DATA BREACHESWhat’s Your Plan?
PREPARED BY
NO ONE IS SAFE
IT’S NOT IF THERE IS GOING TO BE A DATA BREACH
It’saquestionof
92%oforganizationsbreachedsuffercommercialconsequencesTargetincurredover$290millioninbreachexpenses,ofwhichinsuranceonlycovered31%
64%ofconsumerssurveyedworldwidesaytheyareunlikelytoshopordobusinessagainwithacompanythathadexperiencedabreachwherefinancialinformationwasstolen
Communicationsiscriticaltosuccessfullymanagingadatabreach
• Thekeyismanagingtheresponse• Knowwhatyou’regoingtosay
Delaying,hiding,concealinginformationaboutcustomersisnotviewedfavourably
Today’srealityinanonlineworldcanwreakhavoconabrand,whichiswhyspeed,honestyandhavingaplanyoucanexecute,areallcentraltoaneffectivecrisiscommunicationsresponse.Evenonestatementtakenoutofcontextormadebyanemployeecanhaveadevastatingimpactonabrand’sbottomline.
JULY 2016:
Over1,000 USlocationsimpacted– morethan3.4timesthenumberoflocationsfirstannouncedinthefallof2015.Customerdata,includingcardholdernames,creditordebitcardnumbers,cardholderverificationvalues,andservicecodesstolen.
LackofcommunicationfrustratesOhiocreditunion:
Wedon'tknowhowlargeorsmalltheproblemis.Wendy'sisnotprovidingthatinformationfastenough,whichistypicalinthesebreaches.
- GretchenBartholomew,directorofoperations,Kemba FinancialCreditUnion
Targetwasavictimofoneofthemostwidespreaddatabreachesinhistory.MalwarefromthelaptopofanHVACcontractormadeitswayontoTarget’smaincomputernetwork.Throughthethird-partyvendor,hackerswereabletoaccessTarget’sdatabase.Morethan40million Targetcustomershadtheirdebitandcreditcardrecordsstolen.70millionpeople hadtheiremailandmailingaddressestaken
• Concernedconsumersfacedpoorcustomerservicewhencallingorsearchingformoreinformationregardingthebreachafterthenewsinitiallybroke.
• Quarterlyprofitsdroppedby46%asthehithappenedduring2013Xmasholidays
• Target’sCEOresigned• Breachcoststodate:$290millionUSD
• IttookTarget22daysfromitsbreach’soccurrenceforittoreportitpublicly
• IttookWendy’s51daystoreportitpublicly• Targettook19daysfromitsfirstannouncementtoconfirmpublicly
ithadremovedthemalwareandstopthebreach• IttookWendy’s143daystomakethesameannouncement
Veridian CreditUnionhasfiledaclassactionlawsuitagainstWendy'sTheclassactionclaimsWendy'sfailedtopreventthebreachbyupdatingitsPOSsystems
Despitethegrowingthreatofcomputersystemintrusion,Wendy'ssystematicallyfailedtocomplywithindustrystandardsandprotectpaymentcardandcustomerdata.
Veridian claimssecuritysystemswereoutdated,creditcardinformationwasn'tdeletedwhenitwassupposedtobe,antivirussoftwarewasn'tregularlyupdated,firewallsweren'tmaintained,andaccesstonetworkandcreditcarddatawasn'tmonitored.
• Franchisorsneedtolearnhowtoeffectivelycommunicatedatabreaches
• Lettingconsumersknowaboutabreachearlyoncanhelppreventdamagetoafranchise’sreputation
• Asuccessfulcrisiscommunicationsresponseforfranchisesrelaystherightkeymessagestoallstakeholdersasquicklyaspossible
How can you apply best practices to protect your franchise from a data breach or cyber crisis?
