[BreachExchange] How Will a Data Breach Affect Your Brand?

Audrey McNeil audrey at riskbasedsecurity.com
Thu May 11 20:13:04 EDT 2017


Make no mistake, data breaches are disastrous. There have been some howlers
over the last twelve months, with thousands of leaked emails from the
Democratic National Committee entering the public domain on the eve of the
presidential election, a massive MySpace hack, and the unwelcome news for
Verizon enterprise customers that their data was now in the public domain.

It should come as no great surprise that businesses provide rich pickings
for hackers and cyber criminals. Many businesses store confidential
customer data, including personal details and financial information. For a
hacker, this data represents a goldmine. They can blackmail the company,
sell the data on to other criminals, or cause all kinds of mischief by
publishing it online (Ashley Madison hack, anyone?).

Reputation Damage

Cyber security breaches cause irreparable damage to your brand. Trust is
very important for companies operating in the online world. Every time a
customer hands over their personal and financial information, they trust
you to look after the data. What they don’t expect is for that data to end
up in the hands of criminals where it can be used to perpetrate identity
fraud, financial fraud, and many other types of cyber crime.

According to a Forbes Insights report published in 2014, 46% of
organizations had suffered reputation damage following a cyber security
breach. Another study found that 85% of organizations had suffered at least
one security breach, yet 46% of companies had failed to increase their
cyber security or implement better encryption solutions after suffering a
damaging data hack.

This reaction is a classic case of sticking your head in the proverbial
sand. Unfortunately, turning the other cheek and expecting the problem to
go away is business suicide. Once you allow a cyber breach to happen, you
will lose an awful lot of customers. Some might come back once the
headlines have been replaced by other bad news, but most will think twice
before dealing with you again. You could also lose future customers. In
summary, by the time the data breach happens, the damage is already done.

In the age of social media, it doesn’t take irate customers long to express
their outrage. Following a major data breach when a UK telecoms giant was
the victim of hackers, customers sent more than 200,000 angry tweets in
seven days. It wasn’t long before the data breach was trending on Twitter
and the whole world knew what had happened. The scandal hit the company
hard. Their share price plummeted and more than 100,000 customers abandoned
the company. Analysts believe the hack cost the organization around £60

The Cost of a Data Breach

The effect of a data breach on your brand and reputation is immensely
damaging, but don’t underestimate the damage it can cause in other areas of
your business.

Financial losses are disproportionately large for smaller businesses, as
they are less able to weather the storm. The theft of intellectual property
could even cost you the business or give your competitors an unfair
advantage. The business may also be hit with fines for breaching data
security legislation. Many countries are considering implementing tough new
regulations to try and curb the problem of cyber crime. If any of these
measures are put in place, you could be facing the prospect of a million
dollar fine if your website is hacked and confidential customer data leaks

There will also be extra costs associated with repairing the damage and
calling in an expert to help you plug the holes. However, unless you take
these measures, you are at risk of further hacks and cyber security

For a large organization, the loss of brand reputation is damaging enough,
but most can weather the storm until the Twittersphere moves on. However,
for a small business, the damage caused by a cyber security breach is
sometimes fatal. Once a small business loses the trust of its customers, it
is very hard to recover. Your customers are your lifeblood, so if they all
decide to take their business elsewhere, where does that leave you?

Preventing Cyber Security Breaches

Prevention is better than cure. There is little point in closing the stable
door after the horse has bolted, so instead of waiting for the unthinkable
to happen, adopt a proactive approach and start looking at how best you can
prevent a cybersecurity breach from causing irreparable damage to your
brand reputation.

Risk Analysis

In the first instance, undertake a risk analysis to see where your weak
areas are. Websites are a common target for hackers, but there are other
areas to think about, including network servers, internal databases,
networked IT equipment, and any IT equipment used by employees.

Scan servers and networked IT equipment for malware and vulnerabilities. A
cyber security company can offer advice if you need assistance in
safeguarding your business from cyber threats.

Don’t store customer data unless it’s absolutely necessary. The more
confidential data you store in your company systems, the more at risk you
are from hackers. Delete records unless it needs to be kept on file.

Staff Training

Employees are often the weakest link in any organization. Unless your
employees use strong passwords and protect their internet enabled devices,
you don’t stand a chance of keeping hackers and cyber criminals at bay.

Run regular training programs on the dangers of insecure passwords,
phishing emails, and other cyber threats. Have policies in place to remind
employees how to handle confidential data and protect their devices. The
stakes are high so you need to do everything in your power to keep cyber
criminals at bay.

Design an Incident Response Plan

Sometimes, no matter how careful you are, you will become the target of a
cyber attack. To limit the amount of damage caused, have measures in place
so you and your employees know exactly how to handle the crisis.

When a data breach occurs, the important thing is to try to restore systems
and people back to normal in as little time as possible. With the right
procedures in place, you can do this without too much brand reputational
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20170511/4c6718a9/attachment.html>

More information about the BreachExchange mailing list