security_breaches_affect__73952_139529Have you ever been robbed? Has your house been burglarized? If you’ve been the victim of this particular crime, you know that more was affected than just your wallet. Your wallet was hit pretty hard, with repair costs to doors or windows, replacement of stolen items, and the expense of increasing your home’s security, but the real cost of your burglary is emotional. Your family feels violated, and your home is not the same as it was before your belief in it as a sanctuary where nothing could ever happen to the people who lived there was stripped away.

The Cost of Being Violated

If you stay in your home after a robbery, eventually you will recover to a certain extent, but your home will never be the place it was before you were victimized. Security breaches of sensitive customer data have the same effect on a business as when the customer’s home was robbed. There are financial implications to the customer, and their trust in your business has been violated, just as their trust in their home was when they were burglarized. You, as the business owner, have extremely hard tasks ahead of you: recovering from the data breach, dealing with the negative press, dealing with the affected customers’ financial issues, shoring up your cyber security so it doesn’t happen again, and the hardest task of all – regaining the trust of your current customers, and convincing new ones you are not a bad risk.

All of these things cost you financially, but the trust issues are not just financial. Yes, they impact your bottom line, in terms of lost revenue, but they impact your reputation more. If a company has a reputation as an easy target, or an indifferent business to its customers, the company will suffer a slow, lingering loss of business until the public forgets or the company successfully convinces them they’re safe to do business with again. If the company is not able to convince the public they’re a safe bet, they will eventually go under.

Repairing Your Reputation

One thing is paramount, if your company’s data is breached: do not attempt a cover-up. The larger your business, the more you’re in the public eye, and if you aren’t upfront about what’s happened, you’ve violated your customers’ trust from the get-go. If you are a small company, you still need to get in touch with everyone in your database, whether they were all affected or not. Hiding a data breach is an open invitation to going out of business.
Once you discover a data breach, do the following before contacting your customers or issuing a press release:
1. Close the breach, so your data isn’t still vulnerable
2. Determine what databases were affected
3. Determine how you were breached, and close off the vulnerability
4. Immediately start improving your procedures and security, to prevent another breach from occurring
5. Contact everyone in the affected databases, whether they were all affected or not

Once you’ve worked this list, then you need to send out a press release (if you’re large enough for the press to care) and/or (if you’re not a big business) send out letters to all customers explaining what happened, what information was stolen or compromised and how they may be affected down the road. Emphasize to your customer base your strengthened security measures, and your willingness to help them if they have issues regarding this loss of information. Do not pick this time to be penny-wise and pound-foolish; if your security breach causes a customer’s identity to be stolen, you are responsible for it happening, and you should help the customer recover.

Trust is a delicate thing; once destroyed, it takes a lot of work to get it back, and you never get it back all the way. A customer who has been the victim of a security breach is analogous to a person whose house has been burglarized: the view of your business as a safe place to be is gone, and it never comes back to the extent it existed before the breach happened.
You can convince the customer to do business with you again, but they will never fully trust you; don’t be surprised if customers who return to your business after a data breach start paying with cash and not giving you any information about them at all. After all, as the saying goes: fool me once, shame on you. Fool me twice, shame on me.