Security breaches are a fact of life. Despite adhering to best practices and having all of the right technology and safeguards in place, no company (no matter how preeminent) is ever totally immune.
As organizations increasingly rely on digital data, store more of said data in the cloud, and shift to an all-remote workforce, opportunities for breaches are only growing. Given this, it’s no wonder the cybersecurity market is projected to reach a staggering $248 billion by 2023.
Although companies can’t control whether they’ll ever experience a breach, they do have control over how it’s handled. By keeping the following strategies in mind, companies can foster customer trust and loyalty, even amidst security breaches.
Transparency is integral to trust. Take it from the Dalai Lama, who famously stated, “A lack of transparency results in distrust and a deep sense of insecurity.” This couldn’t be more true when it comes to how companies alert their customers to — and handle — security breaches. When vetting a security vendor, there’s no bigger red flag than a company that previously has tried to cover up or hide the details of a breach. It signals a major cultural issue regarding integrity within the organization and dismantles user trust.
When organizations experience a breach, it’s vital that they quickly disclose to customers what has happened, how it happened, and exactly how it will affect them. This should be done in a proactive and timely manner — no customer should ever have to wonder or do their own research in an attempt to figure out what happened. As a follow-up, customers should also be briefed on what the vendor plans to do to avoid similar incidents in the future.
Be On the Ball
It’s critical that companies are on the ball and constantly working to identify breaches as they happen. Historically, companies who have found breaches faster, and addressed them with transparency, have fared far better than their counterparts who were late to the game.
Once customers lose confidence in a company’s ability to stay on top of security, it can be hard to regain that trust. Being timely when it comes to uncovering breaches gives companies the opportunity to reduce the amount of damage done and prove to customers that they’re always looking out for them.
Vendors should have a comprehensive incident response plan that is clearly communicated to customers, consisting of guidelines on how they handle breaches. Organizations that go above and beyond may even opt to include this as an easily accessible, public document on their website for all to see.
Follow Best Practices
So, how can companies stay on the ball? Following a set of best practices isn’t completely resistant to failure, but it’s a basic standard that every business should have in place. This includes everything from prioritizing cyber hygiene, to adhering to industry-standard best practices, and ensuring your environment can be independently certified or accredited (which should come easily if you are doing the first two).
More generally, security should be integrated into everything a company does. Having security as a separate entity within an organization (with different objectives and goals) is almost always harmful. Vendors that handle breaches successfully and maintain customer trust are those in which security isn’t siloed: It’s woven into the culture and, therefore, everything they do. For example, all employees should feel confident identifying and bringing up security issues, and security should be embedded into software development processes. And there are plenty more best practices on top of those.
Some customer organizations today are taking this a step further by appointing a designated privacy or data security officer. If people hear about security events that should’ve been easily mitigated but weren’t, it reflects poorly on the vendor. This can best be avoided by following best practices.
By being transparent, staying on the ball to identify threats early, and following best practices, vendors have the best shot at earning and maintaining trust throughout the customer life cycle.
James Pleger is currently the manager for the SpecOps team at Sumo Logic. He is responsible for the company’s efforts on hunting, threat intelligence and generally helping customers improve their security posture. James has been in the industry for over 15 years and has … View Full Bio