My Company Has Had a Data Breach. What Do I Do?

If your company suffers a data breach, especially one involving customer information, these three software security tips can help you handle it quickly and effectively.

Measures that can help preserve your company's reputation in the event of a data breach can also be a competitive differentiator. They can even increase business.

The Department of Justice's indictment of 11 people for the organized hacking of nine major U.S. retailers (including the TJX companies) and the theft and sale of more than 40 million credit and debit card numbers drives home the level of risk to all businesses. While actual costs and reputational harm can be quite damaging to a company, a little planning can make all the difference.

Brian Shniderman, director of banking and payments at Deloitte Consulting, recommends steps companies can take to handle breaches quickly and effectively if they occur. Such effective handling includes:

Offer fraud/dispute insurance products to reduce customers' sense of perceived vulnerability before a breach occurs.

Provide an online "one-stop shop" tool that enables consumers to report unauthorized use. All impacted relationships should be automatically and immediately notified. These would include credit agencies, merchants and other third parties.

Differentiate yourself by offering good customers extra benefits like fraud protection and resolution. Such differentiated offerings could include:

  • "White-glove" treatment in cases of fraud;

  • Assigning a customer service representative to help the customer through the entire process;

  • Assisting the customer in identifying suspicious transactions;

  • Offering a guarantee to customers to go above and beyond the legal obligations; and

  • Sharing appropriate information with customers and keeping them informed throughout the investigation and resolution processes.

Copyright © 2008 IDG Communications, Inc.

Get the best of CIO ... delivered. Sign up for our FREE email newsletters!