[BreachExchange] Building a Reputation for Your Financial Firm That Can Survive a Data Breach

Fri Dec 22 14:53:20 EST 2017

https://lbbonline.com/news/building-a-reputation-for-
your-financial-firm-that-can-survive-a-data-breach/

If 2017 taught us anything, it’s that data breaches are a fact of life for
anyone doing business in the digital age. Just ask Uber (57 million
accounts hacked), Verizon (14 million), Imgur (1.7 million), or Dun &
Bradstreet (33 million).

But the stakes are far higher for financial firms. Just ask Equifax.

The credit-reporting agency was largely unknown to consumers before
September. But the news that a data hack had compromised the personal
information of an unprecedented 143 million Americans thrust the company
into an unforgiving spotlight.

Not only was this one of the largest hacks to date, the exposed data
included Social Security numbers and dates of birth, the sort of sensitive,
permanent information only our most dependable institutions are entrusted
with. Change your passwords all you want, the news media explained. It
won’t protect you this time.

Today, Equifax probably longs for its bygone days of obscurity. The company
faces more than 20 class action lawsuits and a congressional investigation.

But what if Americans not only knew Equifax before the hack, but admired
and trusted the company? What if instead of relying on crisis PR, the
company had a cushion of goodwill to fall back on when the inevitable came
to pass? There’s no avoiding negative press when a data breach occurs, but
having the foresight to engender trust before it happens can make all the
difference when the bad news occurs.

Here are some steps financial firms should take to earn trust among
customers now.

Assume a Strong Leadership Position

If audiences perceive your organisation as an industry leader, one
committed to helping them navigate their own financial future, they are
more likely to stick by you if a breach occurs. The key is for an
organisation to leverage that reputation to its advantage, and communicate
to stakeholders it will take the steps necessary to right any wrong.
- Create message platforms that address privacy and trust, so you establish
the organization’s commitment to those issues.
- Consider featuring employees, who can be valuable advocates and
ambassadors. Many consumers have an easier time relating to real people
than they do a faceless organization.
- During a breach, you will not have time to assess and adjust. Continually
monitor the efficacy of these campaigns by reviewing performance data and
making adjustments.

Demonstrate Advocacy through Engagement

A financial brand is only as strong as its customer relationships.
Consumers tend to assume many financial institutions care more about
bottom-line profits than people, so it’s important to demonstrate customer
interests won’t take a back seat. Keep lines of communication open with
regular check-ins, like reminders of how you’re helping customers manage or
protect their money.  This will establish advocacy and benevolence as
running themes and defining characteristics of your organization.
- Follow through and deliver on promises so consumers experience the
company you say you are firsthand. Validate their expectations.
- Demonstrate your organization understands the needs and the issues most
important to your audiences.
- Consider programs that involve audiences, positioning the organization as
their partner in achieving shared goals.

Carry On, but Carefully

The weeks following a data breach are the most important in maintaining or
reestablishing trust. Equifax only exacerbated its problem by requiring
those customers affected to hand over their Social Security number, and
waive their right to sue, in order to take advantage of their “free”
identity protection services. Assess your messaging through the eye of the
consumer to ensure upcoming communications are not at odds with the
situation or insensitive to the people affected. Some questions to consider
during this phase might include:
- Do the messages in our communications appear disingenuous?
- Are we presenting information that is no longer accurate?
- Does our digital pipeline have planned content updates or “posts” that
need to be modified or pulled?
- What can we add to our current communication plan that will help
reestablish trust with our audiences?

Consumers are notoriously picky about who they let handle their money—and
justifiably so. They need to know they can trust a financial institution
with their family’s future, before and after a crisis. In the age of
cybercrime, there is no excuse for not offering those assurances before a
crisis occurs.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20171222/cb83922c/attachment.html>