Security breaches are dangerous, but a little human error can make everything worse, if you’re not careful.

Over the weekend, the popular cloud service Evernote suffered a breach that forced the reset of millions of passwords across its user base. That’s a major story in and of itself. But when the email informing users of the issue had a logic flaw in it, it made everything worse.

I’d like to offer some lessons that your association’s IT staff can take to heart so you don’t fall into the same traps.

Far too often, a delay in reporting information or fixing problems can prove to be worse than the initial situation, leading to angry customers and members.

Don’t offer contradictory information: One of the biggest criticisms that Evernote faced over its handling of the hacking incident was that its email to customers was confusing. It included the instruction “Never click on ‘reset password’ requests in emails—instead go directly to the service,” even though the message contained a link to reset passwords. (The advice was sound, but sound advice shouldn’t be contradictory.) On top of this, the reset-password link did not directly link to Evernote’s site but to a tracking domain. “This was just carelessness on Evernote’s part,” wrote Naked Security’s Graham Cluley. “[The domain is] owned by Silverpop, an email communications firm who Evernote has clearly employed to send emails to its 50 million or so affected users. The links in this case do end up taking you to Evernote’s website—but go silently via Silverpop’s systems first.”

Don’t screw up the one thing you were supposed to do: One non-Harlem-Shake-related meme that’s been drawing attention lately is “You Had One Job,” a site that shows images of clearly botched work. The antivirus app Kaspersky had a problem along these lines lately when one of its products failed to allow people to surf the internet after a recent update. A glitch like this annoys customers and can damage goodwill. “Faulty antivirus updates are not uncommon, and nearly every antivirus company has had to deal with them at one time or another,” wrote IDG’s Lucian Constantin. “The impact of a bad update, however, is different from case to case and can range from a mild annoyance to hours of downtime.”

When something is broken, act quickly: Far too often, a delay in reporting information or fixing problems can prove to be worse than the initial situation, leading to angry customers and members. Over the weekend, when the DNS-level security service CloudFlare went down, the service—which touches approximately one in 10 sites on the internet—explained to users what happened in a lengthy postmortem. On the other side of the coin, Yahoo in recent months has faced numerous complaints of security issues involving its email service—including an incident a month ago that allowed spammers to take over accounts. Despite the hijackings, some of the most glaring problems have not been dealt with quickly, leading to user frustration. Being on top of these sorts of issues will help maintain your reputation even when user data is on the line.

Your association may not be working on the same scale as Yahoo or Evernote, but ultimately, when things go wrong—if, say, an email sent to thousands of users accidentally allows them to hit “reply all,” a situation that created a stir at NYU last fall—humans are the fallback for the technology.

And responsive humans aware of the potential pitfalls will help prevent things from getting worse.

(Brand X Pictures/Thinkstock)