A crisis can strike at any moment. Last month, credit reporting company Equifax experienced a catastrophic one after revealing that a data breach may have compromised up to 143 million U.S. consumers’ data—an attack former CEO Richard Smith had known about since late-July. With the rising number of data breaches surfacing in the media lately, it has become crucial that companies better prepare themselves in the event of a cyberattack.
“Equifax will not be defined by this incident, but rather by how we respond,” Smith said in a statement. Without further ado, let’s take a look at how Equifax responded, and what PR professionals can do to avoid similar mishaps in the future.
Transparency and timing are imperative.
Throughout any crisis, it’s essential that you keep the public up to date on new information in the case, and outline exactly what steps are being taken to resolve the issue. Equifax’s now-former CEO waited more than a month to make the hack known to the public. In some circumstances, it may make sense for companies to wait and gather all the facts before responding, but with 143 million consumers’ data at stake, a five week wait period was a poor tactic on Equifax’s part.
Surround yourself with a few key personnel.
Time and time again, we see large companies surround themselves with multiple agencies, communications staff, and legal teams. But in the times of a crisis, this isn’t always the best approach. Sometimes, too many decision makers can cause major delays in the response timeline, resulting in a barrage of negative media attention.
Set up customer service lines and response pages immediately.
Make sure you have proper response pages installed on your website ahead of a crisis, as well as customer service lines ready to inform every single victim involved. Equifax did not have nearly enough personnel to handle a crisis the size of the one it faced. Instead of notifying affected customers, Equifax directed them to a data breach website where they were asked to enter private information to find out for themselves. To further the confusion, Equifax tweeted out the wrong website URL, further eroding customers’ confidence in the company.
Be clear in your response.
Don’t flip-flop in your response strategy, especially if you wait as long as Smith did to make his initial announcement. Equifax made several deceptive claims throughout the incident. For example, the company offered customers a free year of credit monitoring, on the condition that they agree not to pursue legal action. But, after receiving backlash on social media, the company back-tracked and allowed customers the option to sue—if they sent a notice within 30 days. Confusing your customers and using ambiguous language or hidden clauses will only culminate in disaster.
Show empathy for the victims.
Last, and most important, show that you genuinely care about the victims involved, and keep them at the focus of the crisis. This can make an incredible difference in whether your messaging succeeds or fails. And of course, please don’t tweet “Happy Friday,” as one Equifax employee did, amid a full-blown PR nightmare.
How do you think Equifax and Richard Smith handled the crisis? Let us know in the comments below.