Troy Hunt– the Australian web security expert – may have an unlikely moniker worthy of ‘Mission Impossible’, but there is nothing false or fictional about his recent blog. He has just uncovered a data stash containing 770m stolen email address– a revelation that has sent a shock wave throughout the world.
Hunt believes that this global theft is “made up of many different individual data breaches from literally thousands of different sources”.But this does nothing to reduce the scale or the seriousness of the crime. It is graphic proof – if ever we needed it – of our vulnerability. Data breaches now appear to be as inevitable for large organisations as claims are for insurance companies.
This reality does not mean we should throw in the towel. Preventing online invasion and data hacking must always be our top priority. But it does beg the question: what should you do after a data hack is discovered? How should you respond to such a serious breach of customer trust? And how can you minimise the cost and disruption to your business?
There is a lesson here to be drawn from the Insurance industry. After many years of refusing to acknowledge claims in the hope of avoiding or deferring payment, insurance companies realise that reconciliation and rapid resolution can unlock huge competitive advantages. Companies that handle claims sympathetically and swiftly – by not making a drama out of a crisis – are very likely to win the loyalty of old customers and the admiration of new ones.
The new breed of tech-based insurers has been quick to embrace this truth… and to set the bar very high. Lemonade boasts that it can handle and settle claims in just 3 seconds! And turning a perceived negative into a trust-enhancing positive has applications far beyond insurance…
It’s time that companies coping with serious data breaches had the same ‘Damascus’ moment. What’s more, there’s now an additional, very intense pressure to transform…
GDPR has turned the data issue into headline news. The recent record £44m fine levied against Google by the French data protection watchdog CNIL is evidence of this new hard line. The prospect of hefty financial penalties matched by the trust-shredding publicity is certainly focusing corporate minds. Enlightened organisations are now tooling up to differentiate themselves when the seemingly inevitable data breach happens.
In the past, suppression and even denial would have been the reflex reaction. Today, the risk of regulatory fines is forcing a new transparency. Here’s how savvy senior managers are cleaning up their act…
There are some immediate steps that you can take to minimise potential damage:
Instead of hiding behind the corporate stockade, companies are learning that it’s often better to come out and confront issues. Here are a few starter suggestions…
Invite anyone worried about possible breaches to log on to a portal where they can see exactly what personal data may have been hacked and what decisive steps the company is taking to protect them. Such steps could include alerting a customer’s bank or credit card company and even providing free access to credit-watch services. By offering genuine assistance that exceeds expectation, companies will steal a march on most rivals who are still cowering behind the stockade.
Despite the best efforts of companies, hackers will still be working to break through barriers. They will continue to steal email logins (a topic covered in my earlier article). The bottom-line reality is that no-one and no organisation is safe. As Jake Moore, a cybersecurity expert at ESET UK said in a recent article: “If you’re one of those people who think it won’t happen to you, then it probably already has!”
But for hacked companies there is a reprieve. A chance of redemption. Honesty, transparency and swift support will not just re-build trust, they will also restore reputations and build profits. Adversity really can breed competitive advantage.