Businesses need to communicate more about their data breaches; before and after they happen.

Data breaches can be very embarrassing for a business. Being attacked by hackers can undermine the control the business has over its own systems and databases, and it can hamper the loyalty of their customers.

The embarrassment can be even worse if the data breach occurred as a result of an employee error.

After a data breach, the trends we witness for an affected business vary depending on how a breach is handled… For businesses that try to conceal a breach and are found out via other channels the backlash can be brutal as share prices drop, customers leave to do business elsewhere and the reputation of the brand takes a battering in the media.

The importance of cybersecurity

Today, businesses need to take cybersecurity seriously and manage data incidents from the very beginning, and implement well-executed plans on how to maintain the highest levels of data security and have a clear plan in place as to what to do in the event of a breach.

Co-founder and director of IT consultancy firm Freeman Clarke identifies staff training as a key element in data security:

“…all staff should be trained [on] how to spot a threat and how to deal with it.”

Employees are often the weakest link as staff are given access to information for the purpose of their jobs. However, this means a lot of responsibility for data entrusted to them. Well-trained employees can mitigate risks of data breaches significantly, and additional training on how to spot breaches and threats can be a useful way to utilise existing business assets and increase cybersecurity.

The importance of preparation

Rod Clayton, executive vice-president at global crisis firm Weber Shandwick points out the importance of preparation:

“An organisation has a far better chance… if it gets things right before an incident ever occurs.”

This means that employees and consumers need to be told about the risks, consequences and steps taken to minimise risks of a data breach. Clayton believes these to be important steps to “ensure data integrity and managing stakeholders’ expectations”.

If a business has any hopes of lessening the impact a data breach has, it needs to effectively communicate with all those involved; especially employees and consumers.

With employees, a data breach can be very disruptive to their work and not being told about the data breach can create further disruption and lead to further damage.

For consumers, a myriad of problems can arise out of a data breach including risk of fraud, identity theft, loss of property and even psychiatric harm. If the consumer is not told about the breach for fear of criticism, loss of reputation or for other reasons, the consumer may be in even more danger as they won’t know to look out for indications of further attacks.

Owning up is key to good management

“While firms don’t necessarily want to admit they have had data breaches, doing so will allow customers to take action to protect themselves”, says Dr Ben Silverstone, leader of computing and quantitative businesses at Arden University.

The government recognises the importance of disclosing data breaches and has agreed to implement the European General Data Protection Regulations in the U.K. in May 2018. This updated data protection legislation will afford authorities greater powers for enforcing data protection penalties, including the potential to fine a company 20 million Euro or 4% of their global turnover, whichever is higher.

More importantly in terms of the topic of this article, the GDPR requires all businesses to disclose a data breach within 72 hours of discovery so consumers can quickly take action to check their accounts and be on high alert for any further attacks.

‘Reaper’ Botnet the latest threat to internet-connected devices

Are British businesses sweeping data breaches under the carpet?