are vulnerable and what data has been accessed.
- Take the impacted devices offline immediately, but don’t turn them off until forensic experts have been consulted. If a hacker stole credentials, note that the system will remain vulnerable until those credentials are changed. If information was improperly posted on the company’s website or social media channels, remove it as soon as possible.
Mitigate Damage and Further Risks
By identifying the type of threat that caused the security breach will give insight into what must be communicated to various chains of command. Then notify the IT department and/or cybersecurity provider who will then execute security measures to prevent further risk and damage.
An automated security solution should be used to scan files, review firewall logs, and other reports to fully quarantine malware. Any malware found should be cleaned as quickly as possible to reduce any further damage to infrastructure, including files and databases and deploy security patches for any outdated software.
Implement the Customer Communications Plan
In terms of how information is communicated, businesses must give affected customers a clear understanding of which data was lost and how this impacts their lives and businesses. Following a data breach incident, the customer wants to know the answer to these questions ––
- What data was stolen?
- How did the breach happen and what caused it?
- What are the remediations being taken by the company? By law enforcement?
- What recovery measures could they expect from the company in the coming days?
Refer to the FTC guide for the complete list of information that companies are legally required to provide customers. It’s critical that customers are notified as quickly as possible. The faster the issue has been communicated, the faster the clients can act to control the damage on their end by changing passwords and updating their own security systems to prevent more cyberattacks.
There’s simply no time to waste in the event of a data breach. That’s why many corporations have automated responses developed along the lines of “We identified a breach of our systems, and you have been identified as being impacted. Your security is of the utmost importance to us, so we’re providing you with free monitoring.” Work with the security team and perhaps legal counsel to draft an accurate, factual message.
Communicate Openly And With Care
It takes 212 days, on average, for companies to identify a breach and 75 days to contain it according to the 2021 data breach report from the IBM and the Ponemon Institute. The shocking delay in sending out communications unfortunately left customers vulnerable for an extensive period of time.
It is the responsibility of the breached organization to provide accurate and timely information that accounts for customer questions and looks after their best interests while carefully considering the internal and external legal actions to take to minimize liability. Some of the top questions to ask the team when communicating a data breach include: what happened and what do we know, what is impact of the incident, and how exactly can we help the customer?
In asking these questions, an organization can ensure they are fully prepared to support the customer through this crisis and openly address their concerns in a consistent manner. Setting up a web page that provides incident updates in real-time, is a convenient way of keeping customers in-the-loop with all the relevant information following a breach.
Take Steps To Renew Trust
Another challenge that an organization faces when communicating a breach is the lack of consistency in responding to customers’ concerns. Failure to gather the right information or assessment of impact, can change the narrative — something that should be avoided. A shift in narrative confuses customers, causing them to raise doubts and suspicions that an organization is hiding something.
Aside from delivering a consistent message, companies should set reasonable expectations when communicating with customers about a data breach. Never say that it won’t happen again – because it might. Instead, companies should assure their customers that the incident is being properly contained and managed.
Continuously updating customers with the steps taken to improve data security will do more to rebuild trust than offering vague promises. Focus communication on the actions, protocols and tools put in place to keep their information secure. Provide employees with regular security training, enforce strong password policies and multifactor authentication, and other solutions to stay current with the evolving cyber threat landscape. It will take time, but being transparent and committed to cybersecurity will help regain trust.
Enforce Next-Level Security with UDT
To best support customers, let them know that you are prioritizing security and taking the necessary steps to mitigate future breaches as well. This can include hiring third parties to conduct penetration testing on the affected network, cloud platform, application, etc., where the breach occurred, and report those steps to the customer to prevent vulnerabilities in the future.
Our security experts will help you assess operational maturity and draw a roadmap towards your ideal security posture. By mapping out your organization’s unique vulnerabilities, we can help you establish what technology, practices, policies, and procedures need to be implemented to secure your infrastructure and applications.