Security Magazine logo
  • Sign In
  • Create Account
  • Sign Out
  • My Account
  • NEWS
  • MANAGEMENT
  • PHYSICAL
  • CYBER
  • BLOG
  • COLUMNS
  • EXCLUSIVES
  • SECTORS
  • EVENTS
  • MEDIA
  • MORE
  • EMAG
  • SIGN UP!
cart
facebook twitter linkedin youtube
  • NEWS
  • Security Newswire
  • Technologies & Solutions
  • MANAGEMENT
  • Leadership Management
  • Enterprise Services
  • Security Education & Training
  • Logical Security
  • Security & Business Resilience
  • Profiles in Excellence
  • PHYSICAL
  • Access Management
  • Fire & Life Safety
  • Identity Management
  • Physical Security
  • Video Surveillance
  • Case Studies (Physical)
  • CYBER
  • Cybersecurity News
  • More
  • COLUMNS
  • Cyber Tactics
  • Leadership & Management
  • Security Talk
  • Career Intelligence
  • Leader to Leader
  • Cybersecurity Education & Training
  • EXCLUSIVES
  • Annual Guarding Report
  • Most Influential People in Security
  • The Security Benchmark Report
  • The Security Leadership Issue
  • Top Guard and Security Officer Companies
  • Top Cybersecurity Leaders
  • Women in Security
  • SECTORS
  • Arenas / Stadiums / Leagues / Entertainment
  • Banking/Finance/Insurance
  • Construction, Real Estate, Property Management
  • Education: K-12
  • Education: University
  • Government: Federal, State and Local
  • Hospitality & Casinos
  • Hospitals & Medical Centers
  • Infrastructure:Electric,Gas & Water
  • Ports: Sea, Land, & Air
  • Retail/Restaurants/Convenience
  • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
  • Industry Events
  • Webinars
  • Solutions by Sector
  • Security 500 Conference
  • MEDIA
  • Videos
  • Podcasts
  • Polls
  • Photo Galleries
  • Videos
  • Cybersecurity & Geopolitical Discussion
  • Ask Me Anything (AMA) Series
  • MORE
  • Call for Entries
  • Classifieds & Job Listings
  • Continuing Education
  • Newsletter
  • Sponsor Insights
  • Store
  • White Papers
  • EMAG
  • eMagazine
  • This Month's Content
  • Advertise
Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • The Security Leadership Issue
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecurityManagementSectorsSecurity Leadership and ManagementCybersecurity NewsRetail/Restaurants/Convenience

Is Cybersecurity Part of Your Customer Service Policy?

For ABC Fine Wine & Spirits in Florida, the path to data breach preparedness began with the realization that great customer service extends to customers’ data.

By Claire Meyer
Is Cybersecurity Part of Your Customer Service Policy?

ABC Fine Wine & Spirits extended their customer service mission to customers’ data by implementing a proactive data breach response plan. Photos courtesy of ABC Fine Wine & Spirits

Is Cybersecurity Part of Your Customer Service Policy?

Just getting started on a data breach preparedness and response plan helped lead ABC Fine Wine & Spirits down a path to more effective and comprehensive cybersecurity, says Lee Bailey, Director of IT Security and Operations. Photo courtesy of ABC Fine Wine & Spirits

Is Cybersecurity Part of Your Customer Service Policy?
Is Cybersecurity Part of Your Customer Service Policy?
June 1, 2017

If a data breach can happen to Home Depot and Target, it can happen to us,” says Lee Bailey, Director of IT Security and Operations for ABC Fine Wine & Spirits, a mid-sized business in Florida with 140 locations and around 1,000 employees.

Four years ago, ABC’s CEO Charles Bailes III took the initiative to champion a more robust data security program at the company, starting with prevention efforts such as beefing up IT security, working on a data breach response plan and acquiring cyber insurance. To drive buy-in from the rest of the business, the CEO personally attended all six of the first major meetings to set up the incident response plan and teams.

“We’re focused on service excellence, and part of that is having a plan in place to mitigate damage to ourselves and our guests” in the event of a cyberattack or data breach, says Bailey.

