This is the Transcript of my recent video log (The impact on a Brand of a cybersecurity breach) – my voice is difficult to hear, since I was asked to keep it down by the BA Cabin staff for disturbing other passengers. {Sorry!}
I’m actually making this Vlog on board a British Airways flight from London to Austin in the United States, where I’m looking forward to a much needed holiday, taking in the Austin City Limits Music Festival and the Formula 1 Grand Prix – GO LEWIS!
I’ve been incredibly fortunate to be upgraded to First Class by BA, and I’m going to make a separate Vlog for my marketing business to highlight what it’s like. In this Vlog I’m actually focusing on cyber security.
A couple of weeks ago I was invited to present at the Brand Yorkshire conference in Harrogate in the UK. The topic was the impact on a Brand of a cybersecurity breach. I highlighted a few companies to exemplify best and worst practice, and one of the companies I talked about was BA, since they were victims of a cyber breach this Summer. I thought I would take the opportunity on board a long BA flight to reiterate what happened to BA and what they did about it.
What happened?: For more than two weeks this summer (August 21 to September 5), hackers were inside the systems of British Airways.
They took the personal and financial details of customers who made, or changed, bookings on ba.com or its app during that time.
Names, email addresses and credit card information were stolen – including card numbers, expiration dates and the three digit CVC code required to authorise payments.
Around 380,000 transactions were affected. BA blamed a “sophisticated” group of cyber criminals but didn’t give any more details. A post on its website says people should contact their banks, people will be reimbursed and it will pay for a credit checking service.
In summary, BA gave Full disclosure. Recommendations on their website. Contacted the customers.
Now I asked the conference where I presented, what could BA have done better about this cybersecurity breach? Well, it was a bit of a trick question, because I actually think BA did an excellent job – and I’m not saying that because they just upgraded me! They got out in front of it, were open and transparent, contacted their customers and told them what to do, and assured them that they would cover any costs. The additional credit check service was a nice touch too.
The conclusion of my talk highlighted how businesses can prepare for something like this. The first aspect of course is prevention – stop the cybersecurity breach from happening. The BA breach was sophisticated, nonetheless there are means of ensuring your website is protected and monitored. Similarly there are methods for protecting IT systems in general, notably:
- Cyber Hygiene Training for all staff – 80% of successful attacks are a result of poor cyber hygiene training
- Software Measures – know when you’re under attack. Continuous Performance Monitoring can alert you to potential attacks and breaches – externally and internally
- Vulnerability and Cyber Assessment Audits – getting a third party to conduct a thorough and holistic review of your cyber security is the best way to get started on the road to a robust and secure business.
It won’t surprise you to hear that my IT companies – Fresh Mango Technologies (based in the Caribbean) and CCS (based in the UK) provide these services to clients. It’s also worth me pointing out that they aren’t hugely expensive. We have a starter package for SMEs which costs just £195 or $295 a month. When you consider the cost of a breach – frankly it can be an existential threat to most SME’s – it’s well worth the investment.
Finally, from prevention we go to the post-breach action plan. You need a crisis management plan in place. There are plenty of recommended PR plans available online, my favourite is the Adweek plan, because it’s straightforward:
- Get your plans in order
- Triage the problem
- Respond quickly on social
- Be honest, transparent and direct
I don’t think you’ll be too surprised to hear that my marketing agency can assist with this as well!
Anyway, I think it’s clear that British Airways had a robust crisis management plan in place, and their execution of the same was very good indeed. We had a show of hands at the conference, asking the question who would book on BA.com again. There was an overwhelming majority saying they would without hesitation. Clearly a job well done!
OK, that’s the end of this Vlog, hope you enjoyed it and if you’d like to find out more about how my businesses can help your business, please get in touch. Just drop a message on the social media channel or blog where you saw this video and we’ll get back to you.