As more companies suffer breaches and leak private data online, it becomes harder for organizations to be transparent and establish trust with their customers. Recent incidents have shown that many experts underestimated the total impact of a data breach in terms of the actual number of users affected and the volume of data made public. Many companies take too long to notify all the relevant parties about a breach, in some cases waiting months or even years to alert the people and vendors involved. Post-breach responses tend to rely on poorly constructed websites that contain ambiguous lawyerspeak and little actionable information.

But enough of the doom and gloom — how about some positive points of action? Below are my own recommendations to help companies regain trust in the age of the data breach.

Honesty Is the Best Policy After a Data Breach

First, being transparent means being as open and honest as you can. Always tell the truth and don’t hide behind your lawyers. Sugarcoating a breach never works and can easily backfire, creating more negativity and diminishing trust.

Next, take ownership. If your IT department dropped the ball, say so. If your network was breached through a third party, be clear about that, too. If you haven’t segmented your networks properly, say that, and fix the problem as soon as possible.

While many companies may be reluctant to divulge exactly what happened, everyone makes mistakes. Admitting them and clearly explaining what happened can help breached organizations regain customer trust.

Listen to the podcast: Understanding the Media Hacks of 2017

Strengthen Policies and Passwords

Take steps to strengthen your protective policies, products and people. Firing a scapegoat isn’t enough. Instead, invest money and other resources in your security infrastructure and give the right people sufficient authority to make progress with these improvements. Don’t just add window dressing or another firewall layer. If you’ve yet to suffer a breach, you might as well assume that you will soon.

Look at your user base’s password collection and educate them about authentication protocols, single sign-on (SSO), phishing and whaling attacks. Poor password choices are still the easiest way for fraudsters to enter an enterprise. All it takes is one highly placed employee with a weak password and it’s game over. I recently attended a Penn & Teller magic show that featured a segment that makes fun of poor password choices. It’s high time we fixed this problem.

Trust Takes Time

Finally, it’s crucial to realize that information security is a journey, not a destination. Put these practices in place and strive for continuous improvement, not just a one-time quick fix. Make sure you have management buy-in to gradually improve your security posture. Trust takes time, and these are just a few of the many methods to accumulate it.

More from Application Security

Securing Your SAP Environments: Going Beyond Access Control

Many large businesses run SAP to manage their business operations and their customer relations. Security has become an increasingly critical priority due to the ongoing digitalization of society and the new opportunities that attackers exploit to achieve a system breach. Recent attacks related to corrupt data, stealing personal information and escalating privileges for remote code execution all highlight the new and varied entry points threat actors have taken advantage of. Attackers with the appropriate skills could be able to exploit…

Does Follina Mean It’s Time to Abandon Microsoft Office?

As a freelance writer, I spend most of my day working in Microsoft Word. Then, I send drafts to clients and companies across the globe. So, news of the newly discovered Microsoft Office vulnerability made me concerned about the possibility of accidentally spreading malware to my clients. I take extra precautions to ensure that I’m not introducing risk to my clients. Still, using Microsoft Office was something I did many times a day without a second thought. I brought up…

3 Reasons Why Technology Integration Matters

As John Donne once wrote, “No man is an island entire of itself.” With digitalization bridging any distance, the same logic could be applied to tech. Threat actors have vast underground forums for sharing their intelligence, while security professionals remain tight-lipped in a lot of data breach cases. Much like the way a vaccine can help stop the spread of infectious diseases, sharing threat intelligence and defense strategies can help to establish a more secure future for everyone.  So what…

Why Your Success Depends on Your IAM Capability

It’s truly universal: if you require your workforce, customers, patients, citizens, constituents, students, teachers… anyone, to register before digitally accessing information or buying goods or services, you are enabling that interaction with identity and access management (IAM). Many IAM vendors talk about how IAM solutions can be an enabler for productivity, about the return on investment (ROI) that can be achieved after successfully rolling out an identity strategy. They all talk about reduction in friction, improving users' perception of the…