A team of IT security and legal counsel helped to form the response plan moving forward, working with consultants at CyberScout (previously named IDT911) to craft robust, effective data breach prevention and response plans.

The response plans were developed to be more of a three-team sport. There is the executive team that was at the forefront of the effort, making sure that there was the right buy-in and resources available, says Bailey. Then, ABC developed a first-response team that looked at potential breaches and evaluated their efficacy and impact. If it were verified as a real breach, the incident response team would be deployed to triage. The incident response team would involve not only the IT team, but people responsible for public relations, legal and operations to ensure that everyone is on the same page about how to respond.

The first task was to evaluate where sensitive data is, how much there is, and who has access, and what resources and plans were currently in place to respond to a breach. After examining ABC’s pre-breach posture and determining what technology to put in place to protect data, the enterprise looked to develop a crisis management standard for during a breach, as well as a system for post-breach response, including reporting, guest management and documentation.

One vital element of having a breach-ready enterprise was getting all contracts and services decided, negotiated and in place prior to needing them, says Herb Whitehouse, In-House Legal Counsel and Director of Legal Services for ABC Fine Wine & Spirits.

“We don’t want to spend time negotiating contracts for resources during a breach,” says Whitehouse. A few experts are on-call, such as an attorney specializing in data breaches (and whose fees would be covered by a cyber insurance policy), a forensics firm and an external communications specialist who could help address the media and customers following an incident. If a call center is needed for post-breach customer service, ABC Fine Wine & Spirits already has a written agreement in place with CyberScout, so guests will be well taken care of throughout the process.

Whitehouse is also looking into adding another CyberScout service, which would provide data breach aid and customer service for ABC employees, so if an employee’s credit card is compromised elsewhere, they can rely on the employee benefit to provide information, assistance, peace of mind and education about good cyber hygiene, which could bring benefits in employee productivity and cybersecurity back to ABC.

Cyber insurance was also on the list of key contracts, and getting a policy actually helped direct ABC to other trusted experts and vendors in the cybersecurity arena, as many insurers have lists of preferred vendors.

“Organizations have been, maybe, over-relying on cyber insurance, and not everyone knows what’s in their cyber insurance policy,” says Eric Hodge, Director of Consulting at CyberScout. “It’s a little sad when you get to that point of someone calling about a breach, and they don’t know if the incident response component is covered or just the cost of notification or maybe some of the business or customer losses that they may see as a result… It’s important to remember that good practices go along with having that insurance. It’s almost like how you have to drive your car safely in addition to having auto insurance. The auto insurance isn’t going to keep you from getting in a wreck, and you don’t want to be in a wreck no matter if you’re insured or not. It’s your responsibility to be proactive here, in taking the measures and putting the right measures, technology and educational components into place so you can avoid falling back on those insurance policies.”

“A lesson learned here was: Just start,” says Bailey. “If you start, it will take you down a path.”

He adds that “Security is a nebulous term, and at the beginning of the process, you should pick a standard (such as the NIST Cyber Security Framework, or a more sector-specific guideline) that makes the most sense and measure your program and efforts against it.”

In addition, companies should ensure that policies and procedures are improved every year, Bailey says, and they should perform tabletop exercises and drills to gain insight into their crisis response. ABC is working to educate team members through phishing tests and compliance training, and Bailey and Whitehouse are always on the lookout, with help from their partners, for ways to make their tools and procedures better.

 

Where to Start on Your Data Breach Response Plan

There are two starting points on this journey: starting with something already in place, and starting with nothing, says Eric Hodge, Director of Consulting for CyberScout.

For both, however, he recommends beginning with walk-throughs and tabletop scenarios relevant to that industry and geography, with multiple stakeholders at the table. For example, in California, what if an earthquake disrupts your network access? Or in the healthcare industry, what if a breach is discovered in your patient data? Companies with a plan already in place may still have difficulty addressing these scenarios, depending on the level of training stakeholders have received and the depth of planning.

“What jumps out at me is the lack of treating this as a team-oriented emergency or process,” says Hodge. “Oftentimes, (enterprises) will put in a technical solution – they’ll patch a server or make a change to a firewall – and then consider it finished. They won’t involve the other components of the organization that have a hand in this as well, either from a process and policy perspective, from tone at the top perspective or even a strategic perspective. One of the biggest problems we find is the mindset that ‘Oh, that’s an IT issue; IT solved it; Problem over. No need for us to worry about it up here in legal or in leadership.’”

