In the lead up to the holiday season we’re rolling out the tried-and-tested “12 days of…” formula for our Hints & Tips posts. As today’s the first of December, it seems like a good time to start, and this story from Australia has provided the inspiration for this morning’s post.
JB Hi-Fi, one of the country’s most popular music and entertainment retailers, was the victim of a server hack. The result: users were reportedly re-directed from the company’s website to Chinese websites loaded with malware (for those non-techies who’ve never been infected, malware is malicious software – it does pretty much what it says on the tin). For this reason we’ve broken with convention and not linked to the site, as we’d hate to be responsible for exacerbating the problem.
In fact, most of the websites mentioned in the article on The Sydney Morning Herald website have experienced malware problems recently, including Whirlpool (a broadband discussion forum), Overclockers Australia (an online community for computer enthusiasts), and OzBargain.com.au (a discount online retailer). Each of these sites is frequented by tech-savvy visitors and in that respect the users are probably lucky in that they’re inherently better prepared for the trauma of a malware attack.
However here in the UK, online shopping is far more prevalent, and far less the domain of technophiles. Online commerce is easier and more pragmatic – products shipping from Birmingham to London arrive more quickly than they do in Sydney, for example, so the lesson for local retailers is clear. Protect your customers.
The holiday season increases the risk of infection many times over for three key reasons. Firstly, more trades will be conducted, so the law of averages says sooner or later someone’s going to get infected. Secondly, occasional users trade more during holidays, so you have a larger population of inexperienced users throwing themselves into the mix. Thirdly, with more trades, and easier victims, it’s a great time for hackers test their skills – it’s an opportunity for big, quick gains.
We’re not technical advisors, so in the first instance, check/flag any issues with your server manager. Send them this link (http://www.smh.com.au/technology/security/jb-hifi-website-served-malware-20091201-k2p3.html) if you need to.
From a crisis management perspective, here are five things you can do this week to help improve your chances of successfully managing a malware attack beyond the technical fix (should you be so unlucky):
Familiarise yourself with the Information Commissioner’s Office. As a regulatory authority it’s there to protect consumers, which means it’s in their best interest to help you do exactly the same. It also means that if you don’t manage a crisis well then you should expect a call, and it’s always better to know who you’ll be dealing with. In the first instance a visit to the Data Protection Act guidelines is a good idea as well. Dry reading, but important.
Increase your online monitoring. The great thing about malware attacks is they spike discussion forum traffic, and this can help you spot a potential issue well before it ever hits your system. So get your digital monitoring team or web agency to work enhancing your monitoring for the next few weeks. Suggested search terms to add (there’ll be plenty of others you can look for, including specific program names): retail, hacking, malware, data theft, data loss, server hack. Please post suggested additions in our Comments section.
Understand what your continuity plan is. In the event that you do experience a malware attack (or any other kind of online crisis really), it’s essential to know if and how this part of your business can continue to function. It’s time to buy your server manager that beer you’ve been meaning to.
Plan your communications in advance. Regardless of the nature of the problem, there aren’t really that many ways it can turn out. Among the most common are likely to be: infecting customers with malware, sharing of customer information, loss of customer information, loss of e-commerce functionality, loss of website. While it’s true that the details may be important on the day, you can save yourself a lot of time by planning in advance how your business is going to respond to each of these scenarios.
Put your crisis team on notice. This includes your agency support if you have it (and if not, now’s a really, really good time to get some). It’s holiday season – chances are half your team will be away. Know in advance who their deputies or alternates are, and make sure everyone’s briefed on management and contingency plans before you break up for the holidays. If you’re in a business that closes down between Christmas and the New Year, or runs a skeleton staff, know who’s going to be available to help fix any problems that arise.
As always, if you have any questions about the tips outlined above, or if you need a hand with preparing your organisation to handle a crisis over the holiday season, please get in touch. And happy holidays!