It’s the nightmare scenario no business manager wants to experience: admitting your company has been the target of a data breach. Unfortunately, it is a situation many businesses may have to deal with at some point. The Identity Fraud Report published by the strategy and research company Javeline reports that 13.1 million consumers were the subjects of identity fraud in 2013, with data breaches pinpointed as one way criminals access private information.
While it may be convenient to electronically store customers’ personal data, such practices are thefts waiting to happen unless businesses go above and beyond with protective measures. Yes, it means extra work and continual vigilance, but it’s well worth it to keep your customers’ information secure. Meanwhile, if your company has experienced a data breach, meet it head-on and take the necessary steps to ensure protection.
Be Upfront With Customers
A data breach puts your business’s reputation at risk. Companies trying to protect their good name often attempt to minimize the magnitude of the situation by downplaying the probability that the pilfered information will be exploited—a perfect example of what not to do. As embarrassing as it is to face all your customers and admit you’ve let their personal information slip into the wrong hands, you owe it to them to be honest.
It may reduce your bottom line, but when your company’s data has been breached, you can win back some of their trust by offering identity protection services at your expense. If it was your company’s failure to adequately protect information that put finances and identities at risk, it is the responsible thing to do. Your action on their behalf may end up saving them money and grief, creating grateful feelings toward your company.
Up the Security Ante
Once you’ve faced the music, you want to be able to tell your customers you’ve taken steps to ensure another data breach won’t happen in the future. Trend Micro, a global cloud security company, recommends that businesses redesign their security infrastructure against data breaches from dishonest insiders as well as from hackers. Focus on data security both from the inside-out and outside-in. This may involve installing or upgrading an encryption program. Educate your employees, too, instructing them to frequently change passwords, never leave their computers running while unattended and never open emails or attachments from unapproved sources.
Implement and Enforce Policies
Your employees need to understand how important it is to protect data, especially in this age of BYOD. Require that all devices—computers on down to tablets and smartphones—have anti-malware installed. Limit or ban social networking while at work and/or on devices that store or have access to confidential information. Stress the importance of reporting the loss of inadequately protected or unencrypted data. The sooner you are aware of such incidents, the sooner you can deal with the situation. Employees must understand that although data losses may result in disciplinary action, failing to report a loss or breach will put everyone involved at risk, including them, their co-workers, clients and the entire company.
About the Author
Sammie Moreland was a victim of identity theft five years ago. After that ordeal she has spread the word about staying safe in the cyber world.