Data breach PR: How to survive your worst nightmare
There are two kinds of companies in this world: Those that have experienced a data breach, and those that will at some point in the future. At least that’s how seasoned cybersecurity experts approach risk assessment and mitigation plans.
From a public-relations standpoint, once internal – or external – parties discover a data breach, a company’s immediate reaction will set the tone of the reportage. It’s a tough situation for spokespeople, because often, at the time a breach is found, not all of the facts are known, including:
- Who did it
- How long it’s been going on
- How and when it will be stopped
- How many customers are affected
- What will be done to protect affected customers
So in the event an organization experiences a breach, how can staff manage its public-facing side and reflect the same image of competent, organized response that is likely happening behind closed doors?
At a recent MassMEDIC conference on health data security, we gathered some advice from two veteran data security reporters, Jim Finkle of Reuters and Taylor Armerding of CSO. We also asked data security expert Stephanie Preston, lead medical security engineer at MSLGROUP client Battelle, her thoughts on navigating through a difficult situation that many companies will – like it or not – endure.
While the conference focused on medical device data security, their tips, a few of which are summarized below, apply to organizations in many other market sectors. And you can view the video above for deeper insights:
- Be honest. Saying “This just happened, we don’t have all the details but we will pass them along as we learn more” doesn’t project an image of weakness, but instead honesty.
- Be transparent. While it might be tempting to hold back information about a breach, don’t. In the 1980s, Johnson & Johnson’s transparent response to a different kind of breach – Tylenol product tampering – offers a template for companies to survive today’s data breach crises.
- Enlist outside help. Often, contracting a data breach response team shows that you’re proactive in addressing the breach and doing whatever it takes to protect customers.
If you work in the medical technology or biopharmaceutical sectors and want to discuss communications challenges and issues related to healthcare data security, contact MSLGROUP Executive Vice President Jim Weinrebe at 781-684-6650 or jim.weinrebe@MSLGROUP.com. Health IT companies, contact MSLGROUP Senior Vice President Doug Russell at 781-684-6561 or doug.russell@MSLGROUP.com.