There’s hardly a week that goes by without news that a major organization has been hit by a significant online security breach, with thousands of customer records compromised in the process. Many of these organizations are major players in their fields and have large budgets assigned to keeping customer data safe.

These breaches highlight the need for organizations to put as much effort into preparing a response for when a breach happens as they do trying to prevent them happening in the first place.

Think about it as the virtual equivalent of a fire drill. You might do everything in your power to prevent a fire happening in your building, but you still need to know what to do if one breaks out.

But what should that response look like?

Clear communication

In the event that a breach happens, you need to have a solid communications plan in place. A well-executed communication plan can be the difference between coming out of the breach with your reputation intact and emerging on the other side having suffered serious damage.

From a customer perspective, it’s vital that you get information out as quickly as possible — either as reassurance or as notification that their personal information has been breached, and what they should do about it. With regulations like GDPR and POPI requiring strict adherence to time scales for customer notifications, timeliness is more important than ever.

At all times, your communication should be calm, informative, and factual.

With the right crisis communications plan in place and pre-loaded communications and recipient lists an organization should be able to dispatch the requisite information by email and SMS in a matter of minutes.

Of course, your customers won’t be the only ones interested in the breach. You also need to communicate clearly with your staff, clients, the information regulator, and any media who express an interest in the incident.

While there may be some information your organization can’t share, you should be as transparent as possible at all times.

The right plan

In order to be able to effectively execute a communications plan, organizations need to have a response plan to guide said communications.

Organizations should, for example, have a response team pre-selected. That team should clearly know what their respective responsibilities are and how to execute.

Additionally, organizations should be clear about what authorities should be contacted in the event of a breach and what information they should be supplied with.

Effectively, the plan should allow an organization to go into ‘safe’ mode in the event of a breach. This, in turn, should allow it to run system checks to identify the breach, alert a task team and communicate to affected parties, service teams, the information regulator, and media accordingly.

Test. Refine. Test again

Finally, it’s important that organizations regularly test and refine their plans. As is the case with fire drills, people will grow complacent if they aren’t run regularly. They’ll forget what they’re supposed to do and, in the event of an actual fire, the damage will be much worse than it should have been.

It may seem like a hassle, especially when people are busy with their day-to-day tasks, but if an organization regularly tests and refines its incident response plan, it’s much less likely to find itself on the back foot in the event of an attack.

Perception matters, and if the public and industry players can see that an organization’s prepared when an attack happens, it’s much more likely to come out the other side with its reputation reasonably intact.