David Papp Blog

What to do in the event of a data breach

When it comes to data breaches these days, it’s no longer a question of if, but when. And when confidential and sensitive information is exposed to prying eyes, this can cause members of your organization or the owners of said information to panic or worse: your clients may leave/stop patronizing your product/service altogether. If handled poorly, the general public may also develop a negative perception about your organization – and that is never good for business. Here are a few guidelines to keep in mind:

Proactively update your stakeholders about the incident

Do not make the mistake of letting your stakeholders find out about the data breach via a third party source as it may make it seem like the situation is worse than it actually is. It is best to proactively inform your stakeholders about all they need to know about the breach and what your organization is doing to remedy it. This approach to handling the situation will foster an environment of trust and accountability that you’ll need as you go through solving the crisis at hand.

Be consistent and transparent

Devising a planned and coherent crisis communication plan, which includes who the spokesperson will be (if any) and what media channels will be used to disseminate consistent and specific information, is imperative. By being transparent about the incident – how it happened, its duration, how much information was compromised – you’re keeping customers informed in a language that they can understand that your organization is completely aware of what systems were affected.

Prioritize customers

Be sure to inform your customers about what information was hacked and communicate possible risks as well as how they can protect themselves from the consequences of the leaked data. Address their concerns first before you start worrying about your stock price.

Strengthen your system

The data breach is an indication that your current system is not secure enough. Improving your system and letting your customers know how it will be different from the faulty one is essential.

Has your organization ever experienced a data breach? How did you handle it and what lessons did you learn?

17 thoughts on “What to do in the event of a data breach”

  1. This is a timely subject on data breach. Ever since the Well Fargo incidents, my ears tune into when a data breach occurs in a company. I agree, you have to be proactive in this field. Don’t just set the security and backups in place and forget it. On a regular basis, I would test the backups to make sure they are not only working, but you can restore them.
    Also, good recommendation on prioritizing your customers.

  2. Interesting article, it gives me a new perspective on recent events. I am not really at all aware about the dangers that tag along with these incidents, but I am now aware of how properly a company I am involved should handle the incident. Thanks for sharing.

  3. Great tips! I had no clue these things even happened – once I start my own business, I’ll be sure to keep this in mind. I guess I can understand why it’s important to alert your customers of fraudulent behavior and the like. Thanks for letting us know.

  4. It is quite sad how often these data breeches are occurring. Currently it seems that a lot of companies have been hit, even small franchise companies who may not have the means to be able to solve the problem correctly because of lack of budget. It is also very scary for the consumer, as they have to go through a lot to protect their information. Hopefully companies can find a way to secure their data, and then pass this on to everyone.

  5. In the event of a data breach, organizations have a choice of following the trend, not following the trend, or other choices. Proactively updating stakeholders is probably the best thing to do, but the down side is that the stakeholders might not always appreciate it. Once a customer has learned something, usually there will be a need for some sort of action, and sometimes the organization do not have the means to cater this emerging need.

  6. It seems like data breaches are happening pretty often now. But honestly, one company, *cough* Apple *cough* needs to strengthen their security. Their representatives can be manipulated so easily with social engineering, it’s sad. So many people have been violated and targeted because of how easy it is to gain personal information on social media sites.

  7. In an event of data breach ill jsut do that I can to recover but thats it. Its just data who cares. If you really have a big problem let the police know or higher a hacker to track the other dude down.

  8. We need the CEO’S of major companies to read this and then their reps. When I worked for Apple, we were the last to know as reps.

    • I know what you mean, we were always the last ones to know in our company, the guys who were no the top were the ones making all of the decisions most of the time, they never asked for our opinions tho, but maybe that was a good thing now that I look back, in the end that might have been way too much responsibility for us to handle properly.

  9. This was a really interesting article, great if you own a company and so far this hasn’t happened to you, but would like how to act if it ever happens, or as the author stated ”when” it happens. It’s very important stay informed, because you never know when you might need this kind of information.

  10. Very good tips. My mother recently had her credit card information stolen in the Target breach. She spent a couple weeks freaking out. And now she’s decided to only use cash. This of course became a problem when she wanted to buy something online. So, now she forgoes that pleasure.

  11. This should be good for a company I guess. But breaches do happen and it’s good to be prepared for one. Most companies now have servers that store the information and they can’t be accessed through the internet. Those secure servers can only be accessed by ultra secure computers to receive or dispatch that private information.

  12. A company I know had a complete password change for all the employees as a reaction to…Shellshock bug was it? I do not think that company had a breach though, last I heard. Though I experienced a data breach on my own email a while back. Had to instantly change passwords to reduce to blow. All was accounted for in the end.

  13. I was so happy to come across this ad because with all the data breach’s lately going on everywhere (Home depot, etc) it is nice to what to do in the case of one. I always try to keep myself prepared in case of little instances like this but I have to say I never thought about preparing for this one!

  14. Very good point. A lot of people think that by hiding their problems, they will appear in control and stronger, but it is the opposite happening — if you find out something has been happening as a customer and the webmaster did not tell you, he will either look ignorant or like he’s messing with you somehow by hiding important information. Good communication with customers is key to trust.

  15. All fair points to consider. If your company falls victim to a data breach, transparency and communication with your shareholders does wonders to prevent panic. It also helps them see the company as an ally rather than the one potentially responsible. If you are dealing with an kind of sensitive information at all, it always helps to hire trusted professionals to manage your digital security.

  16. Very informative. I think it should be taken seriously when a data breach happens and you should do something about it to protect yourself. I think sometimes not having it as secure and good system of protection with good encryption and clean code that isn’t understandable by others, good source of engineering, all that helps with preventing it, but if it does happen you might consider using the tips above.

Comments are closed.