Another day, another headline shouting about a cyber breach. Except this time, it’s a business that has already made the headlines numerous times, and holds a vast amount of personal data from millions of people around the world.
It appears the ‘disruptor’ has become the ‘disrupted’.
Last month, Uber admitted to a massive data breach, having been targeted by cyber criminals in 2016. To add insult to injury, it then admitted to paying the hackers $100,000 to go away, and not tell anyone.
Even though here in Australia businesses are not legally required to report data breaches (until next year when the Privacy Amendment Bill comes into effect), in other parts of the world, businesses do have to report it.
By demanding that the hackers destroy the stolen data, Uber may have violated a Federal Trade Commission rule on breach disclosure that prohibits companies from destroying any forensic evidence in the course of their investigation.
But aside from what Uber has done illegally, there’s the ethical aspect. It traded transparency and honesty for a cover up that may damage its reputation for the foreseeable future.
So what can businesses learn from this?
1. Take responsibility
We all know not to cover up the issue, it will only make it worse. Yet time and time again there are businesses who still try and do so, or wait until it’s too late to do anything proactive about it.
The best course of action is to front it as early as possible, taking responsibility, reacting immediately, and responding to feedback.
Instead of arguing publicly, acknowledge people’s concerns and questions, and respond personally to the right conversations.
2. Be human
There’s nothing worse than a CEO or spokesperson acting like a robot. Giving automated and clinical responses immediately suggests a lack of care and consideration, putting the brand in a bad light.
It’s important to share how policies will be put in place so the issue or mishap does not happen again. Act fast before people lose faith in your brand.
3. Communicate
Getting ahead of the situation will pay dividends with public favour. Communicate all relevant details to key stakeholders in a timely manner, and if you cannot comment, make sure you have a holding statement ready.
If you’re still assessing a situation, simply say that. Recognise that transparency is key about how you’re solving the situation.
4. Establish an appropriate culture that the brand is recognised for
Treat people how you want to be treated. If a business has a bad internal culture, its employees will mirror that externally—negativity is toxic and it breeds. Employees are not responsible for the toxic brand culture. Create a happy and positive workplace and you’ll find that’s reflected across the brand, and externally too.
5. Be ready
No one wants to be at the centre of a scandal, but scrambling around in the heat of a crisis takes things from bad to worse. Anticipate potential crisis scenarios and establish internal protocols for handling them.
Having a plan means you’ll know who needs to be notified, how the sign off process will work internally, and key spokespeople will be identified who are able to speak publicly on the businesses behalf.