5 steps for your company to take NOW:
STEP 1: Be sure to watch your company’s credit card charges via your banks’ web sites. If anything is out of the ordinary, contact the bank ASAP.
STEP 2: If your business never accepts credit or debit cards, you can stop reading here. If you do accept credit or debit cards, then it is time to make your incident response plan now. It is better to decide now – rather than in an emergency – what to do if you suffer a breach. Check with your insurance provider about cyber-insurance and be aware of the “caps” that limit your coverage. Make sure the insurance at least covers your notifying everyone who’s ever done business with you. Additionally, make sure that the insurance also covers the costs you will incur by providing free credit monitoring to your customers.
STEP 3: Make a plan for what to do when your customers switch to “the competition.” Be sure you will weather the lost sales as well as the fines associated with the breach. If the breach happens, you may have to invest a lot of money in marketing and advertising to put a positive spin on your company’s loss of credibility. Target has such “deep pockets,” they will bounce back. Make sure you can too. Will you need to raise prices? Target might.
STEP 4: Step up your efforts to build loyalty from your customers. That way, you’ll lose fewer of them. Put even more energy into differentiating yourself from the competition. If you have a breach, your customers will know they are at a higher risk of fraud – all because they did business with you. Generate such loyalty that your customers won’t be concerned that you had the breach. Target is about to find out first-hand how well they’ve successfully differentiated themselves and won the loyalty of customers.
STEP 5: Prioritize your becoming PCI-DSS (Payment Card Industry – Data Security Standard) compliant. PCI is designed to protect you from having to notify all of your customers via preventing the breach in the first place. Most companies don’t know “where to start” in order to become compliant. Many IT Professionals are understandably unfamiliar with the intricacies of the PCI DSS. Here are some tips to make the PCI process simple and easier than ever: “If You Accept Credit Cards-Simplify PCI-DSS”
Please post your comments below.