Are You Ready to Tell Your Clients that Their Data Has Been Breached?aderantuser
Data breaches happen every day, but we don’t always know it. Or, in some cases, we find out at a much later date that a massive breach has taken place. Notably, Equifax experienced a tremendous breach last year and since endured nearly-constant criticism of how it was handled. Beyond the technological failures that left consumer data vulnerable, human failures were also at play. After learning of the breach, Equifax waited six weeks to let anyone know about it.
We’ve discussed on this blog how the right thing to do when a breach happens is notify those who are affected. Because of companies like Equifax (and there are others, Equifax certainly isn’t the only company that is guilty of this), legislators are moving to put policies in place that govern how victims of data breaches are notified. While some states, like Mississippi and New York, have already put this sort of legislation in place, it’s going federal:
“Responding to frustration at how credit-reporting agency Equifax disclosed its 2017 breach affecting more than 145 million U.S. consumers, U.S. Reps. Blaine Luetkemeyer, R-Missouri, and Carolyn Maloney, D-New York, have circulated a draft bill to create a federal breach notification law.”
So, as a firm with clients, many of whom are lucrative cybercrime targets, are you ready to pick up the phone and let your clients know that their data has been stolen? If not, it’s time to get ready by:
Putting every possible security measure in place and working only with vendors that uphold your security standards.
Creating a plan to communicate with your clients in a timely and transparent manner what has happened, in the event that something goes wrong. After all, there is no guaranteed way to prevent an attack and today’s cybercriminals are highly sophisticated.
The old saying “an ounce of prevention is worth a pound of cure” certainly holds true here. The more you do today to protect your firm and its clients, the better chance you have of never having to make that call. That said, if you do – you better do it, or face even steeper consequences.