No matter how prepared you are – or believe you are – you can still suffer a cyber-security breach. What you do next can have a profound impact on the reputation of the business, customer loyalty, employee morale, and, ultimately, your bottom line.
An effective communication strategy should follow these guidelines:
- Notify key regulatory and legal authorities as soon as possible, unless this might impede a criminal investigation. Even if notification isn’t required by law, it’s an important courtesy.
- Make sure that staff roles and responsibilities for communicating the breach are outlined and understood clearly.
- Tailor the notification process to the audience – high-value customers, senior employees, or individuals who might particularly vulnerable (such as the elderly, the disabled, and minors) and to the nature of the breach; handle the theft of confidential client information differently than stealing employees' Social Security numbers.
- Have legal counsel review the method and content of all communications.
- Prepare for media inquiries to deliver a clear message for parties affected directly or indirectly. Be sure that your spokesperson is qualified and trained to deal with the media.
- Provide ways for victims of the breach to ask additional questions and/or learn how to minimize potential harm.
- Test the plan: If you had to execute it, how well did it work, and how did you update it? Many businesses have discovered holes in their response plans after failing to consider the impact of a cyber security breach on daily operations, or underestimating the attention the event drew.
To learn more about spreading the word after a data breach, please get in touch with us.