Rebuilding Trust After a Data Breach
Threats are constantly evolving. We know you want to be ready to face them, but what happens when you’ve already experienced a breach? How do you restore not only your business operations, but your reputation?
According to Pew Research Center, half of Americans feel that their personal information is less secure than it was five years ago. Even more so, 64% of American adults have experienced data theft via credit card, account number, email account, social media accounts, Social Security number, loan, or tax return compromises.
Yahoo, eBay, Equifax, Target, Anthem, Home Depot – it has become habitual to worry about data breaches, identity theft, and other privacy concerns. Why am I being shown this ad? How much does Facebook know about me? Has my data been sold? Is Google tracking me?
At KirkpatrickPrice, we talk a lot about how to prevent a data breach and put a heavy focus on the “before,” rather than the “after.” But what happens after a data breach has occurred? Can your business recover?
In short, yes. But it’s going to take some work. In this blog we’ll discuss some tactics your organization can implement to rebuild any lost trust, as well as examine some companies who have successfully done it.
Tactics for Rebuilding Trust
Data breaches affect way more than just your data; they can also damage your reputation and break the trust you’ve established with your customers and stakeholders. While restoring the integrity of your data after a breach is critical, you also need to work to rebuild the trust that you lost. How do you do that? These five steps are a great place to start:
1. Notify the affected parties.
If personal data is stolen or compromised as a result of a data breach, private firms must notify affected parties as required by law. Even if your organization isn’t legally required, this is still a good idea. Honesty and transparency are vital to rebuilding or maintaining trust with your stakeholders. It allows stakeholders to take appropriate actions and shows your organization’s dedication to remedying the damage caused by the breach.
2. Investigate the root cause.
You have to identify the cause of the incident so that you can be sure you have adequately contained and fixed it. Without knowing what actually occurred, you won’t be able to fully remedy the incident or implement the correct controls to protect against it in the future. Additionally, you won’t be able to confidently tell stakeholders that the issue is (or will be) fully remedied.
3. Implement corrective measures.
Once you investigate and fully understand the incident, you can implement the corrective measures or controls that fix the issue.
4. Learn from the experience and demonstrate your commitment to cybersecurity.
It’s not enough to just fix the issues that led to your breach. You must evaluate and learn from the experience to demonstrate your commitment to cybersecurity. This is the best way to protect your organization from future breaches, but also to rebuild trust with your clients. By showing your security program improvements, and participating in industry events, you can prove to your stakeholders that you are serious about protecting their valuable data.
5. Improve your data security strategy.
The final step to responding to a data breach is to ensure that your data security strategy or procedures have been reviewed to reflect any lessons learned or new controls added as a response to your incident. This will allow your organization to formally prepare for any future incidents.
Companies That Rebuilt Trust After a Data Breach
While the five steps listed above provide a helpful roadmap to rebuilding trust after a data breach, we all know it’s much easier said than done. Let’s take a look at three advertising campaigns to examine how three well-known companies sought to rebuild trust after a breach.
Facebook Data Scandal
With GDPR enforcement on the rise and data privacy at the top of digital consumers’ minds, the Facebook-Cambridge Analytica data breach has become one of the largest of all time. Out of the 2.2 billion Facebook users, 78 million were impacted by this breach. The data was used to build a software program that predicts, profiles, and influences voter choices. Now that Facebook’s data privacy practices are in the spotlight, more and more questionable practices are rising up.
The scandal is still unfolding, as Mark Zuckerberg is questioned by Congress and the GDPR enforcement date has officially passed. In an effort to win back user trust, Facebook launched a major advertising campaign, “Here Together,” which promises to protect users from spam, click bait, fake news, and data misuse.
How has the Facebook scandal impacted your use of the platform?
Uber Cover-Up
When Uber announced its breach in 2017, it hit close to home for the millions of drivers and riders who use the app every day. Uber reported that not only did hackers steal 57 million credentials (phone numbers, email addresses, names, and driver’s license numbers) from a third-party cloud-based service, but Uber also kept the data breach secret for more than a year after paying a $100,000 ransom.
The New York Times points out, “The handling of the breach underscores the extent to which Uber executives were willing to go to protect the $70 billion ride-hailing giant’s reputation and business, even at the potential cost of breaking users’ trust and, perhaps more important, state and federal laws.” Uber recognizes that driver and rider trust is the core of their business, and when they announced this cover-up and breach, they knew they’d be facing major backlash.
In response to the breach, Uber began their “Moving Forward” campaign in an effort to rebuild trust. What do you think of this commercial – have they regained your trust? Would you still use the app?
Wells Fargo Incentives
The 2016 Wells Fargo breach was incredibly eye-opening to many consumers because it wasn’t a malicious hacker taking data; it was Wells Fargo. The bank was fined $185 million because of the 5,300 bank employees who created over 1.5 million unauthorized bank and credit card accounts on behalf of unsuspecting customers. Their reason for doing this was incentives; bank employees were rewarded for opening new bank and credit card accounts.
What is Wells Fargo doing now? In an effort to rebuild trust, Wells Fargo completely restructured its incentive plans by ending sales goals for branch bankers. Do you think that firing the 5,300 guilty bank employees and restructuring their incentive program is enough?
We believe that client trust is one of the most valuable benefits of compliance. Undergoing information security audits can help your organization maintain customers and attract new ones, distinguish your business from the rest, avoid fines for non-compliance, and answer to any sort of regulatory body.
How do you perceive this trend of public rebranding – is it convincing? Do you believe that companies like Facebook, Uber, and Wells Fargo have changed enough to rebuild trust?
Prepare to Face Today’s Confidently with KirkpatrickPrice
We know that when it comes to threats you want to make sure that you’re ready. In order to do that, you need quality cybersecurity and compliance audit reports with results you can trust. With quality testing of your unique environment, you can prepare to face threats before they become a data breach and gain a partner to help you if they do.
Partner with an expert today to make your organization unstoppable.
More Resources
Incident Response Planning: 6 Steps to Prepare your Organization
What Is an Incident Response Plan? The Collection and Evaluation of Evidence