After evaluating the shortcomings, gaps and strengths of a company’s response, sit down with the most relevant stakeholder – whether that’s IT, security, the CFO, COO or even CEO – to discuss the results and come up with a plan to fix any issues.

According to Lisa Berry Tayman, Sr. Privacy and Information Governance Advisor for CyberScout, one essential stakeholder is the legal department. “There are a lot of legal questions that are going come up from the very get-go on a data breach situation,” she says. “(Enterprises) are going to need to make decisions about whether a legal hold needs to be instituted, whether they believe that litigation is reasonably anticipated; they need to think about attorney-client privilege with what they’re doing and what they’re talking about. Then there’s lots of laws that are now in place, and they may need legal help in deciding how they’re going to comply with those laws and regulations when it comes to breach notification.”

This can include discussing contractual obligations regarding breach response, such as building a forward-facing policy for employees and vendors to report data risks and breaches, so all parties know who to notify in the event of a breach.

Three major factors can drive continuous change to an enterprise’s data breach response planning and responsibilities, says Hodge:

  • Technical – attack types and tactics change constantly

  • Regulatory – compliance requirements at the state and national levels

  • Best Practices – new frameworks, recommendations, models and processes

“There are changes to state data breach notification rules every year,” says Tayman. “Response plans are no longer a nicety; they’re a necessity for all businesses.”

KEYWORDS: Customer Service in Security cyber risk mitigation data breach data breach response

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Claire Meyer is a former Managing Editor for Security magazine.

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Security Enterprise Services
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Security Leadership and Management
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    New Security Technology
    By: Charles Denyer
Manage My Account
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

Middle East Escalation, Humanitarian Law and Disinformation – Episode 25

Middle East Escalation, Humanitarian Law and Disinformation – Episode 25

Security’s Top 5 – 2024 Year in Review

Security’s Top 5 – 2024 Year in Review

The Money Laundering Machine: Inside the global crime epidemic - Episode 24

The Money Laundering Machine: Inside the global crime epidemic - Episode 24

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Sureview screen
    Sponsored bySureView Systems

    The Evolution of Automation in the Command Center

  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

Popular Stories

Rendered computer with keyboard

16B Login Credentials Exposed in World’s Largest Data Breach

Verizon on phone screen

61M Records Listed for Sale Online, Allegedly Belong to Verizon

Security camera

40,000 IoT Security Cameras Are Exposed Online

Fountain pen

Trump Administration Executive Order Changes Cybersecurity Policy

Red spiderweb

From Retail to Insurance, Scattered Spider Changes Targets

2025 Security Benchmark banner

Events

July 17, 2025

Tech in the Jungle: Leveraging Surveillance, Access Control, and Technology in Unique Environments

What do zebras, school groups and high-tech surveillance have in common? They're all part of a day’s work for the security team at the Toledo Zoo.

August 7, 2025

Threats to the Energy Sector: Implications for Corporate and National Security

The energy sector has found itself in the crosshairs of virtually every bad actor on the global stage.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • Your #1 De-Escalation Technique: Customer Service

    Your #1 De-Escalation Technique: Customer Service

    See More
  • customer service

    How to Evaluate Your Access Control Provider’s Customer Service

    See More

Related Products

See More Products
  • 9780367259044.jpg

    Understanding Homeland Security: Foundations of Security Policy

  • 1119490936.jpg

    Solving Cyber Risk: Protecting Your Company and Society

  • security culture.webp

    Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products
×
ABC Fine Wine & Spirits extended their customer service mission to customers’ data by implementing a proactive data breach response plan. Photos courtesy of ABC Fine Wine & Spirits
Just getting started on a data breach preparedness and response plan helped lead ABC Fine Wine & Spirits down a path to more effective and comprehensive cybersecurity, says Lee Bailey, Director of IT Security and Operations. Photo courtesy of ABC Fine Wine & Spirits

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing

Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • The Security Leadership Issue
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!