Hencove

View Original

Who’s in your wallet? What you can learn from the Capital One data breach

In late March, a software engineer hacked into Capital One’s servers, accessing the personal data of more than 100 million customers, including 140,000 Social Security numbers and 80,000 bank account numbers. Capital One publicly shared the news on July 29.

How a company shares bad news and what it does next can determine the impact on its reputation for years to come. Capital One chose to manage the crisis quietly and internally, handling customer concerns and complaints behind closed doors, but not every company can (or should) follow that approach. Here are some quick tips to proactively share bad news.

Act and respond quickly

It’s tempting to react drastically in the face of a crisis, but developing a plan is a critical first step in getting a handle on the situation, but it should not delay timely notification (the best practice is to develop a plan before the crisis happens). Capital One took 10 days after identifying the security breach before it alerted customers, which was a long time to wait. Take more than a few days to produce a response and stakeholders may think you’re “buying time” or being dishonest.

If you are working to resolve an issue, establish an open line of communication in which you regularly share information or updates with customers. It’s a little extra work, but shows customers you’re committed to solving the problem and will help to restore their confidence and trust. Even if you can’t provide an immediate fix, it will go a long way toward repairing the damage if your stakeholders have a sense that you’re actively engaged in working the problem.

Don’t sugar coat it

Softening the blow of bad news or “sugarcoating” your message is another temptation. Nobody wants to openly admit when things go really wrong. But a watered-down explanation is rarely helpful.

In one study, when participants were asked to respond to a variety of negative messages, directness was consistently identified as a “communicative virtue.” Deliver the necessary information directly, without jargon, so impacted parties have a clear understanding of what happened and how to move forward.

Consistency is key

When a crisis hits, your full team – from customer service to those who have internal-facing positions – will have a role to play. It’s important to make sure that everyone has the same information about what the next steps are.

Inconsistent messaging can make you look disorganized and unprepared, amplifying the distrust a client or customer may already be feeling. Make sure your team is aware of approved messaging, key points on the issue, and any planned updates to ensure stakeholders receive the correct information, no matter who’s delivering it.

This is another area that becomes easier to navigate if you have already installed a crisis communications plan, because you can train employees before they are put in the position of having to respond and communicate.

Respond with empathy

When your company is in crisis, it’s easy to focus on how it’s affecting day-to-day operations, but consider how your news will affect those impacted and what personal inconveniences you’re introducing.

Ensure your customers feel heard by patiently listening to complaints, apologizing directly, and avoiding defensive responses. You may not have all the answers, but you can help customers feel supported during a challenging time and make them more likely to remain with you after the dust settles.

Offer a plan forward, even if it will change

The first question your customers will have after bad news is: What are you doing about it?

While you may be still working to develop a complete action plan, share what you’re currently doing to resolve the problem. This can include highlighting the investigation of what went wrong, what safety measures are being put into place to prevent it from occurring again.

If possible, include actions items that impacted parties can take to which can help renew their sense of control within the situation. In the case of a data breach, for example, you may not be able to immediately correct every flaw in your system or reverse all of the damage, but offering free credit monitoring and identity theft protection is a way to give stakeholders a sense of immediate security.

You probably won’t be able to avoid crisis throughout the entire life of your company. What you can do is take both proactive and reactive action to mitigate the damage from a crisis. Actively communicating with key stakeholders when a crisis hits (and throughout the aftermath) will help ensure your brand’s reputation – and your relationships with clients and customers – weather the storm.