Information security breaches are once again headline news. Telecommunication and utility companies have seemingly lost valuable customer data, leaving their customers potentially vulnerable to fraudulent activity.
There has also been the UK retailer. Their website leaked customer data even though they were quick to insist this was not a security matter but the result of ‘internal issues’. This is perplexing in that the website did not even need to be hacked to expose customer data. The Information Commissioner’s Office (ICO) is making enquiries.
In this latest round of security failures it is fair to say that the response from the companies involved did little to inspire confidence. These varied from denying the incidents were consequential, were the result of technical difficulties through to not being able to quantify the extent of the breach.
What went on internally within these companies will most likely never become public. However, what has, is the external communication element of their incident management processes. These could have been far more effective by clear messaging, acknowledging the problem and clearly outlining the steps they were taking to resolve the incident. Comments like we did not actually lose your customer log-on details or playing on semantics by arguing it was not actually a security incident do not inspire confidence and are simply counter-productive.
The benefits of a Communication Plan
We live in a world where social media provides people with the opportunity to openly express their dissatisfaction with a company, their customer service. They can even highlight problems with websites before the company concerned becomes aware. Given this, all companies as part of any incident management process, should have a comprehensive communication plan that should not only stand up to scrutiny but also protect the people who matter the most – their customers.
Companies who embrace social media from a promotional and business development perspective must also do so when things go wrong. This leaves the big question as to how would your employer respond to a data loss?