As a business owner, you want your communication with your customers to skew to the positive. You want them to feel confident doing business with you, and to trust that you are not only providing the best products and services, but that you are doing everything you can to protect the information that they share with you.
So when a data breach occurs, it’s easy to feel as if everything you have done to build customer relationships and loyalty is about to go out the window. And with good reason; recent incidents at major retailers have caused sales to decline as much as five percent or more, while small businesses are often forced out of business in the aftermath of a data breach.
While some argue that data breaches are inevitable, and IT security teams are constantly developing new strategies to keep sensitive data out of thieves’ hands, that’s of little consolation when you’re company’s data has actually been compromised. At that point, your priorities are to fix the leak, and communicate with customers about not only what happened, but also how you intend to correct the problem. Unfortunately, communication tends to be a weakness when it comes to security breaches. Many companies either wait too long to reveal the breach, or provide information that creates more questions than answers.
However, if you have a plan in place before a breach occurs —again, many security experts say that it’s not a question of if companies will experience a breach, but when— and know the best ways to communicate with customers, you will have a better chance of getting through the crisis with both your reputation and your customer base intact.
Data Breach Crisis Communication 101
Effectively communicating with customers after a data breach comes down to three key points:
- Announce the Breach Immediately
Many companies are hesitant to let customers or users know right away, for fear of speaking too soon — not to mention, announcing that personal information is compromised is never a good thing. However, waiting days or even weeks (or longer) to announce a problem is only going to backfire. First of all, companies that collect personal data are bound by law to report breaches within a certain timeframe. For your customers, though, the sooner that they know there is a problem, the earlier they can detect anomalies in their accounts and take action. You must have a communication plan in place, and be prepared to activate it the moment you detect an issue.
- Prepare to Answer Questions
Even when you proactively provide as much information as possible after a breach, there will always be customers who need and want more information. If you aren’t prepared to handle an onslaught of phone calls, emails, and social media posts, you’re only going to frustrate them. You must be ready to respond to customer inquiries online and via phone, which could mean creating dedicated phone numbers and online accounts. You must also train staff in advance in how to properly reply to any queries. If you cannot respond right away due to the volume of inquiries, let customers know when they can expect a response.
In addition, be prepared with a dedicated website that customers can visit to learn more. Mailing letters and reaching out to the media can also help with the flow of information.
- Announcing Your Action Steps
Your customers’ primary concern is their own personal information, so immediately share what you are doing to protect it. Many companies have started offering credit and identity monitoring services to those customers affected by breaches. As a company that collects personal data, be prepared to launch such a service the moment you learn of a breach. You should also be willing to provide as many details as possible about how the breach occurred, and what you are doing to prevent it from happening again.
Again, the most important step in preparing for a breach is to develop a plan before it happens. Understanding who needs to be communicated with (governmental regulators should be notified before customers, for example), how to communicate with them, and what needs to be said is vital.
Above all, when it comes to data breaches, honesty is the best policy. Waiting too long to communicate, or underplaying the extent of the breach will reduce your customers’ trust in you, and once trust is gone, it’s very difficult to earn it back. When you are upfront and proactive, though, you can usually salvage your business and avoid any lasting effects.