paint-brush
Tips for Managing the Reputation of Your Company after a Cyber Breachby@oap
159 reads

Tips for Managing the Reputation of Your Company after a Cyber Breach

tldt arrow

Too Long; Didn't Read

In 2013, target suffered a major data breach. Hackers stole 40 million customer credit and debit cards, and 70 million customer records. Target's reputation took a hit. Discover ways to protect your company's reputation from suffering the same thing.
featured image - Tips for Managing the Reputation of Your Company after a Cyber Breach
Akachukwu Obialor/akachukwuobialor@gmail.com HackerNoon profile picture


In 2013, Target suffered a major data breach. Hackers stole 40 million customer credit and debit cards, and 70 million customer records.


As a result, Target paid a whopping 18 million dollars to regain control of its system.


That’s the least of it.


Target lost over $200 million in revenue a year after the attack. It reported earnings that were 46% lower than expected. And customers lost the confidence to shop with them.


One year later, their reputation had dipped by 54.6%. And the decline rose to 84% five years later.


The reputation of a business is everything. And when cyber breaches occur, the reputation that took several years to build may disappear in a flash. It’s even worse for small companies without a strong brand.


You can prevent such a thing from happening to your company with knowledge of reputation management and a willingness to implement it.


Below, I’d share tips to protect your brand's reputation after a cyber breach.


We’d start with a definition of reputation risk management, and its importance as it relates to cybersecurity. Then move on to give tips you can implement pre- and post-hack.


Let’s get started.


What’s reputation risk management?


Reputation risk management are efforts taken to reduce the damage a cyber breach can do to a business’s reputation. Depending on the attack’s severity, it may be a simple apology letter or an extensive, all-out PR campaign.


Reputation risk management assures customers and investors that you're doing everything you can to fix the breach.


Results of poor reputational management


Loss of customer trust

Customers surrender their personal details to you because they trust you'd protect them. That trust is broken if their data is compromised.


And as Target learned the hard way, it takes years to regain this trust.


Investor distrust

Investors may still stay with a company doing its best to fix a data leak.


But when there’s a lethargic response or the appearance of such, they jump ship. And as one would expect, that’s terrible news for the financial status of a company. Even financial studies prove this.


A company’s stock prices drop by 3.5% after a cyber attack, underperform the Nasdaq by 3.5%, and perform poorly for as long as six months, per a study.


Loss of business partners

Hackers sometimes gain access to big corporations through the digital infrastructure of small businesses. It’s why businesses steer clear of other businesses that have been compromised to protect their reputation and the data of their clients or customers.


And in the current financial ecosystem with a complex value chain where every company relies on each other, that’s bad news.


Huge financial expenses

Poor reputation management makes legal authorities and those affected think you’re doing nothing to remedy the situation. And that’s very costly – literally.


You'd spend money on legal fees to defend against lawsuits, settle fines, pay settlements, and so on. This can continue for years after an attack.


Reputational risk management prior to an attack


It’s best to have an incident response plan you can execute immediately, rather than wait until after an attack.


Here’s what to do:


Develop a playbook and run simulations

The first hours after an attack are key. Inaction or a refusal to act can bite you later. It’s valuable to have a playbook you can execute immediately.


Here’s what a playbook should contain:


External and internal communication plan

A vital aspect of reputational risk management is effective communication. And you can’t be scrambling to set up a communication system after an attack.


Kevin Sandshafer, COO & VP of Cyber Risk and Assurance, White Tuque says “it can take weeks — which a company cannot afford — to develop and gain legal approval for these types of communications”. Your reputation may have already suffered irreparable damage by the time the approval comes in.


An effective communication plan contains:


  • Communication channels between departments

The line of communication between departments should be clear. Legal should know who to contact in the IT division. The department of internal communication should know who receives which email. And so on.


  • Pre-designated roles

Who's in charge of the communication efforts? Who meets with affected business partners? Who stands in as the IRC (incidence response co-ordinator)


Assign these responsibilities beforehand. Else, you’d spend valuable time in meetings, trying to designate who does what after an attack.


  • Templated messaging for external communications

An effective way to handle external communications is to create message templates. These messages will honestly explain the scope of the cyber attack, and the steps taken to solve the problem.


The goal is to provide clear, consistent messaging to customers, business partners, and the public across all channels — social, print, etc.


Kevin Sandshafer says that from experience, this can save time, ease stress, ensure all key facts are captured, and gives sufficient time to the legal department to vet the message.


Incident management workflow

An incident management workflow is a thorough process for identifying, investigating, and responding to cyber security threats.


It covers proactive steps to detect, analyze, contain and remediate incidents as quickly as possible while minimizing their impact.


It’s generally divided into:


  • Discovery: when the attack is first discovered
  • Detection: Technical team uses different tools to try to pinpoint the cause and source of the cyber attack
  • Eradication and containment: This involves plugging the source of the hack and preventing the attack from spreading to other systems or networks.
  • Post-hack evaluation: This is a time to review the cause of the attack and the effectiveness of the response to it.


