With the use and interpretation of data becoming increasingly important in business today, the amount of information that is left vulnerable to attack is greater than ever, and expanding exponentially.
These breaches can affect a wide range of businesses and customers by compromising data of many types, through many avenues. Sometimes, this largely causes internal issues for the company at the receiving end of the breach.
This frequently takes the form of things like internal communication and information being spread to the public. When this happens, it can bring embarrassing things to light, or reveal plans and strategies that help their competition.
Other times, however, the data that is accessed also impacts the company’s customers or professional contacts.
Whether this is sensitive financial information like credit card numbers, or personal contact information, like email addresses and passwords, it damages that company’s image and trustworthiness in the eyes of the public.
Regardless of what the exact situation is you’re facing, if you find yourself the victim of a data breach like this, you need to have an actionable plan to recover. One of the best ways to understand the route you should take is by looking at a couple recent examples.
Related Article: Data Breaches: How To Deal With Them and Recover
One of the breaches that have been prominently in the news lately, the LinkedIn breach, is actually not a recent development. Instead, this is one that happened several years ago, back in 2012, but is still having lasting effects. This shows how long the effects of these events can impact a company, and recovering from one is a long-term effort.
This breach came back into the news after additional user emails and passwords were released in May. This received even greater buzz following Mark Zuckerberg’s LinkedIn information being used to access his (long unused) Twitter and Pinterest accounts because he made the mistake of repeating his password across platforms and not changing it.
The biggest lesson to learn from LinkedIn’s approach to this breach is that, despite this not being a new issue, they have continued to show their dedication to both the security and trust of their users, as well as a commitment to treating this breach seriously, and with great transparency.
In their blog post originally published the day after the recent release of user information, LinkedIn detailed what they knew about the situation, what they were doing to fix the issue, and provided links to more information about making sure your data and accounts are safe. Though this would have been enough, they went a step beyond and continued to update this post as they worked through their process, and eventually addressed the Zuckerberg situation as well.
LinkedIn’s response also highlights the importance of timeliness and transparency throughout the process. After identifying who was affected, you need to formulate an appropriate response that is transparent about what the situation is. This is absolutely the most vital step in this process, and can make or break your efforts.
However, your response also needs to come quickly. LinkedIn was able to do this successfully by releasing their initial statement, then updating it frequently. Leaving people in the dark, either through delaying your response, or withholding details only increases the chance that you will not be able to regain the trust of your customers.
Related Article: You Had an Ongoing Data Breach for Months. How Could You Not Know?
If the breach was one that negatively affected your customers, or had the potential to, then you need to be apologetic and reassuring. When people have legitimate concerns and fears that their information may have been compromised, they generally do not respond well if it seems like someone is making light of it.
It would have been very easy for LinkedIn to use Zuckerberg’s lack of common sense about his passwords to deflect criticism. However, by not going down this route, and remaining professional in their response, LinkedIn showed that they understand people’s concerns about the breach.
Target
The largest hurdle you have to face after a large data breach is also the most important regaining public trust. Probably the biggest example of this comes from Target, and the massive data breach it found itself on the receiving end of in late 2013. This breach affected anyone who shopped at Target between November 27 and December 15, 2013, up to 70 million people, and potentially compromised a wide range of personal information including credit and debit card information, as well as names, mailing and email addresses, and phone numbers.
Following this attack, Target definitely took steps to restore its credibility, including offering a year of free credit monitoring to customers affected, a more aggressive rollout of chip-enabled card technology in stores, and a one-day 10 percent storewide discount. However, in comparison to other companies that have undergone similar breaches, their response was still lacking in one major aspect a personal, human touch.
For a company that has so heavily and successfully branded itself as more personable and likable than its competition, Target’s response seemed overly corporate and lacking in the personal touch that is so key to their brand. To me, their reaction has never seemed to be on-brand. Instead, it seems cold and clinical. Instead of doing things to truly show remorse, it seemed like every step they took was in order to spin things from a PR standpoint.
Unlike Target’s response, you need to regain public trust by establishing that you are committed to making a legitimate and actionable change and improvement, without losing your personal brand or touch. Let the public know what measures you have taken to improve, and why they should feel confident in doing business with you again, all while doing everything you can to show legitimate remorse.
Unfortunately, however, these kinds of reassurances may not be enough to win back customers, which means a few things for you. Firstly, you need to accept that this process may take time, and prepare to take a long haul approach. After all, it only takes a moment to gain a negative reputation that could cost you greatly, but good PR and building trust takes time and consistency.
Related Article: Two-Factor Authentication Makes Data Breach Protection Better Than Ever
Outside of trust, you also need to find ways to earn the business of your customers back, as well. With the wealth of options available to consumers because of the internet, being trustworthy is not always enough, you also need to be competitive. This can’t simply be a one-time sale, or coupon, either. This may bring in customers in the short term, but they are also likely to see it as a weak distraction, which reflects even more poorly on you. Instead, consider implementing something like a rewards or loyalty program that will have more lasting benefits.