Last week for The Real Business Club was not much fun. It was however a good learning journey, although an uncomfortable one!
Have you ever experienced one of the following?
- An incident out of the blue
- Unsure what has happened and beyond your control
- Concerned for impact on your business including reputation
- Frustrated that someone maliciously attempts to fraud people
- Disappointed that the world can be like this (NOT always!)
The Bad news
Someone maliciously accessed a dormant Mailchimp account, imported a mailing list of their own, used publicly accessible data about us and made up an invoice template.
This was then sent to thousands of people on that list – most of which we did not know and who had never had any services from us. We spent time and money handling calls, emails and finding out what had happened.
The GOOD news
Our data had not been compromised and we had done nothing wrong with our contact data.
The actions we took closed down the situation quickly; we responded to all calls and in the vast majority people understood and were sympathetic.
Learning points – we share because we don’t want it to happen to other people:
- Take seriously the possibility that your identity/data may be compromised
- Have an emergency plan of what would happen and what you would do if your identity/data was compromised.
- Action plan – public announcements and use of social media, phone messages
- Action plan – check what your providers would do for you – are they competent? Get them to tell you what they would do is such a situation.
Top tips – safe data
- Passwords – make sure they are strong, protect them with two factor authentication, store them safely, change them on a regular basis, at least annually. If you are in a team make sure others can find them in your system so that they can action changes if an emergency arises.
- Get advice – make sure you have a good email account/website administrator who takes correct action, investigates promptly and advises you on public messages to get out.
- Social media – have a message prepared that can be adapted to the particular situation and that you post out through uncompromised routes.
Don’t let this happen to you
If you want a recommendation of a good email provider/web administrator who can help you have a strategy in place please contact us via email (firstname.lastname@example.org) or phone 01189 680813
A wider issue than just us: https://www.welivesecurity.com/2016/11/23/mailchimp-accounts-hacked-spam-malicious-emails/
How to set up two factor authentication in Mailchimp: https://kb.mailchimp.com/accounts/login/set-up-a-two-factor-authentication-app-at-login