3 Steps for Minimizing Damage After a Data Breach

3 Steps for Minimizing Damage After a Data Breach

Any business that handles consumer data is a potential target for hackers, but small businesses are especially vulnerable. When customers willingly hand over sensitive personal information, they’re showing they trust you to keep that data safe. A breach quickly erodes that trust.

Allowing personal data to fall into the wrong hands — potentially exposing customers to identity theft or financial damage — will inevitably lead them to question whether you can provide the products and services they hired you to provide in the first place.

A breach can prompt a customer to terminate their relationship with your company. Even if the compromised information isn’t necessarily sensitive, the fact that you couldn’t keep it safe may mean customers won’t trust you with personal data in the future.

An Ounce of Preparation

The good news is that a security breach doesn’t have to spell doom for your small business. Yes, breaches are damaging, but how you handle an attack — both in the moment and in the aftermath — is often what determines whether your customers choose to stay. To minimize the damage, take a few simple steps.

 

  1. Know what story you will be able to tell.A serious breach will be easier to overcome if customers — and everyone who will hear about it when the breach becomes public — know you took every practical step to prevent it from happening. If you’re able to tell customers (and the public) the story that features you encrypting and backing up their data, having firewalls and two-factor authentication in place, and regularly training your employees to handle sensitive information, then you’re much more likely to be forgiven.

 

  1. Own mistakes when they happen.The massive breach involving Marriott Hotelslast year made headlines for weeks — and rightfully so, as up to 500 million people were affected. Admirably, Marriott took full responsibility for the consequences, even though they didn’t even own Starwood, the company in question, at the time the breach occurred. The hotel chain offered customers affected by the hack a year’s worth of free identity monitoring services, in addition to fraud loss reimbursements and other services. For small businesses, in particular, being able to clearly explain what you’re doing to help customers get their lives back on track after a breach is critical to rebuilding trust.

 

  1. Understand where you’re vulnerable.Email remains one of the most popular tools for internal corporate communication, which is why it’s one of the most common access points for hackers. If you regularly transmit sensitive information via email, invest in an encrypted email platform. If sensitive information is stored on a password-protected chat platform like Slack, you should have a strong password policy in place as well as a second factor of authentication. Finally, focus your employees’ training on safe email use, spotting phishing attacks, and established procedures to follow when something looks suspicious.

A breach can be a distraction and a drain on capital, and small businesses don’t always have the resources to bounce right back. But if you can show your customers you’ve taken precautions before and after a breach to keep their information safe, you can retain their trust and maintain your operations.