Below are three ways to prevent a security failure from becoming a massive PR catastrophe.
I. Prevention - Foster a pervasive culture of organizational commitment to the right technologies and security policies to keep a security breach from occurring.
II. Crisis Containment -- In case of a security breach, communicate openly and proactively with customer, business partners, shareholders and the press, to cushion and mitigate the blow to the brand.
III. Restitution -- Have a plan ready to help the victims of the breach (consumers, or in the case of B2B, partners or other companies) - financial, or via services such as a free credit check, for example.
-- Marketing executives must understand that the risks associated with security are as much a marketing problem as a technology problem. As such, Secure the Trust suggests a variety of security marketing and messaging techniques, including:
-- Reassure the public and business customers that security is a core company value by creating special programs and communicating them via a Web mini-site and other marcom strategies.
-- Demonstrate the CEO's involvement in security policies and issues, proving the organization is effectively focused on security.
-- Launch a consumer advocacy program to help customers understand security risks, such as phishing, e-mail fraud and phone fraud.
-- Develop "trust metrics," a measure of how a person or organization is trusted by others (i.e. eBay's customer feedback ratings system).
-- Consistency in security and privacy is needed across the enterprise. Marketers must take a highly proactive role in ensuring that security policies and messaging are fully aligned in the organization -- from the C-suite, across business lines, through the marketing organization, and down to the rank and file.