In this column, ValiMail CEO Alexander García-Tobar discusses an aspect of security crisis communications that most companies overlook: Making sure that customers can actually trust the emails that the recently breached company is trying to send them.
In light of the recent OneLogin and DocuSign security breaches, that’s particularly pertinent, he writes:
Here’s a security scenario that’s all too common: A company suffers from a cyberattack, then responds to it promptly and alerts its customers, warning them to change their passwords. But the company remains vulnerable through the very means it uses to alert those customers: Email. In fact, attackers can exploit that vulnerability using email that pretends to be a security warning from the company, targeting customers and wreaking even more damage.