How quickly and precisely you respond after an online security incident determines whether you retain customers
Many small business owners think it won’t happen to them. They’re too small, and hackers only seek out big targets like banks, insurance companies or big-box stores. Unfortunately, when it comes to a cyber attack, the size of the business doesn’t matter. It’s likely not if you’ll suffer an attack, it’s when.
With anti-virus software and firewalls in place, a small business can feel a certain sense of security. But attacks and data breaches can still happen. Many reports suggest the likelihood is on the rise.
So, if you own a small business and your website or data is hacked, what can you do to restore and regain your customers’ trust? This may come as a surprise, but the way in which your business responds (hopefully with resilience) to an attack may mean more to your customer than the actual breach.
Below are several effective ways to protect yourself from future attacks and to communicate to your current and potential clients that it’s safe to entrust their business with you.
Easy software installs
One key to keeping yourself safe is to install software that can secure your computers and data but won’t slow your machines down. Anti-virus software, malware protection and anti-phishing toolbars can be installed with ease and many companies offer low-cost or free versions that are very effective.
AVG is a leader in anti-virus with free and premium plans, including an internet security business edition. Malwarebytes guards you against malware and ransomware. Several anti-phishing toolbars are on the market, such as Windows Defender and Avast.
Hire an information security expert
Experienced hackers know one of the easiest ways to gain access to your business data is through a weakly managed computer network. Many small business owners have a lot of responsibilities to juggle and often neglect internet security. To be properly protected, you can hire an IT expert to manage and secure your network. This can be done locally, but some business owners prefer to work with recruitment firms like Inteqna or CognITek.
Regaining trust in the short-term
Make a plan; be transparent and timely
It’s smart to have some tools in place and to have a security expert monitoring your network. But once attacked, how do you regain your customers’ trust?
When a breach occurs, customers are interested in the business responding candidly and quickly. No matter the size of the business, the early communication should come from an incident manager or the marketing department, who can work closely with IT, who can be expected to bear the brunt of public criticism.
Put a team member in charge
First, set up an individual or team who is in charge of communication and isolating the issue and resolving it. In June of 2018, MyHeritage was hacked, and user’s emails and passwords were stolen. They had already designated a chief information security officer, as well as an information security team to handle the processes of both their public and technical response.
Isolate and resolve the issue
Second, with a strong sense of leadership and a solid message, isolate the issue and resolve it. When personal information has been compromised, it’s important to respond quickly and efficiently. MyHeritage responded incredibly quickly – the day they learned of the attack. They issued a highly-detailed statement that noted their clients’ emails were found on “a private server” not located at the MyHeritage site.
Be honest
Third, be open and honest about why and how the breach occurred. Assemble your team, discuss your message and communicate that message as quickly as possible. Within a week is ideal.
For small businesses, the traditional press media is usually not a concern. However, the barrier to entry for posting on social networks and with online review sites is low (or non-existent), so potential harm could happen very quickly. Maintaining positive online reviews and sending personalized emails to your customers are simple tactics for building trust (and consequently, increasing sales).
As soon as you can, issue a statement online or through local and national media channels as appropriate. Describe the nature of the breach if possible, what strategy your incident manager or IT department has implemented and keep clients updated on the progress.
Regaining trust in the long-term
Protect your customer’s data
It sounds simple enough, but one of the largest causes of cyber attacks or data breaches revolves around data input. Sometimes, miskeyed data means personal information sent to the wrong recipient.
You can limit who accesses customer or client information with various levels of administrative privilege. It is also a good idea to limit what information you collect. If you offer an online newsletter, it’s probably not necessary to procure more than an email.
Communicate with your customers
Keep those lines of communication open through blogging, social media and online or print newsletters. Be aware that not all clients represent the same demographic. If you have a small insurance firm, then your clients might range from teenage drivers to elderly couples.
A blanket email may not be a legitimate solution to communicate information about the breach to these two diverse groups. Consider your audience and respond appropriately and in a suitable manner, whether it’s an email, text, phone call or social media announcement.
Give the customer control
After their personal information is hijacked, a client can feel vulnerable. This welcomes an opportunity to make your customer feel better by having them take some control. Once the issue has been resolved, allow your customers to respond twith emails, passwords, or sensitive information with your new, proper security in place.
Be prepared for the competition to make a move. Given the adverse effects of a hack, your competitors will have an edge on you. Be prepared for this and instead of viewing it as a detriment, consider it a challenge that your business can rise to meet.
This may be the perfect time to offer discounts or upgrades to your customers who have decided to stay with you. After all, they have observed your transparency, heard your clear message and witnessed your resilience.
Improve your network security to prevent further data breaches
Many startups and small businesses begin with basic services from their internet service provider (ISP). This makes economic sense in the beginning. However, most ISPs don’t offer enough protection, with basic plans, leaving SMEs and individuals exposed to threats.
In order to keep clients’ credit card information, bank account details, email addresses and passwords out of reach of hackers, a growing number of companies are turning to a service called a virtual private network (VPN) for additional security. A VPN uses software that encrypts your customers’ data and, therefore, hides the data from potential hack attacks.
The bottom line
Cyber attacks are common and on the rise. They’re an issue even small businesses have to deal with. This is not the time for fear but rather for proactivity and planning. Put the proper tools in place and you’ll greatly reduce the chances of a breach.
With a solid response strategy ready to go in the event of an attack, your business’ due diligence to transparency and appropriate communication will have a much better chance to keep customers around into the post-breach future.
Gary Stevens is a front-end developer. He’s a full-time blockchain geek and a volunteer working for the Ethereum foundation as well as an active Github contributor.