Although the company said an early investigation "shows no indication that any personal or customer data has been compromised" Travelex has resorted to carrying out transactions manually.
Susan Hall, a specialist in information and communications technology at Clarke Willmott LLP , told Lawyer Monthly the company’s response to the attack has been spot on and other businesses should take note.
Initial indications suggest that Travelex are doing the right thing. Businesses, particularly ones in the financial services sector, have to be prepared to be the focus of a cyber-attack, and this is an example, working through in real time, of what seems to be a disaster recovery plan swinging into operation.
There is a manual alternative to keep services running, clear communication to the public and reassurance about data security.
It’s particularly admirable since it’s multinational and occurring at a time where there are likely to be a lot of people off on holiday.
Make sure that communications come from a senior source who acts as the company spokesman.
Travelex has demonstrated a good model of practice and its model gives us a five-point plan for businesses to protect themselves in similar circumstances.
- First step is to develop a good disaster recovery plan for your business. This plan should be constantly refined and updated and most importantly it should be tested to check it is fit for purpose.
- Response team should be on call 24/7 - cyber criminals don’t sleep so your team can’t either!
- Causation, Correction and Communication: analyse what went wrong, correct what went wrong and communicate what you’re doing.
- Lead from the top: make sure that communications come from a senior source who acts as the company spokesman. It is therefore important to ensure that whoever is on the frontline is appropriately media trained and confident in dealing with press and public enquiries.
- Don’t skimp on resources – throw everything at it that’s needed.