In business, trust is everything. Your customers and clients trust your business to provide them with a quality product or service. They also trust you with private information, such as their addresses, credit card numbers, Social Security numbers, and more. If that data becomes compromised, it’s a PR disaster, and here’s how to handle it.
Precaution: Risk-Mapping
Well before any PR disaster occurs, you should have already prepared for it. Executives and management should participate in risk-mapping together, where you’ll imagine every potential PR disaster that could happen to your business and how exactly it should be handled. If you’ve done this, then hopefully you already have a plan in place for handling a compromised data situation.
Fix the Breach
If you find out that data has been compromised, you need to immediately identify and fix whatever security breach or threat exists. Make sure that the data is secured so that the problem does not continue happening. Something went wrong, and there is no time to waste in making sure sensitive material is no longer accessible by any outside parties.
Apologize Directly
Simultaneously, you should be notifying all your customers about the security breach. This is the type of PR disaster that gives you a little bit of time before customers potentially find out about the problem, and you don’t need to call attention to it in the media, unless it’s already been outed.
Start by directly apologizing to the customers who are affected by the breach, and explain to them exactly what happened. Be honest in the potential risk to them, and assure them that it is being handled and won’t happen again. Don’t try to place any blame; accept responsibility. If the problem has been picked up by the media, apologize publically right away.
Offer Something
You’re not necessarily trying to bribe your customers, but offering them some type of gift is a way to show them how sincere you are and that you value them as customers. If their data has been compromised, an excellent example is to offer a year of free credit monitoring. You’re showing your sincerity, and you’re offering something that will make people feel safer.
Provide Updates
Don’t tell customers or the public anything that you’re not sure about; it’s better to admit that you don’t know than to give a potentially incorrect guess or unkeepable promise. Instead, promise and provide updates on the situation. As soon as possible following the incident, you should be able to update everyone on exactly what you’ve done to make sure their data is protected now.
Address the Issue Internally
You have to get to the bottom of how and why the data was compromised. You should have already identified and fixed the problem, but now you have to deal with why it happened in the first place. Address personnel issues, make policy changes, or do whatever it takes to ensure that similar events don’t happen again in the future.
Prepared by Claire Johnson from Authentify, click here to learn more about data security and two factor authentication.