5 key tips for businesses in the wake of Travelex cyber attack

Businesses must take cyber security seriously and implement a model of best practice which includes a disaster recovery plan and a 24/7 response capability.

That is the view of Susan Hall, a Partner in the intellectual property team at national law firm Clarke Willmott LLP in the wake of the high-profile cyber attack on foreign currency seller Travelex.

Travelex was forced to halt its online operations – with knock-on effects for high street banks Lloyds, Barclays and Royal Bank of Scotland, plus supermarkets Tesco and Sainsburys – in the wake of an attack by hackers.

The incident – by a ransomware gang called Sodinokibi – saw the hackers demand $6m from Travelex to return sensitive data and halt a system invasion which began on New Year’s Eve.

Today (Monday), Travelex says it has ‘contained the virus’ and is working to ‘restore our systems and resume normal operations as quickly as possible’.

This comes after the firm was forced to take all of its systems down for more than a week, leading staff to resort to carrying out transactions manually.

Susan Hall, a specialist in information and communications technology, believes the company’s response to the attack has been exemplary and other businesses should take note.

She said: “We are now aware the issue seems to have resulted from a ransomware attack with reports suggesting that the perpetrators are demanding $6m to release the data they claim to have exfiltrated over a six-month period without using it, and restore the systems.

“Commentators are suggesting the ransomware was allowed to enter the system via an unpatched vulnerability in the VPN software used on Travelex servers, despite the vulnerability being known to the cybersecurity community since at least April 2019.

“Numerous other businesses may be open to the same attack.

“The advice is: Make sure staff are fully aware of the dangers of ransomware, which can be spread through spam mailings and attachments, and is increasingly sophisticated; ensure all security patches are applied at the earliest possible moment; Any ransomware demand needs to be escalated within an organisation to the head of IT at once, and immediate measures taken to stop viruses being propagated. Travelex seems to have called for all staff laptops to be surrendered for checking as part of this procedure.”

Hall has drawn up a five-point plan to enable other businesses to protect themselves in similar circumstances.

• First step is to develop a good disaster recovery plan for your business. This plan should be constantly refined and updated and most importantly it should be tested to check it is fit for purpose.
• Response team should be on call 24/7 – cyber criminals don’t sleep so your team can’t either!
• Causation, Correction and Communication: analyse what went wrong, correct what went wrong and communicate what you’re doing.
• Lead from the top: make sure that communications come from a senior source who acts as the company spokesman. It is therefore important to ensure that whoever is on the frontline is appropriately media trained and confident in dealing with press and public enquiries.
• Don’t skimp on resources – throw everything at it that’s needed.

Clarke Willmott LLP is a national law firm with seven offices across the country in Birmingham, Bristol, Cardiff, London, Manchester, Southampton and Taunton.