The unsettling moment arrives when you realize that a data breach has occurred, requiring you to inform both customers and the public. Years of dedication to building trust and a solid reputation are now at stake, depending significantly on how you address and communicate this incident.
If you find yourself in this situation, several crucial steps can help maintain trust and minimize potential damage. Based on my experience, the foremost principle is transparency. Even if not all details are available, it’s essential to acknowledge the incident, take responsibility, exhibit empathy, and share whatever information you do have. This approach allows customers and authorities to assess the situation and take steps to reduce their risk.
You should clearly communicate what transpired, the systems impacted, the data accessed, and what this means for your customers. Conducting thorough initial investigations is vital for effectively conveying these details to those affected. The initial shock of a reported incident can prompt customers into a flurry of questions: What happened? When did it occur? How did it happen? Who is responsible? Providing clear answers can reassure customers that you are in control of the situation and are committed to preventing similar incidents in the future. Many will expect the involvement of an independent third-party cybersecurity team to properly assess and manage the incident, so it’s prudent to have such arrangements ready to maintain trust and offer reassurance.
Engaging with customers and the community allows stakeholders to inquire openly, and being prepared to handle that influx of questions should be an integral part of every organization’s incident response communication strategy. You must consider logistics such as who will schedule calls, take them, and speak on behalf of the organization, ensuring 24/7 availability as new information emerges. Regular updates on the incident and its investigation enable your organization to guide the narrative, outline actions taken, specify next steps, and mark the incident’s conclusion. This may also include providing recommendations such as sharing Indicators of Compromise (IoCs) or best practices customers can follow to safeguard their data. Conversely, withholding information can lead to speculation and the spread of misinformation.
As the incident draws to a close, it’s essential to reflect on incident resolution, identify any remaining actions, and plan for ongoing communication. Utilizing tools like post-incident reviews, lessons learned, and implementing necessary changes will help improve incident response and communication processes over time, ensuring that best practices are upheld and adapted.
From our own experiences, this process led to the inception of Project Bedrock and the Okta Secure Identity Commitment. These initiatives allowed us to define those critical actions while emphasizing our dedication to meaningful improvements and the cultural shifts we needed to implement.
It’s vital to extract lessons from every security incident. While incidents are inevitable, the organization’s reaction is what will ultimately define customer perceptions and our success as a business.
Stephen McDermid is EMEA Chief Security Officer at Okta.