Cybercrime compromises more than data
What can you do to limit the reputational fallout from a a data security breach?
July 2, 2014
Target, Hannaford, Schnucks and URM stores. Unfortunately, these retailers are victims of an all too common occurrence in the business world: cybercrime.
Dealing with a data security breach is challenging. But, what quickly can become an even bigger and more frustrating challenge is the resulting reputational loss, manifesting itself through customer misunderstandings, media reports, government agency cybercrime probes, law enforcement investigations, elected officials posturing on data security legislation, public outcry, and investor financial concerns over potential monetary losses and lawsuits.
The list goes on and so does the negative reputational impact. In fact, a retailer can become the “poster child” for this crime, frequently referenced in future cybercrime stories, even though not involved.
Although industry groups, such as FMI and RILA, as well as government officials and agencies are trying to make cybercrime laws more rigorous, the ability to catch and prosecute cyber criminals easier, and the consequences more stringent, all of this takes time. And even though much is being done to tackle this issue, the fact remains that your system can still be compromised — even if you are dedicating significant monetary resources and personnel to cybercrime prevention. So, what can you do to limit the reputational fallout?
1. Be sure your crisis plan includes protocols for flagging data breaches and corresponding detailed action plans. Limiting the scope of the breach can reduce “reputational clean-up,” as the public is more forgiving of a proactive retailer.
2. As with any crisis, denial is harmful. Thinking “this couldn’t really happen” wastes time. Once aware, follow your crisis plan.
3. Multiple contact lists are essential. Do you have appropriate law enforcement agencies and pertinent contact information? Do you have pre-existing arrangements and contact data for vendors that can support you during such a crisis? What about contact lists for customers, employees or anyone whose private data could be compromised? Are your media lists up to date, so you can distribute information broadly and quickly? Are there government officials, investors or others you need to notify? Are protocols established for how and when to initiate these communications? Remember: It’s better for you to tell what happens than for these audiences to hear it elsewhere.
4. Although you shouldn’t compromise an investigation or provide current or future criminals with a “how to break into our system” map, are you appropriately transparent? The media will uncover a cover-up. And, cybercrime victims want to know retailers are doing everything possible to rectify the situation. Being forthcoming and honest can create goodwill and generate trust for a supermarket, even contributing to reputational recovery.
5. Demonstrate you understand the gravity of the situation through your communication and actions. When it’s over, reassure people. Explain you had a laser focus to pinpoint the root cause of the recent breach, the professional and ethical steps you took to manage this situation, and your commitment to data security.
Enterprising cyber criminals are happy to help you gain notoriety through a data security breach. And while they may view such exposure as a badge of honor, the event lessens your chances for retaining or gaining customers and other stakeholders critical to long-term, financial success and even your company’s survival. You’ve already lost data. Don’t lose your good reputation, too.
About the Author
You May Also Like