Skip to main content

Staying on top of your data breach response plan during Covid-19

(Image credit: Image Credit: Pitney Bowes Software)

It’s been a seriously stressful time for businesses across the UK, with many facing uncertainty and the threat of closure as a result of a pandemic that has ripped through the global economy.

But while these businesses will rightly be thinking about how best to protect their future, it’s also important for them to stay vigilant to the prospect of opportunist hackers trying to compromise the personal data they hold.

This has become more of a worry in recent weeks due to the number of employees working from home to help stop the spread of Covid-19.

A recent report from security firm Centrify revealed that nearly three-quarters of UK businesses think that home working is putting their organisation at risk, with nearly half noting an increase in phishing attacks targeting their data networks since the implementation of widespread remote working.

At Experian, we are seeing a similar trend reported by some of our own clients. But we are also seeing a steady number of ‘Magecart’ incidents where customer’s payment details are being stolen through online shopping cart systems.

Shopping carts have always been an attractive target for hackers, so with many people using online services whilst the high street remains at a standstill, it’s creating greater opportunity for this kind of malicious attack - particularly across the retail and hospitality sectors.

Taking the right steps now

While organisations will be on full alert to the possibility of a cyberattack, many are still not confident in their ability to secure data. In addition, some are still working out how they could swiftly implement the notification response in a live scenario so individuals affected can understand what action they can take to protect their identity.

Importantly, there are steps organisations can take ahead of time, such as investing in employee training to shore up the organisations’ defences, keeping up on the latest threats or securing agreements with specialist partners such as legal, IT forensics, crisis PR and customer response/recovery experts, like Experian, to be at-the-ready if a breach occurs.

Planning for a data breach in advance is a step every organisation can take and is the right thing to do by the customer. It means you can respond, reassure and recover with confidence.

Get response ready

Organisations need to absolutely focus on security, but in addition have notification communication plans prioritised as a critical response ready step. These proactive steps include, customer data cleansing to confidently reach those affected, creating customer notification templates to have a starting position on what to say, scoping call centre expert resourcing, as well as outlining frequently asked questions so the inbound communications lines and channels can be quickly activated and managed. 

Let’s not forget when it comes to notifying customers, organisations have the challenge to ensure everyone affected, potentially across multiple countries, is not only notified, but also fully understands the detail of the incident in line with the GDPR. This can be challenging if the pre-planning steps and internal/external resource guarantees have not taken place.

Telling people their data has been compromised is not easy and has the potential to impact on reputation, leading to further exacerbation when the organisation is unable to effectively respond to concerned or anxious customers calling in.

For example, the ability to provide contact centre experts is challenging both from an existing workforce perspective and seeking to recruit additional resources for short periods. This can be further intensified as a result of the challenges of home working. We have seen a change in this market where finding the volume of trained experts to support these types of events can be demanding if not secured in advance. And when you consider a more complex breach notification scenario where there is a broader set of customer types, or multiple geographical locations to consider, this means there is a need for experts who can speak different languages, different logistics to manage, equipment considerations and an even greater need for call quality monitoring to track progress. So, you can start to see the challenges organisations face to deliver an effective response facility at the last minute.

We are now seeing many more organisations looking for differing levels of support in the planning phase. This can be from access to basic planning guides and templates, right through to consultancy and reserving external resources to ensure customer demand is delivered. Scenarios, drills and simulations are also part of this planning where companies can test themselves, learn and evolve their response plans to make sure that these types of events can be mitigated, and the impact reduced.

Customer-first response tips

If businesses do not handle the data breach response correctly, it may lead to a detrimental view of the organisation – having the potential to decrease customer experience and impact revenue streams in the future.

However, if this crisis is treated in a thorough, thought-out way, organisations may be better placed to avoid reputational damage and retain their customers. By ironing out all these logistics requirements, in advance of a data breach, businesses can put the customer front and centre of the response and help protect them now and in the future.

if there is a loss of personal data, we believe the following four tips will help organisations to support their customers:

  • To communicate effectively, you want to send clear information out to customers and not find that you have to amend information later. While speed is important so is accuracy of messaging.
  • Ensure you factor in inbound communication following a notification to people affected. Telling them you have compromised their data and then not being there when they need reassurance can make a bad situation worse.
  • Be aware of where your customers are; having people available that speak the right language and in the right time zone for when they contact you is critical.
  • Increasingly consumers are looking to organisations to provide a remedy in the event of a data breach. Providing credit or web monitoring services will serve to support the individual and offers the potential to decrease the chances of becoming a victim of fraud.

Jim Steven, Head of Data Breach Response, Experian

Jim is Head of Data Breach Response at Experian.