Essay Example on Data Breach at Trexpendition: Risks and Solutions

Introduction

Trexpendition being an international online booking website is exposed to high risks of a data breach. Compromising secure and private customer information is an occurrence that no company would want to experience. However, this proves to be a greater risk, especially to most organizations offering online services (Baranoff et al., 2009). At Trexpendition, a lack of specialists in the information technology department has led to the occurrence of the data breach. The occurrence has led to the onset of a communication crisis where clients are in and out, making calls and emails demanding to understand why their travel information was available to all, including strangers. The current crisis might have been a result of security vulnerabilities leading to exposures of the website's sensitive information to the members of the public (Baranoff et al., 2009). Trexpendition had not foreseen the occurrence of such a risk in data breaching, explaining its unpreparedness. As a result, there is the onset of a serious communication crisis that requires immediate action.

Is your time best spent reading someone else’s essay? Get a 100% original essay FROM A CERTIFIED WRITER!

Save 25%

Possible Risks that Led to the Data Breach

The Vulnerability of Applications

Software used in a system exhibit crucial vulnerabilities that expose data to external exploitation. Every organization’s information technology experts need to routinely maintain those programs and address any vulnerability before they are discovered by hackers (Baranoff et al., 2009). Trexpendition needs to always be on check out for a released patch of a fixed security vulnerability issue that relates to the programs it uses. Failure to promptly fix the issue exposes the website to the threat of being hacked.

Human Error. Human error, which is an innocent error or mistake, have proven to be one of the biggest sources of the data breach. Employees’ actions may include the use of weak passwords or even sharing passwords with other accounts (Kim et al., 2017). It may also include sending confidential information to the wrong recipients and falling into the traps of scams available on the web.

Malicious Insiders. Some employees who have access to sensitive information try to misuse it. Sometimes they do so for their own financial gains and convenience through selling data via the dark website (Baranoff et al., 2009). When such employees are disgruntled at work, they tend to use the company’s sensitive information maliciously or even access the systems and hack it. The problem is that the malicious person is someone whom the company has trusted (Kim et al., 2017).

Loss of a Data-carrying Device

The physical theft of a device that carries a company’s confidential information is another threatening risk (Kim et al., 2017). Laptops, smartphones, hard drives, and tablets are commonly used by companies to store data. If such a device is stolen without being wiped, it presents a great exposure to a data breach.

Malware

Malware presents a good example of how cybercrimes are easily done. The hackers buy malicious software, and plant malware on systems that they know has any existing vulnerability (Kim et al., 2017). This malware may include key loggers which traps what a person types into a machine, locks the system, and them demands payment to enable users to regain access.

Recommended Risk

The risk which I recommend to be uncovered first is that of human error. Employees need to understand their basic data security measures. The process can be done by employing cybersecurity specialists who will enhance effective cybersecurity (Kim et al., 2017). The reason for this recommendation is because, after careful investigation, I realized that Trexpenditions’ information technology department is not staffed with appropriate cybersecurity specialists.

Message Proposal

Good companies can experience bad occurrences, one of them being a data breach. This occurrence can erode customers and members of the public’s confidence in the company resulting in business and opportunity losses. It is important for the company that has been a victim of a data breach to communicate in an effective and transparent manner. Customers and the public need to be notified about the breach of data in a company to safeguard its reputation. The news about the breach would better arise from official channels in the company rather than being leaked by a third party outside the organization (Millar & Heath, 2013). Transparency is also enhanced when data breach information is made known to customers and the public by the company on time so that their loyalty is maintained. Honesty in communication about malware is important as it shows how best the customers are protected by the company, thus enhancing a better image for Trexpendition.

Ethical and Legal Considerations

Security, trust, and privacy are closely connected just as ethics and law. Violation of privacy poses a risk and is a threat to security (Sellnow & Seeger, 2013). Trexpendition needs to be honest and transparent when communicating with the customers and the public concerning the data breach. It should communicate in a manner that will assure customers of their protection in the aftermath of the data breach. Notifying the customers will help diminish the harm from the data breach and mitigate legal liability (Millar & Heath, 2013). As a result, trust and cooperation will flourish. Legally, companies must adhere to the laid down legal procedures regarding the data breach. Every company owes its customers a duty to protect their information and communicate to them in the event a data breach occurs. Legal rights regarding data include freedom from unauthorized access to confidential data, inappropriate use of data, accuracy when collecting data, availability of data, and right to access personal data.

