Whether a small, one-county shop or a national operation,
how a company handles a data breach highlights the type of business you run,
how well you treat customers and the long-term forecast for success for
According to Experian, here are the six worst errors a
company can make in handling a data breach and tips on how to avoid them:
Failing to be proactive. The time to begin handling data breaches is before one ever occurs. Every company should have a detailed, comprehensive data breach response plan in place. Your plan should include a designated response team (including decision-makers, external response services agencies, public relations, IT, cybersecurity, etc.), a communications plan, customer care plan and data breach response letter templates. Not sure where to start? Experian’s Data Breach Response Guide is available for free download.
Responding too slowly. Every day that a cyber attack goes undetected or detected, but unchecked is another day of escalating damages to your business and customers. Continuous threat detection is essential so that you can quickly identify an incident. Prevention and remediation technologies need to be continuously updated to ensure you’re able to halt the damage as soon as the breach is detected, according to Experian.
Over-reacting. Doing or saying too much before you have all the facts can be just as damaging as doing nothing. Keep internal and external communications limited to strictly what you know and what others need to know. Never hypothesize. Likewise, you may be tempted to quite literally pull the plug on computer systems and networks to block the incursion, but that can bring business to a total standstill. Experian recommends focusing on isolating affected systems and data from other at-risk portions of your network.
Communicating poorly (barely or inaccurately) with affected consumers. Effective communication with affected consumers is not only the law, but it’s also vital for mitigating reputational damages. Again, keep communications factual, but don’t overlook the need for empathy. Experian says to provide affected customers with access to a 24/7 helpline that is staffed by customer service representatives trained in data breach response.
Leaving affected customers on their own. Communicating with customers is critical, but not enough on its own. Studies have shown that consumers expect care and compensation from the company through which their data was exposed. In addition to a helpline, Experian advises considering offering free credit monitoring and/or identity-theft protection products to customers whose information has been exposed.
Failing to learn from the incident. Every data breach response plan should include a post-mortem component. Don’t wait for the dust to settle to implement it. Begin analyzing what occurred right away, looking at how it happened and what you need to do to strengthen your defenses in order to prevent a breach from occurring in the same way in the future, Experian suggests.
This article has been used and reprinted with the permission of The American Land Title Association. The material is for general information purposes only and is not to be relied upon or used for any particular purpose. Title Industry Assurance Company, RRG, and The American Land Title Association shall not be held responsible in any way for, and specifically disclaims any liability arising out of or in any way connected to, reliance on or use of any of the information contained or referenced in this article. The information contained or referenced in this article is not intended to constitute and should not be considered legal or professional advice, nor shall it serve as a substitute for the recipient obtaining such advice.
Manage Cookie Consent To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.