Why Radio Silence is the Wrong Response to a Cyber Event

Introduction

Have you ever had personally identifiable information exposed in a data breach? Whether it was your own or somebody else’s, cyber events like this are increasingly common nowadays. In fact, 422M people had their information exposed in 2022.

Depending on what you do for work, you may be responsible for protecting the private data of all sorts of people, from fellow coworkers to clients to government organizations with whom you do business! Couple that with the fact that 95% of data breaches are borne of human error, and you start to see that it’s a matter of if and not when you will be compromised in a breach.

Why Trust and Transparency Matters

Transparency and communication are key when in the middle of a cyber-event, especially one that impacts others’ PII on top of your own.

Think about it: the most important aspect of customer loyalty is TRUST. When you agree to let a company track your cookies, you expect them not to share that data with random people. If you tell something to your doctor or attorney, you expect them to keep it secret. Were any individual or company to break that trust, you would probably stop using their services. In today’s digital age, it’s even common to blast them on social media!

The same basic concept is true when you experience a breach that affects other people’s data. They want to know how it happened, what you’re doing to fix it, and what steps you’re taking to prevent it from happening again.

There are certain laws that may apply to you as well, which could dictate what you have to tell affected parties in a data breach. For example, banks must report significant attacks within 36 hours. Familiarize yourself with the regulations that apply to you!

The Solution is Simple

The best way to foster trust, even through an emergency, is honesty and communication. Walk those who were affected through what’s going on, so that they feel confident you’re handling their data with as much care as possible.

Let’s say you work in telecommunications, an industry that’s been facing a barrage of cyberattacks lately. If your company’s database was breached, you might send out a mass communication to anyone who was potentially affected, telling them things like…

• how many people’s information was exposed
• what information was compromised; like names, account numbers, email addresses, etc.
• what steps the company is taking to mitigate the damage, like cooperating with authorities and reimbursing stolen fund
• how you plan to prevent this type of attack from happening again

Of course, don’t do anything without the permission of your bosses, IT team and the authorities first!

Conclusion

Over half of businesses were involved in cyberattacks last year. SMBs have found themselves the target of such attacks increasingly often. If the same happens to you, don’t keep it secret. Transparency, especially through hard times, fosters the best long-term relationships and customer loyalty.

It’s not always our fault when information is exposed. Another insider or outsider threat could be behind a breach; what matters is keeping calm and remembering that the affected parties are looking to YOU as the gatekeeper of their privacy!

References

• https://techcrunch.com/2023/03/29/silence-gets-you-nowhere-in-a-data-breach/
• https://www.statista.com/statistics/273550/data-breaches-recorded-in-the-united-states-by-number-of-breaches-and-records-exposed/