Most probably, customers will want to know what has happened to their data, what they should do, and the type of information that has been compromised. They would want to be given a direction on whether to alter their passwords or even change their profiles. The full extent of the breach should be explained and the type of data exposed. The reason is that they have a right to know (Veil & Husted, 2012). All the information should be disclosed once the investigation is complete. The information about the attack should be clear and made in a manner that all can understand. The medium to use in communication should be the company’s website and directly to the clients via email.

Proposed message

Message to the Customers

Trexpendition Company

Dear customer,

Notice of data breach

We value your presence and respect the privacy of your information, which is why we are writing to let you know of a information breaching incident at the company. At the onset of the previous month of July, our company system was hacked, and a lot of your travel information was leaked. To our familiarity, the data accessed did not include any personal confidential information. Trexpenation values your privacy and highly regrets that this incident happened. Trexpendion is conducting a review of the affected records in the system and will notify you of any significant developments (Netten & van Someren, 2011). The company has also put down additional security measures to curb the recurrence of such an attack.

Trexpendition is also working closely with law enforcers to ensure the incidence is addressed amicably. We recommend that you remain vigilant by reviewing the internet closely and report to us if you detect any suspicious activity. To protect your information, Trexpendition has resolved on system maintenance upgrade where ease of access to personal information will be limited to each person (Nätti et al., 2014). You will get information on how to access the new website and the privacy statement thereof. You will also receive data on how to review and monitor your account every time you want.

The company is dedicated to ensuring our clients are taking immediate corrective steps to maintain your confidence in us. You deserved better, but we did let you down, we apologize. The most important thing now is for us to regain your trust, and we all hope you give us an opportunity to have you back on board by providing the best experience you have always expected from us.

For further information and assistance, contact the Trexpendition’s data protection officer at the office from 9 am to 4 pm or visit our new official website, Trexpenditionnew.com.

Message to the Public

Trexpendition Company

Notice on data breach

We have recently realized that some user data was compromised by a malicious third party through unauthorized access to our systems. We have engaged in leading technology and security experts who have launched an ongoing investigation (Millar & Heath, 2013). We also have notified the law enforcement individuals concerned. Our affected accounts’ users have also been notified. Various steps have been taken to ensure containment of the situation and prevent future reoccurrence of such a situation. Our top priority remains on protecting our users’ information and enhancing a trust-based environment. The aim of this is to ensure continuity in sharing and growing the world. We, therefore, request you to ignore any mischievous travel information regarding anybody that you might come across on the internet.

We highly apologize for any inconvenience caused. For more information on travel bookings and other services we offer, please visit Trexpendition’s public website, trexpendition.com.

Method of delivery

The best approach to do in a crisis is to communicate facts and issues behind them clearly and amicably. It is important to select a crisis communication team to assess the nature and scope of the risk. It is also crucial to determine the channel to be used to convey the message (Netten & van Someren, 2011). The Apologia communication theory focuses on strategies available to organizations to respond to situations where they have violated public commonly held values (Sellnow & Seeger, 2013). The theory helps in evaluating communication delivered in response to a crisis. The appropriate method to be used by Trexpendition is the use of emails and the website. The customers will receive the information via emails while it will reach the public through the company’s website. Creating awareness to clients and members of the public concerning data breach is crucial as it helps win trust and loyalty from both. The crisis involves violations of personally held values like personal security and the moral duty to protect others from harm (Sellnow & Seeger, 2013). Therefore, an organization’s response to crisis indicates its values to important stakeholders and the general public. The use of email and websites presents an embracement of technological advancement in the communication field and the value for effective communication (Veil & Husted, 2012).

References

Baranoff, E., Brockett, P., & Kahane, Y. (2009). Risk management for enterprises and individuals. Flat world.

Kim, B., Johnson, K., & Park, S. (2017). Lessons from the five data breaches: Analyzing framed crisis response strategies and crisis severity. Cogent Business & Management, 4(1).

Millar, D., & Heath, R. (2013). Responding to crisis. Routledge.

Nätti, S., Rahkolin, S., & Saraniemi, S. (2014). Crisis communication in key account relationships. Corporate Communications: An International Journal, 19(3), 234-246.

Netten, N., & van Someren, M. (2011). Improving communication in crisis management by evaluating the relevance of messages. Journal Of Contingencies And Crisis Management, 19(2), 75-85.

Sellnow, T., & Seeger, M. (2013). Theorizing crisis communication. Wiley-Blackwell.

Veil, S., & Husted, R. (2012). Best practices as an assessment for crisis communication