The clock begins ticking from the moment a breach is discovered. The sooner you get it reported, the better. Once you’ve notified appropriate authorities, you’ll need to assess the best way to inform your clients. Informing your valued clients of this issue is never a comfortable thing to do, but it’s how you tell them that’s key. Above all, it is important to keep your clients at the heart of your cyber response plan.
First, gather all the information in order to reach out to the individuals who may have been affected. Then decide what method you’ll use to inform clients a breach has occurred and their personal data has been exposed. There should be a formal announcement that goes out to the public, and the method and channel used will be dependent on the severity of the breach and the size of your business. You should reach out directly to those that were personally affected- this is a critical component of your cyber response plan.
An old-fashioned letter can be the most effective and trustworthy way of informing clients. Yes, it takes longer than an email, but for some, an email may cause a feeling of increased lack of trust and it could be viewed as a scam or even ignored altogether. You can assess the scenario to determine what is best for your specific case. If you wish to use an email, it can still be an effective first point of contact for anyone who was directly affected, and it’s immediate. Keep in mind that no matter the method, having your logo, typeface, and staying true to your brand will act as a trusted source during this turbulent time.
Who Should Communicate the News
Depending on the size and structure of your organization, this will vary. If you have a risk compliance department or data protection officer, they will be the ones to enact your cyber response plan. Breach communication efforts can also come from the company PR department or the CEO themselves. Whoever is appointed, however, should be someone within the organization with a certain level of caliber and full grasp on the business’s data protection.
Information to Provide
Clients will want to know what has happened to their data, such as what categories of information have been compromised and what protective measures they should take. Begin by fully explaining the breach (including the data type and the extent of the compromised information). Were email addresses and usernames revealed? Were passcodes and personally identifiable information stolen? Do not try to hide anything from them because they have a right to know. Once you have been able to confirm details, you convey this information clearly and promptly. The key is to be as clear and accessible as possible. Also, make sure that the information you provide is in layman terms, stay away from jargon or terminology that could be confusing to your clients.
Be Ethical, Transparent and Prepared
Unfortunately, data breaches are not uncommon so it is crucial to have a plan for handling them, especially to communicate these types of incidents to your clients. While it’s important to be honest and thorough in your communication, it’s also important that you protect both your clients and your business in the aftermath of a data breach.
A single data breach can become financially devastating for your business if you are not prepared. Essentially, it is the way your clients are treated within your cyber response plan that will make or break your reputation. Simple preparation well ahead of time will put your business in a strong position in a time of crisis. Ultimately, how you decide to inform your customers will determine your future client relationships and success of your business.
About The Rubin Group
Based in New York, The Rubin Group provides insurance in most of the 50 states. Our full-service insurance brokerage provides insurance and risk management services to individuals in all income brackets and businesses of all sizes and types. We understand that every client has unique coverage requirements, and we are passionate about providing the ideal individualized coverage for each customer. Each member of our team takes the time to truly understand your situation, the particular risks you anticipate – and the very real risks you’ve not yet contemplated. For all of your insurance needs, contact us at The Rubin Group at (877) 806-7239!