There's no simple fix for a data protection incident—at least, not in the eyes of your customer.
In 2017, the average cost of a US data breach was $7.35 million. While fallout and cleanup are expensive, this stat doesn't necessarily account for the costs of lost customer trust. More than 86 percent of customers are unlikely to ever do business with a company again if their personal data or credit card numbers are compromised. Take Target, for instance: In the quarter following one of the most discussed data breaches in history, their sales dropped 46 percent. Four years later, Target was still paying—they had to settle $18.5 million with customers who fell victim to the breach. Ouch.
It's time to put on your superhero costume and demonstrate you're ready, willing, and able to fight for data protection at all costs. After your company hits a data protection snag, the groundwork for rebuilding customer trust begins. While the responsibility for fixing damaged relationships falls into the hands of your PR and legal teams, it's also an IT obligation.
1. Be honest
Total honesty is the best policy in the days following the breach, even if your job doesn't have you directly engaging with customers or media. Verifone won hearts for their honesty and fast response to a data breach: The company proactively notified potential victims while working hard to discover the full scope of the breach. Once the dust settled, they used the incident to strengthen their adaptive security technology and educate their customers.
Uber, however, is a shining example of what not to do—pay off a huge ransom for breached customer and driver data, hunt down the hackers to force them to sign NDAs, play it off as a bug bounty expense, and keep the entire thing secret from customers for more than a year. Yikes.
2. Leap into action
Whatever you do, don't wait. A trifecta of measures—an incident response team, extensive use of encryption, and employee training—can reduce the cost per breached record from an average of $141 to $93.10, according to Ponemon Institute.
Companies that act fast are more likely to restore customer trust. Who can blame customers for taking their business to a vendor who doesn't waste time after their credit card number's been stolen?
3. Do more than redecorate
Your customers want to know you've taken the right steps to protect their data. Cleaning house internally is expensive, but the resources invested in your people, products, and processes are necessary to fix your image.
"Don't just add window dressing or another firewall layer," advises consultant David Strom. It's time to get your hands dirty and evolve every aspect of your data protection. It's not enough to update your policy-based administration. Educate your coworkers on why the IT department makes them choose a tough new password every 90 days (hint: weak or stolen credentials play a role in 81 percent of data breaches). Let no weak security link go unresolved, and communicate clearly about how you're evolving.
4. Don't be an easy target
The "cybermiscreants" of the world are rarely original or hard-working, especially with open commerce of prepackaged exploit kits on the rise. An IDC report highlights that voracious copycats are watching for easy ways into your network, and there's a good chance they've noticed the rise of highly successful denial-of-service attacks. Look at your endpoints, including your IoT devices, such as business printers, and make sure that no part of your network is left behind when it comes to consistent security hygiene.
If phones and routers have been virtually ignored and you're not paying appropriate attention to printer security, it's time to harden your endpoints by:
- Inventorying brands, models, and configurations
- Managing passwords
- Turning off unnecessary services
- Maintaining and patching
- Encrypting protocols
- Segregating networks
When it comes to printers, what you don't know or have failed to patch can definitely hurt you. Take out the weakest links and replace them with printers engineered to stand guard against hackers.
5. Strive for unbreakable
Cutting-edge security innovation can demonstrate to your customers that you're willing to do much more than the bare minimum to prevent a repeat of a data security incident. In the light of data breaches, some IT teams are experimenting with blockchain technology. The distributed ledger technology that acts as a baseline for bitcoin and other cryptocurrencies stores information in connected blocks protected by cryptography and secured without the need for an IT super admin.
Security blockchain innovator Roger Haenni, CEO of Datum, recently called for IT teams to ditch the "security-risk prone technologies of yesterday." When combined with a commitment to employee training, adopting innovative approaches to data protection shows you're willing to do what it takes to keep your customers safe.
6. Push for notorious data protection
Around 78 percent of customers are cautious of organizations' abilities to keep data safe, but that doesn't stop them from worrying about their personal data being stolen. Security is a huge part of the purchase process for customers, with 52 percent saying security is an important or main consideration.
If you've fallen prey to hackers, all's not lost. Today's IT teams have a massive opportunity, regardless of whether they've been breached or have been lucky thus far. By pushing the bar in data security instead of just redecorating after a data breach, you'll become a much harder target, benefit from new security innovations, like blockchain, and educate your customers on why you're working hard behind-the-scenes to keep their data safe.