The Zappos.com crisis is a reminder for businesses of all sizes to have a customer response plan in case their database is hacked.
Zappos had a plan in place to manage a crisis in which customers' personal information was stolen from a secure database. Needless to say, this is a crisis for any business. But the response, especially the public response, is what can mitigate the damage or ruin a company's reputation.
In short, criminals accessed Zappos servers that contained names, shipping addresses, partial credit card numbers and encrypted passwords of millions of customers. Their response was to be promptly transparent with customers and employees, taking immediate steps to secure their privacy.
Here are some lessons that every business should take to heart:
- Businesses should regularly audit its web site and database security measures. This should be done with independent information technology professionals - that is, independent from the pros that already handle your computer systems.
- Work with professionals to understand the risks and possible situations that could arise if a cyber attack occurs.
- Have a plan in place to immediately address issues of any magnitude. The plan must include internal response to stop the attack and secure your computer servers. And equally critical is a plan to communicate externally to your customers and potential customers. Elements of the external plan must include an honest account of what happened and confident steps made to mitigate the damage. In many cases this will require customers to respond as well, such as changing their passwords. Again, preparedness is the key, because a botched response can kill a business.
- Consider using outside public relations professionals in the event of a full scale crisis. There are P.R. firms that specialize in this. Don't assume you know everything that needs to be done.
- At the appropriate time, review the crisis, the response and the damage. Learn from it and take the necessary steps to further limit your vulnerability. Restore the confidence of your customers with further communication about how their personal information is being safeguarded.