Back in the days of the Cold War, every country had a doomsday plan to be used in the event that the worst was ever to happen. Sirens would sound, alerting all those affected to the potential threat, and everyone would cross their fingers and hope for the best. In my home country Ireland, citizens were advised to turn their backs to the blast and stay under the stairs (tough luck if you lived in bungalow).In the spirit of the Cold War, companies should have their own doomsday plan ready to go if a crisis hits (and, like during the Cold War, should hold regular drills to ensure preparedness).
This week, the UK’s largest mobile phone store, Carphone Warehouse, demonstrated the danger of not deploying a doomsday plan as soon as a crisis hits. The chain was hit on Wednesday afternoon last week by a cyber-attack, with the credit card details of up to 90,000 customers potentially stolen, as well as the personal details of 2.4 million more customers.
This is obviously a crisis in itself and demonstrates the need for companies to really up their game against hackers. However, what made this crisis even worse is that Carphone Warehouse didn’t start contacting customers until Saturday – three days after the attack took place.Angry customers took to Twitter upon receiving emails notifying them of the incident, lambasting the company for keeping them in the dark for seventy two hours.
In response the company issued a statement saying that the ‘sophisticated cyber-attack’ was halted as soon as it had been discovered, and that additional security measures had been put in place. The CEO also issued a statement, apologising to any customers who had been affected, adding that ‘We take the security of customer data extremely seriously’.
Compare this episode with social media site, Buffer, which after being hacked in 2013, responded in just sixteen minutes, informing users via Twitter that they were aware of the problem and were working to resolve it. What’s more, this was at around 2 pm on a Saturday afternoon. As a result, instead of being bashed by customers, they were receiving fulsome praise for their speedy response and transparency.The Carphone Warehouse episode highlights both the importance of being prepared to deal with new threats such as cyber-attacks, and the need to inform customers immediately when those attacks take place. A customer finding out that their personal data may have been compromised is one thing – finding out that you may not have been informed immediately is quite something else.
Even if a customer’s data has not been compromised, it is still much better to alert them to the threat early, rather than take a risk and leave it to chance.
In the age of cyber-warfare companies need to employ some Cold War thinking and ensure that they sound the air raid sirens at the first sign of disaster.