Sharing Too Little Information
The flip side to sharing too much information is sharing too little. The point of notifying customers is to allow them to protect themselves, so share what you can in order to help them do so, Tripwire's Erlin notes. "There's nothing more frustrating than a notification that really doesn't tell you enough to take action," he says.
Not saying something is a lie of omission, adds James Carder, CISO at LogRhythm. "This is never a good thing and could cause significant damage to your brand," he says. Organizations that are unsure about their obligations should hire an incident or breach adviser or consultant with expertise around breaches, breach disclosure practices, and subsequent public relations. "If you do it right, you will minimize the negative impact of the breach and might even come out looking better than you did prior to it," Carder says.
Image Source: Shutterstock