The incidence response workflow isn’t always straightforward. Here’s an example;


You discover several sources of an attack. Together with the IT team, you eradicate and contain one source. Then do the same thing for the next source. And repeat it for the one after that, until you’ve contained all of them.


Important tip:


A playbook shouldn't remain on the shelf. Hold company-wide simulations frequently to familiarize everyone with the response framework and plug any gaps you discover.


According to Kevin Sandshafer, “companies must include areas outside of IT, especially Legal, Public Relations, C-suite, and even the business to ensure a practiced, coordinated approach to communicating with impacted stakeholders”.


Also, Robert D. Stewart, Founder & CEO, of White Tuque, adds that “Exercises allow you to test those Playbooks and your organizational response to a cyber attack. Employing an engaging activity allows your organization to not only gain valuable experience in defending against a cyber attack but is also an opportunity to look for gaps and improvements within those Playbooks”.


Reach out to external experts

Don’t wait to hire a PR or legal expert until after an attack.


You can't afford to waste precious time negotiating fees and setting up contracts after an attack has occurred. The longer you take to respond, the harder your reputation gets pummeled.


Build a relationship with a PR, Legal, and cybersecurity firm. Negotiate a contract and put them on retinue if you can.


Train customer service in handling complaints from affected customers

Customer service is usually the first contact the public has with your business after an attack. And their response can either ease their concerns or worsen the already bad situation.


Train customer service reps in demonstrating empathy, especially when the customer begins to vent their frustration. Make sure they know which channels to use to file complaints. Also, craft customer policies and protocols, which your employees can refer to during an attack.


Clients can sue you for revealing sensitive details of an attack. Kevin Sandschafer gives a great example of this:


“A company was not aware that they were not allowed to communicate details of a data breach to certain client accounts until the client approved the messaging. After a data breach, there was little time to get permission before sending out mandated notification of the data breach. This led to additional legal risk and angered major national account holders.”


To avoid such misunderstandings, get together with your legal team to break down the legal language in all contracts. And if there’s a clause affecting what you can share after an attack, iron it out immediately.


You can either re-negotiate the contract or take note of the liability when creating your messaging templates.


Reputational risk management post hack

Every hour after an attack is crucial. The actions you take will determine whether your reputation survives.


Here are tips to save your reputation.


Take immediate steps to protect the remaining data


Work with cyber security experts to figure out where the leak came from. Then work hard to plug it.


In addition, implement strictly the principle of least privilege (POLP). Restrict access to confidential information to only employees who need it to do their jobs successfully.


Implement additional security features, such as multi-factor authentication. And set up a monitoring system that keeps track of every login, activity, and change in the system. This helps detect any suspicious behavior and minimizes the risk of further damage.


Also, work with experts to strengthen cyber security protocols and forestall a reoccurrence.


Have a meeting with internal stakeholders to align communication

Once the attack has been discovered, it’s important to have a meeting with internal stakeholders to discuss communication strategies. This meeting should be very brief.


The agenda should revolve around the information available about the attack, and how to communicate it to the public and partners.


All of this information should be sent to the person responsible for communication as per your incident response plan.


Also, ban employees from commenting about it on socials. Even if it’s to defend the company from trolls. It may come across as being insensitive.


Report to law authorities and regulatory bodies

You should report to the appropriate legal and regulatory authorities immediately. Otherwise, you could open yourself to fines, sanctions, legal battles, and of course, negative press.


Contact the local law enforcement or appropriate state or federal law enforcement authority in your jurisdiction to report the breach. Be transparent about it and work with them to find ways to solve it.


Don’t overshare

Take for instance you share details of an attack too early and come back later to correct it. The public will distrust you. And they won’t believe whatever you tell them later, even if it’s the truth.


To avoid such, share details of the hack in bits as you learn about them. This way, you assure those affected that you are taking all steps to fix the problem, and you also prevent having to apologize later for sharing false information.


Reach out to external stakeholders affected

It’s a huge mistake to keep external stakeholders in the dark. It’s even worse, to let them hear of it from somewhere else, rather than you.


You lose control of the messaging, and it makes it seem like you’re downplaying the issue. They’d find it hard to believe you’re doing your best.


Let them know:

  • The damage. Don’t downplay the effect of the attack. Every detail matters.
  • The cause of the attack: Let them know the details you’ve gotten so far about the source of the attack
  • What is being done to fix it: Lay out the efforts currently underway to remedy the situation. Lay it all out. Even the stuff you feel doesn’t matter.


When communicating with your external stakeholders, you can refer to the messaging template you created pre-hack. Interface with legal and PR experts to make necessary alterations to it before sending it out.


Practice reputational management to protect your reputation

The reputation of every business is as important as the product or service they offer. Take these steps before and after an attack to protect your reputation, and respond better to any future attack.