Our SecureWorld news team reads a lot of breach notifications, as you would imagine.
Some look like one long paragraph.
Others run several paragraphs but are incredibly cryptic.
And then there is the FAQ format.
A March 2018 breach notification from Frost Bank, which has more than 100 branches in Texas, was particularly crisp.
It's just 337 words, but check out all the company's customers learned by scanning this document in under a minute:
- What happened? A vendor was breached, and check images were stolen
- What does this mean to me? Bad actors could use the scans to forge checks; let us know immediately if you see fraud
- Who was effected? 470 commercial customers who use a particular service
- Is my money safe? Yes, core systems were not breached
- Don't you have protections against this sort of thing? Yes
How do you like that last question?
It is the white elephant in the room (for your customers) after a breach. When this happened, were you doing anything to protect me?
Frost Bank's response was a good one: "Yes, and those protections have prevented countless attempts to gain access to information. In this case, we discovered the unauthorized access using enhanced detection measures."
Lastly, the breach notification example also has specific contact information to report unusual activity or ask questions.
What will your breach notification to the world say?
Does your communication team (maybe that's you) have a plan to make it look like your organization is thoughtful, thorough, and thinking of your customers?
