Mainebiz

V O L . X X I I N O. X X S E P T E M B E R 5 , 2 0 1 6 34 W hile companies tend to have disaster recovery plans that emphasize restoring critical systems, communication plans are too often ignored until after a data breach. An oversight of this kind at the time of a breach can have a lasting negative impact to the organization's reputa- tion and potentially exacerbate the fi nancial consequences. In the event of a data breach, the following points will help in commu- nication with key stakeholders: 1. Have a written, tested crisis com- munications plan: e plan should contain everything the company will need in the event of a breach, from what to do when a breach has been identifi ed, to the fi nal communica- tion once the incident has been fully addressed. It should cover communi- cations to all stakeholders, including sample text that has already been reviewed by compliance and legal advisors so that during the crisis they can be edited and used quickly. 2. Appoint an incidence response team: e team needs to include internal employees and outside con- tacts, all of whom will be available at short notice, can contribute to the subject matter and have the required communication skills. Some sugges- tions include executives; IT; legal; PR/communications/marketing; HR; fi nance; compliance; security offi cers; customer service. Externally, you could reach out to a PR fi rm; law enforcement; regulators; an expert in data security; a search fi rm. 3. Understand regulatory notifi cation requirements: With breaches of certain types of information, includ- ing personally identifying informa- tion (Social Security number, health records, etc.), strict rules exist around communication, including who you have to communicate to, in what time frame and in what format. And, since each state has diff erent require- ments, seek out legal advice to make sure you are in compliance with both state and federal laws. 4. Manage customer expectations: A 2014 Pew Research Center study showed 91% of American adults feel that consumers have lost con- trol over how personal information is collected and used by companies. Communicating in a timely and clear manner, stressing appropriate urgency, and providing remediation and credit monitoring services free of charge will all help companies do right by their customers. 5. Manage employee communication: All employees, especially staff who interact with customers, should be kept informed. Clients will call their contacts for updates. Employees need to know when callers should be forwarded to a central hub, and should also be given scripts with a summary and approved comments. 6. Write with clarity: e most important aspect of crisis com- munication, especially in a breach situation, is transparency. Stick to the facts of what happened. Avoid jargon, buzzwords, embellishment and minimizing language. Take responsibility and apologize. Write at a 6th grade level. Provide contacts for further assistance and explain the steps your company is taking to keep it from happening again. 7. Monitor: Vigilantly monitor for all news and comments about your company, keeping an eye out for inaccurate or sensationalized pub- lic commentary to provide a timely correction. Monitor social media sites and use search engine alerts. Ask employees to listen for and track competitors, industry and key customer comments. 8. Use the web: In addition to direct communications, a website update page should show current informa- tion. is helps both internal and external resources to stay informed. 9. Prepare post mortem: e eff ects of a data breach can be long-lasting, far-reaching and sometimes diffi cult to discern over time. As the inci- dent winds down, assess the plan's eff ectiveness and discuss impact and feedback from customers. Analyze media coverage and identify poten- tial long-lasting risks. Finally, adjust the plan with lessons you've learn in case something happens again. In the end, the planning eff ort is often as valuable as the plans themselves. L V, president of Broadreach P ublic Relations in Portland, can be reached at @ . Communicate after a data breach B Y L I N D A V A R R E L L H OW TO OCTOBER 6 DoubleTree by Hilton Hotel, 363 Maine Mall Rd., South Portland 7:30–10:30am For more information contact Rebekah Roy at 207.761.8379 x341 or rroy@mainebiz.biz Sustaining a stable and successful corporate culture If you register for a table of 10 people you save 10% off the regular ticket price. Tickets are $25 ($30 after September 9th) and include a plated breakfast. R E G I S T E R T O DAY ! mainebiz.biz/CEOForum T H I S Y E A R ' S T O P I C FOLLOW US @MBEVENTS #MBCEO16 SP ONSORED BY PA N E L I S T S Carl Chatto Managing Principal, Baker Newman Noyes Chris Condon Chief Executive Officer and Senior Partner, United Insurance Deanna Sherman President and CEO, Dead River Company Marie Vienneau President & CEO, Mayo Regional Hospital Family Wealth Management Partners UBS Financial Services Inc. 866.736.2804 mainebls.com EQUIPMENT EQUIPMENT EQUIPMENT | REAL ESTATE BUSINESS ACQUISITION Lucas Morris Bangor and Northern Maine Dave McElwain Southern Maine Will Hatt Chief Operating Officer Al Moroney Midcoast Maine In Lending, People Make the Difference. Loans from $50,000 to $20,000,000 Streamlined processes get the deal done quickly Exceptional service and communication

• Cover