It’s the worst-case scenario. Your company has been hacked and personal information has been stolen. But that’s not where it stops. Now you need to do damage control. How bad was it? What exactly got stolen? How will your customers react? What should you be doing? Here are 8 things you can do in the aftermath of a data breach:
Get Out in Front
The first thing you should do is get out in front of the story. This means making sure your message is consistent, communicating with customers and employees first, then going public with details about what happened. It’s important to be transparent so that no one has any doubt about how serious you are about protecting your constituents. You should also avoid hiding behind a corporate veil when talking about breaches. People want to hear from real people who can explain things clearly and give them the answers they deserve. You can even work with companies that specialize in data protection to figure out where the holes in your systems were located.
Tell Your Customers and Employees
Tell your customers and employees what happened as soon as possible. The sooner you can inform your customers and staff, the better. It’s important to let them know what happened and what the next steps are for them so that they can stay protected as well.
Be Transparent
This is not the time for corporate doublespeak. Instead, be honest, and use terminology that regular people can understand. As soon as you know your company has been breached, it’s important to be transparent about the issue. Don’t wait until someone in the media finds out first. There are a lot of resources out there for companies that can help with this process. You don’t need to go it alone.
Develop a Comprehensive Communication Plan
When people get wind of the breach from your company, your messaging needs to be consistent. Develop a communication plan with a clear message to be used across all channels. This includes social media and email blasts. You’ll want to develop a Q&A for employees, customers, and shareholders as well. Communication is critical when it comes to handling a breach. You need to be able to get information out quickly so that people can make informed decisions.
Create a PR Plan
Have a plan for when the media comes calling. A PR plan is part of a communication plan, but a little different because of the audience. If you’re like most companies, you’ve probably never dealt with a breach before. The first step is to have your messaging and PR strategy ready before any news breaks about your company’s data being compromised. You should also make sure your crisis communications team is ready to go 24/7 until this situation is resolved. Monitor media accounts and social media to make sure no information is being shared until you are ready. You need to be proactive about communications, not reactive.
Connect With Other Companies
Don’t be afraid to reach out to other companies who have been through similar situations. Other CEOs who have been on the front lines of a data breach have a unique perspective that you can learn from. They may be willing to share their experiences and any pitfalls you may encounter in the process.
Get Legal Advice
You’ll also want to consult with your legal team to ensure that you are covering yourself in all legal ways. If someone’s data has been compromised from your negligence, you may end up in litigation and providing compensation. Small businesses may not know how to handle these legal challenges, so it’s important to get help if you don’t have a lawyer on retainer.
Evaluate Your Security
It’s important to determine if your breach was the result of negligence or simply because you had holes you didn’t realize were there. These could be anything from how secure your servers are, the connections to the servers, or even your security training policies. It’s vital that you look for ways to shore up these holes and create a new plan moving forward to provide more secure measures to protect your staff and clients.
Also Read: Why Measure Employee Performance At The End Of The Year
