3 Rules For Managing a Data Breach--or Any Other Crisis
Hopefully, you know how to prevent a full-scale data breach at your company. But even the most secure networks can be hacked. Especially during heavy sales periods like the holidays, you need to have a plan for when the worst happens.
Eric J. McNulty, the director of research for Harvard's National Preparedness Leadership Initiative, says he has a simple guide that will help lessen the impact of any nightmare event. McNulty writes in Harvard Business Review that every crisis is a tangle of situations that all have different needs and concerned parties, each requiring different actions. It can be painful to track all the ways a crisis is affecting the perception and bottom line of your company, but McNulty says you need to act fast and according to a pre-determined plan.
Remember, it's not the size of the problem that makes a breach or recall bad, it's the overall damage it does to your reputation and your company's. Below, read McNulty's three rules to guide leaders through disaster.
Make trust your compass.
At the end of the day, even if every one of your customers is now a potential victim of credit card fraud, they need to trust what's coming out of your mouth. "The first step is to ensure certainty about the values that will drive decision making. In this case, trust should be the 'true north' for [your company] in its dealings with its many stakeholders," McNulty writes.
That means your customers have to hear it from you first, or else it looks like you're covering up something. McNulty cites the way Johnson & Johnson's CEO James Burke handled Tylenol's 1982 cyanide crisis like a pro: "[Burke] saw that the most important objective was to restore the confidence of customers and other critical stakeholders, and moved aggressively to do that," he writes. "If there is a short-term financial hit, take it and move forward."
Identify the damage and stakeholders.
Next you have to "map the constellation of situations and their stakeholders," McNulty writes. Get the dry erase board out and write out each situation the crisis is affecting. Target's board should have included "security, legal, law enforcement, customer relations, media, shareholder, employee, the board, card issuers and providers, regulatory, and more," he writes. Not much detail is needed: "The purpose is to fix in your mind the awareness that you are dealing with a complex, dynamic problem," he writes. "The angle you overlook in the crisis may be the one that causes the greatest damage in the end."
McNulty warns that a poor response could set off a series of even worse crises. He advises looking for gaps in your plan and filling them in as the crisis evolves. "This is a continuous loop of adaptive thinking--perceiving, orienting, and predicting; and acting--deciding, operationalizing, and communicating," he writes.
Always be prepared.
Lastly, know your company's vulnerabilities and response protocols. Never say the worst can't happen to you, McNulty says. "In an increasingly complex and turbulent world, any day could be the one that your career or even your company depends upon your skill leading through a crisis," he writes. "Are you ready?"