<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=1977396509252409&amp;ev=PageView&amp;noscript=1">

SUITE OF SERVICES services menu




3 Common Mistakes Companies Make When Responding to a Security Incident

3 Common Mistakes Companies Make When Responding to a Security Incident

Written by JUSTIN DYKES on Jun 6, 2016

It’s ten p.m. on a weekend night. You’re relaxing at home when your phone rings. It’s your chief information security officer. Your company has experienced a security incident and panic starts to set in.

While no company wants to deal a security incident, it is nearly impossible to avoid one.  How you respond is key to your company’s future. Your company’s response can either result in a quickly resolved incident or a slew of costly mistakes. Below are a few examples of shortfalls that affect companies when encountering an incident.

Not Being Prepared

It’s a fairly common thought: “That will never happen to me.”

Maybe you thought your company was safe from cyber-attacks or that no one would ever want to attack your business, but the truth is, cyber-attacks are on the rise and attackers launch thousands of attacks a day on various targets.

To prepare your business for a security incident, start by formulating answers to the following questions:

  • What data was compromised or stolen?
  • How did the attacker get into our systems?
  • How long has the attacker been in our systems?
  • Where did they go within the systems?

People and processes also play an important role in minimizing damage. That employee who always goes above and beyond to get the job done? She is probably working remotely as well as in your office. She might be transferring sensitive files between devices. She is not intentionally trying to cause harm, but by not following your company’s security protocol she is putting your company in danger.

“Employees and negligence will continue to be the leading cause of security incidents in the next year,” reports Experian.

By having the proper security personnel in place, such as a chief security officer, chief information security officer, or a leader who is in charge of company security and protocols, you can keep up with what is happening with your cybersecurity.

The process piece of the puzzle involves both educating employees on the proper security protocols and having a process in place in the event of an incident.

Not Using Alternative Means of Communication

There is a reason law enforcement doesn’t like the media to broadcast its location when dealing with a sensitive incident: it can impact the success of their efforts.

The same holds true when dealing with a compromised system. Do you use your company’s e-mail servers to communicate regarding the incident? Or, for example, are you compiling documentation about the incident on your company’s internal server? Unless you are certain the hackers have been removed from your system, they could be reading all communications about the incident and receiving valuable information about your next steps.

If you need to make calls after your system has been breached, try using your mobile device or another telephone outside of your system’s network. Use e-mail accounts not associated with your company’s server to communicate with others.

Not Acknowledging the Incident

It can be easy to put a security incident out of mind quickly, but if you do you’re likely missing out on valuable information. Whether an intruder was stopped before gaining access to your system or you are dealing with a breach, it is important to examine what happened. You could discover a flaw in your incident response protocol, or realize you need additional employee training.

By having your people and processes in place before an incident, you could help save your company time, salvage your reputation, and put processes in place that keeps the company safe in the future.

Topics: Education, Privacy





Justin Dykes is a Principal at Schellman. Justin perfoms over 80 Service Organization Controls (SOC) reporting projects annually. Additionally, Justin has experience in Sarbanes-Oxley 404 attestations as well as readiness engagements. Justin has had experience in the following industries: technology, manufacturing, transportation, public utilities, and healthcare.