What to do when something bad happens?

Written By Janelle Hsia

There is a saying in the security and privacy world - “It's not if but when.”  This means that bad things (incidents) happen to all organizations so it isn’t a matter of if they will happen to your organization, but it is just a matter of time when it will happen – tomorrow, next month, or next year.   The best thing organizations can do to help mitigate the impact of incidents is to:

1.       train their employees to recognize that something is wrong, and

2.       teach them how to report suspicious activity. 

Formally this is called Incident Response Planning (IRP).  Most organizations have a formal IRP that the technology and security teams review and test annually.  Per the IPR, this team is usually called the Cyber Security Incident Response Team (CSIRT) and they are responsible for all activities necessary to identify, classify, eradicate, and recover from an incident.   Depending on the severity of the incident they may work in conjunction with outside legal counsel to determine the best course of action for the type of incident.  Although these people have a specific role to play in the IRP, EVERYONE is part of the incident response team – it’s everyone’s responsibility to protect data!

What is an Incident?

An incident is a violation or potential violation of computer security or misuse of personal data.   Some examples include:

·       Misplaced file either paper or electronic

·       Lost device, phone, laptop, or USB drive

·       Compromised username or password

·       An employee accidently emailing personal data to the wrong person

·       An employee downloading a malicious application onto a company device

·       Important digital files not being properly secured in the cloud

·       A phishing attack aimed at the company executives

How to Report an Incident?

If you know or suspect something is wrong, tell your immediate supervisor and report it immediately to your security and privacy team. It is better to be safe than sorry when it comes to reporting incidents.   The CSIRT would rather investigate an incident that you reported and find out that nothing is wrong than find out an issue has been going on for a long time and they didn’t know about it.

Be Aware:

Business Email Compromise (BEC) is a type of incident where a bad guy targets an organization to defraud it. BEC is a growing problem that targets organizations of all types and sizes across every industry – even non-profits. BEC scams have exposed organizations to billions of dollars in potential losses.

Email Account Compromise (EAC) is a similar threat that is growing because of cloud based architecture.  EAC is often associated with BEC because compromised accounts are used in the BEC fraud. 

BEC and EAC are difficult to detect and prevent, especially for small teams with legacy tools because of this our employees are our biggest defense against these types of incidents.

Janelle Hsia
Previous

My car knows more about me than my husband
Next

Privacy by Design Standards: ISO v IOPD Compare and Contrast