The first few moments on the phone with a cybersecurity client typically start like this:
“My lawyer or insurance person told me I needed to call you…”
“I don’t know what happened.”
“We’re still waiting on a report from the IT people. I don’t know what they’ll find.”
“Can you just tell me what I’m supposed to tell people?”
The reason people land on my doorstep is that they didn’t think it would happen to them.
Maybe they were too busy running their businesses to even know what threats were out there or maybe tuned out when IT and legal professionals essentially plead with business owners to protect their businesses from being hacked.
- How many of your friends or colleagues have been hacked either personally or professionally? What kind of stress and issues did they encounter during the process of trying to regain control of their data?
- How would your business operate if someone took away your ability to access your online files or anything that might be hooked up to the network?
- Picture how your customers would react if there was a disturbance in service? How much would it cost to maintain or buy back their brand loyalty?
- If you run a B2B business, how would you regain your clients’ trust if their confidential information were to be made public?
T-Mobile’s Data Breach Notification: Cyber Communications Basics
First, and potentially most importantly, when you go to T-Mobile’s website, you’ll notice their homepage focuses on their products and services. Up near the top (but not too prominent) is a small banner that directs people to a different landing page that’s dedicated specifically to the August 19th breach notification.
The reason companies do this is because they want to show that they attempted to notify people without causing alarm than with the individuals who either are aware of the situation or may somehow never become aware.
When you go to T-Mobile’s data breach landing page, they serve you a fairly standard cyber security communications combo — the triple-decker sandwich.
Layer of Values “Customers trust us with their private information and we safeguard it with the utmost concern.”
Layer of What Happened with an Apology Garnish “A recent cybersecurity incident put some of that data in harm’s way, and we apologize for that.”
Layer of What We’re Doing to Fix It “We take this very seriously, and we strive for transparency in the status of our investigation and what we’re doing to help protect you.“
T-Mobile then goes into the standard:
- What happened
- What information was involved
- What they’re doing now
Each section is only a few sentences long, with the exception of the What Happened section, which includes a “here” link. Why? Because they’re about to hit you with a BUNCH of details.
Why not have it all on the same landing page?
It’s simple: Because the average person doesn’t want all of that info. A wall of information is overwhelming and frightening, and when people are overwhelmed or frightened they get upset more easily, and if they get upset more easily they’ll launch way more complaints.
While the details of T-Mobile’s recent data breach will continue to unfold over time, the basics of how they communicate a B2C breach are common. But what most of us will never see or hear about is how B2B businesses handle a breach. Those are played with a different set of rules. I’ll serve up a second helping of those rules coming up!
Gillott Communications is a Los Angeles-based public relations firm that specializes in high-stakes Crisis & Reputation Management with more than 50 years of expertise in strategic communications, corporate public relations, and working with the media.
Follow us on Instagram and LinkedIn where we share amazing tips on how to protect your reputation and mitigate damage during a crisis.