Earlier today, Forbes published an article which includes my take on how companies should behave after a data breach, especially on the customer communications front, to make sure that they maintain customer loyalty and trust.
Talking to Forbes, I mentioned that we believe that organizations should act on multiple fronts, some pre-incident and some post-incident.
One of the things that past breaches and disclosure have taught us, is that companies are sometimes reluctant to provide details about what happened and how. This can be the result of two main things: internal miscommunication and lack of technical monitoring controls.
I believe that CMO–CEO collaboration is critical in the case of a data breach. On one end of the scale, companies release incident disclosure notifications that seem aggressive or, on the other end of the scale, vague. This is where the CMO is key: communicating in the proper way, through the proper channels, and pausing to think before releasing a statement may change the entire tone of a disclosure notification, and therefore change the business impact.
Disclosure notifications often lack breach details. And, as a customer, you can never tell if it’s because the company is hiding details, or they just don’t know! That’s where public trust is on the line. I would absolutely trust a company that tells me that they got breached in this certain way, on this specific date, and that they have resolved the issue. I’m not so sure I would trust a company that says “we have been breached, everything is fine now.”
In order to provide these sorts of details, and actually find out how a breach happened, and what data is at risk, companies must monitor their digital assets where they reside. Monitoring who accesses what data, where, and when, will provide the details required to analyze an incident. Activity monitoring technologies around file, database and more complex repositories like Sharepoint would normally be able to detect those breaches before too much damage has occurred.
While a data breach may damage a customer’s trust, being knowledgeable and responsible as a company will help maintain that trust.