Ever since the Facebook data breach debacle, there has been a close eye on companies regarding how they deal with data breaches. There are many examples through the past few months that could serve to illustrate the technological anxiety we as a nation are wallowing in. Equifax revealing that the data breach, which went public last year, has turned out to be more severe than previously thought really paints a clear picture of the angst people feel with giving out personal information.
Customers have become desensitized to the fact that, as apps and programs gaining access to our personal lives has become the standard cost of being socially connected and functional, the occasional data breach is inevitable. Companies have to reckon with the public backlash, the correct route to protection, and the devastating costs of recovery (the city of Atlanta spent $2.6 million recovering from a $52,000 ransomware demand). Meanwhile, the average citizen has to re-evaluate how much they trust companies.
It seems all too often that a company responds to a data breach by issuing a press release or a cluster of “personalized emails” apologizing for the incident and promising that this will never happen again – a promise that seems to not hold much weight as data breaches seep into the public conscience at an unprecedented level. Sure, we appreciate companies notifying us of data breaches. But after reading yet another press release stating “we take the security of our customers very seriously”, one has to ask the questions:
- Why weren’t they more proactive in protecting, monitoring, and detecting threats?
- What reason is this company actually giving me to stay loyal to them?
Companies need to put in the work to prepare for these breaches, by studying other company’s issues and by consistently monitoring their network health. It is imperative that companies have a formal system in place that dictates the precise steps that will be taken in case of a data breach.
Act, Then Analyze Data
Once a company is aware of a breach, they should be working to ensure that their exposed vulnerability does not yield more data leakage. All entry and exit points should be closely analyzed and immediately patched up to ensure minimal damage.
The worst thing a company can do is wait for an investigative journalist to leak their story. Companies need to be open, honest, and communicative in a timely fashion about the state of people’s data security. If someone else has to reveal that your customer’s information was breached, people are going to be immediately less receptive to any apology and trust will be broken.
Our information is a valuable asset. It is important that we hold companies to a high standard in how they handle that information.