How to safeguard brand reputation, reassure customers after a security breach

Effective crisis response demands companies be prepared in advance of a security breach to better protect their brand reputations and reassure their customers, suggests Affect, a New York City-based public relations and social media firm that specializes in technology, healthcare and professional services.

To properly respond to a crisis, the four phases of crisis management – readiness, response, reassurance and recovery – “must be ready to go at a moment’s notice,” Sandra Fathi, president of Affect, says in a company statement issued Wednesday. These stages include developing materials messages and prepared statements, preparing delivery channels such as hotlines and social media platforms, and training employees regarding awareness and organizational procedures, Fathi says.

Affect offers four tips meant to help companies safeguard their reputations and reassure their customers following a security breach.

• develop a fully locked and loaded response plan – A cyber attack plan should be in place as part of an organization’s crisis management strategy. Anticipating and having a clear understanding of the kinds of threats that could influence the business and industry will help a company get ahead of a crisis.
• the customer is top priority – It is important to be honest with customers about a breach and inform them about what has happened as soon as possible, especially if personal information is at stake.
• monitor the situation in real time – Develop a social media response map that outlines anticipated situations and correlated standard responses. While positive engagements via social media boost a brand’s respect, companies must always monitor for negative interactions in real time and be even more stringent during a security breach. At these times, customers will turn to social media to respond to situations, regardless of their allegiance to the brand.
• do not repeat the same mistakes – Customers may or may not forgive a first offence, so a second go-around is even harder to rebound from. Companies must carefully document and analyze each breach to identify how it happened, why it happened and how to prevent such an event in the future.

Every company needs to demonstrate three things in the wake of a data breach, Adam Levin, chairman and founder of IDT911, a provider of data risk and identity management services, said in an interview with ABCNews.com. “Urgency, transparency and empathy are all critical,” Levin emphasized.

“Cyber breaches, specifically Distributed Denial of Service (DDoS) attacks, will continue to be a serious issue as attackers become more agile and their tools become more sophisticated,” adds Radware, a global provider of application delivery and application security solutions.