At her peak, Judith Martin, aka Miss Manners, wrote a popular advice column that was featured in over 200 newspapers. She helped guide many hapless people through difficult social situations – and some not-so-difficult social situations (like which fork to use for your salad).
“Etiquette” is the established practice of behaving with proper courtesy and manners. Nowadays, such things have fallen by the wayside. You can go whole days without even hearing a simple “please” and “thank you.”
Obviously, data breaches are a more serious offense than a social faux pas. But according to FierceCIO, some IT experts suggest that by following basic data security "etiquette" after a breach, CIOs and security technicians can limit the damage done to their organization and prevent identity theft among their consumers.
Why Etiquette Applies to Data Breaches and ID Theft Prevention
It might seem like a stretch to apply the idea of manners to a data breach, but it's important to remember that data breaches are more than just a technical problem. You're dealing with real people who will have many questions about their data security.
In "Survey: Customers Find Data Breaches Only Slightly Better than Oil Spills," we reported on new research that shows how bad data breaches look in the eyes of customers. Data breaches are a PR nightmare, one that can permanently damage a company's reputation.
Handling a data breach properly requires you to interact with customers and clients in a difficult social situation. On the one hand you need to soothe their anxieties and limit the damage to your reputation; on the other you need to break the bad news in a clear way that stresses the gravity of the breach.
The public relations mess caused by a data breach requires careful handling, so let's look at how to ace your communications in this difficult time.
What to Tell Your Customers after a Data Breach
As an IT consultant, you'll be working with clients to craft a careful response to the breach that affected their customers. The way you respond to a data breach can determine how well you're able to limit damage. With that in mind, here are some of the guiding principles to help you plan a response:
- Give customers an accurate picture of what happened. Customers want a clear picture of how their data was lost. It will help them regain confidence in your client's company when you explain what you've done to fix the security issue.
- Don't sugar-coat the bad news. In order for you to prevent identity theft, you'll need to convince consumers that they should take the breach seriously and be ready to watch their bank accounts for signs of fraud or theft. You're liable for customer ID theft, so it's important that they understand what they can do to prevent it.
- Explain how you've addressed the issue. What security flaws have you fixed? How have you improved your security?
- Explain the next steps. People always want to know "what now?" If you're offering credit monitoring for customers, explain how they can sign up. Give contact information for your data breach hotline or offer other ways customers can get in contact with you if they have questions about security or what they need to do next.
Why the Time to Think about Data Breaches Is Now
It's better to plan for a data breach now, before it happens, than to be scrambling to do everything right after one occurs. For this reason, security experts recommend that you have a data breach response plan in place now. A data breach plan can be a big help in a moment of crisis – and it can even save you money.
The Ponemon Institute's research has shown that taking a strong security posture, writing a data breach plan, and having a Chief Information Officer at your client's company can actually reduce the cost of a data breach by 17 percent.
To learn more about what you'll need to include in your plan, see our "Data Breach Response Guide."
Good Manners and Good Insurance Coverage
You probably weren't thinking that data breaches had anything to do with etiquette and manners, but like these social norms, a good data breach plan guides you through a difficult situation, helping you treat your customers with proper courtesy and honesty.
By clearly and effectively communicating after a data breach, you can reduce your liabilities and even potentially lower the damage the breach does to your clients.
As part of your data breach preparation, make sure you have adequate Errors and Omissions Insurance, which protects you from lawsuits if clients sue you over breaches, security errors, and other IT mistakes. Having adequate insurance helps you focus on shoring up a client's network without having to worry about the cost of a possible data breach lawsuit.
E&O coverage can start at just $80 a month for an IT contractor, offering peace-of-mind and financial security benefits for about the same price as your smartphone bill. To learn more, see our E&O Insurance cost estimates for IT companies.