In mid-Sept, I received a confidential report from the Norwegian Consumer Council (NCC) stating that they hired a cybersecurity company to run tests on the Gator watch and found vulnerabilities. I was actually delighted to receive this report as they are rarely done by startups due to high cost. I started acting on the vulnerabilities with the engineering team the very next day. I thanked the NCC for the report and told them I would go back to them shortly when the issues were fixed. Product safety is extremely important to me as I am also a mother and so I took this report very seriously.
Just one week short of completing most of the fixes and only one month after the report was sent to me, the NCC took a headline that would invoke a lot of fear in parents and sent it to the media without our knowledge. Industry standard allowed companies a minimum of 3 months to work on fixes before disclosing them so I was in shock as to why I was given one month.
As the NCC unilaterally decided to put my customers at risk by exposing our vulnerabilities to the public, we worked around the clock to finish the remaining fixes and a new app was launched in under 1 week.
I did not have a PR team or lawyers as again it is very hard for a startup to employ such teams on a full-time basis, but I called everyone in PR and legal that I had met along my entrepreneurial journey. The response was phenomenal and I was offered PR and legal help free of charge. Most people just couldn’t believe what had happened.
I then hired an independent cybersecurity firm in London, Intruder.io to do an independent penetration test. I did not want to simply read a report given to me by a third party at this stage. I wanted to know first had what the vulnerabilities were and to fix anything outstanding.
‘my view is that with the fixes they have currently put in place, your child is safer if they have this watch than without it’ – Chris Wallis – Founder of Intruder.io
This cybersecurity firm decided to write a blog post about what happened as they were in disbelief. In fact, many experts in the cybersecurity world are shocked at the turn of events. The IoT Security Foundation is looking to do a case study on what happened to me and my business as this is not how consumers are protected and this is most certainly not how startups are encouraged to do business.
The day the media headlines came out, I sent an email out to all customers and investors explaining what had happened and confirmed that there has NEVER been a breach of data. We were never maliciously hacked and have never been. I made the decision to offer full refunds to customers even though the headlines were very much one sided and only 3 customers returned their watches. ALL investors backed me as they are fully aware of how responsible disclosure works.
Techsixtyfour Gator watches sold by us now are all end to end encrypted and our servers and all data are stored with Amazon Web Services. Our systems are now reviewed monthly by Intruder.io to ensure that we are always up to date on our security.
This December was the best sales month on record. I am very honest and open with my customers when they ask me what happened. Once they know, the headlines no longer mean anything. All technology companies have the potential to be hacked. It is how you deal with it that matters. When the media reported my story, I was in tears every night. I felt that no matter how hard I worked and with the highest level of integrity and honesty, something as unpredictable as this could come along and kill my business. But what doesn’t kill you really indeed makes you stronger.
As I start 2018, I am more confident than ever. I have learned that being an entrepreneur means being resilient and to prepare to fight battles that you can not even foresee happening. And just be honest with your customer every step of the way.
Author: Colleen Wong, Founder of TechSixtyFour, is an admired tech lady who held the position of Vice President in sales in two big shot investment banks in the UK, and also worked in Asia for 10 years as both an entrepreneur and a senior government official for Canada.