STEP 1: COMMUNICATE THE PROBLEM
Yourcrisiscommunicationsteam’sfirstpriorityistocommunicatedirectlywithyouraffectedstakeholdersassoonaspossible.• Takecontrolofthestory• Behonestandtothepoint• Letyouractionsandwordsshowhowdeeplyyoucareandare
takingthesituationseriously• Makesureyourcommunicationsanswersthemainquestions
• Sayhowthebreach:
§ affectsthoseimpacted§ whattheyshoulddotoimmediatelyprotectthemselvesand…§ whereandwhenyouwillprovideanotherupdate
COMMUNICATE
STEP 2: RELEASE YOUR OFFICIAL STATEMENT
• Draftanofficialstatementandpublishittoyourcrisiscommunicationshomebase
• Createalinktothisstatementfromyourwebsite’shomepage• Tellyourstory.Ifthemediawillbereportingonthis,thengive
themthe(true)storytouse.Thisisagoodwaytomakesureyoubecomethenarrativeofyourowncrisis
• Beashonest,transparentandcompassionateasyouwereinyourdirectcommunicationswithyouraffectedstakeholders.Focusonbuildingandstrengtheningyourrelationships
• Clearlystatewhattherepercussionsare,whatyouhavedoneandwhatyouwillbedoingtomanagethiscrisisandprotectthosewhoseconfidentialinformationhasbeenbreached
• Answerallforeseeablequestions– andcomebackandupdatethisstatementasmorequestionsgetanswered
• Titlethisstatementwithatitlethatwillrankwellforthekeywordspeoplewillusetosearchformoreinformation
• Provideacontactformediainquiries
STEP 3: MAKE SURE YOUR SOCIAL MEDIA TEAM IS READY
• Linktoyourofficialstatementfromyoursocialmediaaccounts• Monitorsocialmedia.peoplewillbegoingtoyourplatformsto:
§ Lookforinformation§ Askquestions§ Expresstheirupsetanddisappointment
Yoursocialmediateamneedstobearmedwith:
• Clearmessagingforproperresponse• Informationonwheretosendspecificinquiriesthatneedtobe
redirected• Aresponseflowcharttohelpthemanswerthetoughquestions,
suchaswhentorespond,andwhentoescalateaspecificcasetothecrisisteam
STEP 4: MONITOR YOUR ONLINE REPUTATION
Ifthehackhasgarneredenoughattentionmediaandbloggerswillreportit.Thesearticleswillbeindexedinthesearchengines,whichmeansthatyouwillwantto:
• Makesureyourcommunicationsarehelpingtoshapethenarrativeofthiscrisis
• Dowhatyoucantomakesuretheserankedarticlesarenotgoingtooverpoweryourownonlinepresenceandrankings
SUMMARY
• Communicate,communicate,communicate• Nosuchthingastoomuchinformation• Haveamediarelationsstrategy• Supportbrandtorebuildtrust• Demonstrateopenness• Commitmenttocustomers• Cybercrisiscanbecomeacrisisoftrustandloyaltyifswift
communicationsaren’tused
THE 3Rs
RESPONSIBILITY
• Takeresponsibilityforsolvingthedatabreach• Youractionswillreinforceyourwordsanddemonstrateyour
honestyandcommitment• Keyelementisyourdeterminationtoaddressandsolvetheissue,
notnecessarilyacceptingresponsibilityfortheunderlyingcause
REGRET
• Evenifitisnotyourfault,expressregretthattheproblemhasdeveloped.Thiscanbeachievedwithoutsacrificinganylegalrights
RESPONSE
• Timingisextremelyimportant• Youremployees,media,customersandthegeneralpublicmust
knowyouaretakingstepstodealwiththeissueandworkinghardtoensureitwillnotberepeated
PREPARE FOR THE WORST – HOPE FOR THE BEST
• Alwaysplanforincidentresponse.Yourplanshouldincludedetection,responseandescalation,engaginglawenforcementasappropriate,preservationofevidence,compliancewithregulationsandcontractualagreements,customerandmedianotificationandpublicrelations.
• Aprofessionalcrisiscommunicationsplanwillestablishabestpracticesprotocoltofollowandhelpmanagethecrucialearlydaysofacrisis
• Aplanwillprovetobeaninvaluableresourceforfranchisesthatmaybeoperatingwithoutoneinplacetoday,whichwouldbesimilartodrivingwithoutinsurance
• Holdamockcrisistoensureeveryoneisawareoftheirresponsibilitiesandtoseeareasthatneedtobeimproved