Your company’s data was breached? Here’s what to do next
Wednesday, March 21, 2018
Posted by: Allison McClellan, CCUL Compliance
It seems all too familiar these days to hear in the news—practically on a daily basis—how a company’s data was breached. So, we must never get complacent and think, ‘it can’t happen to us.’ Because it can. However, should a breach ever happen at your credit union, there are ways to mitigate the damage and preserve the reputation of your institution.
I recently read an article by Mallory Griffin from CUES, where she shares the following tips should you ever find yourself recovering from a data breach.
Step 1: Initiate Your Incident Response Plan. Your credit union should have an incident response plan in place even before a cyber-attack occurs. Being proactive in coming up with a plan will help your credit union should this occur. Along with a prepared news release, having a social media plan in place is vital as stories can go viral in a matter of minutes.
Step 2: Designate & Prep Your Spokesperson. Have a designated spokesperson to address the breach. You should choose someone who holds a position of authority within the credit union in addition to having strong communication skills and possibly previous experience with handling the media. Additionally, make sure your team is on the same page as far as what news to release and what steps your credit union is planning to take to ensure an event like this does not happen again.
Step 3: Practice Your Incident Response Plan. Even though some scenarios are difficult to plan for, it's important to prepare for a variety of scenarios. Make sure employees know how to respond if a journalist should contact them regarding the breach.
Step 4: Be Transparent with Your Membership. Lastly, and most importantly, be transparent with your members and assist them after the breach. Some members may not know how to protect themselves after their information has been exposed so be prepared to offer them tips and suggestions to try and build back their trust. Encourage members to view their financial statements and online activity for signs of any unusual activity.
South Carolina and North Carolina consumer protection agencies also provide valuable guidance for businesses on actions to take following a data breach. This guidance includes sample letters you can send as well as who your institution needs to contact when a breach occurs. For more information, see the resource links below.
SC Guidance on Data Breaches For Businesses
NC Guidance on Data Breaches For Businesses
CUES, PR Insight: Keeping Your Reputation Intact After a Data Breach, January 2018.