Chapter Five – Avoidable Mistakes After a Data Breach
When executives, business owners, or decision makers flub their response to a breach, they can magnify and extend the damage to their customers, their organizations, and even to their own reputation.
So, what are the key things a business or an organization do to manage the risk to their organization or reputation:
- Well, we have said it before and we’ll say it again, executives need to expect a breach, and have an incident response plan in place…before it happens. If you don’t have one, the ask the team at Oxygen, we have developed and refined our own Critical Incident Response process and we can easily work with your team to develop one for you.
- Leaders often make the same set of mistakes after an attack, they wait too long to notify customers, they deliver a subpar service to the customers once they do communicate the breach, they issue confusing and incorrect information about the attack, and they fail to accept accountability.
- Customers or stakeholders should be the primary focus of care and leaders should take proactive steps to manage any future exposure.
- Rebuild trust in your brand by sharing clear and regular updates with your customers
- Finally, recognize that a breach is not a technological failure (I know this can be difficult) but own it from an organizational perspective and take full responsibility.
During the Solar Winds breach of December 2020, that company presented a great case study on how an organization should deal with a security breach, I encourage all of you to take a look at the many articles available online.
So, in conclusion, as the venerable Scott Galloway would say, during a crisis, and a security breach would constitute that, a leader must:
- Acknowledge the issue
- Take responsibility, and
If you have any questions or concerns about your company, or organizations incident response plan, feel free to reach out to the team at Oxygen, we’d love to help.