Telecommunications company Talk Talk are coming under increasing pressure over their delayed response to a cyber attack on their website which took place last week and resulted in the loss of confidential customer data to cyber criminals. The company apparently took 24 hours to report the breach to the Information Commissioner and even longer to tell customers that their data was at risk.
The cyber hacker seems to have used a denial of service attack on the Talk Talk website as a distraction, whilst they hacked into the company network and stole customer data. This data is now reportedly being used by criminals to commit identity fraud and to attempt to scam customers into parting with their funds.
Of course, it is easy to say with hindsight that someone has not acted quickly enough in response to a business disruption. When a crisis of this nature hits, then it may not be immediately apparent what has happened, how serious the security breach is, and what data has been lost. Indeed, it can take some time to get a response team together to address the issue. It can take even longer to get the necessary senior employees together in a room or on a conference call to authorise the kind of action that is necessary in going public with an issue that will inevitably impact on its reputation.
This is what we at Crises Control, along with many others, call the ‘Golden Hour’. Those 60 minutes when your action, or lack of it, can determine what happens over the next few days and weeks and even months. With 24-hour rolling news, and the impact of social media, the global spread of information about such emergencies has speeded up massively and so has the need for an immediate company response. This is why business disruption best practice now demands that a company not only identifies their main risks, but also puts in place a pre-arranged action plan that determines who is responsible and how they will respond.
Put such an action plan together with a robust and dedicated communications channel that will allow the response team to talk to each other wherever they are in the world and you have a fighting chance of getting your response in before the issue begins to run out of your control. Reduce that Golden Hour to a few minutes by using automatic trigger alerts and automated messages to your entire response team and supply chain and you start off with an even better chance of success.
Talk Talk have now gone into crisis management overdrive, with their CEO appearing on every news bulletin to give an update and reassure customers. But the issue has already been framed and they are now playing catch-up. It may be a case of too little, too late.