The threat of a cyber security attack never goes away, just ask Marks and Spencer or the Coop. Both businesses have had significant attacks lately and are struggling to come to terms with and ultimately resolve the issues. The fact that they have been hacked does not necessarily mean that the systems or procedures are weak. Cyber security is an arms race and just as you plug one whole a new attack is created.
The real issue is how you deal with the situation. How do you cope with your business as usual under very unusual circumstances while recovering your systems? Most importantly what is it that you tell your clients? In my book, telling is better than not. Pretending that everything is just fine will catch you out in the end and it will be harder to recover your reputation.
Successful communication of a cyber security incident should cover the following:
- Admit that there is a problem
- Apologise for any convenience caused
- Say what it is that you are doing to solve the issue (in general terms)
- Describe what this may mean to the customer, including how it might inconvenience them
- Thank the customer for their patience
- Promise to keep them up to date with further communications.
I have included the latest communications from the Coop, which covers it very well.
As you may be aware, we are currently experiencing significant disruption following a cyber-attack on our Co-op. As a Member-Owner of our Co-op, we want to be open with you about where we find ourselves right now, so I am writing to you personally to give as clear a picture as I am currently able to provide.
The criminals that are perpetrating these attacks are highly sophisticated and our colleagues are working tirelessly to do three things: (1) protect and defend our Co-op, (2) fully understand the extent of the impact caused by the attack and (3) provide much needed information to the authorities that may help them with their investigations.
Actively managing the severity of the attack has meant shutting down some of our systems to protect the organisation.
That said, our front-line colleagues are focused on minimising any disruption that might be experienced by our members and customers.
As previously communicated, we have established that the cyber criminals were able to access a limited amount of member data. This is obviously extremely distressing for our colleagues and members, and I am very sorry this happened. We recognise the importance of data protection and take our obligations to you and our regulators seriously, particularly as a member-owned organisation.
I appreciate you will want to know more, and I hope you will understand that in order to protect our Co-op, we are limited as to the detail we can communicate at this time. I thank you for your patience and I will be back in touch as soon as possible.
In the meantime, we want to direct you to some resources, click here for information that may help with your concerns, and click here for answers to questions you may have.
Thank you for your continued support.
Shirine
CEO of the Co-operative Group
I wish them and anyone else undergoing such traumatic circumstances well.
Thoughts from a Guerrilla Worker 