What NOT to Do In a Data Breach

Chris Gaetano
Published Date:
Nov 20, 2017

While there's quite a lot of advise on what to do when experiencing a data breach, a recent article in the Harvard Business Review points out times when companies made serious errors in the wake of a cyber attack. The biggest errors seem to come from a desire to avoid negative publicity for the incursion. Companies like Equifax and Target, and even government agencies like the SEC, took weeks to months to even a full year to disclose information about their respective incidents. Not only does this just make people angrier when the news gets out, it gives the victims less time to protect themselves, and the perpetrators more time to use their stolen information. However even when companies do come clean, they can still mar their reputations through poor customer service, such as Equifax trying to get people to pay for credit protection in the wake of their infamous data breach. Companies also fail to be transparent as to what they are doing and why, which can lead to confusion among the general public as to what exactly is going on. Finally, there seems to be a lot of reluctance to apologize, which could be due to only 45 percent of executives thinking it's their responsibility to protect the company from a potential cyber attack in the first place. However, this viewpoint sets a bad tone at the top, and stands in the way of better management and prevention of data breaches. 

Click here to see more of the latest news from the NYSSCPA.