Bonus Online Article: 4 Tips to Safeguard Reputation and Reassure Customers After a Security Breach

December 19, 2014


2014 has been riddled with highly publicized data security breaches of all shapes and sizes, affecting notable brands such as Sony, Target, Neiman Marcus, Home Depot, and JP Morgan Chase. At this stage, it is not a question of if your company will experience a breach, but when.

Here are four guidelines for organizations to protect brand reputation in the event of a security breach:

1. Develop a fully locked and loaded response plan.

In the digital age, it is essential to have a cyber attack plan in place as part of an organization’s crisis management strategy. Companies can get ahead of a crisis by leveraging social media to diffuse damaging situations. In order to prepare, be sure to anticipate and understand the kinds of threats that could influence your business and your profession.

There are four phases of crisis communications: readiness, response, reassurance and recovery. In order to properly respond to a crisis, each stage must be ready to go at a moment’s notice — develop materials such as messages and prepared statements, prepare delivery channels like hotlines and social media platforms and train employees regarding awareness and organizational procedures.

2. Remember that the customer is the top priority.

Arguably the most important step in maintaining a brand’s image amid a breach is to be honest with customers and inform them about what has occurred — the sooner the better, especially if their personal information is at stake.

In fact, 47 states have Security Breach Notification Laws that govern communication with customers in the face of a security breach, including the timeline for those communications. Several weeks elapsed before Target released an official statement to their customers and, as a result, it experienced massive backlash from customers, other organizations and the media.

Adam Levin, chairman and founder of IDT911, a provider of data-risk and identity-management services, believes that every company needs to demonstrate three things in the wake of a data breach. “Urgency, transparency and empathy are all critical. I don’t think [Target] showed enough of those three," Levin said in an interview with Not being upfront with customers can result in a loss of confidence in the brand that not only could hinder the company’s reputation, but also could lead to a loss in revenue.

3. Monitor the situation in real-time.

Social media can be a powerful tool but “with great power comes great responsibility.” While positive engagements boost a brand’s respect, companies must always monitor for negative interactions in real-time and be even more stringent during a security breach, as customers will turn to social media to respond to situations, regardless of their allegiance to the brand.

Develop a social media response map that outlines anticipated situations and correlated standard responses to avoid a last minute shuffle. Don’t shy away from angry customers that post adverse comments. And depending on the situation, it may be worthwhile to engage with these individuals in a private forum and resolve their concerns, taking the negative sentiments offline.

4. Don’t repeat the same mistakes.

For brands, it is especially important to avoid making the same mistakes twice. Customers may or may not forgive a first offense, so a second go-around is even harder to rebound from. Companies must carefully document and analyze each breach to identify how it happened, why it happened and how to prevent such an event in the future. Consider changing security vendors, deploying new software, retraining staff and amending company policies. It is also important to communicate these changes to customer to reassure them that a similar breach will not reoccur.

According to Radware, a global provider of application delivery and application security solutions, “Cyber breaches, specifically Distributed Denial of Service (DDoS) attacks, will continue to be a serious issue as attackers become more agile and their tools become more sophisticated.” The company’s 2013 Global Application and Network Security Report provides more detailed information on security trends.

As cyber attacks continue to become more and more sophisticated, it is only a question of when — not if — a company will experience some type of security breach. Most communicators do not have control over the systems and procedures that govern security in their own organizations. However, preparing a crisis communications plan prior to a breach can help ensure that companies protect their reputations, customer relationships and revenue in the long term.

Sandra Fathi
Sandra Fathi is president and founder of Affect, a PR and social media agency. She is also the current PRSA Tri-State District Chair. She has spent the past 20 years helping technology companies achieve their communications goals. Prior to founding Affect in 2002, she led corporate communications and investor relations for RADVISION and worked on the technology team at Edelman Public Relations Worldwide. Twitter: @sandrafathi.


No comments have been submitted yet.

Post a Comment

Editor’s Note: Please limit your comments to the specific post. We reserve the right to omit any response that is not related to the article or that may be considered objectionable.


To help us ensure that you are a real human, please type the total number of circles that appear in the following images in the box below.

(image of three circles) + (image of six circles) =