Travelex Fell Victim To Ransomware

Travelex Fell Victim To Ransomware, But Could It Have Avoided The Fiasco?

In Uncategorized by bertie

It’s a nightmare scenario.

You arrive at the airport for your New Year’s getaway, only to realize you’re short on the local currency.

Your eyes flick to the Travelex board. The last remnants of Christmas cheer quickly subside. Giving season is over as you’re stuck with the airport exchange rates: an expensive lesson in holiday prep.

Worse, the lines stretch the length of the concourse. 

As it turns out, the currency desk is having a nightmare as well. Travelex suffered a ransomware attack on New Year’s eve, and their entire digital business was reduced to a pen-and-paper operation.

  • But how did this happen?
  • And could the firm have done anything to avoid it? 

Let’s find out.

Ransomware Takes Travelex Offline

On the last day of 2019, currency exchange website Travelex suffered a ransomware attack.

Cybercriminals gained access to the company’s servers, including upwards of five gigabytes of customer data, then proceeded to lock the firm out of its own file system… 

… only offering to decrypt the data if Travelex paid a multi-million-dollar ransom

Travelex had no choice.

It took its entire digital operation offline, leaving holidaymakers and high-street banks (Travelex handles FX exchange for RBS, Lloyds, and Barclays, among others) with nowhere to turn for their foreign currency services.

At first, Travelex said the outage was due to ‘planned maintenance.’ However, a few days later, it emerged that a simple mistake had resulted in a severe security flaw. And cybercriminals had taken advantage of the vulnerability in the company’s VPN (Virtual Private Network) to gain access to whatever they wanted… 

….all without a username or password. In fact, once they had hacked into Travelex’s network, they were able to:

  • Switch off multi-factor authentication
  • View data logs and server history
  • Read cached passwords in plain text

Worse still, the scale of the breach allowed the hackers to deploy Sodinokibi ransomware — before encrypting Travelex files, and potentially, stealing its customer data.

3 Ways Travelex Could Have Avoided The Hack

A firm called Pulse Security provides Travelex with its VPN. 

Yet, despite the Pulse software supposedly being the source of the vulnerability, Pulse Security itself was not to blame for the hack.

Pulse Security had identified the flaw in its software as early as April 2019, recognizing an issue and patching the vulnerability. But Travelex had failed to apply the patch, leaving itself in harm’s way and, ultimately, paying a high price. Had Travelex remembered to update all third-party software before Christmas, the attack may never have come to pass.

That said, human error is mostly forgivable. 

What’s more, the holiday season is a busy time of year, and details often slip through the cracks. But there is a way to avoid these types of slipups — be it through training, process, or systems management.

Cybersecurity Training

Training is as pivotal to cybersecurity as any firewall or backup.

And yet, few employees ever receive it. Studies show that while 81% of senior management went through cybersecurity training in 2019, just 29% of employees received the same level of support.

Even where an employee’s job role included information security and data handling, the figure barely improved: just 36% of staff received cybersecurity training.

If you want to avoid a Travelex-style debacle, put all your staff through cybersecurity training. Even those who rarely, if ever, access customer data need to understand the basics of network security.

It’s the only way to keep your sensitive data truly safe.

Policy & Process

If training isn’t for you, then some form of policy and process must be.

If you create a comprehensive data security policy that outlines the leading cybersecurity risks and how to deal with them, you’ll put your business in a much more secure position.

Even so, one-in-four big firms lack process or policy regarding cyber-risks, and that number only increases among small businesses. Yet, a detailed policy gives employees a clear point-of-reference to use should any question around security arise. 

….while the most robust cybersecurity policies:

  • Detail all processes to follow
  • Define key persons responsible
  • Outline checks to mitigate flaws

As ever, the best form of offense is a strong defense. And there’s no better defense than a policy and process to minimize the chance of a security flaw slipping by, unseen.

Network Security

The final piece of the puzzle lies in how you manage your overarching network security.

Every business with an online presence needs some form of security management system: whether you manage it yourself or opt for a Managed IT Service. You now know this better than most, having seen how just one forgotten security patch reduced a global digital operation, serving millions of customers every day… 

….to pen, paper, and filing cabinets.

Robust security management helps organizations act consistently. It avoids risks like missed software updates. And thanks to routine processes, it captures and enforces every necessary task.

If you handle lots of sensitive data, your security management system can help you:

  • Identify significant risks
  • Create processes that offset the threat
  • And stay secure in the face of a barrage of emerging cybersecurity risks

If your business suffers an attack similar to that of Travelex, you risk losing the trust of clients and customers, and it could take you years to rebuild a reputation that you’ve worked so hard to establish in the first place. On the other hand, if you take every possible step to eliminate the risk of what was ultimately an avoidable fiasco…

You’ll keep your clients and customers (and their personal data) happily secure.

———

With so many plates to keep spinning, it’s easy for any business to slip up (particularly where cybersecurity is concerned).

Make your life easy and keep your customer data secure by outsourcing your Network Security.

Give Mid-Coast Tech a call on 207-223-7594.