Online attackers have targeted two contractor-focused accountancy firms, SJD Accountancy and Nixon Williams.
Both of these firms are owned by the UK umbrella corporation Parasol, which has been recently plagued by cyber attacks. The corporation faced a lengthy network outage, which began on January 12 and heavily impacted its functioning services and payroll processing.
It seems that SJD Accountancy and Nixon Williams are now facing something similar.
The accountancy businesses had notified customers of a "cyber security problem" by email a few days ago, after making a series of vague allusions on Twitter to a "system outage" last week. The fact some systems were compromised and some services disrupted was mentioned, but not elaborated on in these statements.
Their customers were not satisfied with this limited information. Many aired complaints on Twitter and various social media platforms about both the consequences of the attack and the poor communication by the company.
SJD Accountancy has since said in a statement that:
"Our security partner and internal team rapidly spotted the malicious behaviour, and we are conducting a comprehensive forensic investigation into the event. We're working with a team of IT specialists to get back to business as soon as possible, and we've notified the appropriate authorities."
However, the damage of their initial vague communications is already done in the eyes of customers, according to infosec firm Cyjax CISO Ian Thornton-Trump. He commented that:
"This is a typical ransomware attack on SMEs in the United Kingdom. It happens, and 'maintenance' becomes 'investigation,' which then becomes a 'security incident.'" What's needed is a clear explanation and a timeline for when normal business operations can be restored."
The importance of skilled and timely communications cannot be underestimated, especially when it comes to dealing with customers. You can be performing brilliantly technically in response to an attack, but if you're leaving your customers in the dark, they aren't going to be satisfied.
Cyber incidents not only create and highlight technical issues, but communication issues as well.
As cyber attacks become more common and severe and work to target specific vulnerable industries, companies need to be conscious about not only how they act in moments of crisis, but also how they communicate to their customers.
Because more and more customers are choosing who they do business with, based on the strength of their cyber security.
Becoming better at doing this lies in practising business continuity or engaging in recovery simulations, which test how effective your businesses response is to crisis events like a data breach or cyber attack.
Have the best communicator in your company inform customers quickly, accurately and efficiently about what is being done In the face of an attack, and you'll enhance consumer trust and loyalty.