We’ve all heard of phishing emails but many of us remain unaware of how severe the impact of a phishing attack can truly be on a business.
Entrepreneurs of the internet era have unparalleled opportunity to reach audiences like never before, the downside of this is the more successful you become with brand recognition the more vulnerable you become to a phishing attack – we have seen smaller sole traders as well as larger corporations all attacked by phishing scams in the last few years but they all share a common trait – the brands had built trust with their consumers.
This threat to your brand is only getting bigger too. Bill Ho, cybersecurity expert and CEO of Biscom has launched a cybersecurity practice specifically aimed at the SME scale. He explains the devastating fallout from being involved in a phishing scam:
“Phishing affects more than just your company. It can erode trust in clients, vendors, co-workers, partners, and more.”
The threat goes deeper than exposing the vulnerability of your network security, a phishing attack damages the public’s perception of your business and can mortally wound the trust you’ve worked tirelessly to obtain.
Think about it from the customer perspective, if you’ve discovered that your personal details have been exposed or leaked, you’re not going to be happy. And you’re definitely not going to stick around with a business that’s an easy target for hacking.
So where does this leave you if you’ve already been involved in a phishing attack?
Well, that depends on how much you’ve been ‘involved’. In any circumstance your best move is to act swiftly and communicate clearly with your customers. For an example from last year, Wonga South Africa were used as the ‘face’ of a phishing scam. Now there was no data hacking, no leaked information or any vulnerability on Wonga’s side. They were simply used as the mask behind which the scam operated. A list of thousands of South African’s contact details was obtained (from where is uncertain) and these email accounts were sent a message from ‘Wonga’. I’ve obtained permission from Wonga to show you one of these emails:
The more cynical among you may be well aware of phishing and have a high scepticism to any message like this, however these scams pray on those more vulnerable on the web.
It’s particularly effective against the generation of grandparents that are now finding their way through the web, who have not yet realised the risks associated with being active online. The unfortunate reality for Wonga here is – they did nothing wrong.
They’re just unfortunate enough to be a trustworthy business with great brand recognition. Due to their size it’s quite likely there’ll be targets on their phishing list who have heard of this brand. Yet as a responsible business you’d better do something before your name gets dragged through the dirt, whether its your fault or not, it’s your problem now!
Related: Dodging Cyber Criminals
In Wonga’s case they immediately set up a fraud hotline so that sceptical customers and victims of the attack could get in contact with the company directly to find out more about the situation and to see if there was anything that the individual could do to protect themselves. Wonga proactively blogged about this and promoted it socially. Raising awareness and addressing the issue head on. This helped customers feel more protected and well informed.
However, this isn’t the approach that every company likes to take there are others (who I have no permission to talk about so will avoid mentioning directly) who have been perceived to be ‘quieter’ about their attacks, adopting a mantra where sweeping bad news under the rug is preferable approach.
While this could work, one runs the risk of being regarded as ‘shady’ to customers, causing a fracture in the business/customer relationship and jeopardising trust.
Trust is so important for brand loyalty that a business needs to implement a phishing attack plan if the worst comes to the worst.
This plan should include:
- An IT expert’s phone number and contact details so that you can call upon an expert immediately for advice about the nature of the attack.
- A customer report form so that any of your customers can report an issue if they feel they have come across something suspicious.
- A dedicated phone number or ‘fraud line’ with a well trained call handler to respond to calls.
- A series of templates for customer emails, incase you need to send information to all of your customers suddenly regarding an attack. (Make sure you get the tone of voice right.)
- A back up server in case you need to move data quickly.
By responding quickly and being reassuring to customers, you can be sure to maintain brand trust throughout any phishing attack. Of course, you may not be able to convince all customers – but by being open and honest and giving customers the information they need, your brand doesn’t need to suffer completely.