Risk Report
The major cause of information leakage in Trexpedition company to the internet domain was unknown to the companies managing director; thus, customer complaints raised his concern over the issue. As a result, he decided to investigate customers' claims that their information had leaked to the online domain.
In efforts to establish the potential risks that caused the leakage of information, the managing director was tasked to conduct research and investigation over these allegations and come up with a detailing report explaining the major risks that might have prompted the leakage of information into the internet. The major reason why the company Trexpedition encountered a data breach is the lack of cybersecurity specialists ( Cheng et al., 2017 ). Cybersecurity specialists ensure that a company’s data is well-secured, keep the servers up to date with the latest security specifications, and ensure that all risks are identified, and respective action is taken promptly.
Delegate your assignment to our experts and they will do the rest.
The three major risks that might have caused the data breach in Trexpedition company include; inefficient and obsolete cyber protection, which allowed access by external parties with malicious activities. Dislike by competitor companies who can sponsor cybersecurity specialists to interfere with the company’s information systems to gain a competitive advantage by tarnishing Trexpedition’s reputation. Two significant risk mitigation measures that can mitigate the company's identified risk include; First, bringing on board a cybersecurity professional to ensure that the company’s cyber systems are up to date and do not face attack threats. Secondly, Trexpedition company ought to enforce security protocols that reduce the risk of external attacks through the newly elected cybersecurity professional. These two strategies will provide the company with practical risk mitigation measures to prevent future attacks. Jane and June should hire the services of experienced cybersecurity professionals.
Message Proposal
Data breach in companies results in the release of customers' confidential information to the public and the internet at large. This is dangerous for companies because customers and users provide their information with the assertions that the company has effective data protection measures to ensure their information is safe. According to Gwebu et al., (2018), it is essential to notify customers of incidences resulting in data breaches in the respective organization. It is against the company’s privacy policy and the agreement between the company and customers. When notifying customers of a data breach in an organization, the notification mode should be formal and should be done through a more secure channel, not the source of the data breach.
According to Janakiraman et al., (2018), depending on the organization's size and structure, some specific people should be tasked with notifying customers of a possible data breach in organizations. However, if the company has an active managing director, it is their responsibility to notify the customer of a data breach. Customers need to be notified because their data is available on the internet, and any person with malicious activities has access to this crucial information. Keeping customers and the public informed about the data breach in the organization is essential for their good and that of the company. Customers are notified of data breaches to take necessary precautionary measures that include being aware of irrelevant emails and phone calls that often result in more information loss ( Barona & Anita, 2017 ). A customer can be requested to provide more information required by external parties to conduct malicious activities.
When notifying its customers of a data breach, there are substantial legal and ethical concerns that Trexpedition company should consider. For example, the Trexpedition company should vet all employees, not only those affiliated to the cybersecurity department but also those from other departments, to ascertain their ethical credibility to holding the respective offices. Despite the lack of particular legal standards for cybersecurity professionals to adhere to, the company should ensure hired cybersecurity professionals meet the minimum legal qualifications and standards. On the other hand, Reed and Matthew ( 2015) state that legal concerns that should be considered before communicating the data breach incidence to customers include some customers who might threaten to sue the company for leaking their personal information online; consequently, the company should be prepared to deal with such cases. The first step is identifying the facts concerning the data breach to avoid disclosing wrong information to the company’s customers. In cases where exact facts have not been identified, it is essential to notify the customers that the data breach's exact source has not yet been identified. Communicating promptly after a data breach has occurred is essential to the Traexpedition company as it helps maintain the trust that has existed between the company and its customers.
When making the communication to customers, it is recommended that only the identified facts be communicated to customers while leaving the unknown and informing customers of what is yet to be identified. Honest communication is key; through the managing director, customers should be notified honestly of what happened ( Solove & Citron, 2017 ). In the case of Traexpedition company, customers need to be notified of the inefficiencies that involved cybersecurity who are not professionals. Information being communicated should be made personally using the customer's emails or personal communication means and not through the press. Lastly, after the communication is made, customers will want to know several requirements that should be answered honestly without any lies.
Proposed Message
Message to customers
Dear Customer,
We are writing this message to inform you of an incident that prompted our customers' personal information to the internet. Traexpedition company is already aware of the data breach since several customers called to inquire about their personal information in the online domain. Nevertheless, we are not aware of any incidences that entail misuse of customers' information; the Traexpedition company wishes to inform you and other potentially affected customers of the incident. It is not our wish to lose customer's personal information to malicious activities. We wish to notify you that the company is concerned and is already taking the necessary measures to prevent the occurrence of a similar incidence in the future.
Several customers informed us that their information was available on the internet; this prompted immediate action from the cybersecurity team to secure the companies information in the best way possible. Besides, the company is planning to hire more skilled and professional cybersecurity to prevent a similar incidence in the future and guarantee the safety of customers' private information.
Message to the Public
We are writing this message to inform the public of a data breach at Traexpedition that led to customer loss of personal information. The data breach occurred due to incompetent cybersecurity professionals who failed to update the company’s cybersecurity systems to more secure versions after the old versions became obsolete. We wish to plead with the public that incases you come across any customer's information via the internet, do not use the information for malicious purposes. Concerning the steps taken by the company to move forward and avoid the occurrence of a similar incidence in the future, the company is determined to hire professional and skilled cybersecurity professionals who will help restore the company’s reputation by enforcing safe cybersecurity measures and strategies to prevent another data breach incidence.
Method of Delivery
To ensure this message is efficiently delivered to customers and the public, the Traexpedition company intends to use two different delivery methods, one method for the customers and the other one for the public. For the company’s customers, this information concerning the breach will be delivered using personal communication means. Customers should be notified on a personal basis to give room for answering any questions they ask, and provide an explicit explanation on the major cause that led to the data breach since customers personal information is involved. On the other hand, the public will be notified via a press held by the company’s managing director to announce the data breach, the major cause of the data breach, and the actions the company has taken to prevent future data breach incidence.
References
Barona, R., & Anita, E. M. (2017). A survey on data breach challenges in cloud computing security: Issues and threats. In 2017 International Conference on Circuit, Power and Computing Technologies (ICCPCT) (pp. 1-8). IEEE.
Cheng, L., Liu, F., & Yao, D. (2017). Enterprise data breach: causes, challenges, prevention, and future directions. Wiley Interdisciplinary Reviews: Data Mining and Knowledge Discovery , 7 (5), e1211. https://onlinelibrary.wiley.com/doi/full/10.1002/widm.1211
Gwebu, K. L., Wang, J., & Wang, L. (2018). The role of corporate reputation and crisis response strategies in data breach management. Journal of Management Information Systems , 35 (2), 683-714. https://www.tandfonline.com/doi/abs/10.1080/07421222.2018.1451962
Janakiraman, R., Lim, J. H., & Rishika, R. (2018). The Effect of a Data Breach Announcement on Customer Behavior: Evidence from a Multichannel Retailer. Journal of Marketing , 82 (2), 85–105. https://doi.org/10.1509/jm.16.0124
Reed, A., and Matthew, G. ( 2015 ), “Millions of Anthem Customers Targeted in Cyberattack,” The New York Times (February 5), http://www.nytimes.com/2015/02/05/business/hackers-breached-data-of-millions-insurer-says.html .
Solove, D. J., & Citron, D. K. (2017). Risk and anxiety: A theory of data-breach harms. Tex. L. Rev. , 96 , 737. https://heinonline.org/HOL/LandingPage?handle=hein.journals/tlr96&div=28&id=&page
