2014 was the year for enterprise IT crises, and this year has had its fair share of scares already. But data breaches aren’t the half of it – system and service outages can be just as devastating to all companies, from SMEs to enterprises.
Whilst major IT disruptions are damaging, companies must ensure that they preserve customer trust and confidence afterwards.
Maintaining trust from customers requires more than just a mea culpa. With personal data and information on the line, the stakes are high for customers, so transparent and proactive communication between businesses and their customers is important.
>See also: The 2014 IT Disaster Hall of Shame
Here is a seven-step plan of how companies can ensure a service disruption doesn’t spiral out of control.
1. Assemble your communications team
It will be too late if businesses wait until after a problem surfaces to build a team. Have a pre-assigned team of professionals skilled in handling major issues such as data breaches or service outages.
Ensure customer-facing communication professionals, technical liaisons and legal advisers are available. Establish procedures for swiftly contacting (via multiple devices, numbers and communication modes) and assembling team members.
Assume that teams will need to communicate at the most inconvenient times. With all these in place, you will be prepared for any crisis situations. Tip: If possible, use one-touch conference bridging capabilities to save hours of time.
2. Keep management informed
Whether they are directly impacted by an IT disruption or they hear through social media, send executives messaging guidelines as updates roll in. Some companies use executives to proactively communicate through their social networks. Success requires a delicate balance of transparency without over-sharing, and companies that achieve this are leaps and bounds ahead of those that keep quiet.
3. Keep customers informed
Consumers or end-users are the most at risk when data breaches or service outages happen. If corporate communications are unclear, infrequent or inadequate, customers will be the first ones on social media exercising their right of free speech, which can hurt a company’s reputation.
To avoid this happening, make sure you communicate with customers on multiple devices and platforms until the correct message is heard or seen. Silence is more damaging than the actual incident.
Whilst consumers want updates and assurances that you are taking action, more innovative organisations turn the ‘lemon’ of an incident into ‘lemonade’ by creating an opportunity for customer satisfaction.
4. Keep regulators informed
Current and pending legislation around the world dictates that companies notify regulators of service outages and data breaches in a timely manner. For example, the Monetary Authority of Singapore (MAS) guidelines require that financial institutions notify them ‘as soon as possible’ and that procedures for these notifications be in place ahead of time.
Like MAS, most current legislation contains ambiguous language around timing and lack direct penalties or fines. Still, with so many regulations, it is advisable to stay ahead of the curve when implementing rapid communication capabilities.
Many regulating authorities require notification for institutions located in their area and all entities that control accounts or do business with their residents and businesses.
For global businesses, this could mean having to send notifications in a timely manner to dozens or hundreds of regulatory authorities at the same time. Make sure you set up your communication processes ahead of time.
5. Delivery of message to the masses
Sending a mass email is not enough – business have not satisfied their due diligence just because they ‘tried’ to alert consumers of a data breach or service outage with this. Contact information may be outdated, delivery may fail, or customers may deny getting messages if it helps their cause in issuing a future complaint.
Prepare in advance by keeping multiple contacts for customers, employees and regulators. Utilise communication backup methods for undelivered responses and find alternate communication methods (for instance when email is down with the service, text messages or phone messages would be better).
Ensure that any method of communication allows – or even requires – the recipient to acknowledge receipt of the message so there’s an audit trail of the activity.
6. Continue talking about actions you’re taking
Circumstances can change quickly after consumer-facing service disruptions occur, so keep all your stakeholders informed through direct communications to reassure them that all steps are being taken to mitigate the situation.
Whilst formal, direct communications should be used sparingly. Businesses should use social media channels like Twitter or Facebook messages to be clear and send regular updates on the situation at hand – even if there’s no news. This will help cut down on inbound inquiries and keep everyone in the loop.
7. Targeted communications
Data breaches and denial of service attacks happen because data falls into the wrong hands. After a crisis occurs, companies should target communications as necessary. Yes, transparency is essential to maintaining consumer trust, but an unnecessary amount of communication could be equally harmful.
Publicising information about crisis situations impacting business customers may violate confidentiality laws. Public messages for issues that impact a small number of customers are seen as overkill.
>See also: Are data centres ripe for hacking?
Targeting affected consumers when possible to prevent data leakage will reduce inquiries to the company’s customer service teams and avoid upsetting unaffected parties.
In today’s always-connected world, consumer-facing service disruptions are inevitable. However, companies can limit the damage to their businesses by putting the proper communications in place to alert and keep customers informed during crises, and these seven tips will help get them off to a great start.
Sourced from Teon Rosandic, xMatters