Burrito and guacamole for lunch? You might have been thinking about going back to Chipotle, but now, in addition to food safety concerns (we’ll save that for another blog entry), Chipotle has suffered a data breach that may have revealed payment data for many of its customers.
Cybersecurity challenges continue to plague large organizations and are especially impactful for high profile brands. Whether it’s an unsecured laptop, phishing scam or direct hack, organizations are training their team members to spot all types of cyber attacks. And while an ounce of prevention is worth a pound of data, how do you keep front line staff on top of all the threats and respond appropriately to customer concerns?
Today, we examine three tips for being prepared for data breaches and how to respond to guest concerns.
1. Cybersecurity policy
If you haven’t already, cybersecurity related policies, procedures, training and awareness should be step zero of protecting your organization’s data, customer’s data and your brand. No matter the size of your organization, the threat to your business is real. Data is some of the most valuable currency today and there are numerous hackers looking to poke holes and take what data they can get.
Setting your security policy does not have to be onerous. You can find one of many sample policies to start with and look to modify it based on your firm’s activities and risk tolerance. Remember, keep the policy simple and straightforward and something that will stand the test of time. Policies should guide the business approach, not dictate the “how.”
Having a policy in place also makes it easier to communicate to guests what your security posture is and how seriously your organization takes the security of guest data. Leaks in personal information, in addition to credit card and other travel information, can compromise guest confidence.
2. Security procedures and training
Establish procedures and related training and awareness. This is where the “how” is established. Your team members should be trained on what appropriate procedures are, including how to login, logout, or protect sensitive data. And this is where many organizations get it wrong. Don’t underestimate your team and how cyber-literate they might be. Habits (especially bad ones) developed using personal computers and devices at home readily carryover to the workplace. Do they logout when leaving their workstation to chat with a colleague? Are apps being haphazardly installed on work tablets? Do team members share their passwords to help new colleagues? Be specific in establishing the ground rules.
Once you have worked out the details, train your team members on critical aspects of cybersecurity. All team members need to be keenly aware of the consequences of data breaches and how to respond to guest concerns regarding a data breach. Most brands are most vulnerable in the period of time between acknowledgement of a data breach and the investigative response. Because it often takes a lot of time and resources to fully understand the nature and source of a data breach, organizations find it difficult to respond to customer inquiries. Train your team members by providing short and concise messages to relay to guests. Remind your team to not conjecture about what might have happened. Conclude with messaging about what actions the organization is now taking and how it will keep guest information secure.
3. Continuous awareness
Do you know what Vishing, Smishing or Link Manipulation are? Maybe not. These are all types of phishing techniques. Unfortunately, security protection and hacking schemes are continuously evolving. As protections get more sophisticated, so do the hackers. But one thing that is always vulnerable are your team members.
Human curiosity is difficult to manage. Have you gotten a text from “your bank” to verify credentials? Or an email from “Google Mail” to validate account information? These techniques work, and work more often than you would think. Over the last five years, the IRS has reported nearly a million reported scam contacts and personal losses of over $25 million. Everyone is vulnerable.
It is crucial to continuously remind your team to be on the lookout for various phishing schemes and any new phishing techniques deployed by hackers. Continuous awareness does not have to equate to hour-long training. A few questions about cybersecurity, provided on a continuous basis throughout the year, can build up your team’s knowledge of security issues, keep up with the latest schemes and reinforce the message that cyberattacks are “always on” and our guard should be as well.
So, hopefully your team is ready for a potential data breach, because it is likely to happen. Establish your security policies, train your team members on the policy and guest response approach, and keep cybersecurity awareness high across your organization on an continuous basis.
You might not be ready to swipe your credit card at Chipotle, but you are ready to keep your organization well-protected.