Cyber attacks and security breaches are all too common these days. Last month, Yahoo confirmed a data breach that led to 500 million user accounts being stolen. Earlier this year, ADP experienced a security attack that revealed the payroll, tax and other confidential details of nearly 640,000 businesses. With data breaches becoming increasingly common, it is no longer a question of if, but when your business turns a victim to such attacks.
Such attacks can inflict a huge blow to customer confidence and trust. This is especially true if confidential customer information such as social security and financial details get exposed. How does a business reach out to their customers in such cases and ensure that their trust stays intact? Here are a few pointers.
Do Not Cover Up
It may be tempting to keep any information about a security breach under wraps and hope that this minimizes the impact on your brand or profits. But as is often the case, covering up such mishaps only worsens the situation when the truth is eventually out. Not only that, coming clean from your side demonstrates accountability and tells customers that your business cares less about profits and more about them. One study found that customers are often understanding when it comes to businesses committing mistakes and nearly 93% of them believe that coming clean during such incidents reflects positively about the company.
Explain What Went Wrong & How You Are Taking Care Of It
Most businesses understand the need to apologize when mistakes happen. But avoid using PR-speak in your apology. Instead, make it a point to explain to your customers how the security breach happened, what measures you had taken before the incident and what additional steps are being taken to avoid a repeat of such incidents. Security breaches inevitably shake up the confidence and trust that a customer has on your business. By detailing the steps you are taking hence-forth, customers can be better-informed about your operations and will feel more assured to trust your business.
Avoid Security Theater
Businesses often make the mistake of resolving customer trust issues through what is called a “security theater”. This is basically building product features that make it seem like the product is more secure than it really is. Creating ridiculously complex password rules is one of the more common examples. According to Cassity Ming, the Marketing Manager at SecureDocs, such exercises can potentially create a false sense of security among customers and may make them complacent and thus more vulnerable to future attacks. Instead, focus on real security enhancements like multi-factor authentication or advanced encryption.
Customers are likely to give businesses the benefit of doubt when the breach happens for the first time. However, when such breaches happen more than once, your apologies and explanation can no longer bring back your credibility. So it is important that the measures you take are absolutely fool-proof.
Set Up A Generous Bug Bounty Program
One way to build confidence among your customers is by making them a part of your security enhancement process. This can be done by launching a generous bug bounty program. Such programs allow your customers to take the role of ethical hackers and try to find loopholes in your system. By doing this, not only do you get more people interested in securing your infrastructure, you may also end up discovering bugs that your own in-house team may have failed to identify.