Culture / How to make your business more resilient when a data breach strikes
How to make your business more resilient when a data breach strikes
24 April 2018
Anastasia Ivanova, Associate Director, LEWIS
As the Facebook / Cambridge Analytica story shows, data is now the most valuable asset to have and the costliest to lose control of. In 2017 alone, an average data breach would cost a business to the tune of $3.62 million - by the time the dust has settled and legal fees have been paid. The onset of the General Data Protection Regulation, or GDPR, is likely to make data leaks even costlier, adding a hefty fine of up to 4% of annual global turnover on top. With the requirement to report a loss of non-encrypted personal EU customer data directly to those affected within a 72-hour window, the likelihood of resulting bad publicity is only bound to increase.
Would your customers and business partners automatically equate a data breach being a breach of their trust? Not necessarily.
If you, as a business, can show you’ve done everything you possibly could to prevent bad things from happening, you have a lot to gain. Including increased consumer loyalty, less regulatory scrutiny and stronger business partnerships in the future.
Also of interest: Why acting quickly is key when a patch has been released
Here are the top five things you have to get right to make your business more resilient:
Communicate with confidence: nobody can make you feel bad without your permission.
With the likelihood of a data breach as high as 1 in 4, accept that bad things will happen, eventually. However, it’s your reaction to adverse events that’s going to be remembered. Ensure you have the right issues management process and team in place to respond to any adverse events with the knowledge, confidence and humility that will instil consumer trust in your systems, processes and governance. Invest in updating crisis communication playbooks, protocols and procedures. Train spokespeople to use the appropriate tone of voice. Ensure the right people within the company are taking the right levels of responsibility in a timely manner.
Build customer loyalty programmes to last.
Do more than provide customers with the products, services and the help they ask for. Become an information resource, including on social media. As customers grow to trust you, they won’t look for other sources for their product or data breach information updates. Or any other business issue you may be facing further down the line.
Watch your data close, and that of your suppliers even closer.
As the Tesco / Travelex data breach shows, businesses can be impacted of their 3rd party white label service providers’ issues. Pick your suppliers wisely, and have a mechanism in place whereby you know how your customer data is being used and what safeguards are in place to prevent GDPR non-compliance. Run regular issues management drills in collaboration with 3rd parties to ensure everyone knows their roles and responsibilities, and has had a chance to experience what it’s like to be in your business partners’ shoes.
Make data protection everyone’s responsivity, not just the CISO’s!
Educate and empower employees when it comes to data management and security. While as a business you can have the best IT defences and the best Chief Information Security Officer on staff, it’s important that your workforce and contractors know not to let cyber-criminals in via weak passwords, phishing emails or human error. Staff should know how and where to report any irregularities and see data protection as part of their job. By streamlining internal communication channels and investing in training, you will help your C-suite receive more accurate and timely information on any data breaches and cyber threats in real time – thereby helping to make a difference to their public communications on the matter.
Invest in specialist solutions providers and have them on a speed dial.
Operational considerations and preparedness would always dictate your communications response to a data breach. Having best-in-class solutions helps you showcase that you’ve done your upmost as a business. Communications, operational and legal responses to data breaches must go hand-in-glove in order to help mitigate any reputational fallout, enabling senior business leaders to respond quickly and appropriately when a data breach happens.
Data breaches and information leaks in light of GDPR should not be seen as a threat. It’s a real opportunity to strengthen your organisational resistance to costly and embarrassing data leaks and cyber-attacks. It’s a good reason to improve your business processes and data security protocols. An opportunity to review your corporate ability to respond to reputational issues and to dust off your crisis protocols, as well as to run some internal trainings.
Training your corporate communications muscle on a regular basis would not only make your business feel healthier on a daily basis. It would also help you build resistance to unexpected instances of issues management – making you fit enough and ready to face a media sprint or a marathon when it matters the most.