July 29, 2014

Reputation Management: Why Every Business Should Make It A Priority

There’s no doubt that a security breach can damage an organization’s reputation.

What happened to eBay earlier this year is just one example. The online auction site was a victim of a large-scale cyber attack when a database containing the encrypted passwords and other non-financial information of up to 145 million customers was hacked.

Part of eBay’s incident response plan was to ask customers to reset their passwords – and many did. But that wasn't the only customer response.   

A study by the security company Clear Swift found that the security breach made a huge dent in eBay’s reputation too. In the study, 49% of adults online said they would be less inclined to use eBay in the future.

While this may be an extreme example of the damage a security breach can do, it shows why reputation management is so important.  

Reputation is one of an organization’s most important and valuable assets.

The Ponemon Institute’s 2014 Cost of Data Breach Study: Global Analysis, sponsored by IBM, showed that reputation and the loss of customer loyalty does the most damage to the bottom line. Not only that but “in the aftermath of a breach, companies find they must spend heavily to regain their brand image and acquire new customers.”

An earlier study by Ponemon called Reputation Impact of a Data Breach estimated the economic value of a corporate brand or reputation to range from a value of less than $1 million to greater than $10 billion. “Depending upon the type of information lost as a result of the breach, the average loss in the value of the brand ranged from $184 million to more than $330 million.”

Here are reputation management tips to keep in mind:  

  • Create a culture of security throughout the organization with a clear security policy. Train employees in information security best practices. Conduct regular security audits of the office to assess security performance.
  • Equip all in-office and portable computers with protection including encryption, firewalls, password protection, etc.  
  • Align security with finance. An article posted at CFO.com stated: “While many information-security managers currently report to the CIO or the CEO, aligning security with finance fortifies the link between security investments and the company’s business objectives.”
  • Consider investing in cyber insurance – it may help organizations reduce the cost of a breach.
  • Create a comprehensive document management process. Limit internal access to confidential information and keep it secure from creation to disposal.
  • Shred all confidential documents before recycling. Partner with a document shredding company that provides document destruction best practices including locked consoles, secure on or off site destruction and a document of destruction after every shred.
  • Implement a shred all policy so that all documents are destroyed when no longer needed.
  • To deal with breaches that may occur, put an incident response and crisis management plan in place. Efficient response to a breach helps contain the damage and reduce the cost.
  • Appoint a CISO (Chief Information Security Officer), and involve the company’s business continuity management team in dealing with the breach, recommends the Ponemon research.

Learn more about reputation management and protecting your business.