Recent high-profile data breaches have put the threat of a cybersecurity incident at the forefront of every CIO’s mind. Especially now that many people are working remotely, companies are facing unprecedented threat levels.
With so many organizations affected by security breaches worldwide, it shouldn’t be a surprise that digital information is now the most commonly reported form of fraud according to the FCC. Any business that uses the internet in any capacity should create a culture of security that adds consumer confidence.
The reality is that these cybersecurity incidents have become more impactful as they target essential services, including everything from gasoline to health care. Here’s how data breaches and other security events hurt your brand, and what you can do about it.
Read more: Ransomware Attacks Rise Dramatically
What Happens After a Cybersecurity Incident
No one is immune to security incidents; they can happen to smaller startups that may not have safety protocols in place, as well as larger companies that claim to be well-prepared for such an attack.
For instance, Sony stock took a prolonged hit in April 2011 when hackers stole the information of 100 million users of the PlayStation Network. While Sony has since been able to recover, some companies are not so lucky.
Read more: How to Create a Disaster Recovery Plan
In 2019, a U.S. telemarketing firm called The Heritage Company suffered a ransomware attack that forced them to close their doors just before Christmas, leaving hundreds of people unemployed.
Likewise, Wood Ranch Medical shut their doors in 2019 after a security incident locked them out of customers’ data and infected systems to the point of no return.
How to Bounce Back After a Major Event
Equifax is an excellent example of a brand that didn’t let a cybersecurity incident stop it.
Back in 2017, hackers breached their systems and stole the personal and financial data of more than 147 million people in the U.S., including Social Security numbers, home addresses, driver’s license numbers, and credit card numbers.
The Equifax incident is considered the worst corporate data breach to date in the U.S. due to the nature of the information stolen. In 2019, Equifax “agreed to pay at least $575 million, and potentially up to $700 million, as part of a global settlement with the Federal Trade Commission, the Consumer Financial Protection Bureau, and 50 U.S. states and territories,” according to the FTC.
Read more: You Really Can’t Do Enough Security Training
Equifax was underprepared to handle the fallout. They mismanaged the public disclosure of the breach, as well as its efforts to make resources available to those impacted. So how did Equifax bounce back?
Equifax has since hired a new CISO, Jamil Farshchi, and invested $200 million in data security — including processes for patching, vulnerability management, and certificate management.
Another primary priority for Equifax has been strengthening access control protections and identity management across the company. Farshchi has also increased the security team, so Equifax can offer proof of compliance and overall progress.
How to Restore Trust When the Worst Happens
There are steps you can take to earn back support if a cybersecurity event transpires.
Prepare Now With Planned Improvements
Implement security best practices now to reduce the impact of an event. Data encryption can protect confidentiality, a backup plan can hasten recovery, and network segmentation can isolate the incident and the degree of impact.
Read more at ServerWatch: Server Security Best Practices
Be Accurate and Specific
Analysis shows that a CEO who immediately and effectively communicates about the cybersecurity systems the company has in place will help reassure both customers and the stock market after an event.
Broadcasting that your company invested in cybersecurity before a hack shows that the company took security seriously, especially for its customers’ privacy. Even if these measures didn’t stop the attack, talking candidly about attack prevention can help mitigate some damage.
One blunder a company doesn’t want to mirror is Uber’s cover-up after hiding their attack for over a year.
Back in 2016, Uber didn’t report it had been breached. Instead, Uber paid the hackers $100,000, making it appear as though the payment was for a bug bounty. It even got the hackers to sign non-disclosure agreements, lying about the attack. When Uber publicly disclosed the incident in 2017, there was significant damage to their reputation and a hefty fine from the FTC.
Good Cybersecurity Policy Protects Businesses
Of course, strong cybersecurity policy can help protect your customers’ information and maintain their faith in your business.
A cybersecurity incident can have significant financial ramifications, and it’s getting worse. According to Accenture, the average cybercrime cost to companies increased by 72% between 2013 and 2018. Enterprise security management may just save your business.
While consumers are right to be concerned that their personal information may be compromised, companies have broader cybersecurity considerations: the loss of intellectual property, disrupted operations, loss of investor confidence, and, of course, decreased customer trust. Invest in robust protections now.
Read next: What is an Advanced Persistent Threat (APT) Attack?